On Mon, Jun 17, 2019, at 2:51 PM, Neal Gompa wrote:
> RPM-OSTree is functionally irrelevant in this discussion,
Changing how we handle the kernel is certainly relevant.
> since it has
> its own behavior patterns and eschews compatibility with the greater
> ecosystem anyway.
I don't think
On Mon, Jun 17, 2019, at 4:47 AM, Michael Schroeder wrote:
> On Fri, Jun 14, 2019 at 12:12:01PM -0400, Neal Gompa wrote:
> > I would actually really like to see rpm's multiversioning capabilities
> > extended to support this.
> I'd actually prefer to drop the multiversion mode for the kernel
Here's a related discussion for CoreOS-style systems:
It's quite different from traditional since Ignition implies using
ConditionFirstBoot which means systemd does a preset-all on firstboot; the PR
is about the tension between what RPM is
On Thu, Apr 11, 2019, at 7:41 AM, Ty Young wrote:
> I'm thinking of switching to Fedora 30 Silverblue(once it comes out of
> beta anyway) from Arch linux. One of the requirements is to be able to
> install, compile from source and easily switch between JDK builds.
Bigger picture, as
On Fri, Apr 12, 2019, at 7:13 AM, Lennart Poettering wrote:
> On Fr, 12.04.19 11:35, Dominik 'Rathann' Mierzejewski
> (domi...@greysector.net) wrote:
> > > Interestingly I think Google Chrome needs this when it installs,
> > > though it seems nonsensical to me. (Chrome is installed by about
On Tue, Apr 9, 2019, at 12:07 PM, Lennart Poettering wrote:
> today I installed the current Fedora 30 Workstation beta on my new
> laptop. It was a bumpy ride, I must say (the partitioner (blivet?)
> crashed five times or so on me, always kicking me out of anaconda
> again, just
On Tue, Mar 12, 2019, at 2:50 PM, Kevin Fenzi wrote:
> How does this plan work with silverblue? Not sure... could use some
> input from them.
It's the same model for Fedora
On Mon, Mar 11, 2019, at 2:46 PM, Fabio Valentini wrote:
> I'm having a similar problem, but with Silverblue / rawhide.
> I installed the system when rawhide was still f30, but now I can't run
> "rpm-ostree upgrade" anymore, due to this error:
> Enabled rpm-md repositories: rawhide
On Thu, Mar 7, 2019, at 10:53 AM, Florian Weimer wrote:
> > The %transfiletriggerpostun would've probably fixed it if it used -p
> > instead of shell.
> We switched to the shell for the benefit of rpm-ostree.
On Thu, Feb 14, 2019, at 6:05 AM, Javier Martinez Canillas wrote:
> So our plan is to have a library + command
> line tool for configuring everything related to the bootloader.
FWIW, "rpm-ostree kargs" is already a CLI and DBus API to change the kernel
arguments that we expect people to use on
On Wed, Jan 16, 2019, at 2:01 AM, Adam Williamson wrote:
> It seems the Atomic installer images from the nightly 'updates' and
> 'updates-testing' composes for F29 started failing as of 20190115.n.0
> and still failed in 20190116.n.0. Failure looks like:
On Sat, Nov 17, 2018, at 12:24 PM, Jonathan Dieter wrote:
> Agreed, that this would be a massive format change and should therefore
> be a major version bump for RPM. New versions of RPM should still be
> able to read and install old-format rpms, but, as you point out, old
> versions of RPM
On Thu, Nov 15, 2018, at 12:38 PM, Ken Dreyer wrote:
> I am sorry to be such a noob, but I read the words on that page, they
> sound exciting, but I am lost. What does "mirror git repositories like
> rpmdistro-gitoverlay does" mean? I could use a really clear
> step-by-step walkthrough of how I
On Thu, Nov 15, 2018, at 10:57 AM, Matthew Miller wrote:
> On Thu, Nov 15, 2018 at 07:57:54AM -0700, Ken Dreyer wrote:
> > One of the problems I've encountered with this approach is that the
> > upstream Git repo links to (a lot of) submodules. If you're lucky
> > those submodules point at Git
This is one of a semi-regular rollup/highlights post of what's happening in the
rpm-ostree project, used by [Fedora Atomic Host](https://getfedora.org/atomic/)
as well as [Fedora Silverblue](https://silverblue.fedoraproject.org/), and
planned to be used by the converged [Fedora
On Thu, Oct 11, 2018, at 8:37 PM, Marek Marczykowski-Górecki wrote:
> Hi all!
> I'm new on this list. I work on Qubes OS, where Fedora is used as a base
Tangentially: Qubes is very cool and I'm glad you find Fedora useful
as a base system. I work on Fedora CoreOS and have
On Fri, Sep 28, 2018, at 2:42 PM, Andrew Lutomirski wrote:
> There's a request for the nvme-cli package to generate a unique name
> to use when connecting to NVMe-over-fabrics targets:
> I'm wondering what the right approach is. For the
FWIW, rpm-ostree fixes all of this today - the entire update is really
and fully handles hitting ENOSPC at any point.
devel mailing list -- firstname.lastname@example.org
To unsubscribe send an email to
On Wed, Jul 11, 2018, at 12:37 PM, Andrew Lutomirski wrote:
> (Hmm. Some future version of rpm/dnf could get really fancy and
> package contents into the build chroot rather than untarring them every
Try `rpm-ostree ex container` today and see just how fast it is to
On Wed, Jul 4, 2018, at 9:17 AM, Zbigniew Jędrzejewski-Szmek wrote:
> - something else ?
The rpm-ostree tracking issue is here:
devel mailing list -- email@example.com
This is one of a semi-regular "rollup"/"highlights" post of what's happening
in the rpm-ostree project, used by Fedora Atomic Host, as well as Silverblue,
and planned to be used by the converged [Fedora
We release approximately once a month.
On Tue, Jun 26, 2018, at 11:48 AM, Peter Robinson wrote:
> There's a lot of clouds going to uEFI now
In my brief google searches:
On Thu, Jun 21, 2018, at 9:41 AM, Gerd Hoffmann wrote:
> Well, as *additional* variant it doesn't provide that much value. More
> interesting would be to create all x86 cloud images that way, so they
> boot just fine on both bios and efi, and we don't have to bother
> creating two image
On Thu, Jun 21, 2018, at 3:30 AM, Gerd Hoffmann wrote:
> > And in my opinion, it's not simple to say: OK if you have this size
> > ESP to start, you get this layout, and if it's bigger you get this
> > other layout, and if it's BIOS you have this 3rd layout.
Chris, I have to say I'm
On Thu, May 31, 2018, at 6:23 AM, Hans de Goede wrote:
> Hi All,
> I'm working on improving the Fedora boot experience, with the
> end goal being a user pressing the on button and then going
> to the graphical login manager without him seeing any
> text messages / menus filled with technical
On Sun, Apr 29, 2018, at 6:47 AM, Stephen Gallagher wrote:
> XFS is the default filesystem on Fedora Server Edition,
And we use Server partitioning now for Atomic Host. But for the
vast majority of times people say "Fedora" they're talking about
as a desktop. And Workstation uses the
On Wed, Apr 25, 2018, at 4:35 PM, Dusty Mabe wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> The Atomic Host compose based on RC 1.1 is available for testing now.
> The toplevel directory is:
On Mon, Mar 26, 2018, at 11:02 AM, Vít Ondruch wrote:
> If DNF was just frontend for some service/daemon, that would be one
> possibility. It would also help with other issues like updates of X
> server crashing whole user session and therefore the update.
FWIW rpm-ostree is always a daemon
On Mon, Mar 12, 2018, at 5:32 AM, Pierre-Yves Chibon wrote:
> That would register in koji's DB the unique NEVRA which means, the PR can't be
> updated without bumping the release field.
Yep, that problem is exactly (along with the conflict-fest that is %changelog)
what holds back any big steps
On Fri, Mar 9, 2018, at 9:23 AM, Colin Walters wrote:
> A more modern architecture would be something closer to pull requests on
> tests report into the PR the same way github works today.
> This would work *particularly* well if it was easy to make a pull re
A more modern architecture would be something closer to pull requests on
tests report into the PR the same way github works today.
This would work *particularly* well if it was easy to make a pull request across
multiple packages, which would be obvious and easy if we just one git repo
On Wed, Mar 7, 2018, at 5:52 AM, Igor Gnatenko wrote:
> And you forgot:
> 5. Teach DNF to use "target" DNF/RPM stack to perform upgrade (best and
> proper way).
If you're using yum/dnf inside a container, the natural way to major upgrades is
to just pull the new base image and rebuild, rather
On Tue, Mar 6, 2018, at 3:27 AM, Samuel Rakitničan wrote:
> But what are the original reasons exactly? Seems like those files are
> used by rpm-ostree.
The `/usr` files are also copied by grubby. And while it's true *today*
that rpm-ostree adapted to the /usr/lib/modules change, in fact the
On Fri, Mar 2, 2018, at 3:29 PM, Andrew Lutomirski wrote:
> I feel like that discussion is ignoring a third option: keep file deps
> built preprocess the repo metadata to turn each file dep that is
> uniquely satisfied by a single package into a direct dependency on
> that package.
A new release of rpm-ostree, a hybrid transactional image/package system is now
Direct link to main release notes:
In this release
On Thu, Feb 15, 2018, at 5:39 PM, Adam Williamson wrote:
> In practice it tends to boil down to "me, nirik, and puiterwijk".
Meanwhile, there are probably hundreds of people on this -devel
list who are capable of debugging and fixing things - some very
experienced engineers, yet some of them are
On Sat, Feb 10, 2018, at 2:57 AM, Igor Gnatenko wrote:
> I'm thinking about passing --cap-lints warnings to rustc to prevent erroring
> this (and just show warning). Should we do same for C/C++? Or should I
> reconsider decision in Rust land?
On Thu, Feb 1, 2018, at 10:24 AM, nicolas.mail...@laposte.net wrote:
> Not directly. It does provide the means to easily rev a spec to a new
> code state (version tag or commit), and it makes deps systematic (so
> Fedora tooling can accurately detect what is likely to be impacted by a
On Thu, Feb 1, 2018, at 10:44 AM, Josh Boyer wrote:
> On Thu, Feb 1, 2018 at 12:29 AM, Sinny Kumari wrote:
> So Dan... OCI images for sure but in the context of Fedora users and
> other deliverables, Docker images isn't really wrong. Plus, I just
> like giving you crap ;)
Hi, a quick thing I want to highlight about this release here:
On the flip side, we have made a mostly-compatible change to drop
most Linux "capabilities" during RPM script invocation. For example,
it is no longer supported to
One followup that should help people understand things:
When someone pushes an update to a package that isn't
in Atomic Host (or Workstation), *and* one is using rpm-ostree
in "pure ostree" mode (i.e. you never ran `rpm-ostree install`),
then checking for updates just uses libostree, which like
On Wed, Jan 10, 2018, at 2:38 PM, Stephen John Smoogen wrote:
> This sounds a lot like the Atomic project and how it does things...
Atomic could mean either (rpm)-ostree or Docker/OCI. In the
Docker/OCI world search isn't standardized yet AIUI but there's
progress on that upstream. I am
On Fri, Jan 5, 2018, at 7:28 AM, Jan Kurik wrote:
> Anaconda installer will be split into several modules that will
> communicate over DBus using stable API.
For the curious this blog entry is useful:
On Fri, Oct 27, 2017, at 09:58 PM, Adam Williamson wrote:
> On Fri, 2017-10-27 at 20:49 -0500, Chris Adams wrote:
> > Once upon a time, Adam Williamson said:
> > > FWIW, ISTR being told at some point that it's a good idea to write
> > > scriptlets in lua because RPM
On Fri, Oct 27, 2017, at 03:27 PM, Jason L Tibbitts III wrote:
> FW> However, this use is controversial because some
> FW> RPM lookalikes do not implement Lua scriptlets.
> For Fedora that certainly isn't a concern.
For the editions that use rpm-ostree, such as Fedora Atomic Host, it is:
On Sat, Oct 7, 2017, at 01:26 PM, Stephen John Smoogen wrote:
> At a certain point, if you want/need to do these things, it is better
> to burn it from the ground and come up with a new packaging system
> (and relearn all the second system problems involved with that).
I actually put code behind
On Sat, Oct 7, 2017, at 08:14 AM, Zbigniew Jędrzejewski-Szmek wrote:
> Well, my point is that in this case there aren't any big changes, only> some
> relatively minor feature additions. According to the policy,
> "minor" upgrades are OK after beta. The only difference for critical
On Mon, Oct 2, 2017, at 10:56 AM, David Sommerseth wrote:
>"diag" : "Invocation of useradd without specifying a
> UID; this may be OK, because /usr/share/doc/setup/uidgid defines no UID for
On Fri, Aug 18, 2017, at 07:43 AM, Petr Stodulka wrote:
> Hi folks,
> I found now that the setup rpm is removable from the system,
> which leads to unusable system, because of missing important files,
> like /etc/shadow,
Sounds like you're using dnf for a host system? The Fedora
There was a discussion today in the Atomic WG about using Modules.
On Fri, Jul 28, 2017, at 01:53 PM, Randy Barlow wrote:
> On Fri, 2017-07-28 at 12:41 -0400, Colin Walters wrote:
> > I'm opposed to switching the meaning of `/usr/bin/python` for AH
> > anytime soon. It's just going to break stuff, and to me the gain is
> > quite
On Fri, Jul 28, 2017, at 12:16 PM, Miro Hrončok wrote:
> It's up to the maintainers of Atomic Host to decide what's there. I
> don't see how that relates to this thread. We have never said anything
> about what is supposed to be or not to be in the Atomic Host.
I'm opposed to switching the
On Fri, Jul 28, 2017, at 11:34 AM, Miro Hrončok wrote:
> The change has to
> start somewhere and even though I cannot really speak about RHEL,
> I would think that changing it in Fedora first makes more sense.
There hasn't been a single "Fedora" since we landed the editions,
On Fri, Jul 28, 2017, at 07:47 AM, Peter Robinson wrote:
> On Fri, Jul 28, 2017 at 11:48 AM, Colin Walters <walt...@verbum.org> wrote:
> > On Thu, Jul 27, 2017, at 12:07 PM, Miro Hrončok wrote:
> >> * Switch /usr/bin/python to Python 3 in co
On Thu, Jul 27, 2017, at 12:07 PM, Miro Hrončok wrote:
> * Switch /usr/bin/python to Python 3 in cooperation with Python upstream.
That again? That really seems like a nonstarter; previous
discussion specifically around Atomic Host + Ansible:
On Thu, Jul 20, 2017, at 08:49 AM, Hedayat Vatankhah wrote:
> As Fedora is going to use (IIRC) Flatpack's in OCI format rather than
> ostree, does it also work with OCI images? Both deduplication on disk,
> and also delta-downloads?
dedup is a tricky topic since we use SELinux;
On Tue, Jul 18, 2017, at 02:58 PM, Chris Murphy wrote:
> > But if I've understood correctly, any changes to the base will be discarded
> > when you update the base image. right?
No; `rpm-ostree install` is persistent, and so are other changes like
`rpm-ostree initramfs --enable` and so is the
On Fri, Jul 14, 2017, at 05:52 PM, Andrew Lutomirski wrote:
> I don't see the problem. The runtime could be all of /use and the app
> could be a symlink living in /app that points at /usr. The latter
> could be created on the fly in a tmpfs.
You're right; however, there are two other
On Wed, Jul 12, 2017, at 07:53 AM, Kevin Kofler wrote:
> When I see the plans that are floated around, the other stuff might also end
> up being containerized in a similar way, just using other technologies
> (e.g., Docker).
There are definitely apps today that are designed to run in
On Tue, Jul 11, 2017, at 03:49 PM, Jean-Baptiste Holcroft wrote:
> Le 11/07/2017 à 19:30, Colin Walters a écrit :
> > specific ones. And we get into a lot of interesting questions around
> > the intersection
> > of the languages and Workstation, depending on what gets inst
On Thu, Jul 6, 2017, at 09:15 PM, Matthew Miller wrote:
> Hopefully, by the time we are at F28, Modularity will provide a way for
> us to offer faster streams for people who want them -- but let's also
> focus on stable releases.
But with Modularity, how much does it even make sense to talk
On Tue, Jun 13, 2017, at 10:43 AM, Matthew Miller wrote:
> I know we're already at new-deliverable explosion, but this seems like
> a place where it'd be nice to have Rawhide and Bikeshed (or whatever we
> want to call "tested and believed-to-be basically functional Rawhide").
> That doesn't
On Wed, May 24, 2017, at 11:22 AM, Jan Pokorný wrote:
> Nope, the point is that nothing has changed in the codebase or, for
> that matter, tags. It must have been GitHub that changed how its
> equivalent of "git archive" behaves.
Yep, that's happened in the past, obviously just happened
> Our first attempt to make sudo pip safe on Fedora  was
This seems to be using "Fedora" to mean a *host* system, and
I'd agree there. I'll note as an aside that the other host system
management tool we use in Fedora is rpm-ostree, part of
On Wed, Apr 5, 2017, at 11:28 AM, Kamil Dudka wrote:
> Anyway, do not overestimate the power of HTTP/2. It will not transparently
> bring you better transfers for free. You can speak HTTP/2 even while using
> the curl tool but it is mainly useful for testing. If you want to take the
On Wed, Apr 5, 2017, at 09:52 AM, Kamil Dudka wrote:
> In order to make even smaller Fedora base images, it was proposed to switch
> libcurl back to OpenSSL. The Fedora Crypto Consolidation project, which
> motivated the switch of libcurl from OpenSSL to NSS ten years ago, is now
On Wed, Mar 22, 2017, at 06:00 AM, Nikos Mavrogiannopoulos wrote:
> For several packages it is possible to automate build, test and
> package updating on multiple fedora releases (+epel) in a single
> keypress using the cockpituous (sic) tools . These tools hide quirks
On Wed, Feb 15, 2017, at 10:07 AM, Vít Ondruch wrote:
> First of all, I am still not fond of moving the plugins.json into /usr.
Why is that? It's like the fontconfig one, which was discussed in FESCo:
On Tue, Feb 14, 2017, at 08:14 AM, Vít Ondruch wrote:
> 3) The downside of (1) is that the plugin registration scripts are baked
> into vagrant plugins, I had to apply some hacks to keep the backward
> compatibility with Vagrant plugins currently in Fedora.
While you're working on this, can
On Mon, Jan 23, 2017, at 02:03 PM, Tom Hughes wrote:
> How about you just explain here what it is you want rather than making
> everybody go and read some bug?
OK, here's a copy of the text:
rpm-ostree is a new model for rpm packages on using ostree. In order to
implement atomic upgrades
rpm-ostree is the underlying hybrid image/package system for the Fedora Atomic
The layering functionality however requires some potential changes
in your packages.
is a recent bug that shows one example. You can find more
On Wed, Dec 21, 2016, at 07:19 AM, Björn Persson wrote:
> > The fontconfig cache files are placed onto /var/cache/fontconfig now.
> > this seems incompatible with the ostree model. so this is a proposal
> > to move it to /usr/lib/fontconfig/cache.
> Is OStree calling for the entire /var/cache
On Thu, Dec 8, 2016, at 09:26 PM, Colin Walters wrote:
> Anyways, in the big picture, while I don't speak for everyone on the Project
> Atomic side,
> I personally point users at CentOS first, unless I have some reason to think
> they want Fedora.
> Something like 80% of Fedor
On Thu, Dec 8, 2016, at 01:26 PM, Dennis Gilmore wrote:
> I would like to see us stop pushing non security updates to updates from
> updates-testing entirely and do it in monthly batches instead. we would push
> daily security fixes and updates-testing. However this would make atomic
On Tue, Dec 6, 2016, at 08:26 PM, Zbigniew Jędrzejewski-Szmek wrote:
> An alternative proposal: add a opt-out/opt-in flag (similar to
> %global _strict_c_flags 0/1
What I've been doing for years now is to carry a baseline set of
"warnings that must be errors" in my projects,
On Wed, Nov 23, 2016, at 08:49 AM, Miroslav Suchý wrote:
> I just wanted to download F25 Cloud image for OpenStack and was surprised
> that there is none. There is just Atomic image.
> But Atomic use rpm-ostree for installing packages. There is no DNF.
On the host, yes. But the intent is to
On Wed, Nov 16, 2016, at 02:49 PM, Stephen Gallagher wrote:
> Today, Fedora Server relies on whatever is the default for
> We just tell Anaconda to reserve up to 15GiB by default for the / partition
> then it puts all remaining free space (on drives selected to be
Hey, so as part of the discussion about NetworkManager vs systemd-networkd,
one thing that happened is networkd started exposing its DHCP code as
a shared library, and NetworkManager learned to use it if one specifies
in /etc/NetworkManager/NetworkManager.conf. I
Now that Cloud -> Atomic and will be focusing on Project Atomic, can we move the
Docker base image into this group from the "Fedora Base" group?
It never really made sense to me in Base; in:
$ git log --format='%ae' fedora-docker-base.ks | sort -u
On Tue, Jul 19, 2016, at 07:32 AM, Nikos Mavrogiannopoulos wrote:
> Is there some notion or definition of a Fedora minimal or base image?
A lot depends on whether "image" is a container or OS, which mostly
boils down to "contains a kernel".
For containers I would look at:
On Wed, Jul 13, 2016, at 03:04 PM, Andrew Lutomirski wrote:
> I want to add a couple more to the scope: dnf and PackageKit. I don't
> care *how* dnf and PackageKit get started. If they're making changes,
> systemd should *not* zap them on logout.
PackageKit has been a daemon from the start
On Thu, Jul 14, 2016, at 08:33 AM, Colin Walters wrote:
> Another thing I think is cool is that we use bubblewrap to
> run %post scripts, which greatly helps avoid system damage from badly written
> scripts, and helps ensure that system changes are under control of rpm-ost
is now in Bodhi:
Remember, to try it, you can rebase an existing Atomic Host system
On Tue, Jun 14, 2016, at 09:18 PM, Michael Catanzaro wrote:
> Also, keep in mind that Flatpaks are not the only new type of software
> we intend to support in Fedora. I know other folks are looking into
> supporting Docker containers; I believe that's a Server WG initiative?
One of the
On Wed, May 18, 2016, at 03:06 PM, Subhendu Ghosh wrote:
> Is ostree remotes in scope?
ostree has /etc/ostree/remotes.d today...the only thing I can think of
here is that there are certainly use cases for having some common
configuration between yum repos and ostree remotes - things like TLS
On Thu, Apr 28, 2016, at 06:52 PM, Adam Miller wrote:
> Docker Layered Image "packaging" Guidelines 
This current design means Dockerfiles are always secondary shims.
I think the most interesting case is for new services which are
Docker/container only at least upstream.
Do we e.g.
On Thu, Apr 14, 2016, at 12:35 PM, Petr Šabata wrote:
> Good news, everyone,
> the first draft of the module metadata format is now available
> for you to comment on. We've decided to go with YAML so it
> should be fairly readable. You can view the latest version here:
On Fri, Apr 8, 2016, at 05:36 AM, Florian Weimer wrote:
> Remote attestation only works with a trusted counterpart who rejects
> access once a breach is detected. Who do you expect to be the
> counterpart for Fedora users? Is there anyone who offers such a service
> without also requiring to
On Fri, Apr 8, 2016, at 05:23 AM, Petr Pisar wrote:
> I'm curious how you would predict hash of initramfs because it is
> generated on the host and depends on dracut configuration and presence
> of various optionally installed packages.
That's true for a system managed by yum/dnf, but
On Tue, Mar 22, 2016, at 08:27 AM, Stephen Gallagher wrote:
> I'd also point out that the supported mechanism for upgrading from F23 to F24
That's one of them - there are two. I have extended:
to also cover rpm-ostree managed systems such as the
On Fri, Feb 19, 2016, at 02:37 PM, Kevin Fenzi wrote:
> * Setup tags for all the various groups that have kickstarts. ie,
> 'xfce' 'docker' 'cloud' 'atomic' 'workstation' etc. And get someone
> from each of those groups to actually watch the tags or someone to CC
> on who will actually
The OpenEmbedded project has been doing this for quite a while:
devel mailing list
On Wed, Feb 3, 2016, at 05:54 PM, Chris Murphy wrote:
> > NAICT, DNF, like Yum before it, offers no option I can recognize from its
> > man
> > page to download less than all the to-be-updated/installed packages before
> > proceeding to install any packages. Thus it downloads (typically
On Wed, Jan 27, 2016, at 12:45 PM, Kevin Fenzi wrote:
> pygobject3 -- Python 2 bindings for GObject Introspection ( master f23 f22 )
In practice this is mostly a mirror of upstream that has automatic commits
from kalev, but I'll take it as primary point of contact for any downstream
On Tue, Jan 19, 2016, at 08:05 AM, Nico Kadel-Garcia wrote:
> There are actually some very real security reasons not to let mock
> pull arbitrary configuration files from local directories. It would
> provide way, way too much power to the local developer to build
> arbitrary chroot cages on the
On Tue, Jan 19, 2016, at 04:16 AM, Nikos Mavrogiannopoulos wrote:
> The issue is that blacklists are terrible from a security standpoint.
> That means that every new obscure system call added to the kernel will
> be available by default in your program.
On Tue, Jan 19, 2016, at 11:08 AM, Andrew Lutomirski wrote:
On Jan 19, 2016 7:41 AM, "Colin Walters" <walt...@verbum.org> wrote:
> On Tue, Jan 19, 2016, at 04:16 AM, Nikos Mavrogiannopoulos wrote:
> > The issue i
On Mon, Jan 11, 2016, at 09:46 AM, Jan Kurik wrote:
> = Proposed System Wide Change: Change Proposal Name NewRpmDBFormat =
It'd be interesting to know the technical details, worth reposting once there's
a design document or prototype PR.
On Thu, Dec 17, 2015, at 08:28 AM, Neil Horman wrote:
> I would question why its necessecary to keep systemd out so ardently. If you
> build your container layers properly, you can effectively put systemd in a
> container and layer other applications in child containers that inherit
On Thu, Dec 17, 2015, at 10:24 AM, Lennart Poettering wrote:
> Can you give realistic examples for these? Can you explain what you
> are intend to run as PID 1 in them instead?
Nothing, if the pid namespace did zombie collection in the kernel,
you don't need a separate init.
> What is cleaning
1 - 100 of 379 matches
Mail list logo