On 09/09/2016 11:51 AM, Jeff Osier-Mixon wrote:
Hi all - we are in the planning stages for DevDay at ELCE right now,
particularly the advanced track. This track changes every session,
usually to cover the things we are working on hardest - for example,
in San Diego we covered CROPS, devtool, the latest Toaster features,
and much more.
Whether you are able to attend DevDay or not, we would be grateful to
hear your suggestions for subjects to cover in the advanced track. We
are currently planning talks about CROPS, devtool and the ESDK,
Toaster, wic, smack, security, and a few other things. If you have a
burning desire to hear about something specific, please let us know.
*** Status and state of the art for read-only root filesystems.
1) r/o root + tmpfs only for ephemeral systems
2) r/o root + select r/w points (bind-volatile?)
3) r/o root + unionfs r/w
My interest would be in #1 & #2 as it is security related.
r/w mount would be nosuid, nodev, etc and perhaps noexec
A survey of the space should include #3 however.
I know there is a section in the developer manual for the basic
mechanisms of r/o root but it appears a lot is left as an excrice for
the user. Are the full demo images etc?
*** What is the OE/YP response to Ubuntu-core?
4) Can Yocto build transactionally updated-able bundles for kernel and
core-os/root-fs?
5) Can Yocto [cross-]build snaps or flatpaks?
6) Will snapd (or whatever flatpak needs) become 1st class ecosystem
components?
Ex: meta-snappy has a lot of good work but is early days
Currently meta-snappy disables AppArmor & seccomp
snapd does only light ns & cgroup control and relies on
AppArmor to do most of the containment
so snapd w/o AppArmor is a demo
[Arch is no better BTW]
Bill
--
_______________________________________________
yocto mailing list
[email protected]
https://lists.yoctoproject.org/listinfo/yocto
