| 1 |
On Thu, Jul 26, 2012 at 6:35 PM, Zac Medico <zmedico@g.o> wrote: |
| 2 |
> |
| 3 |
> It seems like you might need some kind of copy-on-write support, at |
| 4 |
> least to run pkg_setup. Apparently cowbuilder uses cow hardlinks for |
| 5 |
> that. Another way would be to use fiemap (cp --reflink). |
| 6 |
|
| 7 |
Reflinks would be a much clearer implementation if you can assume |
| 8 |
everything is on a single COW filesystem. |
| 9 |
|
| 10 |
However, that seems like a bit of a strong restriction to have. |
| 11 |
Cowbuilder seems to use hard links which are also limited to the same |
| 12 |
filesystem, and it seems to use its own private build image besides. |
| 13 |
|
| 14 |
I was thinking mainly in terms of giving limited visibility only to |
| 15 |
those stages which should have it - the setup/postinst/etc phases |
| 16 |
probably should have access to the real root. |
| 17 |
|
| 18 |
A more ambitious undertaking would be to extend this to running |
| 19 |
applications and not just building them. That is clearly beyond |
| 20 |
portage (other than maybe maintaining the list of files requiring |
| 21 |
runtime access), and would probably require either a namespace |
| 22 |
extension to ld.so, use of MAC, or changes to the kernel itself. One |
| 23 |
implementation might be auto-creating SELinux policies at install time |
| 24 |
based on declared RDEPENDS. |
| 25 |
|
| 26 |
Ideally I'd love to see something like this be usable on an end-user |
| 27 |
system - and not just be a QA tool. Thanks to those who chimed in |
| 28 |
with similar projects - glad to see some work already done in this |
| 29 |
area. |
| 30 |
|
| 31 |
Rich |
Archives