1 |
On Thu, Jul 26, 2012 at 6:35 PM, Zac Medico <zmedico@g.o> wrote: |
2 |
> |
3 |
> It seems like you might need some kind of copy-on-write support, at |
4 |
> least to run pkg_setup. Apparently cowbuilder uses cow hardlinks for |
5 |
> that. Another way would be to use fiemap (cp --reflink). |
6 |
|
7 |
Reflinks would be a much clearer implementation if you can assume |
8 |
everything is on a single COW filesystem. |
9 |
|
10 |
However, that seems like a bit of a strong restriction to have. |
11 |
Cowbuilder seems to use hard links which are also limited to the same |
12 |
filesystem, and it seems to use its own private build image besides. |
13 |
|
14 |
I was thinking mainly in terms of giving limited visibility only to |
15 |
those stages which should have it - the setup/postinst/etc phases |
16 |
probably should have access to the real root. |
17 |
|
18 |
A more ambitious undertaking would be to extend this to running |
19 |
applications and not just building them. That is clearly beyond |
20 |
portage (other than maybe maintaining the list of files requiring |
21 |
runtime access), and would probably require either a namespace |
22 |
extension to ld.so, use of MAC, or changes to the kernel itself. One |
23 |
implementation might be auto-creating SELinux policies at install time |
24 |
based on declared RDEPENDS. |
25 |
|
26 |
Ideally I'd love to see something like this be usable on an end-user |
27 |
system - and not just be a QA tool. Thanks to those who chimed in |
28 |
with similar projects - glad to see some work already done in this |
29 |
area. |
30 |
|
31 |
Rich |