From: Henning Schild <henning.schild@siemens.com>
To: Baurzhan Ismagulov <ibr@radix50.net>
Cc: <isar-users@googlegroups.com>
Subject: Re: [PATCH 0/9] first wic integration
Date: Wed, 31 Jan 2018 16:46:40 +0100 [thread overview]
Message-ID: <20180131164640.67f24acb@mmd1pvb1c.ad001.siemens.net> (raw)
In-Reply-To: <20180131152118.GJ6508@yssyq.radix50.net>
Am Wed, 31 Jan 2018 16:21:18 +0100
schrieb Baurzhan Ismagulov <ibr@radix50.net>:
> On Wed, Jan 31, 2018 at 03:01:48PM +0100, Jan Kiszka wrote:
> > >> BTW, we also need to address unprivileged or container-compatible
> > >> binfmt, or we won't be able to do cross stuff. Probably
> > >> solvable, maybe via namespace support for binfmt in the upstream
> > >> kernel, but far from reachable in the near future.
> > >
> > > That is another issue to fix, but it isn't related to hacking
> > > wic, is it?
> >
> > It is related to the question if we need to worry about sudo wic
> > right now or can do this when all the other issues that prevent
> > unprivileged Isar building are solved. I would say the latter
> > applies here.
>
> Unprivileged != container-compatible.
>
> Sudo is a hack. Solving it has value.
>
> That said, my concern isn't prioritizing that. My concern is imposing
> sudo on wic users when we already have an effective, manageable
> workaround in master.
No we do not. The stuff in master is a ton of "sudo" and
all-you-can-eat sudo for plugins, totally unsafe like the patch i sent.
> There is also an architectural issue with that. All-in sudo would
> hide the details why we need it, thus moving unprivileged builds
> farther away.
I have a patch ready that takes care of "du" and "mkfs" and therefore
documents their "sudo"-needs.
Henning
> At the end, wic should be compatible with Isar and be available
> without importing it into Isar. If we want to work with upstream, we
> should start with that and not with breaking the existing code. If
> existing tools were sufficient, we wouldn't need Isar in the first
> place; upstreaming should be a good practical trade-off and not
> transform into purification that stands in the way.
>
> Thus my suggestion to keep selective sudo in wic. It doesn't require
> reworking the series, we can just drop the patch 7.
>
> With kind regards,
> Baurzhan.
>
next prev parent reply other threads:[~2018-01-31 15:46 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-31 9:41 Henning Schild
2018-01-31 9:41 ` [PATCH 1/9] classes: image: introduce size measuring function, for before do_*_image Henning Schild
2018-01-31 9:41 ` [PATCH 2/9] images: new class wic-img for wic intregration Henning Schild
2018-02-13 14:44 ` Alexander Smirnov
2018-02-13 16:06 ` Henning Schild
2018-01-31 9:41 ` [PATCH 3/9] wic: add a bootimg-efi-isar plugin outside the wic tree Henning Schild
2018-02-12 17:48 ` Jan Kiszka
2018-01-31 9:41 ` [PATCH 4/9] Revert "wic: Make the bootimg-efi plugin generate usable images" Henning Schild
2018-01-31 9:41 ` [PATCH 5/9] Revert "wic: Introduce the `WicExecError` exception class" Henning Schild
2018-01-31 9:41 ` [PATCH 6/9] Revert "wic: Work around mcopy error" Henning Schild
2018-01-31 9:41 ` [PATCH 7/9] Revert "wic: Use sudo instead of pseudo" Henning Schild
2018-01-31 9:41 ` [PATCH 8/9] Revert "wic: Remove sysroot support" Henning Schild
2018-01-31 9:42 ` [PATCH 9/9] wic: now truly go for the wic version we claim to have Henning Schild
2018-01-31 10:11 ` Alexander Smirnov
2018-01-31 10:55 ` Jan Kiszka
2018-01-31 11:11 ` Alexander Smirnov
2018-01-31 11:43 ` Jan Kiszka
2018-01-31 11:53 ` Baurzhan Ismagulov
2018-01-31 12:01 ` Jan Kiszka
2018-01-31 12:28 ` Baurzhan Ismagulov
2018-01-31 13:53 ` Henning Schild
2018-01-31 14:01 ` Baurzhan Ismagulov
2018-01-31 14:21 ` Henning Schild
2018-01-31 10:02 ` [PATCH 0/9] first wic integration Alexander Smirnov
2018-01-31 10:12 ` Henning Schild
2018-01-31 11:24 ` Baurzhan Ismagulov
2018-01-31 11:47 ` Jan Kiszka
2018-01-31 12:02 ` Baurzhan Ismagulov
2018-01-31 12:15 ` Jan Kiszka
2018-01-31 13:30 ` Jan Kiszka
2018-01-31 13:41 ` Baurzhan Ismagulov
2018-01-31 14:01 ` Jan Kiszka
2018-01-31 15:21 ` Baurzhan Ismagulov
2018-01-31 15:46 ` Henning Schild [this message]
2018-01-31 16:13 ` Jan Kiszka
2018-01-31 13:35 ` Baurzhan Ismagulov
2018-01-31 13:47 ` Henning Schild
2018-01-31 14:00 ` Baurzhan Ismagulov
2018-01-31 13:46 ` Henning Schild
2018-01-31 13:36 ` Henning Schild
2018-01-31 13:40 ` Baurzhan Ismagulov
2018-01-31 13:05 ` Henning Schild
2018-02-01 12:41 ` [PATCH] images: wic: limit use of sudo and enable manual call again Henning Schild
2018-02-01 12:44 ` Henning Schild
2018-02-01 16:09 ` Baurzhan Ismagulov
2018-02-01 18:10 ` Henning Schild
2018-02-01 18:55 ` Henning Schild
2018-02-12 19:07 ` Henning Schild
2018-02-12 17:27 ` [PATCH 0/9] first wic integration Henning Schild
2018-02-12 18:21 ` Alexander Smirnov
2018-02-12 18:30 ` Henning Schild
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180131164640.67f24acb@mmd1pvb1c.ad001.siemens.net \
--to=henning.schild@siemens.com \
--cc=ibr@radix50.net \
--cc=isar-users@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox