[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [lmi] Missing system directories in chroot [Was: Creating a chroot f
From: |
Vadim Zeitlin |
Subject: |
Re: [lmi] Missing system directories in chroot [Was: Creating a chroot for cross-building lmi] |
Date: |
Fri, 16 Sep 2016 22:52:21 +0200 |
On Fri, 16 Sep 2016 20:39:11 +0000 Greg Chicares <address@hidden> wrote:
GC> I'm willing to accept that what I observed is impossible as long as
GC> 'schroot' is free of defects. But it is not--it "is using the host's
GC> filesystem to resolve symlinks in the chroot":
I am not sure if it's worth delving into these bug reports, but, at the
risk of seeming stubborn, I don't think any defect with symlinks in schroot
could allow code running inside a chroot to escape from it -- this would
only be possible due to a (horrible) bug in the kernel and I definitely
haven't heard about anything like this.
GC> This appears to be the same problem:
GC> https://github.com/codelibre-net/schroot/pull/20
GC> and this definitely is:
GC> https://bugs.launchpad.net/ubuntu/+source/schroot/+bug/1438942
These bugs seems to say that due to some symlink-related bug, schroot
mounts tmpfs at a wrong mount point. This is perfectly possible, of course,
all I was saying is that whatever schroot does, you can't affect the host
system by doing anything with a symlink inside a chroot.
GC> > Just to conclude this discussion, if you really want to have a fully
GC> > isolated, VM-like, Linux system, then LXC is probably the way to go. As
for
GC> > Docker, it could be used to make a container containing lmi and everything
GC> > it needs and allowing to run it on any recent Linux system, including
GC> > RedHat ones.
GC>
GC> Soon we'll try cross-compiling with redhat, and if that turns out to be
GC> arduous (either technically, or politically, or both), then a container
GC> might be the best answer. In that case, would you prefer LXC to docker?
They're useful for different things. LXC is a lightweight KVM replacement
and can be used in the same way as full-fledged virtual machines (except it
uses the same kernel, of course, so you can't be running MSW or OS/2 using
LXC) while Docker is something quite different and is more useful for
distributing/deploying individual applications.
So the choice depends on what exactly you'd like to do and it's even
possible that both could be useful: LXC for setting up a development
environment for working on lmi and Docker for distributing the pre-built
version of lmi to other systems.
I hope this explains it, but please let me know if you have more
questions,
VZ
- [lmi] Creating a chroot for cross-building lmi, Greg Chicares, 2016/09/01
- Re: [lmi] Creating a chroot for cross-building lmi, Vadim Zeitlin, 2016/09/08
- [lmi] Missing system directories in chroot [Was: Creating a chroot for cross-building lmi], Greg Chicares, 2016/09/15
- Re: [lmi] Missing system directories in chroot [Was: Creating a chroot for cross-building lmi], Vadim Zeitlin, 2016/09/15
- Re: [lmi] Missing system directories in chroot [Was: Creating a chroot for cross-building lmi], Greg Chicares, 2016/09/15
- Re: [lmi] Missing system directories in chroot [Was: Creating a chroot for cross-building lmi], Vadim Zeitlin, 2016/09/16
- Re: [lmi] Missing system directories in chroot [Was: Creating a chroot for cross-building lmi], Greg Chicares, 2016/09/16
- Re: [lmi] Missing system directories in chroot [Was: Creating a chroot for cross-building lmi], Vadim Zeitlin, 2016/09/16
- Re: [lmi] Missing system directories in chroot [Was: Creating a chroot for cross-building lmi], Greg Chicares, 2016/09/16
- Re: [lmi] Missing system directories in chroot [Was: Creating a chroot for cross-building lmi],
Vadim Zeitlin <=
- Re: [lmi] Missing system directories in chroot [Was: Creating a chroot for cross-building lmi], Greg Chicares, 2016/09/16
- Re: [lmi] Missing system directories in chroot [Was: Creating a chroot for cross-building lmi], Vadim Zeitlin, 2016/09/16
- Re: [lmi] Missing system directories in chroot [Was: Creating a chroot for cross-building lmi], Greg Chicares, 2016/09/22
- Re: [lmi] Missing system directories in chroot [Was: Creating a chroot for cross-building lmi], Vadim Zeitlin, 2016/09/23
- Re: [lmi] Missing system directories in chroot [Was: Creating a chroot for cross-building lmi], Greg Chicares, 2016/09/23
- Re: [lmi] Missing system directories in chroot [Was: Creating a chroot for cross-building lmi], Greg Chicares, 2016/09/16
- Re: [lmi] Missing system directories in chroot [Was: Creating a chroot for cross-building lmi], Greg Chicares, 2016/09/16
Re: [lmi] Creating a chroot for cross-building lmi, Greg Chicares, 2016/09/25