[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [lmi] dpkg error on redhat server
|
From: |
Vadim Zeitlin |
|
Subject: |
Re: [lmi] dpkg error on redhat server |
|
Date: |
Wed, 9 Oct 2019 22:36:37 +0200 |
On Wed, 9 Oct 2019 15:52:03 +0000 Greg Chicares <address@hidden> wrote:
GC> On 2019-10-08 21:56, Vadim Zeitlin wrote:
GC> > On Tue, 8 Oct 2019 21:51:07 +0000 Greg Chicares <address@hidden> wrote:
GC> >
GC> > GC> [server]$ls -ld /srv/chroot/lmi_bullseye_1/opt/lmi
GC> > GC> drwxr-xr-x 2 1007 su-secdesign 40 Oct 8 11:33
/srv/chroot/lmi_bullseye_1/opt/lmi
GC> > GC> ^^^^^^^^^^^^ who ordered that?
GC>
GC> That turns out to be the name of a group.
Oh, yes, sure, this much was clear enough, I just didn't know if it was a
standard group or one existing only on this server.
GC> But that was just the tip of the iceberg. I had never realized
GC> how much these UIDs and GIDs matter, because every GNU/Linux
GC> system I've ever worked with has greg:greg == 1000:1000 but
GC> this server just wasn't set up that way. And I'd always thought
GC> that UIDs and GIDs inside a chroot don't matter, because they've
GC> always had the One True Value in my prior experience, so I never
GC> needed to make sure they matched the host system's values--I just
GC> figured they had their own namespace.
No, this is the main difference between simple chroot and containers.
Inside a container, all namespaces can be virtualized, including UIDs, but
inside chroot, only the filesystem is virtualized and all the rest is
shared with the main system. For my use it's actually more convenient
precisely because it means I can reuse the same directories in both places,
but containers definitely have an important advantage here (and I think you
can avoid virtualizing UIDs with containers if you don't want to, while
with chroot you don't have any choice).
I'm saying all this just because I start wondering if this low
technological chroot approach is not costing us/you too much time, after
all, and if maybe it would be better to invest a bit more time to create a
Docker container for building lmi instead, that you could run on any system
with Docker installed on it. But maybe it's too late to propose it now,
when you've already spent so much time on this...
Regards,
VZ
pgpgB9UANu8y4.pgp
Description: PGP signature
- [lmi] dpkg error on redhat server, Greg Chicares, 2019/10/07
- Re: [lmi] dpkg error on redhat server, Vadim Zeitlin, 2019/10/07
- Re: [lmi] dpkg error on redhat server, Greg Chicares, 2019/10/07
- Re: [lmi] dpkg error on redhat server, Vadim Zeitlin, 2019/10/07
- Re: [lmi] dpkg error on redhat server, Greg Chicares, 2019/10/08
- Re: [lmi] dpkg error on redhat server, Vadim Zeitlin, 2019/10/08
- Re: [lmi] dpkg error on redhat server, Greg Chicares, 2019/10/08
- Re: [lmi] dpkg error on redhat server, Greg Chicares, 2019/10/09
- Re: [lmi] dpkg error on redhat server,
Vadim Zeitlin <=
- Re: [lmi] dpkg error on redhat server, Greg Chicares, 2019/10/09