[Rpm-maint] [rpm-software-management/rpm] RPM with Copy on Write (#1470)
chantra
notifications at github.com
Fri Feb 11 19:33:20 UTC 2022
Thanks for the heads-up @cgwalters .
> Bear in mind that rpm is also used inside containers, not necessarily with `CAP_SYS_ADMIN` privileges as is typical on "host systems". And inside containers, one can't rely necessarily on the ability to recursively apply container/sandboxing features.
>
So `rpm2extents` needs zero capability, so I am hoping caps would not be an issue. But to your point, relying on userns to be able to chroot as an unprivileged user would probably break within a container.
> Carrying a seccomp policy is a very heavy investment.
>
> In rpm-ostree we have a mixed usage of systemd and bwrap, but since we now are trying to also run inside a container as part of [ostree native containers](https://fedoraproject.org/wiki/Changes/OstreeNativeContainer) it's forcing us to not have those as hard dependencies.
Tanks for the link.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1470#issuecomment-1036547982
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/1470/c1036547982 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220211/4323d097/attachment-0001.html>
More information about the Rpm-maint
mailing list