[Rpm-maint] [rpm-software-management/rpm] RPM with Copy on Write (#1470)

chantra notifications at github.com
Fri Feb 11 19:33:20 UTC 2022


Thanks for the heads-up @cgwalters .

> Bear in mind that rpm is also used inside containers, not necessarily with `CAP_SYS_ADMIN` privileges as is typical on "host systems". And inside containers, one can't rely necessarily on the ability to recursively apply container/sandboxing features.
> 

So `rpm2extents` needs zero capability, so I am hoping caps would not be an issue. But to your point, relying on userns to be able to chroot as an unprivileged user would probably break within a container.

> Carrying a seccomp policy is a very heavy investment.
> 
> In rpm-ostree we have a mixed usage of systemd and bwrap, but since we now are trying to also run inside a container as part of [ostree native containers](https://fedoraproject.org/wiki/Changes/OstreeNativeContainer) it's forcing us to not have those as hard dependencies.

Tanks for the link.



-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1470#issuecomment-1036547982
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/1470/c1036547982 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220211/4323d097/attachment-0001.html>


More information about the Rpm-maint mailing list