<p dir="ltr"><br>
Le 6 sept. 2013 20:19, "Richard W.M. Jones" <<a href="mailto:rjones@redhat.com">rjones@redhat.com</a>> a écrit :<br>
><br>
> On Wed, Sep 04, 2013 at 04:29:27PM +0200, Lukas Zapletal wrote:<br>
> > On Wed, Sep 04, 2013 at 09:04:10AM +0200, Miroslav Suchy wrote:<br>
> > > Compare it to Copr and OBS approach, when package is build in VM and<br>
> > > after that backend will retrieve the results from VM. So on builder<br>
> > > (of OBS and COPR) is no sensitive information at all.<br>
> ><br>
> > Are we able to evaluate, how much slower this is? Currently Fedora Koji<br>
> > is pretty fast, I usually get near-to-instant build pick-ups.<br>
> ><br>
> > I can imagine spawning a VM can be slower. At least when using full<br>
> > QEMU/KVM. I see the point that containers/selinux and such technologies<br>
> > can do better in here.<br>
><br>
> Please measure this before making incorrect statements.<br>
><br>
> I have done, and you should be able to boot up a Fedora VM in 3-5<br>
> seconds on c.2010 Intel hardware (which is what libguestfs does).<br>
> Alternately you can restore the VM from a saved image in even less<br>
> time.<br>
><br>
> There's no significant advantage to using containers for this.<br>
> Containers are also *not* secure -- see Dan Berrange's reply a few<br>
> days ago for the full details about that.<br>
></p>
<p dir="ltr">No, it's less secure than kvm but it still provides better isolation than a mere chroot.<br>
Secure containers as dwalsh described is a worthy improvement.<br></p>
<p dir="ltr">> Rich.<br>
><br>
> --<br>
> Richard Jones, Virtualization Group, Red Hat <a href="http://people.redhat.com/~rjones">http://people.redhat.com/~rjones</a><br>
> Read my programming blog: <a href="http://rwmj.wordpress.com">http://rwmj.wordpress.com</a><br>
> Fedora now supports 80 OCaml packages (the OPEN alternative to F#)<br>
> --<br>
> devel mailing list<br>
> <a href="mailto:devel@lists.fedoraproject.org">devel@lists.fedoraproject.org</a><br>
> <a href="https://admin.fedoraproject.org/mailman/listinfo/devel">https://admin.fedoraproject.org/mailman/listinfo/devel</a><br>
> Fedora Code of Conduct: <a href="http://fedoraproject.org/code-of-conduct">http://fedoraproject.org/code-of-conduct</a></p>