Future directions for Fedora Cloud
Colin Walters
walters at verbum.org
Mon Sep 16 20:57:43 UTC 2013
On Wed, 2013-09-11 at 12:01 -0400, Matthew Miller wrote:
> So, idea one is to make something like CoreOS (http://coreos.com/): a
> lightweight distribution made for running containers on top of. We wouldn't
> attempt to be _as_ lightweight as CoreOS (for that, there's CoreOS), but aim
> to be small while still providing key features like SELinux.
How SELinux would work in a coreos/container deployment setup is an
interesting question. One could imagine docker containers coming with
policy modules, but that ends up tying them to a specific host version,
which is kind of against the point of containers.
More realistically I think one would have a relatively permissive domain
(generic_container_t), and use something like MCS labels to restrict the
flow of information between containers and the host.
> Perhaps this
> could be built with Colin Walter's OSTree (see
> https://wiki.gnome.org/OSTree) for atomic updates.
To follow up on this, I have been working slowly on this tool called
"yum-ostree" which is designed to capture packages as OSTree commits.
At the moment it's just a lame python script, but it's nearly to the
point of being useful. I'll post to the generic fedora-devel-list when
it's ready.
As far as OSTree compared to CoreOS; the biggest difference is that the
CoreOS updater mandates a particular filesystem chosen on the build
server, because it sends block-level diffs. OSTree operates at the
filesystem layer (like rsync), and this allows more flexibility. (At
the moment though, OSTree is significantly less efficient on the network
side).
More information about the cloud
mailing list