modules, firmware, kernel size (was Re: systemd requires HTTP server and serves QR codes)

[Richard W.M. Jones]

On Wed, Oct 17, 2012 at 07:34:22PM +0200, drago01 wrote:
> If it is all about using kernel-minimal (or whatever it is called)
> instead of kernel there is no extra work for the ones that build
> minimal images at all.

It really depends on what 'kernel-minimal' is.  If it's the
same kernel (identical vmlinuz) with groups of modules, then I'm
assuming this is the same as what everyone else is proposing.

But more dangerous if this is a recompile of the kernel (maybe same
source, different configs).  Then inevitably we're testing different
codepaths.

[...]
> > Unfortunately containers don't work for every application out there.
> > Obviously *if* you can use a container, then you should, and you
> > probably are already.
> 
> That might be true but I can't think of such applications right now.
> Couldn't the applications you have in mind be modified / fixed to work
> in such an environment?

LXC isn't a secure alternative to full virtualization -- try poking
random /sys files on your container -- and even now OpenVZ isn't quite
upstream.  Also clouds are existing ecosystems.  For example I can't
call up Amazon and ask that they reimplement their service on top of
LXC instead of Xen.

> In that case you should place the image on your internal network.

Well, no.  I don't colocate with everyone who might want to download a
minimal image.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
libguestfs lets you edit virtual machines.  Supports shell scripting,
bindings from many languages.  http://libguestfs.org