COPR

Miroslav Suchý msuchy at redhat.com
Mon Sep 2 08:54:11 UTC 2013 

On 08/30/2013 05:59 PM, Daniel P. Berrange wrote:
> On Fri, Aug 30, 2013 at 11:52:05AM -0400, Colin Walters wrote:
>> On Fri, 2013-08-30 at 09:01 -0400, Colin Walters wrote:
>> Also, wow, I just followed and read the link:
>> http://lists.opensuse.org/opensuse-buildservice/2013-07/msg00044.html
>>
>> I know this is old code and stuff, but writing the data to the swap
>> partition sounds very Rube Goldberg.

It sounds complicated. But the reason is:
since during build, the code is run under root, you must assume very hostile environment.
The packager can do on builder *anything*. Even modify file system. Directly on block device.
And if you mount the guestfs as whole FS, there is potential to exploit kernel FS. In past there were problems where 
kernel oopsed because FS was damaged. So OBS team decided that this has potential for exploit and
into swap data is written number of blocks where the files reside and from that guest FS are read just those blocks 
directly.
Using virtio-serial can be used for that, but I guess that it was not available at that time (and AFAIK it will not work 
no s390 zVM).

Also reading that directly (instead of tar-ing) will save some time for big results (1.1 GB texlive or 9GB DVD image).

But personally I think this is just implementation detail. Not the biggest question on this decision.

> Now that virtio-serial exists,
>> it's easy to set up arbitrary private guest-host communication channels
>> without involving networking/TCP.
>>
>> Were OBS to use mock in a VM I'd expect it to basically do:
>>
>> tar cf /dev/virtio-ports/org.fedoraproject.mock /var/lib/mock/result
>>
>> and then the host could read that tar file.
>
> Or you could just map a directory on the host into /var/lib/mock/result
> in the guest, using the virtio-9p filesystem feature of KVM. Basically
> this gives you shared filesystem, but without any TCP/networking involved.
>
> NB, works with KVM in Fedora hosts, but not RHEL which does not ship 9p
> support

Thanks for pointing me to these two technologies, I was not aware of them.

-- 
Miroslav Suchy, RHCE, RHCDS
Red Hat, Software Engineer, #brno, #devexp, #fedora-buildsys

More information about the devel mailing list