karlthered at gmail.com
Fri Sep 6 19:10:24 UTC 2013
Le 6 sept. 2013 20:19, "Richard W.M. Jones" <rjones at redhat.com> a écrit :
> On Wed, Sep 04, 2013 at 04:29:27PM +0200, Lukas Zapletal wrote:
> > On Wed, Sep 04, 2013 at 09:04:10AM +0200, Miroslav Suchy wrote:
> > > Compare it to Copr and OBS approach, when package is build in VM and
> > > after that backend will retrieve the results from VM. So on builder
> > > (of OBS and COPR) is no sensitive information at all.
> > Are we able to evaluate, how much slower this is? Currently Fedora Koji
> > is pretty fast, I usually get near-to-instant build pick-ups.
> > I can imagine spawning a VM can be slower. At least when using full
> > QEMU/KVM. I see the point that containers/selinux and such technologies
> > can do better in here.
> Please measure this before making incorrect statements.
> I have done, and you should be able to boot up a Fedora VM in 3-5
> seconds on c.2010 Intel hardware (which is what libguestfs does).
> Alternately you can restore the VM from a saved image in even less
> There's no significant advantage to using containers for this.
> Containers are also *not* secure -- see Dan Berrange's reply a few
> days ago for the full details about that.
No, it's less secure than kvm but it still provides better isolation than
a mere chroot.
Secure containers as dwalsh described is a worthy improvement.
> Richard Jones, Virtualization Group, Red Hat
> Read my programming blog: http://rwmj.wordpress.com
> Fedora now supports 80 OCaml packages (the OPEN alternative to F#)
> devel mailing list
> devel at lists.fedoraproject.org
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the devel