Bug#823322: please build "systemd-sysusers" binary
Alban Crequy (Kinvolk)
alban at kinvolk.io
Mon Jun 6 15:43:47 BST 2016
On Mon, Jun 6, 2016 at 1:53 PM, Michael Biebl <biebl at debian.org> wrote:
>
> Hi
>
> Am 06.06.2016 um 09:34 schrieb Luca BRUNO:
> > On Sun, 5 Jun 2016 21:58:54 +0200 Michael Biebl <biebl at debian.org> wrote:
> >
> >> Am 05.06.2016 um 17:59 schrieb Dmitry Smirnov:
> >>> Could we introduce raw "systemd-sysusers" binary ASAP to fix "rkt" please?
> >>
> >> The size is a concern, and we mentioned this before.
> >> This really is a wishlist bug, so bumping the severity is not justified.
> >
> > In a previous follow-up I proposed an alternative if size bloat is a concern:
> > adding "systemd-sysusers" to the "systemd-container" binary package (possibly
> > without enabling it).
> >
> > Are there other downsides wrt this approach?
>
> I don't really think systemd-sysusers fits the scope of the
> systemd-container package and a separate binary package for
> systemd-sysusers seems like overkill.
>
> Now, regarding my concerns: The size increase is one (which will affect
> everyone if we ship it s part of the systemd package).
> More importantly, enabling a new feature means we'll have to support it
> in the future as people will eventually make use of it.
> So we better have a good reason to turn it on.
> Maybe I missed it, but I haven't quite understood yet, why rkt has a
> hard (and not a soft) depenency on systemd-sysusers. The upstream bug
> report that was referenced earlier wasn't really enlightening in that
> regard.
When rkt fully added the support for running apps as a non-root user
in the container, we used systemd-sysusers to generate passwd/group in
the container. The hard dependency comes from the upstream code. It
could be argued that rkt should implement that differently... for
example, we could reimplement the feature from systemd-sysusers in
Golang directly in rkt. But I think it is better to rely on
systemd-sysusers to reduce the amount of code in rkt and to avoid
"not-invented-here" code.
I am not sure how a soft-dependency would work. rkt could have a
build-time option to disable the support for running apps as a
non-root user. That would introduce two code paths in rkt, so a bit
more difficult to maintain. And in the end, we would like the Debian
package of rkt to have all the features of rkt.
> As for the bug severity ping pong: sorry for that, this wasn't really
> necessary and is just off-putting. In the end it doesn't really change
> anything though in the issue at hand.
>
> Michael
>
>
>
> --
> Why is it that all of the instruments seeking intelligent life in the
> universe are pointed away from Earth?
>
More information about the Pkg-systemd-maintainers
mailing list