Greetings Andrew, > Sent: Monday, December 06, 2021 at 12:13 AM > From: "Andrew M.A. Cater" <amaca...@einval.com> > To: debian-user@lists.debian.org > Subject: Re: stability level of testing > > On Fri, Dec 03, 2021 at 02:10:44PM +0100, daggs wrote: > > Greetings David, > > > > > Sent: Friday, December 03, 2021 at 7:00 AM > > > From: "David Christensen" <dpchr...@holgerdanske.com> > > > To: debian-user@lists.debian.org > > > Subject: Re: stability level of testing > > > > > > On 12/2/21 12:53 AM, daggs wrote: > > > > Greetings David, > > > > > > > >> Sent: Thursday, December 02, 2021 at 4:21 AM > > > >> From: "David Christensen" <dpchr...@holgerdanske.com> > > > >> To: debian-user@lists.debian.org > > > >> Subject: Re: stability level of testing > > > >> > > > >> On 11/30/21 11:28 PM, daggs wrote: > > > >>> Greetings, > > > >>> > > > >>> I'm thinking of migrating my main server to Debian, I need stability > > > >>> and recent version of small number of pkgs. > > > >>> in addition I need to recompile with a out of tree patch. > > > >>> I had Debian stable before but replaced it because upgrade broke the > > > >>> system and the versions used for the mentioned above set of pkgs were > > > >>> too old for what I need. > > > >>> I know that Testing has more recent pkgs version but I don't know how > > > >>> stable is it. > > > >>> > > > >>> any info will be appreciate. > > > >>> > > > >>> Thanks, > > > >>> > > > >>> Dagg. > > > >> > > > >> > > > >> On 12/1/21 12:55 PM, daggs wrote: > > > >> > there will be 2 main facing the Internet connection, server's > > > >> upgrade > > > >> and the router vm. > > > >> > the rest is internal > > > >> > > > >> > > > >> What version of Debian are you running? What Debian packages? What > > > >> hypervisor? Is the service in a VM? Are all of the other services in > > > >> VM's? What service? What are you recompiling? What is the patch? > > > >> What router software? > > > >> > > > >> > > > >> David > > > >> > > > >> > > > > > > > > I was running debian, I'm not running now. I need kernel. qemu and > > > > libvirt mainly, the rest doesn't matters versionwise. > > > > I have two vms, router and streamer. > > > > the router has 5 pci devs pt, the streamer has 2 pci and 2 usb pt. > > > > > > > > the patch is infamous ACS Override kernel patch, that is the only one I > > > > compromise on > > > > the router's os is openwrt, streamer os is libreelec > > > > > > > > Thanks, > > > > > > > > Eial > > > > > > > > > Rather than getting fancy with virtualization and kernel patches, > > > perhaps you should use a hardware firewall/ router device, a dedicated > > > computer for LibreELEC (in a DMZ), and a general-purpose computer with > > > Debian Stable for your LAN services (?). > > > > I cannot afford such setup nor do I have the place to put it in > > > > Thanks, > > > > Dagg > > > > Hi Dagg, > > So (if I'm reading this correctly): > > You're running one computer - with a base from some Linux distribution. > > You want that to run libvirt and qemu but Debian's version was too old. > > You want to instantiate two VNs. > > One runs OpenWRT and "behaves" like a hardware router. > > One runs Librelec and "behaves" like a media streaming box > > You want to patch the kernel that runs on the main machine with an > out of kernel patch for ACS override that looks as if it exposes your VMs to a > security problem - > https://www.reddit.com/r/VFIO/comments/bvif8d/official_reason_why_acs_override_patch_is_not_in/ > > A possible way forward: > > * Backup your VMs to some sort of media > > * Build a basic Debian box with minimal services and no GUI - and no patch. > > * Maybe look to Docker to do this: > > https://forum.libreelec.tv/thread/23350-how-to-run-docker-containers/ > > https://github.com/openwrt/docker > > To be honest - IMHO 3 x devices would not hurt, _especially_ a hardware > modem/router. > > Doing this all on one machine - what happens when something locks up / one > piece of hardware breaks - do you lose everything? > > All the very best, as ever, > > Andy C.
you are correct. that is what I'm currently running. as for your remarks: 1. I know the about the acso patch, that is my only exception, it is out of necessity. 2. I cannot get 3 devices, it will not pass budget-wise and wife-wise. 3. the system rarely breaks, I had one mb failure and a few os related issue, apart from that, it worked great. I have redundancies, however it requires using insecure/outdated applicants. 4. I'm not sure if it is possible to run ui programs in a docker. I'll look into it, thanks. 5. my openwrt and libreelec are self compiled, I need to how to run them properly inside the docker. 6. I work with dockers on a dally basis, it get stuck/freezes atleast once a day. I cannot have either of my containers getting stuck once a day thanks for the info, I'll look into it, maybe dockers is the right way for me. Dagg
