Le 6 sept. 2013 20:19, "Richard W.M. Jones" <rjo...@redhat.com> a écrit : > > On Wed, Sep 04, 2013 at 04:29:27PM +0200, Lukas Zapletal wrote: > > On Wed, Sep 04, 2013 at 09:04:10AM +0200, Miroslav Suchy wrote: > > > Compare it to Copr and OBS approach, when package is build in VM and > > > after that backend will retrieve the results from VM. So on builder > > > (of OBS and COPR) is no sensitive information at all. > > > > Are we able to evaluate, how much slower this is? Currently Fedora Koji > > is pretty fast, I usually get near-to-instant build pick-ups. > > > > I can imagine spawning a VM can be slower. At least when using full > > QEMU/KVM. I see the point that containers/selinux and such technologies > > can do better in here. > > Please measure this before making incorrect statements. > > I have done, and you should be able to boot up a Fedora VM in 3-5 > seconds on c.2010 Intel hardware (which is what libguestfs does). > Alternately you can restore the VM from a saved image in even less > time. > > There's no significant advantage to using containers for this. > Containers are also *not* secure -- see Dan Berrange's reply a few > days ago for the full details about that. >
No, it's less secure than kvm but it still provides better isolation than a mere chroot. Secure containers as dwalsh described is a worthy improvement. > Rich. > > -- > Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones > Read my programming blog: http://rwmj.wordpress.com > Fedora now supports 80 OCaml packages (the OPEN alternative to F#) > -- > devel mailing list > devel@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/devel > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
