[gentoo-dev] Re: An example overlayfs sandbox test
Rich Freeman wrote: >> >> For containers, at least a dozens of binds are minimally required >> (/usr /proc /sys /dev ...). > > I wouldn't be surprised if it works with a single bind mount with > /proc and /dev and so on mounted on top of that. Either you start with a writable tree and bind-mount some directories non-writable or the opposite way. Either way, a dozen or so bind-mounts are minimally necessary. > You say "not even a bind" as if that is a benefit. In case the "non-scaling" argument has not become clear, I try to visualize it by a table: | "simple" | "fine grained" -++--- Overlay | 1 mount| 1 mount -++--- Container| 10? bind mounts| 1000? bind mounts > Honestly, you can't really claim that overlayfs is superior to bind Correct. If the number of bind mounts really has no influence on the file operations in the corresponding part of the tree - e.g. if there is really a clever hashing of bind mounts - the above table does not indicate any scaling problem. We are at a point where some kernel source code inspection (or at the very least serious benchmarking, preferrably with a slow and low-memory machine) is needed before we can continue the discussion in a serious way. I do not have the time for this currently.
Re: [gentoo-dev] Re: An example overlayfs sandbox test
On Mon, Sep 25, 2017 at 11:27 AM, Martin Vaeth wrote: > Rich Freeman wrote: >> >> I wouldn't be surprised if it works with a single bind mount with >> /proc and /dev and so on mounted on top of that. > > Either you start with a writable tree and bind-mount some directories > non-writable or the opposite way. Either way, a dozen or so bind-mounts > are minimally necessary. > /proc, /sys, and /dev wouldn't be bind mounts. They're just mounts. And everything else would be pulled in with a read-only bind mount of /. You're going to need the same mounts of /proc, /sys, and /dev on an overlay, unless you really wanted to let those pass through, which seems like a bad idea. >> You say "not even a bind" as if that is a benefit. > > In case the "non-scaling" argument has not become clear, > I try to visualize it by a table: > > | "simple" | "fine grained" > -++--- > Overlay | 1 mount| 1 mount > -++--- > Container| 10? bind mounts| 1000? bind mounts Except it is more like: | "simple" | "fine grained" -++--- Overlay | 1 mount | 1 mount + 1000? file deletions in the overlay -++--- Container| 1-2 bind mounts | 1000? bind mounts I left out dev+sys+proc in both cases - it would be a few more mounts either way. And there is really no difference in performance between 1 mount and 10 in practice. -- Rich
Re: [gentoo-dev] [RFC] News item: app-portage/gentoolkit-dev deprecation/removal
On 9/20/17 2:22 PM, Paul Varner wrote: On 9/20/17 2:49 AM, Martin Gysel wrote: Am Dienstag, 19. September 2017, 19:10:23 CEST schrieb Paul Varner: emerge --deselect app-portage/gentoolkit-dev emerge --depclean app-portage/gentoolkit-dev why deselect it first? From man emerge, --depclean: "When given one or more atoms, it will unmerge matched packages that have no reverse dependencies." Mainly as an extra precaution. However, just --depclean should work. This is the update with the typo pointed out by ulm corrected and changing the command to just be depclean. Regards, Paul I just realized that the devmanual says to copy PR on the news items, so they are copied on this message. This should be what gets committed after three days as there have been no more comments on the item. Regards, Paul Title: app-portage/gentoolkit-dev deprecation and removal Author: Paul Varner Posted: 2017-09-19 Revision: 1 News-Item-Format: 2.0 Display-If-Installed: app-portage/gentoolkit-dev The app-portage/gentoolkit-dev package has been deprecated and the ebump, ekeyword and imlate have been moved to the app-portage/gentoolkit-0.4.0 package. With the upcoming marking of >=app-portage/gentoolkit-0.4.0 stable, users will need to take action since gentoolkit-dev and those versions of gentoolkit block each other. In order to upgrade to the new version of gentoolkit, you will need to resolve the blocks. The following command will remove gentoolkit-dev from your world set and uninstall gentoolkit-dev. This will then allow the installation of >=app-portage/gentoolkit-0.4.0. emerge --depclean app-portage/gentoolkit-dev Once >=app-portage/gentoolkit-0.4.0 is stabilized, the remaining gentoolkit-dev releases will be masked for removal and subsequent tree-cleaning.
[gentoo-dev] Last-rites: media-sound/qtmpc
# Andreas Sturmlechner (26 Sep 2017) # Requires dead Qt 4. Dead upstream. Use media-sound/cantata # instead, which originally started as a QtMPC fork but is # much more advanced. Masked for removal in 30 days. media-sound/qtmpc
Re: [gentoo-dev] Last-rites: media-sound/qtmpc
On 09/25/2017 07:31 PM, Andreas Sturmlechner wrote: > # Andreas Sturmlechner (26 Sep 2017) > # Requires dead Qt 4. Dead upstream. Use media-sound/cantata > # instead, which originally started as a QtMPC fork but is > # much more advanced. Masked for removal in 30 days. > media-sound/qtmpc > > Not sure if it is just me, but when you fire off these messages as you are doing (as replies to others), they are coming across as submessages in the threads of previous ones instead of independent ones, and additionally, I'm not seeing any of them in gentoo-dev-announce. Can you try sending your last-rites as independent compositions going forward and see if that resolves the issue? -- NP-Hardass signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] Last-rites: media-sound/qtmpc
Am Dienstag, 26. September 2017 02:01:45 CEST schrieb NP-Hardass: Can you try sending your last-rites as independent compositions going going forward and see if that resolves the issue? Yes, definitely. I've just been slacking with my email setup(s) since my laptop has died.
Re: [gentoo-dev] Last-rites: media-sound/qtmpc
On 09/25/2017 08:12 PM, Andreas Sturmlechner wrote: > Am Dienstag, 26. September 2017 02:01:45 CEST schrieb NP-Hardass: >> Can you try sending your last-rites as independent compositions going >> going forward and see if that resolves the issue? > > Yes, definitely. I've just been slacking with my email setup(s) since my > laptop has died. > Thanks ^_^ -- NP-Hardass signature.asc Description: OpenPGP digital signature
[gentoo-dev] woodpecker.g.o webhosting tweaks done.
Hi all, I did some tweaking of Woodpecker's apache config (mostly moving it to being managed by Puppet). Please report any breakage that you see: scripts, redirects, missing stuff? (It should be enforcing HTTPS as well now). -- Robin Hugh Johnson Gentoo Linux: Dev, Infra Lead, Foundation Asst. Treasurer E-Mail : robb...@gentoo.org GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136 signature.asc Description: Digital signature
