On Montag, 2. Oktober 2017, 14:53:48 CEST wrote Stefan Seyfried:
Hi Hans-Peter
I can at least answer one of the questions ;-)
On 22.09.2017 13:09, Hans-Peter Jansen wrote:
Do workers really need swap?
Yes, the build result is extracted from the worker via the swap volume (after finishing, the build process writes the results into the swap device inside the VM, then the obsworker extracts them from "outside" the VM).
minor pitnick, we write the blocklist to the swap device to extract the files directly from the root device.
The reason for this is (at least I believe so), that the process is file system agnostic (you could in theory run a totally new VM with a fancy file system for building on a pretty old host with a kernel that does not understand that file system) and you don't have to mess around with loop devices, partitioning etc.
the reason behind is that we don't trust the kernel FS layer for not being exploitable. Esp. because the package build can be configured with any file system. So we want to avoid to mount the root fs and extract directly from the block layer. -- Adrian Schroeter email: adrian@suse.de SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) Maxfeldstraße 5 90409 Nürnberg Germany -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org