Mailinglist Archive: opensuse-buildservice (54 mails)

< Previous Next >
Re: [opensuse-buildservice] packages keeps in scheduled state in private OBS instance
On Montag, 2. Oktober 2017, 14:53:48 CEST wrote Stefan Seyfried:
Hi Hans-Peter

I can at least answer one of the questions ;-)

On 22.09.2017 13:09, Hans-Peter Jansen wrote:
Do workers really need swap?

Yes, the build result is extracted from the worker via the swap volume (after
finishing, the build process writes the
results into the swap device inside the VM, then the obsworker extracts them
from "outside" the VM).

minor pitnick, we write the blocklist to the swap device to extract the files
directly from the root device.

The reason for this is (at least I believe so), that the process is file
system agnostic (you could in theory run a
totally new VM with a fancy file system for building on a pretty old host
with a kernel that does not understand that
file system) and you don't have to mess around with loop devices,
partitioning etc.

the reason behind is that we don't trust the kernel FS layer for not being
exploitable. Esp.
because the package build can be configured with any file system.

So we want to avoid to mount the root fs and extract directly from the block


Adrian Schroeter
email: adrian@xxxxxxx

SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284
(AG Nürnberg)

Maxfeldstraße 5
90409 Nürnberg

To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups