Mailinglist Archive: opensuse-factory (826 mails)

< Previous Next >
Re: [opensuse-factory] RFC: Proposed relocation of /var/lib/rpm
On 4 October 2017 at 13:38, Carlos E. R. <robin.listas@xxxxxxxxxxxxxx> wrote:
On 2017-10-04 13:16, Richard Brown wrote:
For systems with a read-write rootfs, we will be slightly bending the
rules of the FHS, in the sense that the FHS claims /usr should be
'read-only data'

What about machines that share /usr from a central machine over the network?

Putting the rpmdb in /usr/share is no worse than the current situation

Right now machines sharing /usr from a central machine over the
network are going to have an rpmdb that will contain an invalid
picture of the contents of /usr

Any person with root access to any machine accessing that shared /usr
can attempt to install/remove packages. If the share is read-write
that will currently lead to changes for all systems but only the
system doing the installation will be aware of what it did and able to
uninstall the rpms that changed /usr

This will lead to untrackable inconsistencies in other areas of the
filesystem, as only /usr is shared.

If the share is read-only the rpm install will likely fail.

With this proposed change any user with root access to a machine
accessing a shared /usr will change the contents of /usr and update
the (now shared) rpmdb

While this can still lead to inconsistencies on other systems as only
/usr will be shared, this will at least be 'trackable' as all systems
with a shared /usr will now be able to verify what files they should
have, where as currently they cannot.

If the share is read-only, the rpm install will still fail, just as it
would today.
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >