Using the host /etc in the runtime

[Giovanni Campagna <scampa giovanni gmail com>]

Hello everyone,

I'm bringing this conversation to the list from a pull request on github.

Basically what I'm proposing is that runtimes get the entire /etc bindmounted from the host instead of having an /etc with defaults and special case monkey patching.

The reason for this is that there is a lot in /etc that is customizable by the admin: there is localtime, hosts, nsswitch, passwd, gtk settings, global/mandatory dconf, ssh settings, ssl certificates... I believe that binding mounting each and every "supported" configuration point is always going to miss something, and will only make it harder to support complex applications.

The downside is that runtimes can be incompatible - and one specific case I found is the SSL certificate path in openssl as configured in the runtime and in Fedora 21.

My take is that we should fix these by testing on various platforms, and by mandating "standards" that OS need to implement to be GNOME compliant.

In particular, the SSL certificate path is a good example of why bind mounting all of /etc is useful: if I want to enable a new CA or certificate for internal use, I don't want to go and add it to each application (especially because it is technically impossible now, /etc from the apps is immutable). But if we don't go the standard path, then xdg-app-helper has to figure out how to bind mount the certificate bundle path for each distro (and for each of the 4 major crypto/ssl libraries).

I hope this issue can be discussed further, before we settle on one way or the other.

Cheers,

Giovanni