Re: Using the host /etc in the runtime
- From: Alexander Larsson <alexl redhat com>
- To: Colin Walters <walters verbum org>
- Cc: gnome-os-list gnome org
- Subject: Re: Using the host /etc in the runtime
- Date: Fri, 30 Jan 2015 14:16:02 +0100
On tis, 2015-01-27 at 14:19 -0500, Colin Walters wrote:
On Mon, Jan 19, 2015, at 04:37 AM, Alexander Larsson wrote:
Secondly, the other goal is to ensure one app+runtime works on *any*
system.
"works" will depend on one's PoV; for some organizations, this TLS
certificate issue will be quite important.
Sure, but that doesn't mean the only way to make that work is to expose
the full host /etc.
And even if there was just one distribution layout (e.g. /etc/pki was
standard), one still has to account for version skew over time. Say that
an app wants to look for some new system configuration - for example,
http://fedoraproject.org/wiki/Changes/CryptoPolicy
It'd be possible for the app runtime's openssl/gnutls to have this change,
but the target system not. That's a case where the shared libraries
inside runtimes would need to be prepared to handle arbitrarily old
content in /etc, or alternatively, some sort of versioned ABI, so xdg-app
would error out if the app's runtime required too new of a host.
Yeah, this whole area is pretty fucked up. My opinion is that we need to
figure out the best way to represent it in the sandbox, and then do
whatever mapping is needed from the host system so that it looks right
from the point of view of the sandboxed app. This could be done by
building xdg-app on the distro with the right configuration given the
distro it runs on. But yeah, for future compat we probably need some
level of versioning here.
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Alexander Larsson Red Hat, Inc
alexl redhat com alexander larsson gmail com
He's a sword-wielding umbrella-wielding senator with no name. She's a
cosmopolitan mutant magician's assistant who can talk to animals. They
fight crime!
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]