FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Development

 
 
LinkBack Thread Tools
 
Old 01-31-2012, 08:37 PM
Ben Hutchings
 
Default lack of replacement for linux-vserver

On Tue, Jan 31, 2012 at 07:48:02PM +0000, Andrei Morgan wrote:
>
> Hi,
>
> I have been aware for a few years that linux-vserver was planned to be
> dropped from the next stable release in favour of 'lxc' as a
> replacement solution.
>
> As I believe has been recently discussed on this list, lxc is far from
> ready for production use, and there is no other good replacement that I
> am aware of.
>
> I therefore would like to add my voice to those asking that vservers are
> *not* dropped at the present time, and that this should instead be
> reconsidered for a future release, after wheezy.
[...]

Debian is a do-ocracy and no-one has been prepared to do that work.

Just to be clear, 'that work' is not just a matter of forwarding
messages back and forward between the Debian BTS and the Linux-VServer
developers. Unless the VServer project continues to support whichever
version we use in a stable release (3.2 in this case) then Debian
users are likely to run into different bugs that they won't want to
deal with. There will also be integration issues to be resolved when
fixes from the stable/longterm branch conflict with the VServer
changes. This requires real understanding of Linux and VServer
internals (see #618485 for an example of what happens without that).

If anyone wishes to volunteer to maintain VServer in Debian - you are
very welcome, but please start by addressing the bugs filed against
them in squeeze and reviewing the existing conflicts. If you can
prove yourself by doing that, then you may convince me and the rest of
the kernel team that you can maintain it in wheezy as well.
Otherwise, no chance.

The above all applies to OpenVZ as well, and what I've suggested to is
that the interested developers maintain an APT repository of kernel
packages for Debian using whichever version the OpenVZ project is
prepared to support. Maybe the Linux-VServer project can do that too.

Ben.

--
Ben Hutchings
We get into the habit of living before acquiring the habit of thinking.
- Albert Camus


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120131213723.GT12704@decadent.org.uk">http://lists.debian.org/20120131213723.GT12704@decadent.org.uk
 
Old 02-01-2012, 01:33 AM
Paul Wise
 
Default lack of replacement for linux-vserver

On Wed, Feb 1, 2012 at 5:37 AM, Ben Hutchings wrote:

> Just to be clear, 'that work' is not just a matter of forwarding
> messages back and forward between the Debian BTS and the Linux-VServer
> developers. *Unless the VServer project continues to support whichever
> version we use in a stable release (3.2 in this case) then Debian
> users are likely to run into different bugs that they won't want to
> deal with. *There will also be integration issues to be resolved when
> fixes from the stable/longterm branch conflict with the VServer
> changes. *This requires real understanding of Linux and VServer
> internals (see #618485 for an example of what happens without that).

Data point; there is a VServer patch for 3.2 (marked as experimental though):

http://vserver.13thfloor.at/Experimental/patch-3.2.2-vs2.3.2.6.diff

It was also claimed on IRC that when using the Debian template for lxc
(see below) that the security issues mentioned in the Linux 3.2 thread
do not apply.

lxc-create -t debian
/usr/lib/lxc/templates/lxc-debian

--
bye,
pabs

http://wiki.debian.org/PaulWise


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: CAKTje6FD3zSKXYX_toyjgDWP0v4mduZGA7q8DV+yQ_6VnkEpj Q@mail.gmail.com">http://lists.debian.org/CAKTje6FD3zSKXYX_toyjgDWP0v4mduZGA7q8DV+yQ_6VnkEpj Q@mail.gmail.com
 
Old 02-01-2012, 09:30 AM
Yves-Alexis Perez
 
Default lack of replacement for linux-vserver

On mer., 2012-02-01 at 10:33 +0800, Paul Wise wrote:
> On Wed, Feb 1, 2012 at 5:37 AM, Ben Hutchings wrote:
>
> > Just to be clear, 'that work' is not just a matter of forwarding
> > messages back and forward between the Debian BTS and the Linux-VServer
> > developers. Unless the VServer project continues to support whichever
> > version we use in a stable release (3.2 in this case) then Debian
> > users are likely to run into different bugs that they won't want to
> > deal with. There will also be integration issues to be resolved when
> > fixes from the stable/longterm branch conflict with the VServer
> > changes. This requires real understanding of Linux and VServer
> > internals (see #618485 for an example of what happens without that).
>
> Data point; there is a VServer patch for 3.2 (marked as experimental though):
>
> http://vserver.13thfloor.at/Experimental/patch-3.2.2-vs2.3.2.6.diff
>
> It was also claimed on IRC that when using the Debian template for lxc
> (see below) that the security issues mentioned in the Linux 3.2 thread
> do not apply.
>
> lxc-create -t debian
> /usr/lib/lxc/templates/lxc-debian

Note that the template “only” drops CAP_MAC_ADMIN, CAP_MAC_OVERRIDE,
CAP_SYS_ADMIN and CAP_SYS_MODULE. Are we really sure this is enough?
http://www.mail-archive.com/lxc-users@lists.sourceforge.net/msg00977.html thread gives some pointer, but it seems that in the end they advise to drop quite some more caps than just those.

Regards,
--
Yves-Alexis
 
Old 02-01-2012, 11:14 AM
Bernd Zeimetz
 
Default lack of replacement for linux-vserver

On 01/31/2012 10:37 PM, Ben Hutchings wrote:
[...]
> If anyone wishes to volunteer to maintain VServer in Debian - you are
> very welcome, but please start by addressing the bugs filed against
> them in squeeze and reviewing the existing conflicts. If you can
> prove yourself by doing that, then you may convince me and the rest of
> the kernel team that you can maintain it in wheezy as well.
> Otherwise, no chance.
>
> The above all applies to OpenVZ as well, and what I've suggested to is
> that the interested developers maintain an APT repository of kernel
> packages for Debian using whichever version the OpenVZ project is
> prepared to support. Maybe the Linux-VServer project can do that too.

I've tried to convince the linux-vserver developers on various ocassions
on irc to work together with a person of their choice from Debian to
maintain the patch for stable releases. But they are not willing to
support Debian as they neither use Debian nor have any interest in
supporting the Debian kernel.

--
Bernd Zeimetz Debian GNU/Linux Developer
http://bzed.de http://www.debian.org
GPG Fingerprint: ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4F292C9B.9070804@bzed.de">http://lists.debian.org/4F292C9B.9070804@bzed.de
 
Old 02-02-2012, 03:26 PM
Micah Anderson
 
Default lack of replacement for linux-vserver

Bernd Zeimetz <bernd@bzed.de> writes:

> On 01/31/2012 10:37 PM, Ben Hutchings wrote:
> [...]
>> If anyone wishes to volunteer to maintain VServer in Debian - you are
>> very welcome, but please start by addressing the bugs filed against
>> them in squeeze and reviewing the existing conflicts. If you can
>> prove yourself by doing that, then you may convince me and the rest of
>> the kernel team that you can maintain it in wheezy as well.
>> Otherwise, no chance.
>>
>> The above all applies to OpenVZ as well, and what I've suggested to is
>> that the interested developers maintain an APT repository of kernel
>> packages for Debian using whichever version the OpenVZ project is
>> prepared to support. Maybe the Linux-VServer project can do that too.
>
> I've tried to convince the linux-vserver developers on various ocassions
> on irc to work together with a person of their choice from Debian to
> maintain the patch for stable releases. But they are not willing to
> support Debian as they neither use Debian nor have any interest in
> supporting the Debian kernel.

Hmm, I do not agree on that representation of upstream's position. On
the contrary, they are happy to not only port the Linux-Vserver patches
to work with the Debian kernel's set of patches, but also keeping those
kernels up-to-date, as long as they are working with someone in Debian
who can do the 'debian-specific' work.

Neither of the two active upstream developers use Debian as a host, so
they would not be people who use the kernel or have any vested interest
in it. Their position is that if someone inside Debian steps up to do
the 'debian-specific' work, they have no problem working with that
person with both an initial port to the Debian kernel, or keeping those
kernels up-to-date.


--


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 87ehudjj6j.fsf@algae.riseup.net">http://lists.debian.org/87ehudjj6j.fsf@algae.riseup.net
 

Thread Tools




All times are GMT. The time now is 02:41 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org