Re: multiarch status update

[Gabor Gombas <gombasg@sztaki.hu>]

On Tue, May 16, 2006 at 06:02:58PM +0200, Romain Beauxis wrote:

> Few things that I see:
> -- FUSE goes throught userland <-> kernel <-> Userland so it:
> ** May be an overhead for all /usr/bin calls.

Sure. Every feature has a price. In reality I expect the dentry cache
and the page cache takes care about the heavily used binaries. In any
case it will be still faster than NFS and people do use NFS for mounting
/usr.

> ** May be a potential security leak, like using LD_PRELOAD for a given user 
> and use a custom fuse library for this user, with *any* /usr/bin filesystem 
> you like

Only if you allow normal users over-mounting /usr/bin. I was only
talking about a system-wide mount.

> -- FUSE module is not loaded by default, and some server maintainer would like 
> te reFUSE using it... :-)

mount --bind /usr/lib/$DEFAULT_ARCH/bin /usr/bin and you are done. The
FUSE solution is only needed if you want dynamic per-binary architecture
selection.

> -- Furthermore, what to do during bootstrap of the root file system? Because 
> this should also be needed for /bin, so again overhead, security and loading 
> at en early stage is not a solution for me...

mount --bind /bin-$DEFAULT_ARCH /bin during boot. Or simply state that
/bin and /sbin are not multiarched.

Gabor

-- 
     ---------------------------------------------------------
     MTA SZTAKI Computer and Automation Research Institute
                Hungarian Academy of Sciences
     ---------------------------------------------------------