[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: net-tools future

On Fri, Mar 20, 2009 at 12:14:53PM +0100, Marco d'Itri wrote:
> On Mar 20, Adam Borowski <kilobyte@angband.pl> wrote:
> > trouble for embedded or limited ones.  I don't do embedded personally so I
> > have no idea how udev fares there, but I can tell you that vservers and udev
> > don't go well together.  Udev expects a real system where there's none and
> > then gets confused -- vserver is hardly more than a glorified chroot, nearly
> > identical to BSD jails.  You want every container to be small and simple.
> This is why you install udev in the host system and bind-mount its /dev
> to the /dev of each context.

Definitely wrong.
Only a tiny sliver of devices are accessible from inside a context, and
making others accessible would be bad.  Even root can't create forbidden
devices from inside...

> vserver and openvz are not relevant for the purpose of this discussion.

They have their specific needs, and the last time I checked, udev couldn't
fulfill them.  You need just /dev/{null,zero,full,random,urandom,tty,ptmx}
and the links to /proc/.  More may be needed, but that depends on the
context's capabilities rather than on modules being present.  A vserver may
have /dev/kqemu, /dev/fuse, /dev/net/tun, ...

> On Mar 20, Mike Bird <mgb-debian@yosemite.net> wrote:
> > > popcon shows that the number is trivial. Definitely not "many".
> > Perhaps sysadmins that go to the effort of removing udev from
> > some systems are less likely to install popcon on those systems?
> And surely lurkers agree with you in personal emails...

If you insist on popcon being installed on such systems, I may arrange a
bunch.  I'm not sure if Debian would be well-served by a slew popcon
submissions of: (minimal+bind), (minimal+apache+mod_perl), (minimal+...),

1KB		// Microsoft corollary to Hanlon's razor:
		//	Never attribute to stupidity what can be
		//	adequately explained by malice.

Reply to: