Re: stability level of testing
On Fri, Dec 03, 2021 at 02:10:44PM +0100, daggs wrote:
> Greetings David,
>
> > Sent: Friday, December 03, 2021 at 7:00 AM
> > From: "David Christensen" <dpchrist@holgerdanske.com>
> > To: debian-user@lists.debian.org
> > Subject: Re: stability level of testing
> >
> > On 12/2/21 12:53 AM, daggs wrote:
> > > Greetings David,
> > >
> > >> Sent: Thursday, December 02, 2021 at 4:21 AM
> > >> From: "David Christensen" <dpchrist@holgerdanske.com>
> > >> To: debian-user@lists.debian.org
> > >> Subject: Re: stability level of testing
> > >>
> > >> On 11/30/21 11:28 PM, daggs wrote:
> > >>> Greetings,
> > >>>
> > >>> I'm thinking of migrating my main server to Debian, I need stability and recent version of small number of pkgs.
> > >>> in addition I need to recompile with a out of tree patch.
> > >>> I had Debian stable before but replaced it because upgrade broke the system and the versions used for the mentioned above set of pkgs were too old for what I need.
> > >>> I know that Testing has more recent pkgs version but I don't know how stable is it.
> > >>>
> > >>> any info will be appreciate.
> > >>>
> > >>> Thanks,
> > >>>
> > >>> Dagg.
> > >>
> > >>
> > >> On 12/1/21 12:55 PM, daggs wrote:
> > >> > there will be 2 main facing the Internet connection, server's upgrade
> > >> and the router vm.
> > >> > the rest is internal
> > >>
> > >>
> > >> What version of Debian are you running? What Debian packages? What
> > >> hypervisor? Is the service in a VM? Are all of the other services in
> > >> VM's? What service? What are you recompiling? What is the patch?
> > >> What router software?
> > >>
> > >>
> > >> David
> > >>
> > >>
> > >
> > > I was running debian, I'm not running now. I need kernel. qemu and libvirt mainly, the rest doesn't matters versionwise.
> > > I have two vms, router and streamer.
> > > the router has 5 pci devs pt, the streamer has 2 pci and 2 usb pt.
> > >
> > > the patch is infamous ACS Override kernel patch, that is the only one I compromise on
> > > the router's os is openwrt, streamer os is libreelec
> > >
> > > Thanks,
> > >
> > > Eial
> >
> >
> > Rather than getting fancy with virtualization and kernel patches,
> > perhaps you should use a hardware firewall/ router device, a dedicated
> > computer for LibreELEC (in a DMZ), and a general-purpose computer with
> > Debian Stable for your LAN services (?).
>
> I cannot afford such setup nor do I have the place to put it in
>
> Thanks,
>
> Dagg
>
Hi Dagg,
So (if I'm reading this correctly):
You're running one computer - with a base from some Linux distribution.
You want that to run libvirt and qemu but Debian's version was too old.
You want to instantiate two VNs.
One runs OpenWRT and "behaves" like a hardware router.
One runs Librelec and "behaves" like a media streaming box
You want to patch the kernel that runs on the main machine with an
out of kernel patch for ACS override that looks as if it exposes your VMs to a
security problem -
https://www.reddit.com/r/VFIO/comments/bvif8d/official_reason_why_acs_override_patch_is_not_in/
A possible way forward:
* Backup your VMs to some sort of media
* Build a basic Debian box with minimal services and no GUI - and no patch.
* Maybe look to Docker to do this:
https://forum.libreelec.tv/thread/23350-how-to-run-docker-containers/
https://github.com/openwrt/docker
To be honest - IMHO 3 x devices would not hurt, _especially_ a hardware
modem/router.
Doing this all on one machine - what happens when something locks up / one
piece of hardware breaks - do you lose everything?
All the very best, as ever,
Andy C.
Reply to: