Re: [libvirt] libguestfs integration: rich disk access for libvirt applications
On Wed, Sep 28, 2011 at 1:19 PM, Richard W.M. Jones <rjones(a)redhat.com> wrote:
On Wed, Sep 28, 2011 at 11:14:57AM +0100, Stefan Hajnoczi wrote:
> Does febootstrap-supermin-helper need to be dynamic or could
> libguestfs create a /var/lib/guestfs/appliance-initramfs.gz on
> install? Then libguestfs on the client can create the appliance
> domain and point at that static initramfs file path.
This is how the Debian package of libguestfs works (Hilko's official
package, not my one).
However this is troublesome because it means any security problem in a
dependent program is baked into the appliance. Applying a security
update to the host wouldn't update this libguestfs appliance. Compare
this to the way febootstrap-supermin-helper normally works (eg
upstream, Fedora and RHEL): the appliance is rebuilt whenever any
change is noticed in a dependent program.
That sounds like a limitation in the packaging system.
If 'watch' hooks can be registered by the libguestfs package on its
dependencies, then it can rebuild itself every thing a dependency
changes. Or the low-tech way is for the libguestfs package maintainer
to create a new package each time its dependencies have updated -
Debian has a volatile repo for packages that change a lot.
At the end of the day we have this problem because the libguestfs
appliance is a distro built from the underlying distro itself :)!
Stefan