Re: selinux breaks revisor

Daniel P. Berrange wrote:

Plain QEMU is unusably slow for doing any real work - particularly compute
and disk intensive stuff like builds / composes.

Takes 12 hours to compose my 1G LiveDVD, involving a full anaconda http install under qemu, followed by mksquashfs of the result. Honestly I do a lot of data shuffling, and think that I could probably halve that time if I wasn't more interested in further functionality at the moment than I am in performance.

I'll take that 12 hours over the 1hr for livecd-creator any day of the week, knowing that I'm not running about 1000 rpm post install scripts under the limited protection of a chroot with selinux disabled. Combined with the comfort of knowing that if I do a compose on a different piece of hardware, that those 1000 scripts will have no chance to sneakily incur any host build dependencies based on their access to a random /proc (as opposed to the consistency of always identical qemu /proc).

You may call 12 hours for a compose unusably slow. I don't. And computers and software get improved all the time, so maybe in 3 years, that 12 hours will just become "order a pizza and wait for the results".

works for me.



 You need KVM for it to be
viable, which restricts you to i686 / x86_64 currently, and possibly adding
ia64 & ppc64 in the medium-term future. No work on sparc/arm, and no clue
about s390.


