On Thu, Jul 26, 2012 at 6:35 PM, Zac Medico <zmed...@gentoo.org> wrote: > > It seems like you might need some kind of copy-on-write support, at > least to run pkg_setup. Apparently cowbuilder uses cow hardlinks for > that. Another way would be to use fiemap (cp --reflink).
Reflinks would be a much clearer implementation if you can assume everything is on a single COW filesystem. However, that seems like a bit of a strong restriction to have. Cowbuilder seems to use hard links which are also limited to the same filesystem, and it seems to use its own private build image besides. I was thinking mainly in terms of giving limited visibility only to those stages which should have it - the setup/postinst/etc phases probably should have access to the real root. A more ambitious undertaking would be to extend this to running applications and not just building them. That is clearly beyond portage (other than maybe maintaining the list of files requiring runtime access), and would probably require either a namespace extension to ld.so, use of MAC, or changes to the kernel itself. One implementation might be auto-creating SELinux policies at install time based on declared RDEPENDS. Ideally I'd love to see something like this be usable on an end-user system - and not just be a QA tool. Thanks to those who chimed in with similar projects - glad to see some work already done in this area. Rich
