6d39cfa78f
In #1630, we lowered SELinux policy loading into the core. However, this also enabled SELinux policy loading from the host system even in the legacy (non-unified) compose path. This meant that compose systems now needed to have the policy installed even though we didn't need it at all. This caused regressions in pungi: https://pagure.io/dusty/failed-composes/issue/956 Just make the binding of the "selinux" member conditional on whether or not we're in unified mode (which is really when we even care about having it loaded from the start for pkgcache purposes). Closes: #1656 Approved by: cgwalters |
||
---|---|---|
.github | ||
api-doc | ||
bindgen | ||
buildutil | ||
ci | ||
design | ||
docs | ||
experiments-and-demos/skopeo2ostree | ||
libdnf@7ecb2f5ddc | ||
libglnx@470af8763f | ||
man | ||
packaging | ||
rust | ||
scripts | ||
src | ||
tests | ||
vagrant | ||
.dir-locals.el | ||
.editorconfig | ||
.gitmodules | ||
.papr.yml | ||
.vimrc | ||
autogen.sh | ||
configure.ac | ||
CONTRIBUTING.md | ||
COPYING | ||
git.mk | ||
HACKING.md | ||
LICENSE | ||
Makefile-daemon.am | ||
Makefile-decls.am | ||
Makefile-lib-defines.am | ||
Makefile-lib.am | ||
Makefile-libdnf.am | ||
Makefile-libpriv.am | ||
Makefile-man.am | ||
Makefile-rpm-ostree.am | ||
Makefile-tests.am | ||
Makefile.am | ||
mkdocs.yml | ||
README.md | ||
Vagrantfile |
rpm-ostree: A true hybrid image/package system
rpm-ostree combines libostree (an image system), with libdnf (a package system), bringing many of the benefits of both together.
+-----------------------------------------+
| |
| rpm-ostree (daemon + CLI) |
+------> <---------+
| | status, upgrade, rollback, | |
| | pkg layering, initramfs --enable | |
| | | |
| +-----------------------------------------+ |
| |
| |
| |
+-----------------|-------------------------+ +-----------------------|-----------------+
| | | |
| libostree (image system) | | libdnf (pkg system) |
| | | |
| C API, hardlink fs trees, system repo, | | ties together libsolv (SAT solver) |
| commits, atomic bootloader swap | | with librepo (RPM repo downloads) |
| | | |
+-------------------------------------------+ +-----------------------------------------+
For more information, see the online manual: Read The Docs (rpm-ostree)
Features:
- Transactional, background image-based (versioned/checksummed) upgrades
- OS rollback without affecting user data (
/usr
but not/etc
,/var
) via libostree - Client-side package layering (and overrides)
- Easily make your own:
rpm-ostree compose tree
Projects using rpm-ostree
Project Atomic is an umbrella project for delivering upstream container technologies and combined with a minimized, atomically upgradable host system to Fedora, Red Hat Enterprise Linux, and CentOS.
rpm-ostree is the underlying technology for host updates. The headlining project is "Atomic Host", which is a server variant oriented towards running Linux containers using e.g. Kubernetes. However, there is now also a Workstation variant, showing the full generality of the rpm-ostree model.
Manual
For more information, see the online manual: Read The Docs (rpm-ostree)
Talks and media
A number of Project Atomic talks are available; see for example this post which has a bigger collection that also includes talks on containers.
rpm-ostree specific talks:
- devconf.cz 2018: Colin Walters: Hybrid image/package OS updates with rpm-ostree slides
- devconf.cz 2018: Peter Robinson: Using Fedora and OSTree for IoT