fca01e70b5
Add a `selinux` verb to treespec, and bind it from treefile. If set, use it in the core to load an initial policy before import, if we didn't already set a policy. In practice right now this is only used from the compose path since the SysrootUpgrader uses the policy from the merge deployment. Unset the policy if rojig mode is enabled. Now, non-SELinux use cases are required to set `selinux: false` in the treespec. For `ex container` I just set it in our example specs. Probably that should forcibly disable it in the treespec but eh, it's experimental. The other case I can think of is client-side layering; before we would create a policy using the target root, but it wasn't a *hard* requirement, i.e. we didn't error out if `policy_get_name() == NULL`. Let's preserve that semantic by hooking off of whether `_new_system()` was used. Prep for sharing code with `compose rojig`. Closes: #1630 Approved by: jlebon
rpm-ostree: A true hybrid image/package system
rpm-ostree combines libostree (an image system), with libdnf (a package system), bringing many of the benefits of both together.
+-----------------------------------------+
| |
| rpm-ostree (daemon + CLI) |
+------> <---------+
| | status, upgrade, rollback, | |
| | pkg layering, initramfs --enable | |
| | | |
| +-----------------------------------------+ |
| |
| |
| |
+-----------------|-------------------------+ +-----------------------|-----------------+
| | | |
| libostree (image system) | | libdnf (pkg system) |
| | | |
| C API, hardlink fs trees, system repo, | | ties together libsolv (SAT solver) |
| commits, atomic bootloader swap | | with librepo (RPM repo downloads) |
| | | |
+-------------------------------------------+ +-----------------------------------------+
For more information, see the online manual: Read The Docs (rpm-ostree)
Features:
- Transactional, background image-based (versioned/checksummed) upgrades
- OS rollback without affecting user data (
/usrbut not/etc,/var) via libostree - Client-side package layering (and overrides)
- Easily make your own:
rpm-ostree compose tree
Projects using rpm-ostree
Project Atomic is an umbrella project for delivering upstream container technologies and combined with a minimized, atomically upgradable host system to Fedora, Red Hat Enterprise Linux, and CentOS.
rpm-ostree is the underlying technology for host updates. The headlining project is "Atomic Host", which is a server variant oriented towards running Linux containers using e.g. Kubernetes. However, there is now also a Workstation variant, showing the full generality of the rpm-ostree model.
Manual
For more information, see the online manual: Read The Docs (rpm-ostree)
Talks and media
A number of Project Atomic talks are available; see for example this post which has a bigger collection that also includes talks on containers.
rpm-ostree specific talks:
- devconf.cz 2018: Colin Walters: Hybrid image/package OS updates with rpm-ostree slides
- devconf.cz 2018: Peter Robinson: Using Fedora and OSTree for IoT