| - ZylonMaster (QUIT: Quit: Leaving) (~hjcs@syn-098-015-248-249.res.spectrum.com) | 00:23 | |
| + ZylonMaster (~hjcs@syn-098-015-248-249.res.spectrum.com) | 00:23 | |
| - vagrantc (QUIT: Ping timeout: 260 seconds) (~vagrant@2600:3c01:e000:21:7:77:0:50) | 01:19 | |
| - ZylonMaster (QUIT: Quit: Leaving) (~hjcs@syn-098-015-248-249.res.spectrum.com) | 01:28 | |
| - Ar|stote|is (QUIT: Quit: https://quassel-irc.org - Chat comfortably. Anywhere.) (~linx@149.210.12.48) | 02:08 | |
| + Ar|stote|is (~linx@149.210.12.48) | 02:08 | |
| - cobra (QUIT: Ping timeout: 256 seconds) (~cobra@user/Cobra) | 04:26 | |
| - jacobk (QUIT: Ping timeout: 260 seconds) (~quassel@utdpat241106.utdallas.edu) | 06:00 | |
| + jacobk (~quassel@64.189.201.150) | 06:20 | |
| - GNUmoon2 (QUIT: Remote host closed the connection) (~GNUmoon@gateway/tor-sasl/gnumoon) | 07:08 | |
| + GNUmoon2 (~GNUmoon@gateway/tor-sasl/gnumoon) | 07:08 | |
| + Gooberpatrol66 (~Gooberpat@user/gooberpatrol66) | 07:26 | |
| + jaume (~user@user/jaume) | 07:31 | |
| + colinsane (~colinunin@97-113-95-59.tukw.qwest.net) | 08:33 | |
| - colinsane (QUIT: Client Quit) (~colinunin@97-113-95-59.tukw.qwest.net) | 08:35 | |
| + colinsane (~colinunin@97-113-95-59.tukw.qwest.net) | 08:38 | |
| + cobra (~cobra@user/Cobra) | 10:21 | |
| - klardotsh (QUIT: Ping timeout: 255 seconds) (~klardotsh@c-67-170-115-80.hsd1.wa.comcast.net) | 10:23 | |
| - robin (QUIT: Remote host closed the connection) (~robin@user/terpri) | 10:39 | |
| + robin (~robin@user/terpri) | 10:40 | |
| grimmware | josch: Having spent a year and a half unprivileging container development at work it fills me full of joy to see you say that. | 11:01 |
|---|---|---|
| grimmware | I’m submitting a talk to 44CON about it called “Unprivileged Containers: shaving Yaks to put the Toothpaste Back in the Tube” | 11:03 |
| - GNUmoon2 (QUIT: Remote host closed the connection) (~GNUmoon@gateway/tor-sasl/gnumoon) | 11:34 | |
| + GNUmoon2 (~GNUmoon@gateway/tor-sasl/gnumoon) | 11:35 | |
| + f_ (~AUGESOUND@fases/developer/funderscore) | 12:18 | |
| + jaume` (~user@119.15.112.1) | 12:32 | |
| - jaume (QUIT: Ping timeout: 256 seconds) (~user@user/jaume) | 12:32 | |
| josch | grimmware: nice! :D Yes, I'm extremely happy that Linux namespaces have now been a thing for a very long time and are becoming quite mature. The things for which you really need to be the superuser become fewer and fewer. :) | 13:41 |
| josch | in Debian we now have mmdebstrap as a replacement for debootstrap and sbuild which allows you to build all packages in the archive with unshared user namespaces | 13:49 |
| grimmware | josch: really gnarly trick you can do as of kernel 6.x is use idmapped mounts as a lower directory in overlayfs, so you can do an unprivileged build against your base OS in a container that’s entirely copy-on-write so you can actually see the FS diff. You need privilege to do the mount in the first place and obviously that grants read to certain files that you might want to mask out on another lower layer (e.g. shadow) but | 13:50 |
| grimmware | effectively because it’s bind mounted you can just set it up in init and leave it in case a user wants to use it. | 13:50 |
| josch | oh interesting | 13:52 |
| josch | a friend of mine is working on a new container manager which is able to "boot" a machine on an ext4 file system which was tricky because passing the fuse FD into the unshared namespace so that things don't explode is quite non-trivial | 13:52 |
| - sir-photch (QUIT: Remote host closed the connection) (~m-hy5poy@2a01:4f8:c2c:5963::1) | 15:13 | |
| - buckket (QUIT: Quit: buckket) (~buckket@vps.buckket.org) | 15:34 | |
| + buckket (~buckket@vps.buckket.org) | 15:35 | |
| - jaume` (QUIT: Remote host closed the connection) (~user@119.15.112.1) | 15:57 | |
| + sir-photch (~m-hy5poy@2a01:4f8:1c1b:4579:0:bad:f00d:2) | 16:06 | |
| * f_ -> f_` | 16:08 | |
| * f_` -> f_ | 16:09 | |
| - sir-photch (QUIT: Ping timeout: 256 seconds) (~m-hy5poy@2a01:4f8:1c1b:4579:0:bad:f00d:2) | 16:25 | |
| + sir-photch (~m-hy5poy@2a01:4f8:1c1b:4579:0:bad:f00d:2) | 16:30 | |
| + gustav28 (~gustav@c-4334524e.019-141-67626730.bbcust.telenor.se) | 18:08 | |
| + vagrantc (~vagrant@2600:3c01:e000:21:7:77:0:50) | 18:10 | |
| + Gooberpatrol_66 (~Gooberpat@user/gooberpatrol66) | 18:35 | |
| - Gooberpatrol66 (QUIT: Read error: Connection reset by peer) (~Gooberpat@user/gooberpatrol66) | 18:35 | |
| + reformer (~reformer@softboy.mntmn.com) | 19:21 | |
| - Gooberpatrol_66 (QUIT: Remote host closed the connection) (~Gooberpat@user/gooberpatrol66) | 19:21 | |
| - aperezdc (QUIT: Ping timeout: 268 seconds) (~aperezdc@2a03:6000:6e61:633::43) | 19:55 | |
| - Sario (QUIT: Quit: WeeChat 4.1.1) (sario@libera/staff/owl/sario) | 20:16 | |
| + Sario (sario@libera/staff/owl/sario) | 20:17 | |
| + klardotsh (~klardotsh@c-67-170-115-80.hsd1.wa.comcast.net) | 20:31 | |
| + murph_nj (~murph@ool-457bb02e.dyn.optonline.net) | 20:40 | |
| - murphnj (QUIT: Ping timeout: 255 seconds) (~murph@user/murphnj) | 20:42 | |
| + aperezdc (~aperezdc@2a03:6000:6e61:633::43) | 20:48 | |
| - gustav28 (QUIT: Quit: Quit) (~gustav@c-4334524e.019-141-67626730.bbcust.telenor.se) | 22:15 | |
| + nsc (~nicolas@118-99-142-46.pool.kielnet.net) | 22:19 | |
| - f_ (QUIT: Ping timeout: 260 seconds) (~AUGESOUND@fases/developer/funderscore) | 22:59 | |
| * bluerise_ -> bluerise | 23:45 | |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!