[CentOS-devel] RH patches v/s vanilla docker in CentOS

Tue Apr 21 14:16:34 UTC 2015
George Dunlap <dunlapg at umich.edu>

On Tue, Apr 21, 2015 at 2:50 PM, Daniel J Walsh <dwalsh at redhat.com> wrote:
> I have not chimed in on this yet, but the patches include stuff to make
> docker run better on a
> systemd based system.  Going purely upstream eliminates us from
> experimenting and testing
> some of our ideas.

By "us" I take it you mean RedHat engineering?  I don't see how the
CentOS Virt SIG going with upstream-only has any effect on RedHat
doing anything.

> Current patches include fixes for SELinux, patches to allow systemd to
> run within a container without
> requiring --privileged mode.  Handling of multiple registries,  Proper
> integration into the systemd, MachineCtl, journald.
> And most importantly customers running on rhel will have a different
> experience then on Centos.

Users who use the version of Docker from CentOS Extras will be using
RHEL bits and having the same experience.

Users who opt in for the Virt SIG have specifically chosen *not* to
run the RHEL version for some reason; presumably they want to have a
different experience. :-)

The SELinux fixes and patches to allow systemd to run without
--privileged mode sound useful to me (as someone outside looking in),
but I would leave it for Lokesh (and people from the Atomic SIG) to
determine which patches, if any, are worth porting over.

For comparison, the Xen dom0 kernel is mostly a vanilla upstream
kernel, but with a few driver tweaks, and the blktap2 driver; the Xen
tools is mostly a vanilla upstream tools package, but with XenServer's
"blktap2.5" patched in.