On 9/4/19 11:39 AM, Christian Borntraeger wrote: > On 04.09.19 16:41, Scott Rohling wrote: >> Let's start with who or what said it wasn't possible.... ? > [...] >>> Just to be sure, by "nss" I meant Named Saved System. > [...] >>>> what is the reason for nss not being possible with SLES from version 12? > [...] > > The Linux kernel now makes use of self-patching in several places and several > core > features would no longer work without those. To make NSS possible, the NSS > would > need to have a copy-on-write semantics instead of being read-only. With > global patching > we would copy almost everything over time making the feature not useful. > > So the feature was not only removed in SLES but will go away in other future > distros > and it is no longer part of the upstream kernel.
What's this? a little uptime funk? That's cool as long as it _doesn't break other things_. Seriously? You whacked NSS for live patching? Don't! (Too late.) https://www.youtube.com/watch?v=SYRlTISvjww Bad enough all the PUTTERING around in userland, even INIT, but now the kernel's borken too. Babies and bath-water both banished. Bummer! Hey, hey, hey, HAY ... Stop! ... wait a minute ... I'm a fan of advances (hallelujah!), but not at the cost of flexibility. I believe y'all killed XIP too, right? That was brilliant. (NOT) Not all the world's containers (or whatever shiny thing). Don't believe me? Just watch: I'll introduce you to a container escaper and kubernetes breaker. -- R; <>< ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
