OpenPrinting distribution in OCI containers
Christian Hergert
christian at hergert.me
Thu May 5 19:38:40 UTC 2022
On 5/4/22 3:25 PM, Andrew Hayzen wrote:
> It looks interesting in that it can run an image with some sandboxing
> and appears like a normal systemd service.
I've wanted something similar for Sysprof so that we could distribute it
as a Flatpak (and have sysprofd installed on demand w/ portable service).
The things currently limiting in that regard that we'd need to overcome
to make it work well:
* Make sure we can install the portable service using the D-Bus
interface, passing an FD for the squashfs/tar/etc for deployment.
* Teach systemd to hold a reservation on a D-Bus name that will be
taken by the portable service.
* Teach the portable services to be spawned with a SOCKET_FD or
similar which already owns the D-Bus service name and take over that
connection for the bus connection.
* Most likely if we're using D-Bus for communicating with privileged
services we also need policy kit integration at the portable service
level. That means polkit needs to allow dynamically registered policy
which is revoked/unloaded when the portable service exits or is purged.
-- Christian
More information about the Flatpak
mailing list