|
|
Subscribe / Log in / New account

Introducing Fedora CoreOS

[Posted July 24, 2019 by ris]

Fedora Magazine covers the first preview release of Fedora CoreOS, a new Fedora edition built specifically for running containerized workloads. "It's the successor to both Fedora Atomic Host and CoreOS Container Linux. Fedora CoreOS combines the provisioning tools, automatic update model, and philosophy of Container Linux with the packaging technology, OCI support, and SELinux security of Atomic Host."
to post comments

Introducing Fedora CoreOS

Posted Jul 25, 2019 1:04 UTC (Thu) by pr1268 (guest, #24648) [Link] (3 responses)

"Introducing"? I thought it was called Fedora Core back in 2004.

Nice way to recycle a name, I suppose...

Introducing Fedora CoreOS

Posted Jul 25, 2019 5:29 UTC (Thu) by zdzichu (subscriber, #17118) [Link]

It's introduction of rehash of CoreOS from 2013 (https://lwn.net/Articles/593928/), as Red Hat bought them.

Introducing Fedora CoreOS

Posted Jul 25, 2019 12:24 UTC (Thu) by mattdm (subscriber, #18) [Link] (1 responses)

For what it's worth, I covered this in the initial announcement of the project:
Hey, so… “Fedora Core”!

Everything’s a circle, right? But, this has nothing to do with the Red Hat vs. external split that was Fedora Core and Extras back in the day. We absolutely do not want to regress to that kind of community divide. “Core” just happens to be a pretty catchy name component for an OS that fits the “small, focused base” concept. This concept is powerful and useful for today’s information technology and computing world, and we want to give it proper focus in Fedora.

Introducing Fedora CoreOS

Posted Jul 25, 2019 21:54 UTC (Thu) by rahulsundaram (subscriber, #21946) [Link]

Might be worth throwing that into the FAQ

Introducing Fedora CoreOS

Posted Jul 25, 2019 23:32 UTC (Thu) by kjp (guest, #39639) [Link] (2 responses)

When will redhat just let selinux die already.
Using firecracker and virtualization seems like a far more secure way to run containers.

Introducing Fedora CoreOS

Posted Jul 25, 2019 23:43 UTC (Thu) by rahulsundaram (subscriber, #21946) [Link]

SELinux is part of the upstream Linux kernel and widely used not just in the Red Hat family of Linux distributions but also by millions of phones through Android. It makes no sense to invest heavily on a technology and just let it die. For a very targeted system like Fedora CoreOS where everything is designed to run on containers, SELinux works way better and you never see it compared to regular Linux servers where you can run arbitrary applications in a variety of ways that are difficult to secure well

Virtualization is not a way to secure containers. I would recommend watching https://www.youtube.com/watch?v=a9lE9Urr6AQ on this topic. Firecracker is an interesting approach that uses KVM and is pitched as sort of in between alternative compared to containers and full VMS. Some of these approaches could be layered with SELinux but they don't seem to be playing in the same level.

Introducing Fedora CoreOS

Posted Aug 1, 2019 4:04 UTC (Thu) by anguslees (subscriber, #7131) [Link]

I have nothing against selinux, but I should point out that its implementation in kubernetes seems to have some rough edges - and hence I'm forced to conclude is rarely used: https://github.com/kubernetes/kubernetes/issues/69799


Copyright © 2019, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds