Thorsten Kukuk
I am a Distinguished Engineer at SUSE and lead the Future Technology Team. Previously, I was the lead project manager for SLES for over a decade. I have a long history in open source projects.
Sessions
Provide a varlink service to access /etc/passwd and /etc/shadow so that no setuid and setgid binaries are necessary for this task.
systemd-sysext provides a nice way to enhance a distribution with a read-only root filesystem without the need to reboot. But there is additional tooling necessary to manage the sysext images:
* install an image which is compatible with the installed OS version
* update installed images to the newest compatible version
* rollback images in case of an OS rollback
* cleanup unneeded images
In this presentation I will talk about which tooling systemd itself provides for this (importctl, updatectl, ...) and what the benefits and disadvantages of this tools are compared with real world use cases. In the end I created an own, generic and distribution independent tool for this using systemd tools in the backend. Using openSUSE MicroOS as example I will demonstrate how we solved the problems with it and how we integrated it in our update stack.