Re: [yocto] Subjects for YP Developer Day at ELCE

[William Mills <wmills@ti.com>]

On 09/09/2016 11:51 AM, Jeff Osier-Mixon wrote:
> Hi all - we are in the planning stages for DevDay at ELCE right now,
> particularly the advanced track. This track changes every session,
> usually to cover the things we are working on hardest - for example,
> in San Diego we covered CROPS, devtool, the latest Toaster features,
> and much more.
>
> Whether you are able to attend DevDay or not, we would be grateful to
> hear your suggestions for subjects to cover in the advanced track. We
> are currently planning talks about CROPS, devtool and the ESDK,
> Toaster, wic, smack, security, and a few other things. If you have a
> burning desire to hear about something specific, please let us know.
>

*** Status and state of the art for read-only root filesystems.
1) r/o root + tmpfs only for ephemeral systems
2) r/o root + select r/w points (bind-volatile?)
3) r/o root + unionfs r/w

My interest would be in #1 & #2 as it is security related.
r/w mount would be nosuid, nodev, etc and perhaps noexec
A survey of the space should include #3 however.

I know there is a section in the developer manual for the basic 
mechanisms of r/o root but it appears a lot is left as an excrice for 
the user.  Are the full demo images etc?

*** What is the OE/YP response to Ubuntu-core?
4) Can Yocto build transactionally updated-able bundles for kernel and 
core-os/root-fs?
5) Can Yocto [cross-]build snaps or flatpaks?
6) Will snapd (or whatever flatpak needs) become 1st class ecosystem 
components?
	Ex: meta-snappy has a lot of good work but is early days
	    Currently meta-snappy disables AppArmor & seccomp
	    snapd does only light ns & cgroup control and relies on
	      AppArmor to do most of the containment
             so snapd w/o AppArmor is a demo
	    [Arch is no better BTW]

Bill