for Atomic, we'd need static uid/gid for sssd to be able to install and configure sssd on the host and then move the execution to container, and vice versa. Because the data and config directories and files are created by rpm during package installation, we want the uid on the host and in the containers to match because processes running in container will need to manipulate the data on host's filesystem, and create new files as well. The order in which the packages are installed on host and container can lead to different uids to be used when we (currently) don't specify one. Soft static allocation will prevent clashes in the future.
Hmm, if this is really necessary then I'm kind of thinking that the same requirement could basically apply to pretty much every other UID allocation. How is sssd special in this respect?
Note that I'm leaning towards +1 in any case because SSSD is kind of an essential system service at this point anyway. But I'm really concerned about the good old slippery slope here.
It is different in us having active development of setups where migration from SSSD running on host to SSSD in container (on that host, for that host) and vice versa will be possible and supported.
Unlike https://fedorahosted.org/fpc/ticket/474 that was rejected because it was only about software in containers, SSSD crosses the container boundary, as it is tightly tied to the host it is running on.
And yes, the same requirement could be made about virtually any UID and I don't really understand the pushback we got on the dirsrv UID request, especially looking at /usr/share/doc/setup/uidgid and seeing what other UIDs have already been allocated.
Well, I can speak to the latter: someone went off and just added UIDs there without asking FPC. Many of them really shouldn't be there. The static UID space is extremely limited so folks really need to think of better ways to do what they need than static allocation.
We discussed this at this weeks meeting (http://meetbot.fedoraproject.org/fedora-meeting-1/2015-09-24/fpc.2015-09-24-16.00.txt):
What are the next steps? The
If the FPC finds that your package needs a soft static UID or GID, they will assign you one and add an entry documenting it to the /usr/share/doc/setup-*/uidgid file in the setup package.
What is the uid/gid? Will you handle any (bugzilla) work to get the uidgid amended or should I do it?
Metadata Update from @adelton:
- Issue assigned to james
to comment on this ticket.