Re: [atomic-devel] [PATCH] Adding SSSD client bits to Fedora Atomic Host

[Colin Walters <walters verbum org>]

On Sun, Nov 8, 2015, at 08:33 AM, Jan Pazdziora wrote:
> On Tue, Oct 27, 2015 at 11:51:23AM +0100, Jan Pazdziora wrote:
> > 
> > Specifically I believe the attached patch against
> > https://git.fedorahosted.org/cgit/fedora-atomic.git master branch
> > might be a good start.
> 
> I have now rebased the patch on top of master to make it easy to apply,
> please find it attached.

Can you improve the commit message?  It currently is mostly "what"
but not much "why" (and the subject line should be imperative tense matching
the rest of the style).
Something like:

```
manifest: Add requirements for host fedora/sssd container

Having these dependencies on the host are necessary in order for the
new `fedora/sssd` container to work.  For more information, see:

https://lists.projectatomic.io/projectatomic-archives/atomic-devel/2015-October/msg00055.html
```

I took a quick look at the container source.

- What is up with:
```
[Service]
ExecStartPre=/bin/systemctl start dbus.service
```
in https://github.com/fedora-cloud/Fedora-Dockerfiles/blob/master/sssd/oddjobd.service ?

Ah wait, we're running another system bus inside the container?  Hmm.
Regardless couldn't we just do `Requires=dbus.service` in sssd.service or so?

Also, am I right in that things like:
```
-v /var/lib/sss/:/var/lib/sss/ 
```

will hard require UID/GID matching between host and container?

Do you have a sense for the degree to which container and host versions can vary?
Are we expecting to support e.g. a Fedora 23 host
with version X of /usr/lib64/libnss_sss.so.2 talking to a Fedora 24 container sssd
version Y (where X < Y, or X > Y)?

Thanks a lot for working on this!  Having good support for IPA is really critical.