Mailing List Archive: Gentoo: Hardened

systemd and gentoo

Index | Next | Previous | View Threaded

atoth at atoth

May 17, 2012, 6:01 PM

Post #1 of 8 (724 views)
Permalink

systemd and gentoo

I've recently come across some articles about the hal - dbus - udev -
consolekit - upower udisks - systemd movement. And there's openrc. A
couple of months before I converted the systems to openrc.
What we should prepare for next? When will it happen? Is it already
happening?
Somebody should pull the brakes, please.

Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057

pavel.labushev at runbox

May 17, 2012, 7:56 PM

Post #2 of 8 (707 views)
Permalink

Re: systemd and gentoo [In reply to]

On Fri, 18 May 2012 03:01:00 +0200
"Tóth Attila" <atoth [at] atoth> wrote:

> Somebody should pull the brakes, please.

My humble advise: try making your own custom scripts for runit, minit or
similar minimalistic supervisor together with sudo or su for PAM
support (setuid-root isn't required for root->unprivileged uid
changes). It's simple, fast, maintainable and could be documented
without much effort.

powerman at powerman

May 17, 2012, 9:51 PM

Post #3 of 8 (751 views)
Permalink

Re: systemd and gentoo [In reply to]

Hi!

On Fri, May 18, 2012 at 02:56:06AM +0000, Pavel Labushev wrote:
> > Somebody should pull the brakes, please.
> My humble advise: try making your own custom scripts for runit, minit or

Actually, if you decide to go this way, you probably find packages from my
overlay 'powerman' is good starting point:
- Use my sys-process/runit instead of ebuild in main portage.
My version doesn't install boot scripts /etc/runit/{1,2,3}, because
examples of these files installed by portage version of runit are trying
to boot system using gentoo usual way, thus turning runit into mostly
senseless drop-in replacement for /sbin/init.
- My package power-misc/runit-scripts provide /etc/runit/{1,2,3} boot
scripts implemented in native for runit way. They are very small (about
200 lines bash script used to completely boot and initialize system)
and easy to update for your needs.
- My packages runit-service/service-* will provide you with scripts to run
many daemons under runit supervision.

Together these packages provide complete replacement for gentoo default
boot scripts and services (in /etc/init.d/*). I'm using this for many
years on my home workstation and all servers, and all my friends who use
Gentoo also use this way to boot system and run services because it's much
simpler and reliable.

--
WBR, Alex.

ma1l1ists at yahoo

May 18, 2012, 12:52 AM

Post #4 of 8 (707 views)
Permalink

Re: systemd and gentoo [In reply to]

On Fri, 18 May 2012 03:01:00 +0200
Tóth Attila wrote:

> Somebody should pull the brakes, please.

Your too polite, you mean, Somebody should give some people a slap for
breaking unix philosophies and not understanding what Unix is already
capable of.

I've already disabled consolekit and udisks. They bring little to the
table and cause problems for administartion and configuration. I haven't
decided on systemd yet but it looks potentially troublesome to me.

ma1l1ists at yahoo

May 18, 2012, 12:56 AM

Post #5 of 8 (708 views)
Permalink

Re: systemd and gentoo [In reply to]

On Fri, 18 May 2012 02:56:06 +0000
Pavel Labushev wrote:

> try making your own custom scripts for runit, minit or
> similar minimalistic supervisor together with sudo or su for PAM
> support (setuid-root isn't required for root->unprivileged uid
> changes). It's simple, fast, maintainable and could be documented
> without much effort.

What's wrong with init respawn or supervise and/or monit?

pavel.labushev at runbox

May 18, 2012, 3:29 AM

Post #6 of 8 (713 views)
Permalink

Re: systemd and gentoo [In reply to]

On Fri, 18 May 2012 08:56:03 +0100
Kevin Chadwick <ma1l1ists [at] yahoo> wrote:

> What's wrong with init respawn or supervise and/or monit?

sysvinit:
- adding/removing/stopping a service requires editing inittab or ad-hoc
solutions
- no integrated logging
- no dependency tracking system

monit:
- depends on external systems like OpenRC => might fail to restart
a service due to possible bugs in its complicated init script
- separate configuration files => more work to write them and keep in
sync with OpenRC configuration
- does pid file inspection and periodic signalling instead of wait(2)
=> racy: might fail to restart a crashed service if its pid file
contains a pid of some running but unrelated process
- requires extra configuration not to restart a service when it was
temporarily shut down by administrator

supervise (daemontools) is like runit. There's nothing wrong with it,
yet it has some limitations that minit was designed to overcome:
http://www.fefe.de/minit/minit-linux-kongress2004.pdf

ma1l1ists at yahoo

May 18, 2012, 3:39 AM

Post #7 of 8 (706 views)
Permalink

Re: systemd and gentoo [In reply to]

On Fri, 18 May 2012 10:29:41 +0000
Pavel Labushev wrote:

> does pid file inspection

has regex matching now

Fair enough but for me, I prefer a simple and scripted init system.

vapier at gentoo

May 22, 2012, 1:42 PM

Post #8 of 8 (694 views)
Permalink

Re: systemd and gentoo [In reply to]

On Thursday 17 May 2012 21:01:00 Tóth Attila wrote:
> I've recently come across some articles about the hal - dbus - udev -
> consolekit - upower udisks - systemd movement. And there's openrc. A
> couple of months before I converted the systems to openrc.
> What we should prepare for next? When will it happen? Is it already
> happening?

systemd isn't required, nor are there plans to make it required in Gentoo.
openrc is the default and will continue to be so.

hal is dead
-mike

Attachments:

signature.asc (0.82 KB)

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads