Computer Old Farts Forum
 help / color / mirror / Atom feed
From: Steffen Nurpmeso <>
To: Chris Hanson <>
Subject: [COFF] Re: Systemd Creator Lands At Microsoft
Date: Mon, 11 Jul 2022 16:11:14 +0200	[thread overview]
Message-ID: <> (raw)
In-Reply-To: <>

Chris Hanson wrote in
 |On Jul 9, 2022, at 1:35 AM, Tomasz Rola <> wrote:
 |> However, performance seems to be worse.
 |There's a reason replacements for init and /etc/rc like launchd, upstart, \
 |and systemd exist.
 |I just wish Linux hadn't rolled its own and had gone with launchd. \
 |Of course, that'd have also required having a reasonable kernel-level \
 |IPC system like Mach.

Oh!  I finally find a second good thing of systemd: it does not
use XML resource files!

The other is the "startup-completed" notification of fork-fork-
away daemons via socket, but of course the daemons have to be
especially coded to use that.

The third is that administrators can play easy?  But they do need
ansible, puppet or whatever there is (i am luckily no admin).

I do not give in the fourth, as of course you can integrate
anything into one via dynamic modules, and it gives you a bit.
With just four separate programs running?  Like kernel, systemd,
emacs and a graphical web browser?  I personally see three errors
here, but do not get away without the browser myself.

To me the problem is that you always have those trains that
everybody jumps on.  You could pimp login(1) to use "reap
control", like Linux prctl(2) PR_SET_CHILD_SUBREAPER, and
FreeBSD's procctl(2) does that even better (with _STATUS,
_GETPIDS, _KILL available).  You could integrate PAM to use REAP
if sessions get used.  (PAM is a desaster because it does not,
actually.  As i found out.  Heh.)  You could offer some additional
inittab(5) keywords that do this reaping, that unshare daemons
early, in effect something like

  [filesystem overlay setup]
  cd /
  ip netns exec ${netns} \
    /usr/bin/env -i TERM=${TERM} DISPLAY=${DISPLAY} \
      /usr/bin/unshare --ipc --uts --pid --fork \
          --mount --mount-proc ${kill_child} \
        ${rooter} ${prog}

And then you have the isolation from a normal POSIX shell level.

But no, all these things are left behind and noone cares no more,
even though it would be relatively easy to integrate all these
isolation and control techniques into small and UNIXish
environments.  Only corpses!  At least in Linux user space land.

|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)

  reply	other threads:[~2022-07-11 14:11 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-07-08  7:40 [COFF] " Tomasz Rola
2022-07-08 10:26 ` [COFF] " Michael Cardell Widerkrantz
2022-07-09  0:29   ` Tomasz Rola
2022-07-09  1:52     ` Angel M Alganza
2022-07-09  8:35       ` Tomasz Rola
2022-07-09  8:59         ` Angel M Alganza
2022-07-10 21:39         ` Chris Hanson
2022-07-11 14:11           ` Steffen Nurpmeso [this message]
2022-07-11 21:04     ` Michael Cardell Widerkrantz
2022-07-11 23:01       ` Dave Horsfall
2022-07-12  7:58         ` [COFF] Re: Alpine, was: " Michael Kjörling
2022-07-12 15:34           ` Adam Thornton
2022-07-12 22:02             ` Steffen Nurpmeso
2022-07-12 23:34           ` Dave Horsfall
2022-07-13  7:36             ` [COFF] Re: Alpine Michael Kjörling
2022-07-12 15:56       ` [COFF] Re: Systemd Creator Lands At Microsoft Michael Cardell Widerkrantz
2022-07-12 19:48         ` Lars Brinkhoff

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).