From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=0.3 required=5.0 tests=MAILING_LIST_MULTI, RCVD_ILLEGAL_IP,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.4 Received: (qmail 19573 invoked from network); 11 Jul 2022 14:11:50 -0000 Received: from minnie.tuhs.org (50.116.15.146) by inbox.vuxu.org with ESMTPUTF8; 11 Jul 2022 14:11:50 -0000 Received: from minnie.tuhs.org (localhost [IPv6:::1]) by minnie.tuhs.org (Postfix) with ESMTP id D53A440122; Tue, 12 Jul 2022 00:11:28 +1000 (AEST) Received: from sdaoden.eu (sdaoden.eu [217.144.132.164]) by minnie.tuhs.org (Postfix) with ESMTPS id 7062740113 for ; Tue, 12 Jul 2022 00:11:18 +1000 (AEST) Received: from kent.sdaoden.eu (kent.sdaoden.eu [192.0.2.2]) by sdaoden.eu (Postfix) with ESMTPS id EF07716059; Mon, 11 Jul 2022 16:11:15 +0200 (CEST) Received: by kent.sdaoden.eu (Postfix, from userid 1000) id 4741F9041E; Mon, 11 Jul 2022 16:11:14 +0200 (CEST) Date: Mon, 11 Jul 2022 16:11:14 +0200 Author: Steffen Nurpmeso From: Steffen Nurpmeso To: Chris Hanson Message-ID: <20220711141114.ucp3b%steffen@sdaoden.eu> In-Reply-To: <2598435A-B098-4449-9327-86BE981A2CD0@eschatologist.net> References: <20220708074049.GB3053@tau1.ceti.pl> <87mtdj3now.fsf@hack.org> <20220709002907.GB28363@tau1.ceti.pl> <20220709083552.GC28363@tau1.ceti.pl> <2598435A-B098-4449-9327-86BE981A2CD0@eschatologist.net> Mail-Followup-To: Chris Hanson , Tomasz Rola , coff@tuhs.org User-Agent: s-nail v14.9.24-273-gc3c8c39786 OpenPGP: id=EE19E1C1F2F7054F8D3954D8308964B51883A0DD; url=https://ftp.sdaoden.eu/steffen.asc; preference=signencrypt BlahBlahBlah: Any stupid boy can crush a beetle. But all the professors in the world can make no bugs. Message-ID-Hash: MW4PYGYWIDQDORX5HULBB7HPYGCFHVCM X-Message-ID-Hash: MW4PYGYWIDQDORX5HULBB7HPYGCFHVCM X-MailFrom: steffen@sdaoden.eu X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: coff@tuhs.org X-Mailman-Version: 3.3.6b1 Precedence: list Subject: [COFF] Re: Systemd Creator Lands At Microsoft List-Id: Computer Old Farts Forum Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Chris Hanson wrote in <2598435A-B098-4449-9327-86BE981A2CD0@eschatologist.net>: |On Jul 9, 2022, at 1:35 AM, Tomasz Rola wrote: |> |> However, performance seems to be worse. | |There's a reason replacements for init and /etc/rc like launchd, upstart, \ |and systemd exist. | |I just wish Linux hadn't rolled its own and had gone with launchd. \ |Of course, that'd have also required having a reasonable kernel-level \ |IPC system like Mach. Oh! I finally find a second good thing of systemd: it does not use XML resource files! The other is the "startup-completed" notification of fork-fork- away daemons via socket, but of course the daemons have to be especially coded to use that. The third is that administrators can play easy? But they do need ansible, puppet or whatever there is (i am luckily no admin). I do not give in the fourth, as of course you can integrate anything into one via dynamic modules, and it gives you a bit. With just four separate programs running? Like kernel, systemd, emacs and a graphical web browser? I personally see three errors here, but do not get away without the browser myself. To me the problem is that you always have those trains that everybody jumps on. You could pimp login(1) to use "reap control", like Linux prctl(2) PR_SET_CHILD_SUBREAPER, and FreeBSD's procctl(2) does that even better (with _STATUS, _GETPIDS, _KILL available). You could integrate PAM to use REAP if sessions get used. (PAM is a desaster because it does not, actually. As i found out. Heh.) You could offer some additional inittab(5) keywords that do this reaping, that unshare daemons early, in effect something like [filesystem overlay setup] cd / ip netns exec ${netns} \ /usr/bin/env -i TERM=${TERM} DISPLAY=${DISPLAY} \ /usr/bin/unshare --ipc --uts --pid --fork \ --mount --mount-proc ${kill_child} \ ${rooter} ${prog} And then you have the isolation from a normal POSIX shell level. But no, all these things are left behind and noone cares no more, even though it would be relatively easy to integrate all these isolation and control techniques into small and UNIXish environments. Only corpses! At least in Linux user space land. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)