From: Steffen Nurpmeso <steffen@sdaoden.eu>
To: "Theodore Ts'o" <tytso@mit.edu>
Cc: tuhs@minnie.tuhs.org
Subject: Re: [TUHS] [tuhs] The Unix shell: a 50-year view
Date: Mon, 05 Jul 2021 17:08:54 +0200 [thread overview]
Message-ID: <20210705150854.gtvCp%steffen@sdaoden.eu> (raw)
In-Reply-To: <YOKDovR8h8r1yoIP@mit.edu>
Theodore Ts'o wrote in
<YOKDovR8h8r1yoIP@mit.edu>:
|On Sun, Jul 04, 2021 at 09:10:49PM +0100, Tony Finch wrote:
|> Dan Cross <crossd@gmail.com> wrote:
|>>
|>> Systemd is both good and bad.
|>
|> I thought this article was well-informed and informative, but VERY long:
|> https://blog.darknedgy.net/technology/2020/05/02/0/
|> "systemd, 10 years later: a historical and technical retrospective"
|
|This is also a really good talk, by Benno Rice. Benno is a FreeBSD
|developer, and has served on the FreeBSD Core Team. He gave this talk
|at Linux.Conf.au 2019, and it was a repeat of a talk he gave at BSDCan
|2018, entitled "The Tragedy of Systemd" ("Tragedy" in the title was
|used in the Greek drama context):
|
| https://www.youtube.com/watch?v=o_AIw9bGogo
|
|It's a pretty fair talk about the why systemd came up, and what we
|might be able to learn from systemd. His closing line was, which I
|think is quite good was:
|
| "What I would challenge every one here is to look at systemd, and
| try find one thing you like --- and then go try to implement it."
Disclaimer: i .. have not .. seen this.
Everybody may use systemd until they die, my very personal concern
is only that the infrastructure boils down to be unusable without
it. Also as noone cares, just a few voices here and there, even
more so. Many small tools exist that can do things, but as
systemd grows they do not, they are not extended to follow suit
Linux kernel features.
I mean, i could hack instead of complaining, but as i use
unshare(1) not docker/systemd i find it unpleasant that i have to
use capsh(1) in addition for example instead of simply feeding
unshare(1) also with the capabilities. For systemd users this is
just a single line, and often programs come with readily prepared
unit files, take iwd for example
[Service]
Type=dbus
BusName=net.connman.iwd
ExecStart=@libexecdir@/iwd
[taken from source not installed base as not installed, no
systemd here.]
NotifyAccess=main
LimitNPROC=1
I have cgroups yes, but unshare(1) does not do that by itself.
So my shell script wrapper moves the PID by itself, which it is,
essentially.
Restart=on-failure
I have a cron based watchdog on the server. (Which never had to
trigger in >5 years of operation.) But yes...
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
Not unshare. I am about to add this via capsh(1).
PrivateTmp=true
So private tmp directories only via boxing into overlayfs views,
but not as it is done here.
NoNewPrivileges=true
Capabilities not yet.
Maybe one should go and write an unshare which can this too.
DevicePolicy=closed
DeviceAllow=/dev/rfkill rw
ProtectHome=yes
ProtectSystem=strict
ProtectControlGroups=yes
ProtectKernelModules=yes
You see systemd making touchdowns, and i mean it.
Because only it can. And i played football with my feet.
ConfigurationDirectory=iwd
StateDirectory=iwd
StateDirectoryMode=0700
Granted, all these tortured administrators have a life way easier
by using systemd and just adjusting the unit, if at all needed.
Easier to just browse and copy+paste.
I have to take back my iwd complaint about syslog. It is just
they did not bother at all. This Intel program uses the Intel
"ell" (Embedded Linux library), and whereas that offers
ell/log.c: * l_log_set_ident:
ell/log.c:LIB_EXPORT void l_log_set_ident(const char *ident)
ell/log.c: * l_log_set_handler:
ell/log.c:LIB_EXPORT void l_log_set_handler(l_log_func_t function)
ell/log.c: * l_log_set_null:
ell/log.c:LIB_EXPORT void l_log_set_null(void)
ell/log.c: * l_log_set_stderr:
ell/log.c:LIB_EXPORT void l_log_set_stderr(void)
ell/log.c: * l_log_set_syslog:
ell/log.c:LIB_EXPORT void l_log_set_syslog(void)
ell/log.c: * l_log_set_journal:
ell/log.c:LIB_EXPORT void l_log_set_journal(void)
ell/test.c: l_log_set_stderr();
ell/log.h:void l_log_set_ident(const char *ident);
ell/log.h:void l_log_set_handler(l_log_func_t function);
ell/log.h:void l_log_set_null(void);
ell/log.h:void l_log_set_stderr(void);
ell/log.h:void l_log_set_syslog(void);
ell/log.h:void l_log_set_journal(void);
they use
#?0|kent:iwd-1.15$ grep -r l_log_set
tools/hwsim.c: l_log_set_stderr();
tools/probe-req.c: l_log_set_stderr();
client/main.c: l_log_set_stderr();
src/main.c: l_log_set_stderr();
wired/main.c: l_log_set_stderr();
One could at least be happy they did not fixate "journal", maybe.
Anyhow, the actual error output is for developers only.
Bitrot everywhere. So just jump on the train that delivers and
pass the rest.
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
next prev parent reply other threads:[~2021-07-05 15:09 UTC|newest]
Thread overview: 109+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-02 21:24 Nelson H. F. Beebe
2021-07-02 21:36 ` Larry McVoy
2021-07-02 21:56 ` Henry Bent
2021-07-02 23:12 ` Steve Nickolas
2021-07-02 23:49 ` Steffen Nurpmeso
2021-07-03 13:34 ` Steffen Nurpmeso
2021-07-03 13:56 ` Richard Salz
2021-07-03 12:04 ` Thomas Paulsen
2021-07-03 13:20 ` Dan Cross
2021-07-03 17:37 ` Theodore Ts'o
2021-07-03 17:57 ` Warner Losh
2021-07-03 18:10 ` Theodore Ts'o
2021-07-03 20:02 ` Dan Cross
2021-07-04 0:47 ` Tomasz Rola
2021-07-04 4:36 ` Larry McVoy
2021-07-04 14:56 ` Dan Cross
2021-07-04 16:07 ` Theodore Ts'o
2021-07-04 20:10 ` David Barto
2021-07-05 0:25 ` Larry McVoy
2021-07-05 1:23 ` John Cowan
2021-07-04 12:48 ` Dan Cross
2021-07-05 7:14 ` Tomasz Rola
2021-07-05 16:26 ` John Cowan
2021-07-06 23:17 ` Tomasz Rola
2021-07-06 23:47 ` Steve Nickolas
2021-07-06 23:49 ` Warner Losh
2021-07-06 23:48 ` John Cowan
2021-07-07 0:46 ` Theodore Ts'o
2021-07-07 0:58 ` George Michaelson
2021-07-07 2:48 ` Larry McVoy
2021-07-07 18:32 ` Tomasz Rola
2021-07-07 20:50 ` Michael Kjörling
2021-07-08 6:46 ` [TUHS] Overgrown ffox (was: The Unix shell: a 50-year view) Tomasz Rola
2021-07-08 13:59 ` Derek Fawcus
2021-07-08 19:25 ` Steffen Nurpmeso
2021-07-08 19:37 ` Steffen Nurpmeso
2021-07-08 20:40 ` Steffen Nurpmeso
2021-07-08 22:23 ` Kevin Bowling
2021-07-08 21:47 ` [TUHS] [tuhs] The Unix shell: a 50-year view Theodore Ts'o
2021-07-09 20:14 ` Michael Kjörling
2021-07-07 13:54 ` Tony Finch
2021-07-06 16:05 ` Clem Cole
2021-07-09 22:19 ` Tomasz Rola
2021-07-04 20:10 ` Tony Finch
2021-07-05 3:59 ` Theodore Ts'o
2021-07-05 15:08 ` Steffen Nurpmeso [this message]
2021-07-05 3:52 ` Bakul Shah
2021-07-04 18:17 ` John Dow via TUHS
2021-07-04 19:46 ` Clem Cole
2021-07-05 1:33 ` Noel Hunt
2021-07-05 2:38 ` Clem Cole
2021-07-05 2:51 ` Warner Losh
2021-07-05 3:03 ` Clem Cole
2021-07-05 3:01 ` Clem Cole
2021-07-05 5:22 ` Noel Hunt
2021-07-06 5:10 ` Nevin Liber
2021-07-06 13:30 ` Clem Cole
2021-07-06 16:23 ` Theodore Ts'o
2021-07-07 1:57 ` Dan Cross
2021-07-07 2:52 ` Larry McVoy
2021-07-07 5:19 ` Andrew Warkentin
2021-07-07 18:28 ` Jon Steinhart
2021-07-10 11:51 ` [TUHS] " Ralph Corderoy
2021-07-10 13:54 ` Henry Bent
2021-07-10 14:12 ` Ralph Corderoy
2021-07-10 16:57 ` [TUHS] Death by bug [formerly The Unix shell: a 50-year view] Jon Steinhart
2021-07-11 8:53 ` [TUHS] Death by bug Ralph Corderoy
2021-07-11 9:04 ` arnold
2021-07-12 1:42 ` Theodore Y. Ts'o
2021-07-12 2:57 ` Jon Steinhart
2021-07-12 6:39 ` arnold
2021-07-12 9:56 ` Ralph Corderoy
2021-07-11 16:10 ` Jon Steinhart
2021-07-12 10:37 ` Ralph Corderoy
2021-07-06 13:40 ` [TUHS] [tuhs] The Unix shell: a 50-year view John Cowan
2021-07-06 14:12 ` Chet Ramey
2021-07-07 0:53 ` Nevin Liber
2021-07-07 13:08 ` Chet Ramey
2021-07-07 15:15 ` Richard Salz
2021-07-03 0:09 ` Andrew Warkentin
2021-07-03 15:49 ` Andy Kosela
2021-07-04 23:24 ` [TUHS] Is C obsolete? (was Re: [tuhs] The Unix shell: a 50-year view) Derek Fawcus
2021-07-04 23:50 ` Nemo Nusquam
2021-07-05 0:15 ` Dan Stromberg
2021-07-05 0:21 ` Larry McVoy
2021-07-05 2:36 ` John Cowan
2021-07-05 2:59 ` Richard Salz
2021-07-05 3:47 ` Larry McVoy
2021-07-05 4:02 ` Dan Stromberg
2021-07-05 13:45 ` Steffen Nurpmeso
2021-07-05 20:15 ` Dan Stromberg
2021-07-05 21:05 ` Larry McVoy
2021-07-05 21:29 ` Clem Cole
2021-07-05 22:22 ` Brantley Coile
2021-07-06 4:35 ` Dan Stromberg
2021-07-06 4:44 ` Warner Losh
2021-07-06 5:58 ` Rico Pajarola
2021-07-06 13:05 ` Clem Cole
2021-07-05 12:11 ` Thomas Paulsen
2021-07-05 4:08 ` Dan Stromberg
2021-07-05 4:23 ` George Michaelson
2021-07-05 14:43 ` Larry McVoy
2021-07-05 15:17 ` Steffen Nurpmeso
2021-07-05 15:36 ` Steffen Nurpmeso
2021-07-05 15:53 ` Mike Markowski
2021-07-05 16:39 ` Warner Losh
2021-07-05 19:02 ` Clem Cole
2021-07-02 22:27 ` [TUHS] [tuhs] The Unix shell: a 50-year view Chet Ramey
2021-07-02 23:09 ` Steve Nickolas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210705150854.gtvCp%steffen@sdaoden.eu \
--to=steffen@sdaoden.eu \
--cc=tuhs@minnie.tuhs.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).