|
|
Subscribe / Log in / New account

The Debian init system general resolution returns

The Debian init system general resolution returns

Posted Oct 17, 2014 20:56 UTC (Fri) by jspaleta (subscriber, #50639)
In reply to: The Debian init system general resolution returns by mgb
Parent article: The Debian init system general resolution returns

meh....

Lets make sure we've concluded the on-topic argument before moving on to the off-topic one about the security implications of relying on dbus.

you admit that logind does not in fact depend on anything being running on pid=1 Right? And you rescind your previous criticism that GNOME or anything else which depends on the logind API for functionality is implicitly dependent on any particular init being pid=1 right? I'll just go ahead and assume you've answered yes to those questions and we'll move on safe in the knowledge that you previously stated issues about high level software relying on a specific codebase running as pid=1 have now been address.

So... reliance on dbus in pid=1 as a security risk over other available ipc mechanisms available. I do not share your opinion that having pid=1 rely on dbus for IPC is an inherent security weakness. I personally look forward to the day when kdbus is a standard piece of kit for every process to rely on for inter process communication from pid=1 to pid=infinity+1.

Anyways... for everyone who agrees with you about the implications of relying on dbus in pid=1, then sysvinit with shim and cgmanager should work for you to keep logind for higher level bits of to rely on for now. You and those who agree with your opinion would of course be better off replacing shim with a fully independently developed codebase that implements the stable systemd dbus API.

As shim is just a fork of systemd and I don't see that being sustainable long term because users of that fork will be continually fighting against implementation decisions they don't agree with in the mainline codebase. That's not where you want to be.

Better to start fresh and build the implementation that works more consistently with your world view about the security risk of dbus. I've sort of hinted at extending runit with a helper to talk systemd APIs, as a way forward for you and people who share your opinion about the security of dbus while still keeping logind working. runit is in my estimation the best choice for you moving forward, as even upstart suffers from your perceived dbus over-reliance so you shouldn't even bother with resurrecting and extending it. The point being, logind will still operate as long as your independently developed service implementation running pid!=1 as long as it speaks the expected documented APIs logind expects to see.

-jef

to post comments

The Debian init system general resolution returns

Posted Oct 17, 2014 21:00 UTC (Fri) by mpr22 (subscriber, #60784) [Link] (3 responses)

A cursory inspection of the systemd-shim source tree indicates that systemd-shim is not a fork of systemd. It is an independent reimplementation of a subset of systemd's functionality, which imports a few source files from the systemd code base.

The Debian init system general resolution returns

Posted Oct 17, 2014 21:02 UTC (Fri) by jspaleta (subscriber, #50639) [Link] (2 responses)

a "few" source files... hmmm... yes well.. you say potato I say fork.

-jef

The Debian init system general resolution returns

Posted Oct 17, 2014 21:13 UTC (Fri) by mpr22 (subscriber, #60784) [Link] (1 responses)

A few. To be precise, two .c and three .h files (out of the total of sixteen files comprising the C source code), which contain rather generic helper functions and look to be rather extensively pruned compared to wherever in systemd they came from, too.

This really, really isn't a "fork of systemd" by any reasonable definition of the phrase.

The Debian init system general resolution returns

Posted Oct 17, 2014 22:06 UTC (Fri) by jspaleta (subscriber, #50639) [Link]

Whatever this is it isn't an independently create implementation from the api documentation. Considering the majority of functional code in the first commit into the revision control in both github and launchpad are in files lifted directly from systemd codebase, I'm going to still call it a fork and sleep well at night. Agree to disagree I guess. The cgmanager support in the current tip of the codebase is certainly much diverged so I can understand your point of view that its now diverged to the point where just taking a snapshot of the tip as it exists to day, with no historic context, might make it look like a fresh implementation instead of a diverged fork.

Either way I hope debian is able to sustain it and cgmanager, even if Canonical looses interest in maintaining either with staffed manpower. As clearly these two codebases are going to be critical if Debian is serious about multi-init support. GNOME might be today's firefight..but this is just a prelude to the much more difficult discussion concerning container support and the cgroup management question bound up in that. And containers go right to the heart of Debian's relevance in the server workloads and a much more interesting issue for the project long term I think. But I digress.

-jef


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds