|
|
Subscribe / Log in / New account

The Debian init system general resolution returns

The Debian init system general resolution returns

Posted Oct 21, 2014 5:56 UTC (Tue) by Cyberax (✭ supporter ✭, #52523)
In reply to: The Debian init system general resolution returns by simoncion
Parent article: The Debian init system general resolution returns

>You're shifting the goalposts. This is a correct, comprehensible, easy-to-maintain init script that does more *needed* work than the equivalent systemd unit file
No it isn't correct and it doesn't do all the systemd's work, even if we do not consider socket activation.

Running checkconf is supported by ExecReload. Running inside a namespace is supported out-of-box by simply doing this:
> ProtectSystem=full
> ProtectHome=true
> PrivateTmp=true
> CapabilityBoundingSet=CAP_SYS_NET_BIND

Gentoo's script is still racy - and there's no way to un-race it.

The reload action is asynchronous, because it uses a signal ('rndc reload' should be used instead).

And seriously, using 'fuser' to check if all processes have exited? Is it really real?? It's like these folks haven't heard about cgroups.

> 2) You want an init script to handle SELinux labeling and policy enforcement? Do I misunderstand you? If I don't, how, exactly, would that work?
See this for the discussion of the problem: https://access.redhat.com/documentation/en-US/Red_Hat_Ent...

You need to sanitize the SELinux environment to avoid passing user's labels.

to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds