11 Jul
2022
11 Jul
'22
8:11 p.m.
Chris Hanson wrote in
<2598435A-B098-4449-9327-86BE981A2CD0(a)eschatologist.net>:
|On Jul 9, 2022, at 1:35 AM, Tomasz Rola <rtomek(a)ceti.pl> wrote:
|>
|> However, performance seems to be worse.
|
|There's a reason replacements for init and /etc/rc like launchd, upstart, \
|and systemd exist.
|
|I just wish Linux hadn't rolled its own and had gone with launchd. \
|Of course, that'd have also required having a reasonable kernel-level \
|IPC system like Mach.
Oh! I finally find a second good thing of systemd: it does not
use XML resource files!
The other is the "startup-completed" notification of fork-fork-
away daemons via socket, but of course the daemons have to be
especially coded to use that.
The third is that administrators can play easy? But they do need
ansible, puppet or whatever there is (i am luckily no admin).
I do not give in the fourth, as of course you can integrate
anything into one via dynamic modules, and it gives you a bit.
With just four separate programs running? Like kernel, systemd,
emacs and a graphical web browser? I personally see three errors
here, but do not get away without the browser myself.
To me the problem is that you always have those trains that
everybody jumps on. You could pimp login(1) to use "reap
control", like Linux prctl(2) PR_SET_CHILD_SUBREAPER, and
FreeBSD's procctl(2) does that even better (with _STATUS,
_GETPIDS, _KILL available). You could integrate PAM to use REAP
if sessions get used. (PAM is a desaster because it does not,
actually. As i found out. Heh.) You could offer some additional
inittab(5) keywords that do this reaping, that unshare daemons
early, in effect something like
[filesystem overlay setup]
cd /
ip netns exec ${netns} \
/usr/bin/env -i TERM=${TERM} DISPLAY=${DISPLAY} \
/usr/bin/unshare --ipc --uts --pid --fork \
--mount --mount-proc ${kill_child} \
${rooter} ${prog}
And then you have the isolation from a normal POSIX shell level.
But no, all these things are left behind and noone cares no more,
even though it would be relatively easy to integrate all these
isolation and control techniques into small and UNIXish
environments. Only corpses! At least in Linux user space land.
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)