On Fri, 10.06.11 18:42, Denys Vlasenko (dvlasenk(a)redhat.com) wrote:
On Fri, 2011-06-10 at 15:36 +0200, Michal Schmidt wrote:
> > Why does systemd link against libpam?
> > systemd does logins now, not /bin/login or gdm or ...?
>
> to implement PAMName= (man systemd.exec)
I don't see any users of this feature on my F15.
I searched with Google and come up empty too.
But anyway, assuming it's a useful feature, why it has to be done by
systemd?
It's simply more correct to call into PAM when changing to a different
user, i.e. to implement /etc/security/limits.conf and suchlike. We do
not call into PAM by default, but you can enable it and I expect many
admins to configure things that way.
Also note that we will make use of this features when introducing the
D-Bus user bus, to ensure while the user bus runs as user it still has
all PAM limits set.
But memory consumption is not really the gist of my argument,
it's:
why systemd tries to be all things for all people?
It doesn't. Just what you need to spawn a service in a confined
environment with all system limits applied correctly.
I am pretty sure people would complain very loudly if they use User= in
systemd and have no way to apply the PAM system limits to that.
> > libwrap? systemd is a network application now too?
>
> to implement TCPWrapName= (man systemd.exec)
Again, why it has to be done *by systemd*?
Socket activation.
Lennart
--
Lennart Poettering - Red Hat, Inc.