Hi -
I have a question about [1], the policy limiting what services may be started/enabled by default (when the RPM is installed).
# If a service does not require configuration to be functional and # does not listen on a network socket, it may be enabled by default # [...] # All other services must not be enabled by default.
I'm thinking about how this needs to apply to server processes associated with performance co-pilot (pcp). The various daemons can be set to listen on any mixture IPv4 / IPv6 / AF_UNIX sockets. We think it would be a fine performance-data-gathering background service to run (deeper than sar but still tiny overhead), but default-on appears to be precluded by the policy. Or is it?
Is the intent of this policy to prevent unintentional remote access to the services from a network (ignoring the default firewall)? If so, then a server restricted to localhost and/or AF_UNIX parts should be allowed to be enabled by default.
Can someone clarify the intent / definitions of this constraint?
[1] https://fedoraproject.org/wiki/Starting_services_by_default