On Thu, Jul 29, 2021 at 09:37:53AM +0000, Zbigniew Jędrzejewski-Szmek wrote:
On Wed, Jul 28, 2021 at 07:04:03PM +0200, Miroslav Suchý wrote:
So... personally I think we should restart many more things than
we currently do. Even in systemd itself we fall short of this
goal: systemd-logind is not restarted because of bugs (gnome
session gets killed when logind is restarted, and it's really a
problem with how logind manages resources during restart [1]).
To be able to safely restart, the application has to provide the
appropriate functionality: it needs to either always keep all
state serialized, or serialize it on demand. Systemd provides a
"file descriptor store" [2] that can be used to keep files open
while the process is not running. There are obviously exceptions…
for example graphical applications. But for many system services and
background user services, my expecation is that they are invisibly
restarted in the background without any user interaction. Each program
that allows this moves us one step closer towards the goal of being
upgrades being a non-event.
I'd question the criteria we use for deciding when to restart services.
Typically we only restart a daemon if the daemon binary is upgraded.
This ignores any libraries that the daemon links to, which are just
as important to its functionality, reliability and security as the
executable binary. Only restarting daemons when the executable binary
changes gives us a false sense of having solved the upgrades problems.
To arbitrarily pick on 'colord', there are 35 libraries it links to
that could be considered triggers for restart on upgrade. This is
an especially important problem for any daemons that link to TLS or
general crypto libraries, as it means we're not actually applying
security updates in those libraries to any running daemons that use
them, unless you always restart the entire host OS.
Regards,
Daniel
--
|:
https://berrange.com -o-
https://www.flickr.com/photos/dberrange :|
|:
https://libvirt.org -o-
https://fstop138.berrange.com :|
|:
https://entangle-photo.org -o-
https://www.instagram.com/dberrange :|