systemd: please stop trying to take over the world :)
Lennart Poettering
mzerqung at 0pointer.de
Mon Jun 13 08:21:35 UTC 2011
On Fri, 10.06.11 18:42, Denys Vlasenko (dvlasenk at redhat.com) wrote:
>
> On Fri, 2011-06-10 at 15:36 +0200, Michal Schmidt wrote:
> > > Why does systemd link against libpam?
> > > systemd does logins now, not /bin/login or gdm or ...?
> >
> > to implement PAMName= (man systemd.exec)
>
> I don't see any users of this feature on my F15.
> I searched with Google and come up empty too.
>
> But anyway, assuming it's a useful feature, why it has to be done by
> systemd?
It's simply more correct to call into PAM when changing to a different
user, i.e. to implement /etc/security/limits.conf and suchlike. We do
not call into PAM by default, but you can enable it and I expect many
admins to configure things that way.
Also note that we will make use of this features when introducing the
D-Bus user bus, to ensure while the user bus runs as user it still has
all PAM limits set.
> But memory consumption is not really the gist of my argument, it's:
> why systemd tries to be all things for all people?
It doesn't. Just what you need to spawn a service in a confined
environment with all system limits applied correctly.
I am pretty sure people would complain very loudly if they use User= in
systemd and have no way to apply the PAM system limits to that.
> > > libwrap? systemd is a network application now too?
> >
> > to implement TCPWrapName= (man systemd.exec)
>
> Again, why it has to be done *by systemd*?
Socket activation.
Lennart
--
Lennart Poettering - Red Hat, Inc.
More information about the devel
mailing list