SV: Re: F21: why Fedora still has not alternative init?
birger
birger at birger.sh
Mon May 4 13:02:06 UTC 2015
ma., 04.05.2015 kl. 01.48 +0200, skrev Frantisek Hanzlik:
>
> Hmm, I guess You want advice me, to bought some strictly limited
> (maybe
> commercial) OS - and then shut up and be satisfied with I have. But
> this
> fortunately is not Linux case...
That was not what I wrote at all. I gave reasons why a distro does not
want to support multiple init systems as it becomes a big burden on
package maintainers.
If you really want a fedora with another init system you need to look
at making a respin. That respin needs to provide init files for all
packages that now use unit files.
I still remember back when people thought sysvinit was wasteful on
resources, overly complex and not the unix way compared to the single
rc.local script...
> Regarding cgroups/btrfs/selinux - they may be used independently of
> systemd. And although I think SELinux is good thing and I use it
> (regardless of systemd), things as cgroups and btrfs I never needed
> (regardless of systemd). And I not want to 'play' with, I want to
> foolproof system - and in my experience, systemd does not fall with
> (after 4+ years of 'playing').
>
You mentioned yourself that one of your reasons was a need to run
multiple versions of services like sshd. one sshd for users, one for
admin.
How about making the one for admin run off its own read-only btrfs
volume, wrapped up in cgroups and selinux? No access to the full file
system at all. Only the parts relevant to sshd are present. And the
only way to add new ssh keys, set passwords or whatever is from the
host system. A sshd container that isn't exploitable in any way. It
can only be used to initiate a new ssh into some internal system. I
did that as my first ever venture into new functionality in systemd
service files. It took me a few hours, documentation was good, and it
worked!
With even debian and ubuntu switching to systemd you have to dismiss
the red hat conspiracy theories. systemd is actually a good thing in
this time of container-based thinking. I do have my reservations about
some of the current container implementations (like docker), but the
basic principles are sound for any server. And we have to acknowledge
that linux is a server OS. Systemd lets me containerize any service
without setting up the whole framework for such services. I can haz
full control!
More information about the users
mailing list