Hi Bruno, Bruno Victal <mi...@makinata.eu> writes:
> On 2023-05-05 19:29, Maxim Cournoyer wrote: >> Relates to <https://issues.guix.gnu.org/63082>. >> >> Quoting a MPD developer, regarding MPD's feature to switch user itself: >> "that's legacy for the dark ages when proper service managers did not exist" >> :-). >> >> * gnu/services/audio.scm (mpd-serialize-user-account) >> (mpd-serialize-user-group): Delete procedures. >> * gnu/services/audio.scm (mpd-configuration) [user]: Do not serialize. >> [group]: Likewise. >> (mpd-shepherd-service): Provide the #:user, #:group and >> #:supplementary-groups >> arguments. >> (mympd-shepherd-service): Likewise, and remove the '--user' argument. >> * doc/guix.texi (Audio Services): Update doc. >> (mympd-configuration) [port]: Change default value to 8080. >> [ssl-port]: Change default value to 443. >> * gnu/tests/audio.scm (run-mympd-test): Adjust accordingly. >> --- >> doc/guix.texi | 12 +++++----- >> gnu/services/audio.scm | 52 +++++++++++++++++++++++++----------------- >> gnu/tests/audio.scm | 4 ++-- >> 3 files changed, 39 insertions(+), 29 deletions(-) > > This contains a submarine change that isn't easily spotted from the > commit message, that mympd is getting its default port changed and that > it can no longer bind to privileged ports, since although mympd can > start as root in order to bind to possibly privileged ports, it will > explicitly refuse to continue running as root afterwards. > > I think we can have shepherd effect for mympd, but only if (and after) > shepherd gets support for POSIX capabilities (CAP_NET_BIND_SERVICE) or > a suitable way to specify that “yes, the program invoked by the service > should have CAP_NET_BIND_SERVICE” is provided. OK. I've dropped the change so as to not block the rest of the series. -- Thanks, Maxim
