On Tue, Nov 25, 2014 at 9:34 PM, MohanR <mohan...@gmail.com> wrote: > who is spawning the job? isn't it pid-1? If you say no, then it means > you don't know how the activation works (look > at /usr/share/dbus-1/systemd-service/org.freedesktop.hostname1.service). > If you say yes, but the actual job is running as another pid, then what > is the point of pid-1 brokering? isn't dbus suppose to spawn the child > instead of pid-1?
Both yes and no. I agree that PID 1 here is spawning the process. DBUS is a message bus for interprocess communication and it should stay that way. It SHOULD NOT do service mangement. What you want is another daemon running which should do service management. Whether systemd PID 1 should do this or not is debatable and this has very good arguments on both sides (https://news.ycombinator.com/item?id=8353006). Here is a list of systemd processes running on my PC I mentioned earlier. 1 systemd 158 systemd-journal 179 systemd-udevd 349 systemd-logind 729 systemd If you note here, there are 2 systemd instances, PID 1 and PID 729. PID 729 is a systemd instance running under user session. This also can start and stop services (not all). So not all services have to be started by PID 1. > The problem here is, you never know what kind of data you will receive > in pid-1 through dbus requests before forking the child. This is what I > say exposing pid-1. If someone exploit here (before spawning the child), > it will lead them to other pid-1 resources. Thats why people are saying > init should not be doing all these work. demons are there to do these > work. even if daemons get compromised, they will not provide other > important resources. The systemd's dbus API is here (http://www.freedesktop.org/wiki/Software/systemd/dbus/). Some of the security related aspects are mentioned here. Every architecture has its ups and downs. systemd's solves a whole lot of problems and causes very few. Yes, systemd PID 1 does service management and takes requests through dbus. Whether it is good or bad is up for debate. Saying something like "Everything is PID1, so its crap" is not only unfair and a gross misrepresentation, but quite literally untrue. > Don't say SElinux is integrated with systemd so there is no way to > exploit systemd. SElinux will not help in this situation. > I don't use or know anything about SElinux or its relationship with systemd. Can you provide some references? > > [1] all are stupid arguments assuming that whoever ask question against > systemd are not appreciating its features, they don't know about it's > design and they are trolls from reddit.com/r/[a-zA-Z0-9]*/*. Why do you have to bring reddit into this? >Your post > which started arguments between you and me says "people bashing systemd > have very little technical information", do you still think people > arguing against systemd don't know how it works? > My original statement was "Most of the people bashing systemd are people with very little technical information about the project." I did not say everyone who speaks against is like that. There are people who know what they are talking about, people like theses guys (http://uselessd.darknedgy.net/), who would go to lengths to strip systemd of its undesired functionality. But most of the other people I have seen on online forums are just haters. -- A. Narendiran (The worst way to waste your time is to never waste it.) _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc ILUGC Mailing List Guidelines: http://ilugc.in/mailinglist-guidelines
