Linked by Dennis Heuer on Wed 25th Aug 2010 22:23 UTC
Linux I came across a news entry at Phoronix about a new init replacement, systemd, and curiously started a read into the surprisingly heavy matter. Systemd is by no means as simple as upstart. It does far more things far more straight and in more detail. The differences are so significant that they enforce quite different configuration strategies. One can argue for both, depending on the goal to reach. However, that's not what I want to write about. After having read what systemd is capable of, and how it does it, I began to put the existence of all system daemons - in their today's forms - in question.
Permalink for comment 438381
To read all comments associated with this story, please click here.
Zifre
Member since:
2009-10-04

it even spreads into user-space libraries and tools.

That is just to configure it. There is really no way to do that without user space tools. But yeah, I don't like SELinux very much... it's way too complicated.

so, can you safely state that an auditing system will _not_ implement everything systemd is dreaming of into its observing code?

Yes, actually. I highly doubt Linux would ever let an auditing system launch arbitrary daemons. And that's because it wouldn't make any sense. The old uevent helper system proved that it's always better to let user space launch things.

i conclude from this that systemd is quite working on the same layer/interface for just everything inside the kernel as the auditing system, and there _is_, as a result, doubled core functionality.

There is absolutely no duplicated functionality. None of the things that SystemD does with the kernel are done by the auditing system, and vice versa. The only possible thing I can think of would be that an auditing system could do the job of AutoFS. But that would be a really bad idea. AutoFS is much better for that purpose.

why we need it another time outside the kernel?

It's not outside the kernel. AutoFS is part of the Linux kernel. The reason that SystemD has to setup the AutoFS mounts rather than the kernel is because the kernel has no business reading configuration files. Policy decisions belong in user space.

where should the generic observing interface reside, and how should userspace daemons settle on it? that is my question.

The "generic observing system" is the auditing system. There is really little reason for observation of processes other than for security or debugging.

this is interesting. could you please tell how it shall act (inside the kernel) and why an auditing system is not interested in it?

A transactional file system would allow programs to have a consistent snapshot of the file system. An entire transaction (which could last an indefinite amount of time) is an atomic operation. For example, a package manager could install software in a transaction. Then, if the power goes out, you will not be left with an inconsistent state. The downside is that performance is slightly decreased, and there can be conflicts (e.g. A writes to a file that B is trying to read). Unlike many transaction systems, there is no blocking. Basically, if A reads something in a transaction, and B writes to that thing in a transaction, the transaction with the lower priority is terminated. Individual, normal file operations are treated as transactions with infinite priority, so normal programs never have to worry about the transaction system. If an auditing system were to maintain all this logic, it would be a huge layering violation.

Reply Parent Score: 2