Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora Packaging (http://www.linux-archive.org/fedora-packaging/)
-   -   Fedora default services (was: F15 Feature - convert as many service init files as possible to the native SystemD services) (http://www.linux-archive.org/fedora-packaging/462234-fedora-default-services-f15-feature-convert-many-service-init-files-possible-native-systemd-services.html)

Toshio Kuratomi 12-06-2010 10:07 PM

Fedora default services (was: F15 Feature - convert as many service init files as possible to the native SystemD services)
 
On Mon, Dec 06, 2010 at 06:55:20PM +0100, Michał Piotrowski wrote:
> W dniu 6 grudnia 2010 18:43 użytkownik Kevin Fenzi <kevin@scrye.com> napisał:
> > On Mon, 6 Dec 2010 18:17:51 +0100
> > Michał Piotrowski <mkkp4x4@gmail.com> wrote:
> >
> >> W dniu 6 grudnia 2010 18:01 użytkownik Kevin Fenzi <kevin@scrye.com>
> >> napisał:
> >
> > ...snip...
> >
> >> > What are you trying to do?
> >>
> >> I'm trying to convert sysvinit scripts to systemd services (as many
> >> as possible)
> >
> > If you're trying to determine what units should be enabled by default,
> > please talk to the Fedora Packaging Comittee.
> >
> > See also:
> > https://fedorahosted.org/fesco/ticket/504
> >
> > Where fesco decided:
> >
> > "Default is off, exceptions exist to allow proper functioning of the
> > os. FPC to document exceptions and process exception requests."
> >
> > FPC was going to work on a exceptions list I think...
>
> This list will be useful.
>
> Dear FPC people, could you provide this list in the near future?
>
Feedback appreciated -- what do you think should be on? What do you think
should be off? Right now I think we'd make an exception for ssh (a really
big exception since it's a network facing service, even). Dbus and
default syslog variant also spring to mind which might be. Those might be
able to start defining a category of "things needed to run a desktop
session" or something.

iptables, auditd, restorecond sound like keepers -- maybe a category here
would be things that add to system security in a default install. For this
category we'd want to be careful, do we also want to allow fail2ban or
denyhosts to run by default if they're installed?

Other categories or specific examples would be good.

-Toshio
--
packaging mailing list
packaging@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/packaging

Toshio Kuratomi 12-06-2010 11:10 PM

Fedora default services (was: F15 Feature - convert as many service init files as possible to the native SystemD services)
 
On Tue, Dec 07, 2010 at 12:38:07AM +0100, Michał Piotrowski wrote:
> 2010/12/7 Toshio Kuratomi <a.badger@gmail.com>:
> > *Those might be
> > able to start defining a category of "things needed to run a desktop
> > session" or something.
> >
> > iptables,
>
> no chance to disable this
>
I'd be more inclined to ask what benefit we have to turning the firewall off
vs having a more permissive set of firewall rules by default. AFAIK,
turning the firewall on doesn't currently turn on any additional daemon --
it just sets up the defined rules.

> I guess ip6tables too?
>
Yep.

Would you be willing to write up a Packaging Draft and add it to the FPC
tracker? If not, I'll bring it up in the Packaging Meeting on Wednesday
morning.

-Toshio

--
packaging mailing list
packaging@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/packaging

Toshio Kuratomi 12-07-2010 06:04 AM

Fedora default services (was: F15 Feature - convert as many service init files as possible to the native SystemD services)
 
On Tue, Dec 07, 2010 at 07:14:16AM +0100, Michał Piotrowski wrote:
> 2010/12/7 Toshio Kuratomi <a.badger@gmail.com>:
> > On Tue, Dec 07, 2010 at 12:38:07AM +0100, Michał Piotrowski wrote:
> >> 2010/12/7 Toshio Kuratomi <a.badger@gmail.com>:
> >> > *Those might be
> >> > able to start defining a category of "things needed to run a desktop
> >> > session" or something.
> >> >
> >> > iptables,
> >>
> >> no chance to disable this
> >>
> > I'd be more inclined to ask what benefit we have to turning the firewall off
> > vs having a more permissive set of firewall rules by default. *AFAIK,
> > turning the firewall on doesn't currently turn on any additional daemon --
> > it just sets up the defined rules.
> >
> >> I guess ip6tables too?
> >>
> > Yep.
> >
> > Would you be willing to write up a Packaging Draft and add it to the FPC
> > tracker? *If not, I'll bring it up in the Packaging Meeting on Wednesday
> > morning.
>
> I'm not Fedora developer, I just create service files :)

Okay... I doubt we'll nail this down for a while then.... Here's the ticket
I've opened:

https://fedorahosted.org/fpc/ticket/41

I have a feeling those categories don't account for everything yet... For
instance, readahead, abrtd... look in your /etc/init.d/ directory on F14 and
tell me what things that are there could have a justification.

-Toshio
--
packaging mailing list
packaging@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/packaging


All times are GMT. The time now is 02:37 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.