Fedora default services (was: F15 Feature - convert as many service init files as possible to the native SystemD services)
On Mon, Dec 06, 2010 at 06:55:20PM +0100, Michał Piotrowski wrote:
> W dniu 6 grudnia 2010 18:43 użytkownik Kevin Fenzi <kevin@scrye.com> napisał: > > On Mon, 6 Dec 2010 18:17:51 +0100 > > Michał Piotrowski <mkkp4x4@gmail.com> wrote: > > > >> W dniu 6 grudnia 2010 18:01 użytkownik Kevin Fenzi <kevin@scrye.com> > >> napisał: > > > > ...snip... > > > >> > What are you trying to do? > >> > >> I'm trying to convert sysvinit scripts to systemd services (as many > >> as possible) > > > > If you're trying to determine what units should be enabled by default, > > please talk to the Fedora Packaging Comittee. > > > > See also: > > https://fedorahosted.org/fesco/ticket/504 > > > > Where fesco decided: > > > > "Default is off, exceptions exist to allow proper functioning of the > > os. FPC to document exceptions and process exception requests." > > > > FPC was going to work on a exceptions list I think... > > This list will be useful. > > Dear FPC people, could you provide this list in the near future? > Feedback appreciated -- what do you think should be on? What do you think should be off? Right now I think we'd make an exception for ssh (a really big exception since it's a network facing service, even). Dbus and default syslog variant also spring to mind which might be. Those might be able to start defining a category of "things needed to run a desktop session" or something. iptables, auditd, restorecond sound like keepers -- maybe a category here would be things that add to system security in a default install. For this category we'd want to be careful, do we also want to allow fail2ban or denyhosts to run by default if they're installed? Other categories or specific examples would be good. -Toshio -- packaging mailing list packaging@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/packaging |
Fedora default services (was: F15 Feature - convert as many service init files as possible to the native SystemD services)
On Tue, Dec 07, 2010 at 12:38:07AM +0100, Michał Piotrowski wrote:
> 2010/12/7 Toshio Kuratomi <a.badger@gmail.com>: > > Â*Those might be > > able to start defining a category of "things needed to run a desktop > > session" or something. > > > > iptables, > > no chance to disable this > I'd be more inclined to ask what benefit we have to turning the firewall off vs having a more permissive set of firewall rules by default. AFAIK, turning the firewall on doesn't currently turn on any additional daemon -- it just sets up the defined rules. > I guess ip6tables too? > Yep. Would you be willing to write up a Packaging Draft and add it to the FPC tracker? If not, I'll bring it up in the Packaging Meeting on Wednesday morning. -Toshio -- packaging mailing list packaging@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/packaging |
Fedora default services (was: F15 Feature - convert as many service init files as possible to the native SystemD services)
On Tue, Dec 07, 2010 at 07:14:16AM +0100, Michał Piotrowski wrote:
> 2010/12/7 Toshio Kuratomi <a.badger@gmail.com>: > > On Tue, Dec 07, 2010 at 12:38:07AM +0100, MichaÅ‚ Piotrowski wrote: > >> 2010/12/7 Toshio Kuratomi <a.badger@gmail.com>: > >> > Â*Those might be > >> > able to start defining a category of "things needed to run a desktop > >> > session" or something. > >> > > >> > iptables, > >> > >> no chance to disable this > >> > > I'd be more inclined to ask what benefit we have to turning the firewall off > > vs having a more permissive set of firewall rules by default. Â*AFAIK, > > turning the firewall on doesn't currently turn on any additional daemon -- > > it just sets up the defined rules. > > > >> I guess ip6tables too? > >> > > Yep. > > > > Would you be willing to write up a Packaging Draft and add it to the FPC > > tracker? Â*If not, I'll bring it up in the Packaging Meeting on Wednesday > > morning. > > I'm not Fedora developer, I just create service files :) Okay... I doubt we'll nail this down for a while then.... Here's the ticket I've opened: https://fedorahosted.org/fpc/ticket/41 I have a feeling those categories don't account for everything yet... For instance, readahead, abrtd... look in your /etc/init.d/ directory on F14 and tell me what things that are there could have a justification. -Toshio -- packaging mailing list packaging@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/packaging |
| All times are GMT. The time now is 02:33 AM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.