It was <2013-10-30 śro 19:38>, when Dominig ar Foll (Intel OTC) wrote: > Le 30/10/2013 17:50, Łukasz Stelmach a écrit : >> On the page 20 of the PDF file there is a chain of processes >> >> systemd >> | >> +-> systemd --user <--- why ??? >> | | >> | +-> Display Server >> | | >> | +-> ....? <--- what is going to work here? > Remember that the use of TLM is optional, so creating a config without > must be possible. > As we cannot present all use cases (I actually do not even have them), > we need to be generic. > In the slide, I just want to present that you can start initial > services before the tlm is you want. > Proposing to use systemd --user is just way to make the lanch simple > and well controlled.
Systemd's main feature is parallel start-up. Upon start-up systemd reads its configuration files, creates a DAG[1] of units and walks around it to start the units as much in parallel as possible. Putting some services under supervision of another instance (systemd --user) creates a black box from the point of view of PID#1. Different instances of systemd do not exchange information about their DAGs, hence they cannot optimise their DAG with regard to services (units) supervised by other instances. Conclusion: everything that is a system-wide service should be controlled by PID#1 and only per-user programmes should be started by a separate systemd instance. If one needs to run a service without root privileges User=[2] option should be used. > We could also have some other generic services which do not need to > run as root launched at that place. > A good application would be the base live TV service that need to > start quicky before than other sofisticated service is available. That is what the User option in the service files is for[2]. >> | >> +-> TLM >> | >> +-> systemd --user >> | >> +-> systemd --user >> | >> +-> systemd --user >> | >> ... >> >> I would like to know, why do we need "systemd --user" to run the Display >> Server? Isn't it enough to put "User=" in the systemd service file of >> the Display Server and have it running as a sibling of TLM with a >> non-root uid? > We do not need it. It's simply easy to use it to sync with what ever > need to be launch with a generic user. For syncing I'd recommend systemd's socket activation[3][4]. I've created patches for xorg-server[5]. Starting Wayland this way should not be much of a problem too. P.S. It isn't my goal to be pesky here, however we've already tried a few ideas for privilege separation with and without user sessions and I'd simply like to share my experience. Footnotes: [1] http://en.wikipedia.org/wiki/Directed_acyclic_graph [2] http://www.freedesktop.org/software/systemd/man/systemd.exec.html#User= [3] http://0pointer.de/blog/projects/socket-activation.html [4] http://0pointer.de/blog/projects/socket-activation2.html [5] http://thread.gmane.org/gmane.comp.freedesktop.xorg.devel/36092/focus=37693 -- Łukasz Stelmach Samsung R&D Institute Poland Samsung Electronics
pgpclmA5qI9s3.pgp
Description: PGP signature
_______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
