Lukasz, thanks for the pointers.
Dominig Le 31/10/2013 09:29, Łukasz Stelmach a écrit : > It was <2013-10-30 śro 19:38>, when Dominig ar Foll (Intel OTC) wrote: >> Le 30/10/2013 17:50, Łukasz Stelmach a écrit : >>> On the page 20 of the PDF file there is a chain of processes >>> >>> systemd >>> | >>> +-> systemd --user <--- why ??? >>> | | >>> | +-> Display Server >>> | | >>> | +-> ....? <--- what is going to work here? >> Remember that the use of TLM is optional, so creating a config without >> must be possible. >> As we cannot present all use cases (I actually do not even have them), >> we need to be generic. >> In the slide, I just want to present that you can start initial >> services before the tlm is you want. >> Proposing to use systemd --user is just way to make the lanch simple >> and well controlled. > Systemd's main feature is parallel start-up. Upon start-up systemd reads > its configuration files, creates a DAG[1] of units and walks around > it to start the units as much in parallel as possible. Putting some > services under supervision of another instance (systemd --user) creates > a black box from the point of view of PID#1. Different instances of > systemd do not exchange information about their DAGs, hence they cannot > optimise their DAG with regard to services (units) supervised by other > instances. Conclusion: everything that is a system-wide service should > be controlled by PID#1 and only per-user programmes should be started by > a separate systemd instance. If one needs to run a service without root > privileges User=[2] option should be used. > >> We could also have some other generic services which do not need to >> run as root launched at that place. >> A good application would be the base live TV service that need to >> start quicky before than other sofisticated service is available. > That is what the User option in the service files is for[2]. > >>> | >>> +-> TLM >>> | >>> +-> systemd --user >>> | >>> +-> systemd --user >>> | >>> +-> systemd --user >>> | >>> ... >>> >>> I would like to know, why do we need "systemd --user" to run the Display >>> Server? Isn't it enough to put "User=" in the systemd service file of >>> the Display Server and have it running as a sibling of TLM with a >>> non-root uid? >> We do not need it. It's simply easy to use it to sync with what ever >> need to be launch with a generic user. > For syncing I'd recommend systemd's socket activation[3][4]. I've > created patches for xorg-server[5]. Starting Wayland this way should > not be much of a problem too. > > P.S. It isn't my goal to be pesky here, however we've already tried a > few ideas for privilege separation with and without user sessions and > I'd simply like to share my experience. > > Footnotes: > > [1] http://en.wikipedia.org/wiki/Directed_acyclic_graph > > [2] http://www.freedesktop.org/software/systemd/man/systemd.exec.html#User= > > [3] http://0pointer.de/blog/projects/socket-activation.html > > [4] http://0pointer.de/blog/projects/socket-activation2.html > > [5] > http://thread.gmane.org/gmane.comp.freedesktop.xorg.devel/36092/focus=37693 > -- Dominig ar Foll Senior Software Architect Intel Open Source Technology Centre _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
