> From: Alan McKinnon [mailto:alan.mckin...@gmail.com]
> OK, semantics. Let me re-phrase: > > Why is a third party script, running in the context of the udev universe, > indiscriminately allowed to launch daemons at early boot time? > > I don't think I agree with Neil in that this is a udev design flaw (as any "fix" will > be worse than the "flaw"). Instead it looks to me like a classic case of > > "You are free to do anything you want but if you break it you keep the > pieces. If you do something stupid, it's not my problem and you're on your > own." This is, unfortunately, the biggest drawback to having a commercial entity in charge of doing the software development: this kind of attitude stops applying. Gentoo's developers, for example, would really like for people to use Gentoo, and work hard to make Gentoo useable, but if you start with the threats of "I'm gonna stop using your OS unless you fix this RIGHT NOW!" they'll probably just roll their eyes and ignore you. RedHat has a *commercial* interest in people using RedHat, even the non-commercial versions, and if their *customers* start filing bugs like "I cannot make my Bluetooth keyboard work with my nfs mounted /usr that plays a ring tone through alsa when I mount it", they are much more motivated to fix it. > I see nothing wrong with udev applying some reasonable constraints such as > clearly documenting at what point in the boot process udev is in a position to > arbitrarily run anything. Earlier than that point, "anything" does not actually > apply. I don't think it's a design flaw, as much as it's a possible point of improvement for udev. It would be useful if udev could somehow distinguish between "early" and "late" devices. This doesn't eliminate the problem entirely: nothing is stopping you from, say, telling udev that mounting /usr requires /usr/mountme. But if you did something that silly, it would obviously be your fault. I think there are some options for how udev could be better here, it's just that they all seem to be a lot of risk; as much risk or more as just saying "don't do that or use an initramfs." Off the top of my head: * udev could enforce that point you mention, and allow device scripts to explicitly say "defer trying to configure me until after $KEYPOINT has been reached." * udev could keep track of dependencies between devices or device scripts and allow one to say "don't run me until $DEVICE is also present" * udev could keep track of prerequisite triggers for device scripts, and allow one to say "don't run me until /usr/bin/alsaconf exists, but run me as soon as that appears." * udev could keep track of failed devices, and include a command-line switch like --reprocess; the init process could launch udev, allow whatever fails to fail, mount /usr, then tell udev to try again. As I understand it, the architecture of udev (and the kernel) makes many of these difficult; udev events are processed individually, isolated from each other. It has no concept of things like "when I'm done configuring devices" or "devices that are waiting to be configured after this one". Though keeping track of failed devices seems like it would not be terribly difficult, as long as you could distinguish btween devices that are fatal failures vs. transient ones. Again, I'm not faulting the udev team for not doing those things. They either do a lot of work to update the behavior of udev to support a configuration they think is invalid and broken, or they simply tell people to stop using the invalid or broken configuration. If there were a clear consensus that the configuration was not, in fact, broken, then I could possibly see where they might be expected (from a /community/ perspective, clearly they have no /formal/ obligations to any of us) to put in that effort. But the consensus seems largely weighted towards agreeing with them, or at least not caring either way. --Mike
