On 09/02/2011 11:46 AM, Ludovic Rousseau wrote: > Hello Kalev, Hello Ludovic,
Thanks for your comments! > I have some questions: > - who is supposed to create the /var/run/pcscd/pcscd.comm socket? I > guess it is systemd. Yes. Systemd creates the socket when pcscd.socket unit is started and starts listening on it. When a request comes in, systemd then automatically starts the pcscd.service unit, whichs in turn spawns pcscd. The socket's file descriptor is passed on to pcscd and pcscd deals with the data waiting in the buffer. There's a very nice description of socket activation at http://0pointer.de/blog/projects/socket-activation.html > - how to tell systemd to recreate the socket if it has been removed? By (re)starting the pcscd.socket unit file, but ... ... the idea behind socket activation is that systemd creates the socket once and apps can then rely on the socket being there and never going away. Even if the pcscd daemon crashes, the socket file is still there and systemd will transparently spawn a new pcscd process. pcscd itself should certainly never remove the socket. > - do you think it is a good idea to use User=, Group= to start pcscd > as nobody and group pcscd? The CCID driver already provides a udev > rule file to set access rights for group pcscd. See also > http://ludovicrousseau.blogspot.com/2010/09/pcscd-auto-start.html Yes, I think dropping privileges would be an excellent idea. I would, however, prefer getting the current functionality in and adding this as an incremental change later. After all, the patches I sent are tested in Fedora and should be a reasonable base for further improvements. What do you think of that? > - is it possible to use the --auto-exit feature of pcscd with systemd? > The idea is that the daemon exits itself when no client is using it. > pcscd remove the socket on exit. Maybe it is a problem for systemd, > see first question. Socket removal is certainly a problem. Not sure about --auto-exit otherwise; it might actually work. Could it be something that we can also add as an incremental update, or would you like me to figure out whether this can work right away? -- Kalev _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
