Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-23 Thread Lennart Poettering
On Mon, 06.12.10 12:30, Bill Nottingham (nott...@redhat.com) wrote: Michał Piotrowski (mkkp...@gmail.com) said: If systemd will allow us to do that, sure. What's the point here? For example, this doesn't cut down on the number of listening ports, obviously, nor on the requirements

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-11 Thread Kevin Kofler
Rahul Sundaram wrote: Socket activation is not mandatory or even a benefit in all cases. Just because we have a patch doesn't mean it is the right one. Upstream might have the foresight and the knowledge to see problems with patches we might not. There might be security implications. It

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-11 Thread Rahul Sundaram
On Sat, Dec 11, 2010 at 8:11 PM, Kevin Kofler wrote: Rahul Sundaram wrote: Socket activation is not mandatory or even a benefit in all cases. Just because we have a patch doesn't mean it is the right one. Upstream might have the foresight and the knowledge to see problems with patches

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-10 Thread Kevin Kofler
Bill Nottingham wrote: Right. To do this in systemd implies that you're patching openssh to do socket-based activation... hence why I asked about upstream's opinion on it. Why would we care? It's our goal to have ALL network daemons be socket-activated eventually. This is a distribution-wide

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-10 Thread Kevin Kofler
Chris Adams wrote: The only thing you need a firewall by default for is to prevent services that are listening on the network from being accessible. The better solution is to stop having services listen on the network by default. FWIW, this is what Ubuntu has been doing for ages (they call it

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-10 Thread Rahul Sundaram
On Sat, Dec 11, 2010 at 4:57 AM, Kevin Kofler kevin.kof...@chello.atwrote: Bill Nottingham wrote: Right. To do this in systemd implies that you're patching openssh to do socket-based activation... hence why I asked about upstream's opinion on it. Why would we care? It's our goal to

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-07 Thread Tomas Mraz
On Mon, 2010-12-06 at 20:08 -0600, Chris Adams wrote: Once upon a time, Adam Williamson awill...@redhat.com said: On most laptops, however, which are the most common types of system sold today, a firewall is very definitely needed when you're connecting to hotel networks, public wifi

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-07 Thread Chris Adams
Once upon a time, Tomas Mraz tm...@redhat.com said: In the cups case might be probably reasonable to default to localhost. However for rpcbind it is clearly not so - what's the point of starting things that are mostly needed for NFS when you would be able to mount only NFS provided by the

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-07 Thread Michał Piotrowski
2010/12/7 Tomas Mraz tm...@redhat.com: On Mon, 2010-12-06 at 20:08 -0600, Chris Adams wrote: Once upon a time, Adam Williamson awill...@redhat.com said: On most laptops, however, which are the most common types of system sold today, a firewall is very definitely needed when you're connecting

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-07 Thread Till Maas
On Mon, Dec 06, 2010 at 08:08:49PM -0600, Chris Adams wrote: Once upon a time, Adam Williamson awill...@redhat.com said: On most laptops, however, which are the most common types of system sold today, a firewall is very definitely needed when you're connecting to hotel networks, public wifi

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-06 Thread Hans de Goede
Hi, On 12/06/2010 06:34 AM, Michał Piotrowski wrote: Hi, W dniu 3 grudnia 2010 09:14 użytkownik Michał Piotrowski mkkp...@gmail.com napisał: [..] What services are installed by default when installong form Live GNOME/KDE/etc and DVD? Ok, let's ask the question differently - what

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-06 Thread Michał Piotrowski
W dniu 6 grudnia 2010 10:43 użytkownik Hans de Goede hdego...@redhat.com napisał: Hi, On 12/06/2010 06:34 AM, Michał Piotrowski wrote: Hi, W dniu 3 grudnia 2010 09:14 użytkownik Michał Piotrowski mkkp...@gmail.com  napisał: [..] What services are installed by default when installong form

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-06 Thread Kevin Fenzi
On Mon, 6 Dec 2010 06:34:45 +0100 Michał Piotrowski mkkp...@gmail.com wrote: Hi, W dniu 3 grudnia 2010 09:14 użytkownik Michał Piotrowski mkkp...@gmail.com napisał: [..] What services are installed by default when installong form Live GNOME/KDE/etc and DVD? Ok, let's ask the question

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-06 Thread Bill Nottingham
Kevin Fenzi (ke...@scrye.com) said: IMO ssh can be off by default and should be started only if user tries to connect over port 22. If systemd will allow us to do that, sure. What's the point here? For example, this doesn't cut down on the number of listening ports, obviously, nor on the

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-06 Thread Michał Piotrowski
W dniu 6 grudnia 2010 18:01 użytkownik Kevin Fenzi ke...@scrye.com napisał: On Mon, 6 Dec 2010 06:34:45 +0100 Michał Piotrowski mkkp...@gmail.com wrote: Hi, W dniu 3 grudnia 2010 09:14 użytkownik Michał Piotrowski mkkp...@gmail.com napisał: [..] What services are installed by default

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-06 Thread Michał Piotrowski
2010/12/6 Bill Nottingham nott...@redhat.com: Kevin Fenzi (ke...@scrye.com) said: IMO ssh can be off by default and should be started only if user tries to connect over port 22. If systemd will allow us to do that, sure. What's the point here? For example, this doesn't cut down on the

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-06 Thread Kevin Fenzi
On Mon, 6 Dec 2010 18:17:51 +0100 Michał Piotrowski mkkp...@gmail.com wrote: W dniu 6 grudnia 2010 18:01 użytkownik Kevin Fenzi ke...@scrye.com napisał: ...snip... What are you trying to do? I'm trying to convert sysvinit scripts to systemd services (as many as possible) If you're

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-06 Thread Michał Piotrowski
W dniu 6 grudnia 2010 18:43 użytkownik Kevin Fenzi ke...@scrye.com napisał: On Mon, 6 Dec 2010 18:17:51 +0100 Michał Piotrowski mkkp...@gmail.com wrote: W dniu 6 grudnia 2010 18:01 użytkownik Kevin Fenzi ke...@scrye.com napisał: ...snip... What are you trying to do? I'm trying to

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-06 Thread Bill Nottingham
Michał Piotrowski (mkkp...@gmail.com) said: If systemd will allow us to do that, sure. What's the point here? For example, this doesn't cut down on the number of listening ports, obviously, nor on the requirements for root passwords and potential root login. And if it's started in

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-06 Thread Michał Piotrowski
2010/12/6 Bill Nottingham nott...@redhat.com: Michał Piotrowski (mkkp...@gmail.com) said: If systemd will allow us to do that, sure. What's the point here? For example, this doesn't cut down on the number of listening ports, obviously, nor on the requirements for root passwords and

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-06 Thread Miloslav Trmač
Michał Piotrowski píše v Po 06. 12. 2010 v 20:22 +0100: 2010/12/6 Bill Nottingham nott...@redhat.com: Does openssh stands out something special between other demons? Actually, it does - for remote installations (sometimes the only option) ssh needs to be running after installation so that the

Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-06 Thread Michał Piotrowski
I wonder why my server rejected my previous email? -- Wiadomość przekazana dalej -- Od: Michał Piotrowski mkkp...@gmail.com Data: 6 grudnia 2010 20:46 Temat: Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-06 Thread Bill Nottingham
Michał Piotrowski (mkkp...@gmail.com) said: We are talking here about the case when ssh server is started when user connect to 22 port (or other configured). From my POV everything should work as expected. Right. To do this in systemd implies that you're patching openssh to do socket-based

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-06 Thread Michał Piotrowski
2010/12/6 Bill Nottingham nott...@redhat.com: Michał Piotrowski (mkkp...@gmail.com) said: We are talking here about the case when ssh server is started when user connect to 22 port (or other configured). From my POV everything should work as expected. Right. To do this in systemd implies

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-06 Thread Toshio Kuratomi
On Mon, Dec 06, 2010 at 06:55:20PM +0100, Michał Piotrowski wrote: W dniu 6 grudnia 2010 18:43 użytkownik Kevin Fenzi ke...@scrye.com napisał: On Mon, 6 Dec 2010 18:17:51 +0100 Michał Piotrowski mkkp...@gmail.com wrote: W dniu 6 grudnia 2010 18:01 użytkownik Kevin Fenzi ke...@scrye.com

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-06 Thread Michał Piotrowski
2010/12/7 Toshio Kuratomi a.bad...@gmail.com: On Mon, Dec 06, 2010 at 06:55:20PM +0100, Michał Piotrowski wrote: W dniu 6 grudnia 2010 18:43 użytkownik Kevin Fenzi ke...@scrye.com napisał: On Mon, 6 Dec 2010 18:17:51 +0100 Michał Piotrowski mkkp...@gmail.com wrote: W dniu 6 grudnia 2010

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-06 Thread Matt McCutchen
On Tue, 2010-12-07 at 00:38 +0100, Michał Piotrowski wrote: Cron - but should be activated only when cron files exist It seems to me that the list: - ssh - Dbus - syslog - iptables - ip6tables - auditd - restorecond is an absolute minimum to get working system. I don't agree that ssh

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-06 Thread Michał Piotrowski
2010/12/7 Matt McCutchen m...@mattmccutchen.net: On Tue, 2010-12-07 at 00:38 +0100, Michał Piotrowski wrote: Cron - but should be activated only when cron files exist It seems to me that the list: - ssh - Dbus - syslog - iptables - ip6tables - auditd - restorecond is an absolute

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-06 Thread Toshio Kuratomi
On Tue, Dec 07, 2010 at 12:38:07AM +0100, Michał Piotrowski wrote: 2010/12/7 Toshio Kuratomi a.bad...@gmail.com:  Those might be able to start defining a category of things needed to run a desktop session or something. iptables, no chance to disable this I'd be more inclined to ask

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-06 Thread Matt McCutchen
On Tue, 2010-12-07 at 01:07 +0100, Michał Piotrowski wrote: 2010/12/7 Matt McCutchen m...@mattmccutchen.net: On Tue, 2010-12-07 at 00:38 +0100, Michał Piotrowski wrote: Cron - but should be activated only when cron files exist It seems to me that the list: - ssh - Dbus - syslog -

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-06 Thread Adam Williamson
On Mon, 2010-12-06 at 10:54 +0100, Michał Piotrowski wrote: There are no stupid questions :) On most desktop systems firewall is not needed. Many users do not even know how to configure it. In fact I disable it in most of my systems, because there is no real use for it. So I asked a simple

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-06 Thread Miloslav Trmač
Adam Williamson píše v Po 06. 12. 2010 v 17:57 -0800: On Mon, 2010-12-06 at 10:54 +0100, Michał Piotrowski wrote: There are no stupid questions :) On most desktop systems firewall is not needed. Many users do not even know how to configure it. In fact I disable it in most of my

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-06 Thread Jesse Keating
On 12/06/2010 05:57 PM, Adam Williamson wrote: On most laptops, however, which are the most common types of system sold today, a firewall is very definitely needed when you're connecting to hotel networks, public wifi access points... Please explain why. What actual service is the firewall

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-06 Thread Matt McCutchen
On Mon, 2010-12-06 at 17:57 -0800, Adam Williamson wrote: On Mon, 2010-12-06 at 10:54 +0100, Michał Piotrowski wrote: There are no stupid questions :) On most desktop systems firewall is not needed. Many users do not even know how to configure it. In fact I disable it in most of my

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-06 Thread Chris Adams
Once upon a time, Adam Williamson awill...@redhat.com said: On most laptops, however, which are the most common types of system sold today, a firewall is very definitely needed when you're connecting to hotel networks, public wifi access points... The only thing you need a firewall by default

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-06 Thread Michał Piotrowski
2010/12/7 Toshio Kuratomi a.bad...@gmail.com: On Tue, Dec 07, 2010 at 12:38:07AM +0100, Michał Piotrowski wrote: 2010/12/7 Toshio Kuratomi a.bad...@gmail.com:  Those might be able to start defining a category of things needed to run a desktop session or something. iptables, no chance

Re: Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-06 Thread Toshio Kuratomi
On Tue, Dec 07, 2010 at 07:14:16AM +0100, Michał Piotrowski wrote: 2010/12/7 Toshio Kuratomi a.bad...@gmail.com: On Tue, Dec 07, 2010 at 12:38:07AM +0100, Michał Piotrowski wrote: 2010/12/7 Toshio Kuratomi a.bad...@gmail.com:  Those might be able to start defining a category of things

Fedora default services (was: Re: F15 Feature - convert as many service init files as possible to the native SystemD services)

2010-12-05 Thread Michał Piotrowski
Hi, W dniu 3 grudnia 2010 09:14 użytkownik Michał Piotrowski mkkp...@gmail.com napisał: [..] What services are installed by default when installong form Live GNOME/KDE/etc and DVD? Ok, let's ask the question differently - what services should be run by default to provide working system for