On Thu, 2016-12-01 at 16:04 +0100, Jakub Hrozek wrote:
> On Thu, Dec 01, 2016 at 03:59:37PM +0100, Fabiano Fidêncio wrote:
> > On Thu, Dec 1, 2016 at 3:46 PM, Simo Sorce <s...@redhat.com> wrote:
> > > On Thu, 2016-12-01 at 15:22 +0100, Pavel Březina wrote:
> > >> On 12/01/2016 02:56 PM, Simo Sorce wrote:
> > >> > On Thu, 2016-12-01 at 14:44 +0100, Pavel Březina wrote:
> > >> >> On 11/24/2016 02:33 PM, Fabiano Fidêncio wrote:
> > >> >>> The design page is done [0] and it's based on this discussion [1] we
> > >> >>> had on this very same mailing list. A pull-request with the
> > >> >>> implementation is already opened [2].
> > >> >>>
> > >> >>> [0]: 
> > >> >>> https://fedorahosted.org/sssd/wiki/DesignDocs/SocketActivatableResponders
> > >> >>> [1]: 
> > >> >>> https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org/message/H6JOF5SGGSIJUIWYNANDA73ODHWBS7J2/
> > >> >>> [2]: https://github.com/SSSD/sssd/pull/84
> > >> >>
> > >> >> I think we should also provide 'disabled_services' option, to give
> > >> >> admins a way to explicitly disable some responders if the don't want 
> > >> >> to
> > >> >> used them.
> > >> >
> > >> > How would this work ?
> > >>
> > >> If responder is listed in disabled_services, it won't be allowed to
> > >> start via socket activation. If disabling the socket as Fabiano
> > >> mentioned in the other mail is enough, I'm fine with it, plese test.
> > >
> > > I am not sure this is a good behavior as clients will see a connection
> > > being accept and then dropped, and may misbehave or report strange
> > > errors.
> > 
> > So, thinking a little bit about it Pavel's idea is not bad.
> > If you have a list of "not allowed"/"disabled" services we can, at
> > least, report the proper error when enabling the service.
> 
> I don't know, to me it seems like if we are about to rely on systemd to
> start the services we should just use the systemd facilities to manage
> them. I'm not fond of the idea of yet another knob, or maybe I don't see
> the benefit over disabling the socket.

+1

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

Reply via email to