Em qui., 11 de jul. de 2024 às 11:55, Paul Sopka <pso...@sopka.ch> escreveu: > I will try and summarize what we have now. > > I hope you are fine with this.
Sure. Long e-mails get tiring to read and reply to, for both of us. > https://skarnet.org/lists/supervision/3139.html Frankly, your priorities when designing a replacement were very misguided. - `/run/turnstiled/sessions` exposes similar data as your proposal's `/run/session` folder (including being able to query the session type). Take a closer look at the prior art before writing it off. - Just the session data isn't enough, as you need to patch third party software that relies on it [3]. Turnstile (or, really, any proposal that doesn't assume a specific setup of the underlying system) allows sharing this load with other distributions. - Without a daemon's mediation, processes writing to the database have to coordinate themselves with locks¹. This introduces risks and limitations you don't want to have when said writes are happening without human oversight [1] [2]. Turnstile is a daemon for a good reason. - Expecting the user to directly edit scripts if they want different behavior, instead providing some degree of built-in configurability, is not reasonable for a packaged solution, as even the smallest user tweaks would be in constant attrition with package upgrades. - I won't repeat myself on why a system that relies on calling the current generation of s6-rc upon receiving events, or processes meant to be running in different contexts sharing the same supervision tree, especially one with only a boot-time environment, are a bad idea. ¹Which are missing from your script entirely, which is dangerous when you have in-place editing such as the counter and newline files. [1] https://skarnet.org/software/s6-rc/s6-rc.html (-b option). [2] https://skarnet.org/lists/supervision/0391.html [3] https://github.com/void-linux/void-packages/pull/44676 > Turnstile > > - Forks the user-tree off the turnstile process, directly related to the > login session. Not to _the_, but to _a_ login session. Whenever turnstiled is informed of a log-in, it loads the PAM modules in /etc/pam.d/turnstiled, and runs `backend run ...` as the shell. You can confirm that with a pstree; dinit/s6-svscan are children of an intermediate "turnstiled" process, not `login`/your display manager (see [1] for why replicating this directly on top of a supervision suite is more trouble than it's worth). [1] https://jdebp.uk/FGA/dont-abuse-su-for-dropping-privileges.html, section "PAM changed everything". > - Needs close monitoring by the people responsible for the s6/s6-rc > overlay/profile or at least good connection between them and the > maintainer of the Turnstile ebuild, due to its tight integration. I've already explained why this is not true unless you want to force the project out of its scope, and how it's an infinitely more accurate description for your proposal. Instead of reducing scope and relying on a loosely coupled third party solution, you're making a solution that marries session tracking to a specific policy for a specific init system. I wonder where I've seen that before. > Did I miss anything important? I believe you're correct on the other points. Since I've made my points here also regarding the "user session tracking" thread, I won't make a standalone reply to it. > Have a nice Thursday! Have a nice Saturday :D