El lun., 29 abr. 2019 a las 16:46, Jeff escribió: > > "suckless init is incorrect, because it has no supervision capabilities, > and thus, killing all processes but init can brick the machine." > > a rather bold claim IMO ! > where was the "correct" init behaviour specified ? > where can i learn how a "correct" init has to operate ? > [...] > there is actually NO need for a "correct" working init implementation > to provide respawn capabilities at all IMO.
This was discussed in the mailing list, you'll be able to find relevant messages in the archives, and the last part of the sentence you quoted should clarify what "correct" means in this context. But to recap: * A failure mode is identified (the machine becomes unusable and requires a hard reboot), along with the condition that triggers it (death of all processes except #1). * The condition can be triggered explicitly with a kill(-1, SIGKILL) call in a process with root privileges, so by definition it is not an impossible condition, but this is not the only way to trigger it. Processes can die for a variety of reasons. * An program with "respawn capabilities" running as process 1 can avoid entering this failure mode, a program that does not have the capabilities, cannot. Nothing more, nothing less. This is not a statement about how likely this failure mode is, only that it exists. An init system can or cannot choose to prevent it, this is a design choice (and usage of "correct" will give you an idea of what the author of this particular software package thinks), and a person may or may not decide to use an init system that doesn't, this is a matter of preference. G:
