systemd and "passive" security dependencies for services?
Tollef Fog Heen
tfheen at err.no
Wed May 21 15:35:09 BST 2014
]] Christoph Anton Mitterer
> By looking at that goal (which is a good goal of course) we "loose"
> however that strict serialisation that we more or less had with
> sysvinit.
sysvinit isn't serialised today either.
> In sysvinit, each services simply depended e.g. on $network, when he did
> networking... and by that one could already assure, that iptables rules
> were in place,... even if the maintainer of the init-script forgot about
> iptables.
And with systemd you say After=network.target.
> Uhm I read the description of DefaultDependencies in
> systemd.target(5)... but as far as I understand, this only tells whether
> the targets load their dependencies or about like that.
No, it adds a set of sane dependencies that most services take for
granted are added to most services. Things like the local file system
being there. Read the description in the systemd.unit man page.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
More information about the Pkg-systemd-maintainers
mailing list