Lee Duncan wrote:
I tried to ensure that this package got installed correctly by enabling the iscsid.socket and iscsi.service units automatically upon installation, but it looks like there is an openSUSE policy to not enable any service by default. There also seems to be exceptions, but both the reasons behind the policy and the exceptions to that policy do not seem documented.
Question 2: What is the objection to enabling the iscsid.socket service, since it does not add any resource burden to the system unless it is needed and used? (Same question for iscsi.service.)
As usual in so many places there is no written rule here I think. It's just that packages follow a common pattern for consistency. In case of services that is: - install it - configure it - start it - enable it if it should be available on next reboot as well Just because a service is installed or has been run once for testing doesn't mean it has to be kept running always. Also, if a service requires any kind of configuration there's no point of having it enabled by default. If a service allows users != root to access the socket, security should have a look at it as this could be an entry point for code execution resp privilege escalation just like an open port. It doesn't matter for any of the above whether the service is socket activated or actually running. The existing exeptions are either because those services are basically mandatory on any system (e.g. nscd), are expected to work in the default installation without configuration (printing, dns service discovery) or are legacy and noone dared to switch them off yet (postfix). So is there a good reason why iscsid should be treated differently? cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org