Lee Duncan wrote:
I tried to ensure that this package got installed
correctly by enabling
the iscsid.socket and iscsi.service units automatically upon
installation, but it looks like there is an openSUSE policy to not
enable any service by default. There also seems to be exceptions, but
both the reasons behind the policy and the exceptions to that policy do
not seem documented.
Question 2: What is the objection to enabling the iscsid.socket service,
since it does not add any resource burden to the system unless it is
needed and used? (Same question for iscsi.service.)
As usual in so many places there is no written rule here I think. It's
just that packages follow a common pattern for consistency. In case of
services that is:
- install it
- configure it
- start it
- enable it if it should be available on next reboot as well
Just because a service is installed or has been run once for testing
doesn't mean it has to be kept running always.
Also, if a service requires any kind of configuration there's no
point of having it enabled by default.
If a service allows users != root to access the socket, security should
have a look at it as this could be an entry point for code execution
resp privilege escalation just like an open port.
It doesn't matter for any of the above whether the service is socket
activated or actually running.
The existing exeptions are either because those services are basically
mandatory on any system (e.g. nscd), are expected to work in the default
installation without configuration (printing, dns service discovery) or
are legacy and noone dared to switch them off yet (postfix).
So is there a good reason why iscsid should be treated differently?
(o_ Ludwig Nussel
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG
To unsubscribe, e-mail: opensuse-packaging+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-packaging+owner(a)opensuse.org