Jan Engelhardt schrieb:
On Tuesday 2019-02-12 10:32, aplanas@suse.de wrote:
On Tuesday, February 12, 2019 10:21:04 AM CET Matwey V. Kornilov wrote:
12.02.2019 12:07, Adam Majer пишет:
On 2/11/19 3:29 PM, Thorsten Kukuk wrote:
And I think this is what Matwey was asking for: if the package get's installed, it should start automatically. We never do that for security and stability reasons.
Then maybe we need a compromise when it comes to this. Like requiring AppArmor profile before services can be autostarted? This would be a little clearer picture than current nebulous definition of what and what not qualifies.
The "never" is also actually "mostly". There are services that are auto-enabled as otherwise we would have bad user experience despite it being more secure.
https://en.opensuse.org/openSUSE:Systemd_packaging_guidelines#Enabling_sys temd_unit_files epmd.socket is auto-enabled and always been so. Auto-enabling does not assumes auto-starting. So epmd.socket is active after the next reboot, but it is not active until then.
That is a very valid point.
FWIW, auto-enabling sockets is in essence auto-starting the daemon: as soon as the socket is there, any rogue program trying to connect to it in a busyloop can cause the service unit behind the socket unit to start.
sockets are just a way of making the actual daemon have a "delayed startup", but otherwise, their enablement means the actual service is enabled.
In the context of systemd one needs to enable and start a socket unit. Just enabling a socket unit doesn't make systemd actually listen on the actual socket. That is the whole point in this discussion. We use the preset mechanism to enable socket units but then they only get started after reboot. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.com/ SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org