12.02.2019 12:32, aplanas@suse.de пишет:
On Tuesday, February 12, 2019 10:21:04 AM CET Matwey V. Kornilov wrote:
12.02.2019 12:07, Adam Majer пишет:
On 2/11/19 3:29 PM, Thorsten Kukuk wrote:
And I think this is what Matwey was asking for: if the package get's installed, it should start automatically. We never do that for security and stability reasons.
Then maybe we need a compromise when it comes to this. Like requiring AppArmor profile before services can be autostarted? This would be a little clearer picture than current nebulous definition of what and what not qualifies.
The "never" is also actually "mostly". There are services that are auto-enabled as otherwise we would have bad user experience despite it being more secure.
https://en.opensuse.org/openSUSE:Systemd_packaging_guidelines#Enabling_sys temd_unit_files epmd.socket is auto-enabled and always been so. Auto-enabling does not assumes auto-starting. So epmd.socket is active after the next reboot, but it is not active until then.
That is a very valid point.
I want to add about the user experience topic that this is mostly related with the user expectations. When openSUSE install a new package that contains a systemd service file is not expected that the service is started.
The reason is about the configuration file. Sometime the defaults are insecure, useless or simply wrong. Starting a service in those conditions will ruin completely the user experience. Is expected that the user can adjust the configuration file before she / he start the service. Even if is enabled by default.
IMHO following the openSUSE guidelines about systemd services is helping the user experience.
Generally, I am agree with you. But I think that the following exceptions are important in this particular case. 1. User may not expect that the package contains some services. epmd.socket is internal erlang thing. 2. epmd.socket is listening on 127.0.0.1 by default. Though currently it leads to constant complaining, this was required by security team at the time when epmd.socket was introduced. It is minimal working local configuration and it should be fine until you really need distribution setup. 3. erlang has its own default hard-coded way to start epmd. It just execs new epmd process every time when it cannot connect to existing one. So, while epmd.socket is not active, any erl command invocation leads to starting new epmd process that listens on 0.0.0.0. Is it more secure? -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org