[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A paper about Plan 9 and Guix
|
From: |
Edouard Klein |
|
Subject: |
Re: A paper about Plan 9 and Guix |
|
Date: |
Tue, 27 Aug 2024 17:50:58 +0200 |
|
User-agent: |
mu4e 1.8.9; emacs 28.2 |
Ludovic Courtès <ludo@gnu.org> writes:
> Hi Edouard,
>
> Edouard Klein <edou@rdklein.fr> skribis:
>
>>> I wonder to what extent the combination of ‘make-inetd-constructor’ and
>>> ‘least-authority-wrapper’ would fit the bill for you? (This is currently
>>> used for the bitlbee, dicod, and rsync services.) It seems to address
>>> the main shortcomings listed in Section 1.
>
> [...]
>
>> It sure would be nice if shepherd could be used to manage those daemons,
>> just to avoid having two concurrent systems doing the same kind of work,
>> but I'd still need a way to monitor the /run/listen directory, and start
>> and stop shepherd services on the fly. It is probably doable, but it
>> is a huge refactor.
>
> To be clear, ‘least-authority-wrapper’ is already used for a handful of
> services¹. I’m curious whether /run/listen is still necessary in that
> context?
>
First, I made a typo, it's /srv/listen/ that needs monitoring,
/run/listen is where the services can put sockets to communicate with
the rest of the systme.
Then, one of the point of listen is to allow access control on a a
per-user, per-port basis: the permission of e.g. /srv/listen/tcp79 will
decide who can fiddle with the finger server.
It is the reason why one need something to monitor the directory and
start/stop services based on its content
> Ludo’.
>
> ¹ The first implementation of this idea was
> <https://guix.gnu.org/en/blog/2017/running-system-services-in-containers/>.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: A paper about Plan 9 and Guix,
Edouard Klein <=