Announcement

Collapse
No announcement yet.

Systemd's Plan For Stateless Systems, Factory Resets

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    Originally posted by interested View Post
    There are several kinds of sand boxing when it comes to systemd. The present one relies on "kernel capabilities" and "cgroup" and is good for protecting services; you can lock down services so even if the "http" daemon is compromised, the attacker can't get privilege escalation, even by executing arbitrary code. Or prevent an attacked daemon from fork-bombing or hogging IO or CPU time. It can also prevent a compromised daemon from reading certain directories, even if it manages to execute code with system wide rights (root) etc.

    The other kind of sand boxing isn't implemented yet. It will require kdbus and "Portals" (similar to Android's "Intents" http://www.phoronix.com/scan.php?pag...tem&px=MTI5NDQ

    It will probably have a special SDK, so developers can target that instead of the underlying OS.
    The thinking is, that this allows app developers to potentially target all Linux distros at the same time, and will be a tremendous boost for Linux based phones and tablets.

    A problem now a days is, that Linux has a small desktop userbase, and even that base is fragmented into countless variations. This makes it hard to convince e.g. the local Metro train company, or bank to develop a Linux app, and if they do, they tend to only target large userbase Linux distros like Fedora or Ubuntu.
    A stable SDK and API that potentially works across all Linux distros will make it much more attractive for third party developers.

    This kind of sandboxing will of course also be of great use for normal programs: as it is now, a browser can read/write everywhere the user can, even do it without user permission too. This is bad when a browser gets compromised, since it can steal information or plant a trojan or similar.
    When sandboxed the browser may be limited to certain directories and if it wants to read a file, it doesn't do it directly, but will have to ask the "Portal" to fetch it, ensuring that the user can give it permission or deny the request.
    Very interesting.

    Will these new sandboxing features make security systems such as SELinux or RBAC obsolete ?

    Comment


    • #32
      Originally posted by stiiixy View Post
      Is this guy BO$$? Or just another angry wet mop?
      nah, i'm just pi$$ed off that only troll that showed up was so lame. usually, systemd thread is so funny. basically, i'm angry i wasted my popcorn for nothing

      Comment


      • #33
        Originally posted by prodigy_ View Post
        You're not everyone, my friend. This crap isn't useful to me in the slightest. The only thing that systemd would change for me is that I would have to run twice as fast just to stay where I am now with sysvinit.
        Do you ever install Linux distros? This will make installers simpler and massively reduce the possibility of getting an unbootable system out.

        I'm guessing no, but whatever. If you do, this is useful to you and, like, everyone else who uses Linux.

        Do you run Linux in VMs, whether to play with new things or in production? This is useful to you.
        Do you have multiple devices with the same OS image? This is useful to you.
        Do you ever need a default config file, but have to dig through things because the distro one is buried in a package script or installer? This is useful to you.

        etc.

        Comment


        • #34
          Originally posted by FLHerne View Post
          Do you ever install Linux distros? This will make installers simpler and massively reduce the possibility of getting an unbootable system out.
          Even with custom kernels I really had to go out of my way to end up with an unbootable system. And systemd won't fix a broken kernel anyway.

          Originally posted by FLHerne View Post
          I'm guessing no, but whatever. If you do, this is useful to you and, like, everyone else who uses Linux.
          One more time: you really, really should stop talking on behalf of everyone.

          Originally posted by FLHerne View Post
          Do you run Linux in VMs, whether to play with new things or in production? This is useful to you.
          In VM this isn't useful because VMs already have this functionality. In production this isn't useful because sane people don't push untested changes to production. Period.

          Originally posted by FLHerne View Post
          Do you have multiple devices with the same OS image? This is useful to you.
          Because I can't simply reapply the image...

          Originally posted by FLHerne View Post
          Do you ever need a default config file, but have to dig through things because the distro one is buried in a package script or installer? This is useful to you.
          Never happened to me. Guess that's because I carefully pick distros I use.
          Last edited by prodigy_; 06-18-2014, 04:23 AM.

          Comment


          • #35
            Originally posted by prodigy_ View Post
            One more time: you really, really should stop talking on behalf of everyone.
            Re-read the quote you made, you missed a word!

            So many posts from you and not one single valid argument.

            Comment


            • #36
              Originally posted by prodigy_ View Post
              It's because the reality where people believe that utter s..t like systemd can be useful is pretty scary...
              I am still waiting for your explanation why practically all major distros and desktop environments, including those not affiliated with Red Hat, are using systemd.

              Comment


              • #37
                Originally posted by danwood76 View Post
                So many posts from you and not one single valid argument.
                So many posts from systemd fanboys and they can all be summarized in one line: "if you're against systemd your point of view and your arguments aren't valid."

                Comment


                • #38
                  Originally posted by prodigy_ View Post
                  So many posts from systemd fanboys and they can all be summarized in one line: "if you're against systemd your point of view and your arguments aren't valid."
                  Just because you have an opinion does not mean that opinion reflects reality.

                  Time and time again you've been asked to show your workings and all you've come up with are a) conspiracies b) misunderstandings c) lies.

                  This is why people reject your position, because it is indistinguishable from bullshit.

                  Comment


                  • #39
                    Originally posted by CTown View Post
                    That makes a lot of sense. So, system wide apps get installed through the package manager to somewhere on / and sandboxed apps go to /home. However, will these sandboxed apps get to make any use of the system-wide installed libraries?
                    Current thinking is that sandboxed applications will be developed against a profile, containing a set of libraries and services that must be present on system claiming to support this profile. These will be more high-level and much more coarse grained than package library dependencies.
                    Yes, at least the libraries that are part of the profile it targets. I actually hope that libraries that are on available on a given system, but not part of the target profile.

                    Originally posted by CTown View Post
                    Could it be made so Gnome's libraries and KDE's Frameworks (which always come with an explicit minimum version of Qt that can be used) be made the SDK? Sort of how the Free Desktop Standards expects Qt and GTK to both be parts of the "Free Desktop" (which is what we all should refer to these desktops collectivitly, it's why the standard is there). This way, each sandboxed app does not have to include all of these libraries AND these important libraries will be sandbox ready.
                    The proposed profiles so far are something like "libc" (just kernel API + libc), "LSB" (all libraries in Linux Standard Base) and "GNOME" (everything part of the GNOME platform). If consensus can be made, no reason we cannot define ever wider profiles. Though the more packages it includes, the harder to agree on versions etc.
                    Personally, I hope the mechanism used to implement a profile will make it easy to expose different libraries in the profile compare to what is used as part of the core OS. This would simplify agreeing on versions, because core OS needs will not be in conflict with profile needs. And hopefully make it easy for third-parties to add profile support to an OS when the OS vendor has not.

                    Originally posted by CTown View Post
                    Though that makes me wonder; can Javascript apps like Dropbox and Gmail actually read my files at any given moment, or just the ones I chose using the file chooser?
                    JavaScript applications that run in the browser, only have access to the things that a regular website does. Which means no filesystem, no raw network sockets, no direct access to device drivers.
                    They cannot even programmatically access servers different from the one they are served from, unless the server has enabled CORS.

                    However, JS can be used to develop native apps to, with Node.js or GJS (used in Gnome Shell and some apps), and there browser restrictions do not apply. Chrome, Firefox also offer additional APIs with more access to apps which come from their app stores. This can include filesystem and raw network traffic.

                    Comment


                    • #40
                      Originally posted by prodigy_ View Post
                      So many posts from systemd fanboys and they can all be summarized in one line: "if you're against systemd your point of view and your arguments aren't valid."
                      No, they can all be summarized in one line: "if you arguments are all baseless conspiracy theories, unsupported dogma, misunderstandings, misrepresentation, and baseless fear of change, your arguments aren't valid". Or, to put it more simply, "you are entitled to your own opinions, but you aren't entitled to your own facts".

                      Comment


                      • #41
                        Also, if your line of argument is "the problems this solution attempts to solve is invalid, hence the solution is invalid", you should be specific about which problems you consider invalid, and why.
                        And "invalid" here would mean, invalid for the people creating the solution. You can't expect other people to stop trying to solve their own problems because you don't happen to have the same problem right now.

                        For instance, problems which systemd is helping to solve that I care about
                        * Atomic, fault-tolerant upgrade of the OS on embedded devices. A state-free core OS helps massively
                        * A safe way of running applications from third-parties. Not requiring root to install them is a huge step forward, allowing to selectively give them access to my personal data and services running under my user is another
                        * Linux applications that are portable across distributions. High-level API profiles and dependency bundling tools, and a predictable run-time environment helps massively

                        Are these things I should not care about?
                        Last edited by jonnor; 06-18-2014, 07:02 AM.

                        Comment


                        • #42
                          Originally posted by jonnor View Post
                          Are these things I should not care about?
                          You should care about whatever is relevant for you. (For me none of those things is even remotely significant, sorry.)

                          But everything comes for a price. The price of systemd is... Linux as we know it. All the things we were promised, such as "freedom of choice" and "Linux is not a corporation" are flying completely out of the window right now - do you feel it?

                          So may I suggest that we stop calling it "Linux" and call it Red Hat OS instead? Simply to avoid confusion.

                          Comment


                          • #43
                            Originally posted by jonnor View Post
                            ...
                            Are these things I should not care about?
                            Linux systems that just work is a nightmare for many. systemd is perhaps the biggest threat to linux job security in many years,
                            this is the #1 reason for all the angry and desperate trolls.

                            Comment


                            • #44
                              Originally posted by prodigy_ View Post
                              Systemd was an inside job MAAAAAN.
                              Idiot.

                              Comment


                              • #45
                                Originally posted by paradis View Post
                                Linux systems that just work is a nightmare for many. systemd is perhaps the biggest threat to linux job security in many years,
                                this is the #1 reason for all the angry and desperate trolls.
                                I'd say that Linux systems that "just work" are an opportunity to generate more jobs. If Linux becomes easier to administer and more reliable, it stands to reason more companies will deploy Linux solutions, which will need more Linux administrators. What won't be needed anymore are primadonna "old school" Linux admins, who have deployed their own homegrown solutions, which can only be administered by (other) primadonna "old school" Linux admins. Overall the pie gets bigger, but the slices might get a bit smaller.

                                Comment

                                Working...
                                X