Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Systemd 211 Piles On More Changes

  1. #1
    Join Date
    Jan 2007
    Posts
    15,611

    Default Systemd 211 Piles On More Changes

    Phoronix: Systemd 211 Piles On More Changes

    Not too long after systemd 210, the next systemd release is now available and with it comes plenty more changes...

    http://www.phoronix.com/vr.php?view=MTYyNzI

  2. #2
    Join Date
    Dec 2012
    Posts
    459

    Default

    Quote Originally Posted by core: add new RestrictAddressFamilies= switch
    This new unit settings allows restricting which address families are available to processes. This is an effective way to minimize the attack surface of services, by turning off entire network stacks for them.

    This is based on seccomp, and does not work on x86-32, since seccomp cannot filter socketcall() syscalls on that platform.
    Hopefully it will gracefully fall back if a shipped systemD file that uses this is being used on a x86-32 platform.

  3. #3
    Join Date
    Jul 2013
    Location
    Bordeaux, France
    Posts
    321

    Default

    Quote Originally Posted by Rexilion View Post
    Hopefully it will gracefully fall back if a shipped systemD file that uses this is being used on a x86-32 platform.
    From what I understand, shouldn't the syscall be fixed to provide the same feature on x86_32 and x86_64 ?

  4. #4
    Join Date
    Dec 2012
    Posts
    459

    Default

    Quote Originally Posted by doom_Oo7 View Post
    From what I understand, shouldn't the syscall be fixed to provide the same feature on x86_32 and x86_64 ?
    Maybe, maybe not.

    But I guess this is how the decay of an architecture begins. On the other side, PaX + Grsecurity is much better on x86_32.

  5. #5
    Join Date
    Nov 2013
    Posts
    145

    Default

    It seems that now one can boot without an /etc/fstab file, systemd will automagically find the various partitions and mount them: https://plus.google.com/+LennartPoet...ts/5p1QuhdFtjN

    I do wonder how it would handle mount flags?

  6. #6
    Join Date
    Jan 2013
    Posts
    1,116

    Default

    Quote Originally Posted by Spittie View Post
    It seems that now one can boot without an /etc/fstab file, systemd will automagically find the various partitions and mount them: https://plus.google.com/+LennartPoet...ts/5p1QuhdFtjN

    I do wonder how it would handle mount flags?
    Yeah, have fun with that on a remote system when systemd does that wrong.

  7. #7
    Join Date
    Sep 2008
    Location
    Vilnius, Lithuania
    Posts
    2,660

    Default

    Quote Originally Posted by Spittie View Post
    I do wonder how it would handle mount flags?
    I'm pretty sure it doesn't. That's what /etc/fstab is (still) for. (Or perhaps you can edit some unit files that mount the partitions.)

  8. #8
    Join Date
    Dec 2012
    Posts
    459

    Default

    Quote Originally Posted by GreatEmerald View Post
    I'm pretty sure it doesn't. That's what /etc/fstab is (still) for. (Or perhaps you can edit some unit files that mount the partitions.)
    That would be bad.

    So, place your bets: When will the mount utility be assimiled? 6 months? 1 year? 2 years?

  9. #9
    Join Date
    Mar 2013
    Posts
    187

    Default

    Quote Originally Posted by Rexilion View Post
    That would be bad.

    So, place your bets: When will the mount utility be assimiled? 6 months? 1 year? 2 years?
    One of the reasons behind that features is
    This is important since Linux containers generally cannot manage their own block devices and rely on the container manager to set up all file systems correctly. Or to say this with different words: this will soon enable us to deploy and boot OS images created with generic installers like Anaconda without any change in container managers such as nspawn and libvirt-lxc. The disk images Anaconda generates will become truly portable between containerized and non-containerized setups!
    That said, looks like if you have an fstab file it overrules the automagically behaviour. So for what you are complaining about?

  10. #10

    Default

    Quote Originally Posted by Vim_User View Post
    Yeah, have fun with that on a remote system when systemd does that wrong.
    That makes no sense. On a remote system which isn't an appliance, any server admin can just rely on /etc/fstab and not use this feature at all.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •