-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Two more presentations I took notes from on Friday during RedHat Developers Conference 2012.
- Loading branch information
Showing
2 changed files
with
61 additions
and
0 deletions.
There are no files selected for viewing
24 changes: 24 additions & 0 deletions
24
RH-DevConf-2012/What can Linux learn from the others.asciidoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| What can Linux learn from the others | ||
| ==================================== | ||
|
|
||
| Inspiration from Solaris | ||
| ------------------------ | ||
|
|
||
| .STREAM | ||
| * I/O subsystem that is modular and can be stacked one on top of another. | ||
| .Kernel stability | ||
| * In Solaris, you have just stable interfaces which are supported and not | ||
| supposed to change, but everything beneath that can change. | ||
| .ZFS | ||
| * We are getting BTRFS | ||
| .Zones | ||
| * lightweight virtualization | ||
| .RBAC | ||
| * privilege granularity | ||
| * root is set of privileges | ||
| * anybody can be root | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| Do's and Don'ts When Writing System Services | ||
| ============================================ | ||
|
|
||
| First thing to do is not to fork and especially not to double double fork. It | ||
| makes hard to figure out anything about the process and init systems nowadays | ||
| can do a good job supervising the process. But without forking, init doesn't | ||
| know when service is ready. Systemd comes with 'sd_notify()' function to get | ||
| notified about successful initialization. | ||
|
|
||
| Don't write PID files. Systemd knows your PID unless you forked! | ||
|
|
||
| sd_notify can send READY=1 to set that service is ready. It can also use | ||
| STATUS=... to tell what is it doing right now. | ||
|
|
||
| Configuration belongs to configuration file in /etc. No to init script or into | ||
| /etc/sysconfig. Providing drop-in directory for adding configuration snippets | ||
| is nice, don't try to do generator. Sane defaults should be compiled-in. | ||
|
|
||
| Regarding logging, use syslog or stdout/stderr. | ||
|
|
||
| Limit security impact - drop privileges you don't need, use capabilities. | ||
| Capabilities are beyond what normal user can do, all of them means effectively | ||
| becoming root. pscap can help in identifying capabilities. | ||
|
|
||
| Honour SIGTERM. Support SIGHUP but also provide a way for synchronous reload. | ||
|
|
||
| Use D-Bus as IPC. | ||
|
|
||
| Never spawn daemons out of libraries. | ||
|
|
||
| Use socket activation if possible. Start only when it makes sense. | ||
|
|
||
| Put daemon binary in /usr/lib not in the $PATH | ||
|
|
||
| Send systemd unit file upstream and try to keep one unit file per deamon. | ||
|
|
||
| Watch for network configuration changes. Computers migrate |