[systemd-devel] Last question about systemd before my presentation

[Lennart Poettering]

On Thu, 05.12.13 07:40, Cecil Westerhof (Cecil.Westerhof at Snow.nl) wrote:

> Today I am giving my presentation about systemd/journald for a not
> very enthusiastic public. I would like some last answers on a ‘few’
> questions.
> 
> I understood that you could let systemd start-up the services
> sequential for debugging purposes. How is that done?

Nope you cannot. If a service A starts up, and requests a service B and
needs it for initilization you need to start that too, while you are
still initializing A. There's no way around it. This is why we do not
allow serialization of the startup in systemd. However, you can enable
"systemd.confirm_spawn=1" on the kernel cmdline and then you get a
question asked each time systemd is about to start something.

> Is it possible to change the limits dynamically? When I change the
> service files and do a reload, are the new limits used, without a
> reboot being needed?

You can change cgroup limits at runtime using "systemctl
set-property". Classic UNIX resource limits however are only applied
when a process is started, not later on.

> I understood you could deny a service network connection. How is
> this done? Until no I could not find it. 

Using network namespacing. See PrivateNetwork=yes in systemd.exec(5). 

> Is it possible to limit the
> bandwidth a service is allowed to use?

systemd won't help you doing that.

> When virtual machines are implementd as a service. You need to let
> the host define the limits per guest I suppose?

Not following?

You can pack as many services in a slice as you want, and you can create
a tree of slices, so that you can run a couple of services against a
common set of resource limits.

> How do you let a block-device be read-only for a service?

Using file system namespacing. See ReadOnlyDirectory= in systemd.exec(5).

Lennart

-- 
Lennart Poettering, Red Hat