[systemd-devel] Questions regarding dbus started via systemd --user
Lennart Poettering
lennart at poettering.net
Mon Feb 2 14:54:49 PST 2015
On Thu, 08.01.15 17:48, Dimitri John Ledkov (dimitri.j.ledkov at intel.com) wrote:
> On 8 January 2015 at 17:15, Andrei Borzenkov <arvidjaar at gmail.com> wrote:
> > В Thu, 8 Jan 2015 16:03:43 +0000
> > Dimitri John Ledkov <dimitri.j.ledkov at intel.com> пишет:
> >
> >> On 8 January 2015 at 15:37, Simon McVittie
> >> <simon.mcvittie at collabora.co.uk> wrote:
> >> > On 08/01/15 14:36, Colin Guthrie wrote:
> >> >> Lennart Poettering wrote on 08/01/15 13:19:
> >> Thus my expectation would be to have a systemd (dbus, etc...) --user
> >> per-session/per-seat, rather than per-uid.
> >>
> >
> > How do you manage things that are inherently per-user and not
> > per-session (like pulse audio, ssh-/gpg-agents)?
>
> E.g. ssh-/gpg-agents -> they are upstart jobs, and thus are started
> per-session. They use environment variables to point at the active
> agent.
Are you sure that ssh/gpg agent are happy with being started multiple
times per-user?
> Even on your desktop, you can spawn two agents and use different
> SSH_AUTH_SOCK to talk to one or the other.
>
> Ideally such variables could be eliminated in favor of using address
> namespacing e.g. always talk to unix:abstract=/tmp/agent -> which is
Well, the abstract AF_UNIX namespace is subject to network namespaces,
which means you'd have to run each user in a network namespace of his
own, which however then would mean it would have no network interfaces
except the loopback device...
Abstract namespace sockets are pretty useless these days, and simply
risky due to the namespacing issue. Don't use them.
The ssh/gpg sockets should really move to XDG_RUNTIME_DIR, and nowhere
else.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list