[RFC] Fixing the machine id
Kay Sievers
kay.sievers at vrfy.org
Sat Mar 5 06:00:35 PST 2011
On Sat, Mar 5, 2011 at 03:09, Michael Biebl <mbiebl at gmail.com> wrote:
> 2011/3/5 Marcel Holtmann <marcel at holtmann.org>:
>> Hi Lennart,
>>
>>> With this in place there's very little left which stops us from spawning
>>> D-Bus already during early boot: the system bus activation needs to be
>>> moved to /usr. Or alternatively we just give up officialyl on seperate
>>> /usr, in which case we don't need to. I'd be very much in favour of
>>> that, but you know the politics. The bigger problem is of course the
>>> system bus socket, which is in /var/run/dbus/. But we probably could
>>> move that to an abstract socket or one in /dev/.dbus, relatively
>>> easily.
>>
>> using the abstract socket is bad for security since you have no
>> permission checks anymore. And essentially anybody could start owning
>> that socket. You do not really want that.
>>
>> Also the system socket address is pretty much hardcoded. At least when I
>> looked through that a few weeks ago. And then changing the address
>> becomes quickly big trouble. Only advantage with systemd would be that
>> you can easily set an environment variable for every process. So it
>> might work out for you. In general it is a big mess.
>
> Given that systemd mounts a tmpfs on /var/run very early during boot,
> is there actually need to change the location of the socket?
> Which (D-Bus) service would you want to start before /var/run is writable?
/var might be on a different device, so we can't mount /var/run that
time, but we would like to have the socket available.
Kay
More information about the dbus
mailing list