[systemd-devel] getty at .service.m4 and serial-getty at .service.m4

Kay Sievers kay.sievers at vrfy.org
Fri Nov 12 03:24:15 PST 2010


On Thu, Nov 11, 2010 at 20:10, Lennart Poettering
<lennart at poettering.net> wrote:
> On Thu, 11.11.10 14:06, Andreas Jaeger (aj at novell.com) wrote:
>
>>
>> On Thursday 11 November 2010 12:50:44 Kay Sievers wrote:
>> > [...]
>> > > Anyway, the point of this was only to have getty start late(ish) in
>> > > the boot process, after most of the other services that are pulled in
>> > > by multi-user.target. Maybe there is a better way to specify this, if
>> > > not everyone has rc.local?
>> >
>> > Yeah, others asked for that too. So far, we don't really have a
>> > concept of 'late' or 'last' in systemd.
>>
>> Yes, we had this in openSUSE as well the $ALL target to have the firewall
>> called at the end so that it could handle services with dynamic ports.
>> For details see https://bugzilla.novell.com/show_bug.cgi?id=652608
>
> Can't say I like this approach to firewalls. Matching against ports is a
> thing of the past. They firewall people should match against processes,
> that's the only remotely sensible thing and then all of this would not
> be necessary.
>
> I am really not a big fan of Suse's $ALL extension.

Right. We can't really do anything like this. It's a ghost from the
past, where people worked with assumptions that never really existed,
and just don't exist at all today. There is no state like "all devices
are there", or "all services are started", at no point in time. Let's
not get there, we really need to get rid of all this stuff.

The question is, what happens when any of the services before $ALL is
restarted? Then you run the thing plugging after $ALL again?

In this case, it really sounds the way this firewall works needs to be
changed, and hook into individual services to do some post-setup.

Kay


More information about the systemd-devel mailing list