[systemd-devel] Last question about systemd before my presentation

Mantas Mikulėnas grawity at gmail.com
Thu Dec 5 01:08:45 PST 2013 

Partial answer:

On Dec 5, 2013 8:40 AM, "Cecil Westerhof" <Cecil.Westerhof at snow.nl> wrote:
>
> Today I am giving my presentation about systemd/journald for a not very
enthusiastic public. I would like some last answers on a ‘few’ questions.
>
> I understood that you could let systemd start-up the services sequential
for debugging purposes. How is that done?
>
> Is it possible to change the limits dynamically? When I change the
service files and do a reload, are the new limits used, without a reboot
being needed?
>
> One of the problems mentioned is that services can be started only when
they are used for the first time. As I understood it, you can make sure
that a service is always loaded, so that there is no waiting time the first
time it is called.

This is not a problem. This is a configuration choice. If the service
supports activation, you *can* let it be activated if that suits you, but
you can also configure it to be started on boot as any other service (i.e.
make multi-user.target depend on the service directly).

Note that activation benefits even boot-started services, because their
sockets still become available very early, while the service's startup is
still pending. Various existing services already run this way - e.g.
dbus.service always starts on boot, but it is *also* activated, so all
other programs can connect to it without a failure and the kernel will
queue up connections.

Also note that this is not new in systemd. DBus has always worked this way
- if program X sends a message to DBus service Y, dbus-daemon starts Y on
demand.

>
> I understood you could deny a service network connection. How is this
done? Until no I could not find it. Is it possible to limit the bandwidth a
service is allowed to use?

PrivateNetwork=yes will create a dedicated net namespace for that service,
which does not have any network interfaces by default. (Relevant man pages:
clone, unshare, setns, nsenter; LXC also uses this.)

>
> When virtual machines are implementd as a service. You need to let the
host define the limits per guest I suppose?
>
> How do you let a block-device be read-only for a service?
>
> Any last tips about what to share?
>
> --
>
> Cecil Westerhof
> Snow B.V.
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20131205/58f969bc/attachment.html>

More information about the systemd-devel mailing list