[systemd-devel] Arranging groups of services

Demi Marie Obenour demiobenour at gmail.com
Sat Aug 16 23:11:32 UTC 2025 

I'm working on Spectrum OS (https://spectrum-os.org/) and am
currently porting it from s6 (https://skarnet.org/software/s6-linux-init/)
to systemd.

Spectrum OS's host (which is what is being ported) is rather
different from a normal system:

- The root filesystem is completely read-only.  There's no writable /var.
  I decided to put a tmpfs there for now.
- There is no network access, so /etc/resolv.conf isn't needed.
- The real work happens in VMs, each of which depends on a few services:
  - Cloud Hypervisor (https://www.cloudhypervisor.org) which runs the VM.
  - crosvm (https://crosvm.dev/book/) used for graphics.
  - virtiofsd (https://virtio-fs.gitlab.io) to provide a filesystem
  - Spectrum OS's own proxy for the XDG desktop portals
  - In the future, an instance of vhost-device-sound
    (https://github.com/rust-vmm/vhost-device/blob/main/vhost-device-sound/README.md)
    used for sound
  - A per-VM D-Bus daemon
  - An instance of xdg-desktop-portal

If the Cloud Hypervisor instance is stopped or exits, the others
should be stopped automatically, as they have no other use.
Having BindsTo=, After=, PropagatesStopTo=, and PropagatesReloadTo=
should handle most cases, but I don't know if that is sufficient
if Cloud Hypervisor exits spontaneously (because the guest shut down)
or crashes.

Additionally, these services have different sandboxing needs.
Cloud Hypervisor should only be able to connect to its own instance
of the daemons that serve it, rather than to any instance.
crosvm needs GPU and Wayland access and vhost-device-sound needs
to connect to PipeWire.  virtiofsd needs an id-mapped mount.
I would also like to block abstract AF_UNIX socket access.

Are there existing systemd features that can easily meet these
needs?  For the sockets I am thinking of placing them in
RuntimeDirectory= and only giving the correct units access to
those directories.  Also, I would like to use `DynamicUser=`
for everything where that is possible.
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xB288B55FFF9C22C1.asc
Type: application/pgp-keys
Size: 7140 bytes
Desc: OpenPGP public key
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20250816/79add7e1/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20250816/79add7e1/attachment.sig>

More information about the systemd-devel mailing list