From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Tue 28 Dec 2004 - 23:01:50 GMT
On Tue, Dec 28, 2004 at 08:08:34PM +0100, Hans Ulrich Niedermann wrote:
> Herbert Poetzl <herbert_at_13thfloor.at> writes:
> > On Tue, Dec 28, 2004 at 11:23:03AM +0100, Hans Ulrich Niedermann wrote:
> [ Vserver guest systems are different from normal systems, and thus
> require special handling services for klogd and hardware access.
> Herbert Poetzl says "just disable the services"
> Hans Ulrich Niedermann says "provide dummy packages to replace the
> services". ]
> >> And for the other hardware stuff Herbert mentioned (random, rtc,
> >> usb)... theoretically, this vserver-guest package could pull in
> >> dependencies on adapted versions, or provide virtual packages which
> >> aren't useful on the guest system.
> > hmm, yes, would be an option, but what is the problem
> > with simply disabling those services?
> > just as an example: Mandrake has a tool called chkconfig
> > where you simply do
> > chkconfig --del network
> > and it removes all the links from the various runlevels
> > so that 'network' isn't started anymore ...
> The problem is that as soon as the next update to the "network"
> package happens it will re-enable the service.
> So you have to manually stop it and disable it (ugly, error prone,
> maintenance intensive) or write a hook for your packaging system to
> stop it (still ugly).
wait you are saying that your distro re-enables
disabled services when they get updated? sounds
like a bug to me, I would not want a distro to
decide which services I run, just consider the
security impact, when I disable telnet and the
distro decides to re-enable it 'just' because
a new telnet package was available ...
I do not think that any serious distro will do
that ... so I guess it is 'safe' to disable those
services right after guest installation ...
> > doing the same for klogd, while leaving syslogd untouched
> > would be precisely what you want here ...
> If I want it disabled permanently, why install it in the first place?
> The less obsolete stuff on the (vserver guest) system, the better.
sure, nothing against a streamlined guest distro
I do that myself for my linux-vserver guests, but
there are other folks out there which _want_ to
use a guest as close as it can be to default install
and hey, if they want all those packages lying around
I'm not going to stop them ...
> > (similar is true for all the hardware specific stuff)
> Exactly my point :)
ah, good, we agree here *G*
> Vserver mailing list
Vserver mailing list