From: ludo@gnu.org (Ludovic Courtès)
To: Leo Famulari <leo@famulari.name>
Cc: help-guix@gnu.org
Subject: Re: Starting user services at boot
Date: Mon, 13 Feb 2017 15:01:48 +0100 [thread overview]
Message-ID: <87a89qfaur.fsf@gnu.org> (raw)
In-Reply-To: <20170213123743.ngvpeu4iscadyrwr@wasp> (ng0's message of "Mon, 13 Feb 2017 12:37:44 +0000")
ng0 <contact.ng0@cryptolab.net> skribis:
> On 17-02-13 10:30:10, Ludovic Courtès wrote:
>> Hi Leo!
>>
>> Leo Famulari <leo@famulari.name> skribis:
>>
>> > Does anyone have advice about how to start an unprivileged user's
>> > services when the system boots?
>> >
>> > On other systems, I could at least invoke them in /etc/rc.local, but I'm
>> > not sure how to do it on GuixSD.
>>
>> Currently I run shepherd as myself, which reads from
>> ~/.config/shepherd/init.scm. It gets started from my ~/.xsession.
>>
>> Admittedly this is a bit of a hack. It wouldn’t be hard to define
>> per-user Shepherd instances as global Shepherd services in GuixSD, if
>> you see what I mean.
>>
>> Another option would be to add support for this directly in the
>> Shepherd, which has pros and cons.
>
> What are the pros and cons from your point of view, could you explain this?
The downside is that it would make the Shepherd more complex: it would
have to have a built-in notion of user instances, even though it is not
designed specifically to run as PID 1 initially (you can use it as an
unprivileged user already).
Another downside is that /var/run/shepherd/socket may need to be
accessible to users so they can talk to PID 1. More generally, there’d
need to be some way to prevent unprivileged users from doing things like
running arbitrary code in PID 1.
The upside would be better integration: if shepherd knows about user
services, then it can show them in ‘herd status’, things like that.
(There’s a similar trade-off for the recently-added support for services
running in containers.)
Thanks,
Ludo’.
next prev parent reply other threads:[~2017-02-13 14:01 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-12 19:54 Starting user services at boot Leo Famulari
2017-02-13 9:30 ` Ludovic Courtès
2017-02-13 12:37 ` ng0
2017-02-13 14:01 ` Ludovic Courtès [this message]
2017-02-15 11:14 ` Alex Kost
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87a89qfaur.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=help-guix@gnu.org \
--cc=leo@famulari.name \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).