Re: ssh infested by systemd.resolved

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On Apr 23, 2022, at 22:36, Stephen J. Turnbull <stephen@xxxxxxxxxx> wrote:
> As far as I know there isn't really a technical argument for systemd
> or any particular systemd.* on Fedora workstations.  The various
> traditional inits and daemons work fine in that environment.[1]

There are several features in systemd that directly benefit the desktop.

1.) systemd service dependencies can ensure that the desktop environment doesn’t launch until all dependencies are met.  The side benefit of this is that with parallel startup of services, the desktop launches faster, but it also launches with all the services it needs. If you discover that there’s something needed for your desktop session, adding that dependency is simple, compared to pre-systemd services.

2.) systemd-logind helps contain desktop processes in cgroups, meaning that if you want it to, it will terminate all user processes *for that session* when it logs out.  This is a huge thing for the enterprise desktop environments.  For example, I managed engineering desktops and there was a particularly finicky circuit designer that loved to leave background processes that would survive logouts, and if another user logged in it would interfere.

But this process management also introduced resource management per-user session, so you could ensure a single user couldn’t abuse the system.  This was also important to me, since we had multi-user systems running graphical sessions via VNC, and we wanted to make sure one user didn’t overwhelm the system.

3.) systemd now launches your GUI.  You have your own private systemd --user running every time you log in.  This process launches user services and apps, maintains your environment, and can run other systemd units such as timers.  This gives you a similar interface to system services, scoped just to your account.  Since there’s only one user systemd per user, you can launch a process that can be used and managed by both the graphical login and a ssh session. (This is actually annoying to me, since it means stuff like Kerberos and AFS works differently than it used to.). Because it is like regular systemd, you can override services in your ~/.config/systemd/user directory, set resource limits, such as only giving gnome-tracker 0.1% of the CPU and lower priority and lower IO bandwidth.

4.) the desktop session output and error are captured in the journal.  Previously init systems had user console lost to the user.  There was some attempt to capture the X logs and the gnome session, but in systemd each user unit can be individually examined with journalctl.

5.) desktop environments can have a unified interface for autostart of processes in a new session.  


This is just stuff off the top of my head.  While I do agree that there has been a lot of focus on server with systemd, a lot of cool things (like unit templating) were introduced because of the needs in systemd on workstations. Don’t forget that nearly all the common benefits of systemd also help desktops, because at its core, systemd is the core init system to launch the OS. Improvements in the base OS improve all fedora systems.

-- 
Jonathan Billings
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure



[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux