On Fri, 10.06.11 18:42, Denys Vlasenko (dvlasenk@xxxxxxxxxx) wrote: > > On Fri, 2011-06-10 at 15:36 +0200, Michal Schmidt wrote: > > > Why does systemd link against libpam? > > > systemd does logins now, not /bin/login or gdm or ...? > > > > to implement PAMName= (man systemd.exec) > > I don't see any users of this feature on my F15. > I searched with Google and come up empty too. > > But anyway, assuming it's a useful feature, why it has to be done by > systemd? It's simply more correct to call into PAM when changing to a different user, i.e. to implement /etc/security/limits.conf and suchlike. We do not call into PAM by default, but you can enable it and I expect many admins to configure things that way. Also note that we will make use of this features when introducing the D-Bus user bus, to ensure while the user bus runs as user it still has all PAM limits set. > But memory consumption is not really the gist of my argument, it's: > why systemd tries to be all things for all people? It doesn't. Just what you need to spawn a service in a confined environment with all system limits applied correctly. I am pretty sure people would complain very loudly if they use User= in systemd and have no way to apply the PAM system limits to that. > > > libwrap? systemd is a network application now too? > > > > to implement TCPWrapName= (man systemd.exec) > > Again, why it has to be done *by systemd*? Socket activation. Lennart -- Lennart Poettering - Red Hat, Inc. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
