Re: goal: booting with an empty /etc

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mo, 11.12.23 11:10, DJ Delorie (dj@xxxxxxxxxx) wrote:

> Lennart Poettering <mzerqung@xxxxxxxxxxx> writes:
> > Well, as you might be aware many distributions these days do more than
> > "files dns" for "hosts", and similar for the other databases, and
> > hence a built-in default in glibc is great, but most distributions and
> > image builders probably want to pick different defaults without having
> > to patch glibc for this.
>
> I agree.  My point was that (1) glibc has a built-in default, and (2)
> most distros/users/installers customize it anyway, so storing a
> "default" version anywhere other than /etc is not needed.

This doesn't work though. Take Fedora for example. It supports a
systemd feature called "DynamicUser=". If you turn that on for some
service it will get a transient UID assigned the moment it is started
and it's released again when it is stopped. It's a resonably popular
feature. It requires that the "nss-systemd" modules is listed in
nsswitch.conf.

The glibc built-in default does not list "systemd" in its
nsswitch.conf line though. On Fedora, the module is patched in via
/etc/nsswitch.conf. But then you already lost, because now the distro
default and the configuration the user made are all mixed up in a
hairy ball and cannot be separated anymore.

I don't think it's realistic to ask the glibc maintainers to change
their built-in version of nsswitch.conf to always list systemd though
(as that doesn't even make sense in many cases, i.e. when you run
glibc inside a docker container without any systemd).

Hence it makes sense to isolate this cleanly:

0. have upstream defaults built-in to the binaries, where this applies
1. have distro/OS image defaults in /usr/
2. have user's own configuration in /etc/

That's a very clear separation of ownership, and means you can always
very clearly trace back where a change comes from, and combine things
flexibly in a multitude of ways without ever losing this concept
of provenance.

In systemd we have a tool "systemd-delta" which makes use of this
separation of ownership, and allows you to diff local settings
vs. distro/OS defaults.

Lennart

--
Lennart Poettering, Berlin
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux