[Dev] Tizen 3.0 Multiuser Support Architecture Release candidate 1

Łukasz Stelmach l.stelmach at samsung.com
Thu Oct 31 08:29:41 GMT 2013


It was <2013-10-30 śro 19:38>, when Dominig ar Foll (Intel OTC) wrote:
> Le 30/10/2013 17:50, Łukasz Stelmach a écrit :
>> On the page 20 of the PDF file there is a chain of processes
>>
>> systemd
>>   |
>>   +-> systemd --user    <--- why ???
>>   |    |
>>   |    +-> Display Server
>>   |    |
>>   |    +-> ....?        <--- what is going to work here?
> Remember that the use of TLM is optional, so creating a config without
> must be possible.
> As we cannot present all use cases (I actually do not even have them),
> we need to be generic.
> In the slide, I just want to present that you can start initial
> services before the tlm is you want.
> Proposing to use systemd --user is just way to make the lanch simple
> and well controlled.

Systemd's main feature is parallel start-up. Upon start-up systemd reads
its configuration files, creates a DAG[1] of units and walks around
it to start the units as much in parallel as possible.  Putting some
services under supervision of another instance (systemd --user) creates
a black box from the point of view of PID#1. Different instances of
systemd do not exchange information about their DAGs, hence they cannot
optimise their DAG with regard to services (units) supervised by other
instances. Conclusion: everything that is a system-wide service should
be controlled by PID#1 and only per-user programmes should be started by
a separate systemd instance. If one needs to run a service without root
privileges User=[2] option should be used.

> We could also have some other generic services which do not need to
> run as root launched at that place.
> A good application would be the base live TV service that need to
> start quicky before than other sofisticated service is available.

That is what the User option in the service files is for[2].

>>   |
>>   +-> TLM
>>        |
>>        +-> systemd --user
>>        |
>>        +-> systemd --user
>>        |
>>        +-> systemd --user
>>        |
>>        ...
>>
>> I would like to know, why do we need "systemd --user" to run the Display
>> Server? Isn't it enough to put "User=" in the systemd service file of
>> the Display Server and have it running as a sibling of TLM with a
>> non-root uid?
> We do not need it. It's simply easy to use it to sync with what ever
> need to be launch with a generic user.

For syncing I'd recommend systemd's socket activation[3][4]. I've
created patches for xorg-server[5]. Starting Wayland this way should
not be much of a problem too.

P.S. It isn't my goal to be pesky here, however we've already tried a
few ideas for privilege separation with and without user sessions and
I'd simply like to share my experience.

Footnotes:

[1] http://en.wikipedia.org/wiki/Directed_acyclic_graph

[2] http://www.freedesktop.org/software/systemd/man/systemd.exec.html#User=

[3] http://0pointer.de/blog/projects/socket-activation.html

[4] http://0pointer.de/blog/projects/socket-activation2.html

[5] http://thread.gmane.org/gmane.comp.freedesktop.xorg.devel/36092/focus=37693

-- 
Łukasz Stelmach
Samsung R&D Institute Poland
Samsung Electronics
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <http://lists.tizen.org/pipermail/dev/attachments/20131031/4f4927cd/attachment-0001.sig>


More information about the Dev mailing list