On Fri, 21 Feb 2014 23:53:51 +0100 John Paul Adrian Glaubitz wrote: > Kevin, I don't think you understand the reasoning behind this. Again, > the problem the init system has to solve here is being able to track a > process with a 100% accuracy, so whatever automated mechanisms you have > configured when certain situations occur, they have to find the correct > process to work on as to not kill the daemon instance you actually > still need. >
ADRIAN, I hate it when people use your name thinking it makes any difference to the content your about to spout. > And, to my current knowledge, this is not possible without a mechanism > like CGroups. Whether you rely on PID files or grep through the output > of "ps" or use "pidof", either of them are fragile and prone to fail. > Regex works just fine for me. > I elaborated in my actual real-life case how PID files are prone to > failure - I am aware that the situation with the full filesystem > shouldn't occur in the first place, Right including the rest of this email that's two counts of fantasy or bad practice now justifying increased complexity in the kernel. > but, well administrators are just > humans after all - and, using "ps" to track the process you are looking > for to be able to restart, stop or kill it, can obviously be easily > tricked into failure as well. > I was merely expressing that I think that CGroups are an indispensable > if you're planning to use Debian to build modern productive systems with > high availability in mind. As I have already said in previous threads that you have obviously forgotten from months ago. Something like CARP for complete server redundancy or Ciscos redundancy protocol, I forget what it is called is the way to go for many reasons. > Just imagine some other (malicious) > process using the same name as well or when you need to control > different instances of the very same process. So you keep machines that are running malicious processes online by adding complexity to the kernel. It is people like you that meant that kernel.org was offline for months after rediculously simple measures weren't bothered with. If you are lucky enough to have malicious processes that can be found rather than a rootkit then you should be pulling the plug investigating and hardening before all your machines take part in a DDOS. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/648730.64541...@smtp137.mail.ir2.yahoo.com
