On Fr, 03.03.23 10:09, Lennart Poettering ([email protected]) wrote:
> > > And suddenly we'd have a spec that would be particularly powerful
> > > and generic: you could use it for subvols, for dirs, or for
> > > loopback files, and mix and match freely, and it would always
> > > behave somewhat
Ah, to clarify, I'm talking about app-specific servers not Linux
system services, so dbus isn't really relevant (what would it be used
for?). The sort of programs that tend to be packaged with Docker
today, or deployed using AWS Lambda or just copied up to the server.
For example a typical business
On Fr, 03.03.23 10:16, Mike Hearn ([email protected]) wrote:
> Sorry, by "apps" I meant anything not supplied by OS developers. In
> this context, servers e.g. custom web app servers. I do currently run
> some of those with DynamicUser=1 and similar.
>
> > As long as the tool updating the di
On Fri, 3 Mar 2023 at 09:17, Mike Hearn wrote:
> > > > But of course such an approach requires that services are written in a
> > > > way this is possible
> > >
> > > Right. I think that'd be quite hard to do especially with servers
> > > written in portable languages that don't expose stuff unava
Sorry, by "apps" I meant anything not supplied by OS developers. In
this context, servers e.g. custom web app servers. I do currently run
some of those with DynamicUser=1 and similar.
> As long as the tool updating the disk image creates the new one under
> a temporary name, and then replaces the
On Do, 02.03.23 16:38, Adrian Vovk ([email protected]) wrote:
> > I figure this would be a 20 line patch. Would be happy to review a
> patch for that.
>
> Got it. That sounds reasonable to me. I'll get you a patch
>
> > wouldn't it make more sense, to allow declaration of a "ReleaseNotes=" link
On Do, 02.03.23 16:59, Adrian Vovk ([email protected]) wrote:
> > /home/ with dm-integrity or OPAL for trust, TPM-bound, with homed managed
> > homedirs inside that do encryption
>
> How big is the dm-integrity write performance hit? My understanding is
> that it is 2x slower, though I don't r
On Do, 02.03.23 23:05, Mike Hearn ([email protected]) wrote:
> > There's currently no mechanism for that. File an RFE issue.
>
> https://github.com/systemd/systemd/issues/26647
>
> > In the "Portable Services" concept we currently assume you update the
> > disk image ("DDI") the service is o
