From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RuXmy-0000Iv-1G for garchives@archives.gentoo.org; Mon, 06 Feb 2012 23:16:00 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C99D9E077C; Mon, 6 Feb 2012 23:15:49 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 2B6C4E062B for ; Mon, 6 Feb 2012 23:15:17 +0000 (UTC) Received: from [192.168.1.43] (unknown [96.231.195.26]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id D14B41B4011 for ; Mon, 6 Feb 2012 23:15:15 +0000 (UTC) Message-ID: <1328570113.8348.53.camel@rook> Subject: Re: [gentoo-dev] rfc: only the loopback interface should provide net From: Alexandre Rostovtsev To: gentoo-dev@lists.gentoo.org Date: Mon, 06 Feb 2012 18:15:13 -0500 In-Reply-To: <20120206210451.GA1940@linux1> References: <20120206210451.GA1940@linux1> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.2.3 Content-Transfer-Encoding: 7bit Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 X-Archives-Salt: 567de8cc-76bb-4411-aa07-0a487daff095 X-Archives-Hash: cce26c6df74ee57cd3e1b39828d0e266 On Mon, 2012-02-06 at 15:04 -0600, William Hubbs wrote: > All, > > I've been pondering for a while why All of OpenRC's network interfaces > provide net. > > My understanding of the "net" service is that it is there to signal that > a generic network connection is active. > > What I would like to do in OpenRC is change the network scripts so that > only the loopback interface provides net. > > The down side of this approach will be that if a daemon uses a specific > ip address in its configuration, or if it binds to a specific address, > the user will have to set up the appropriate configuration options in > /etc/conf.d. For example, if I setup sshd to use 192.168.10.1 and eth0 has > this address, I have to put the following line in /etc/conf.d/sshd: > > rc_need="net.eth0" > > One advantage I see of this approach is it will provide a fix for bugs like > http://bugs.gentoo.org/show_bug.cgi?id=228973 by requiring users to > configure services like this to start after the interface they use > is started. > > Attached to this message you will find the patch I want to apply to > OpenRC to make this change. > > Any thoughts, comments, or suggestions would be helpful. > > William I agree with the existence of the problem, but strongly disagree with the solution. There are three very different reasons why an openrc service may currently "use net" or "need net": 1. Services that connect to remote machines via any available network interface. 2. Services that listen to connections from remote machines on any available network interface, and run correctly even if no non-lo interfaces are up. 3. Services that require a specific network interface, bind to a specific address, or connect to a specific machine on the local subnet. Category 1 includes things like ntp-client (in the typical use case). Category 2 includes things like sshd (in the typical use case). Category 3 includes things like netmount (in the typical use case), or your example of sshd that's bound to a specific static IP. The proposal to provide net only from loopback may help with startup issues for Category 2, but would break Category 1. (Category 3 is broken in either case unless the user adds the appropriate rc_need lines in /etc/conf.d). My counterproposal is to (a) fix init scripts for Category 2 so that instead of "use net" or "need net", they only "use net.lo" or "need net.lo"; and (b) document (via pkg_postinst messages and comments in the default conf.d file) the requirement to manually configure rc_need for services in Category 3; and (c) continue to provide net in network scripts so that Category 1 continues to work. PS. Only 4 days ago, I deliberately changed /etc/init.d/NetworkManager in net-misc/networkmanager-0.9.2.0-r3 so that it provides net to ensure that Category 1 services work properly. It was rather an unpleasant surprise to now read a proposal to make the default openrc setup as broken as old networkmanager versions used to be :/ -Alexandre