Comment by mikkupikku

Comment by mikkupikku 5 days ago

6 replies

View on Hacker News

Poettering gas a track record of recognizing good ideas from Apple, then implementing them poorly. He also has a track record of closing bug reports for plain and simple bugs in his software to protect his own ego, and this kind of mentality isn't a great basis for security sensitive software.

Audio server for linux: Great idea! Pulseaudio: Genuinely a terrible implementation of it, Pipewire is a drop in replacement that actually works.

Launchd but for Linux: Great idea! SystemD: generally works now at least, but packed with insane defaults and every time this is brought up with the devs they say its the distro packagers jobs to wipe SystemD's ass and clean up the mess before users see it.

Security bug in SystemD when the user has a digit in their username: Lennart closes the bug and says that SystemD is perfect, the distros erred by permitting such usernames. Insane ego-driven response.

plagiarist 5 days ago

He really will just close a ticket because he disagrees with how Linux works. I read about systemd sysusers and thought they would be neat for running containerized services. But Poettering doesn't like the /etc/subuid files and refuses to work with them.

Reply View 5 replies
  • NekkoDroid 5 days ago

    Well, he specifically doens't like the static allocation of subuids. There is a reason `systemd-nsresourced` exists.

    Reply View 4 replies
    • plagiarist 5 days ago

      How do I have nsresourced work in a regular systemd service or quadlet so that I can have an ephemeral user run a container? I am trying to find information and just seeing it as part of nsspawn, that seems to require a container specifically built around a root filesystem.

      I am not going to struggle with systemd if I have to build containers specifically for it. If I have to rearrange everything I am doing I would just learn to do it on a minimal Kubernetes install instead.

      Reply View 3 replies
      • NekkoDroid 4 days ago

        nspawn containers aren't really any different to regular system images/archives other than they don't need a kernel.

        I don't think the setting is exposed to regular service units (it might be able to in the future, I don't know) and I don't think podman has any integration with it.

        What kinda service do you have where you need a full range of UIDs?

        Reply View 2 replies