From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from atuin.qyliss.net (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id 0023CEAE2; Wed, 20 Aug 2025 14:01:30 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 993) id 4EA0CEA47; Wed, 20 Aug 2025 14:01:27 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DMARC_MISSING,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=4.0.1 Received: from fhigh-a7-smtp.messagingengine.com (fhigh-a7-smtp.messagingengine.com [103.168.172.158]) by atuin.qyliss.net (Postfix) with ESMTPS id E8074EA44 for ; Wed, 20 Aug 2025 14:01:24 +0000 (UTC) Received: from phl-compute-09.internal (phl-compute-09.internal [10.202.2.49]) by mailfhigh.phl.internal (Postfix) with ESMTP id 3C75B140041C; Wed, 20 Aug 2025 10:01:23 -0400 (EDT) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-09.internal (MEProxy); Wed, 20 Aug 2025 10:01:23 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc :cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm2; t=1755698483; x=1755784883; bh=eJ/fFJfszc CkTXlO30hzr0nie4y8LXCanQF6EwPAF2Q=; b=urwdCX7B18sP9j3e7ttkJhiLIN Mg0TWwbCYkMLeZWN4eFfbllHycDr+L7Adkd8/upDDhckpf5v8aNvXon+jdxwBKq2 3m4GJtBMYbGJCqeK68JVKn0AI2zHSr0Hy9st2Y0b//L6zyFLMdhe/+aFiHmrXjyW ZX8GdVWFyVIR/YpTW7e0FVndkOENUAU+Q17LN5feWpgAzaiR+UwkRfALoqRWKZku naTiJQF9Qpr3sP9v2ZIR5zQOJ9g37VE83lF4qB1ZJU2JGewwOGT2Jqudx5FWVPTH rJxMEVLq8HvRRcA3wl7uHHDYQ4gcUOj4XrJJPj2RES+eEw4LTKXKXRSo4YYw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t= 1755698483; x=1755784883; bh=eJ/fFJfszcCkTXlO30hzr0nie4y8LXCanQF 6EwPAF2Q=; b=oQEzvqaPcAqoIYiZDBeJM8wq0sSWL0/W00bYn3wpgiLQTOeXzAx 9dxoHzmSOnN3wJJDN/mPF+GENYVOj/tPSXvyG60/iwCxP8jOn3YO3zJzuovUeu+Q d21cis3X6cdh4O5pGAVsIc7m0bHxhQA0hFYjWK5clsyFPzuoit8I2IGtKAagswzE AZ0wOuiDCL+qK8F/GhPNU1udkAMJWRstqqG7G3T+A/VOFuseYkiIcl2Fb8AHN9d6 ibGjpFbhZEZrbztFfLhYPLb2Xoewcr3oaz2KBZin/ccpbqlLxv7W1h4MogN4x6h7 haMG6yowo+IPaL9j/KLWPelfoSez/OF7I1A== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtdefgdduheekheehucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfurfetoffkrfgpnffqhgenuceu rghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnegouf hushhpvggtthffohhmrghinhculdegledmnecujfgurhephffvvefujghffffkgggtsehg tderredttdejnecuhfhrohhmpeetlhihshhsrgcutfhoshhsuceohhhisegrlhihshhsrg drihhsqeenucggtffrrghtthgvrhhnpeeiteejgeelvdegfeevgfdtfeelhfefffdtheef keekheelteehleefjeejtedtgfenucffohhmrghinhepshhpvggtthhruhhmqdhoshdroh hrghdpshhkrghrnhgvthdrohhrghdptghlohhuughhhihpvghrvhhishhorhdrohhrghdp tghrohhsvhhmrdguvghvpdhgihhtlhgrsgdrihhopdhgihhthhhusgdrtghomhdprhgvrg gumhgvrdhmugenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhr ohhmpehhihesrghlhihsshgrrdhishdpnhgspghrtghpthhtohephedpmhhouggvpehsmh htphhouhhtpdhrtghpthhtohepnhhrrhestghorhhvihgurggvrdhorhhgpdhrtghpthht ohepuggvmhhiohgsvghnohhurhesghhmrghilhdrtghomhdprhgtphhtthhopehjrghmvg hsrdhsohhfthifrghrvgdrshhmihhthhesghhmrghilhdrtghomhdprhgtphhtthhopehs hihsthgvmhguqdguvghvvghlsehlihhsthhsrdhfrhgvvgguvghskhhtohhprdhorhhgpd hrtghpthhtohepuggvvhgvlhesshhpvggtthhruhhmqdhoshdrohhrgh X-ME-Proxy: Feedback-ID: i12284293:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 20 Aug 2025 10:01:21 -0400 (EDT) Received: by rock.qyliss.net (Postfix, from userid 1000) id 0807816EE36; Wed, 20 Aug 2025 16:01:15 +0200 (CEST) From: Alyssa Ross To: James Smith , nrr@corvidae.org, Demi Marie Obenour Subject: Re: Arranging groups of services In-Reply-To: References: Date: Wed, 20 Aug 2025 16:01:05 +0200 Message-ID: <875xeium72.fsf@alyssa.is> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Message-ID-Hash: OSHKA2IZF7IOUDRDAOBIX2BEWOKQVWB7 X-Message-ID-Hash: OSHKA2IZF7IOUDRDAOBIX2BEWOKQVWB7 X-MailFrom: hi@alyssa.is X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1; header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3; header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: systemd , Spectrum OS Development X-Mailman-Version: 3.3.9 Precedence: list List-Id: Patches and low-level development discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable James Smith writes: > Forwarding for on this : > > Both systemd and s6, so I might be uniquely qualified here. (Though, I mu= st > admit that I haven't been deep in systemd's internals lately.) > > Any chance I can take a peek at some s6 service directories to get a bett= er > idea of how things work currently? A quick perusal of the spectrum git tr= ee > wasn't terribly enlightening. Hi James, thanks for offering to have a look! For the host, s6 services are here: https://spectrum-os.org/git/spectrum/tree/host/rootfs/etc/s6-linux-init/run= -image/service And some s6-rc services are here: https://spectrum-os.org/git/spectrum/tree/host/rootfs/etc/s6-rc My idea for grouping services with s6 was going to be running an s6-svscan instance for each VM, inside a cgroup, running virtiofsd, cloud-hypervisor, etc. below it. That way we'd be able to enforce resource limits per-VM. > On Sat, Aug 16, 2025, 6:11=E2=80=AFPM Demi Marie Obenour > wrote: > > I'm working on Spectrum OS (https://spectrum-os.org/) and am > currently porting it from s6 (https://skarnet.org/software/s6-linux-init/) > to systemd. > > Spectrum OS's host (which is what is being ported) is rather > different from a normal system: > > - The root filesystem is completely read-only. There's no writable /var. > I decided to put a tmpfs there for now. > - There is no network access, so /etc/resolv.conf isn't needed. > - The real work happens in VMs, each of which depends on a few services: > - Cloud Hypervisor (https://www.cloudhypervisor.org) which runs the VM. > - crosvm (https://crosvm.dev/book/) used for graphics. > - virtiofsd (https://virtio-fs.gitlab.io) to provide a filesystem > - Spectrum OS's own proxy for the XDG desktop portals > - In the future, an instance of vhost-device-sound > ( > https://github.com/rust-vmm/vhost-device/blob/main/vhost-device-sound/REA= DME.md > ) > used for sound > - A per-VM D-Bus daemon > - An instance of xdg-desktop-portal > > If the Cloud Hypervisor instance is stopped or exits, the others > should be stopped automatically, as they have no other use. > Having BindsTo=3D, After=3D, PropagatesStopTo=3D, and PropagatesReloadTo= =3D > should handle most cases, but I don't know if that is sufficient > if Cloud Hypervisor exits spontaneously (because the guest shut down) > or crashes. > > Additionally, these services have different sandboxing needs. > Cloud Hypervisor should only be able to connect to its own instance > of the daemons that serve it, rather than to any instance. > crosvm needs GPU and Wayland access and vhost-device-sound needs > to connect to PipeWire. virtiofsd needs an id-mapped mount. > I would also like to block abstract AF_UNIX socket access. > > Are there existing systemd features that can easily meet these > needs? For the sockets I am thinking of placing them in > RuntimeDirectory=3D and only giving the correct units access to > those directories. Also, I would like to use `DynamicUser=3D` > for everything where that is possible. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEH9wgcxqlHM/ARR3h+dvtSFmyccAFAmil1SIACgkQ+dvtSFmy ccAa9w/9HjlNhILZEveGOAX1UfUdX98OCduodq58OtyukWWQcHGb+8g4U2M5Dnrm 8lq7Lxfa+5/YAhnN0GkefFHv/36L3jzXyy1hgIgB8S8R5DLK/kVNVHTslixkN0rL BU4uLCIFUTQp8IEBStsVZfY1HB7M5Opf4kRlgA9sh/0J1BNqCp6e/kiQvrYnGR5t Pxs7qwOyYAGUxK71yiyQ36GzeM27Vjz/NMlgSGdQqaLWz4g4oI4dJkUW4fVqXS36 IjggkKSTP3iFJV5KBBPSeWgY2xmG0WrxE89Xifc0tQMgM04+0xhR0VnYNQ6RgVWU 4Mfm/RLXSY+GJphzI5N+7MOU5z8jvH3z5Ot6p8GQ/aAq/VZNyTuODDTBri4qxU0g H85Y2wsSdkE1VoPr3n7wPFaBbo04AkZyP+/w+yLt83fSltvrruZHYEYdWNKTagkS DtncD+AFNArazklrPPXnrZoRA3cqtDOpTO5Q8CCnoceZ1XJH73ar1eSA6eAhhLu2 J0WqpuEWrNdTq3EdD8cHiNssVQlwrgmgQOy4cApP9ARMPaf1x9I/PEykpBWOFBaH 101323K4Fqnzz99boVev4+HurltyZuWsLCgKUAVSw+nfxjTeBLA1j7ybHNSgGfZM ab5du4x4Nl8RfbXVPuX3PeQRupDAUVa0UFf8OW6gzGXQATwjJaU= =ZmKr -----END PGP SIGNATURE----- --=-=-=--