>This inverts the parent-child relationship so users don't have to tweak
>this option to "all" (meaning daemon + whatever is running in the same
>Unitâ„¢) manually. The MAINPID half of the message tells it to look after
>the real daemon.
To my taste this is worse, because it breaks the direct filiation,
which means "type=simple" isn't really true anymore. Good on systemd to
accept a different MAINPID even with type=simple, but having the daemon
run as a grandchild of the supervisor when it doesn't have to feels
more hackish than accepting a notification from another process.
Honestly, I'd rather document in the source that the NotifyAccess
option
should be changed. The default seems very unnecessarily restrictive.
>If only there was an easy, portable way of ensuring only a process, its
>descendants, or trusted local services had access to the communication
>channel for readiness notification, without a central registry of
>everything running in the system...
Preach.
--
Laurent
Received on Wed Jun 05 2024 - 17:56:09 CEST