On 12/8/16, mike.valk@gmail.com mike.valk@gmail.com wrote:
2016-12-08 16:08 GMT+01:00 Adam Van Ymeren adam.vany@gmail.com:
On Thu, Dec 8, 2016 at 7:41 AM, Tzafrir Cohen tzafrir@cohens.org.il wrote:
On Wed, Dec 07, 2016 at 04:49:36PM +0100, Ythogtha wrote:
I'm new on this list, so hello everybody :)
If I may make a small remark... I feel that somehow, having a library installed only to know wether
some other
software is present or not feels the wrong way to do things.
I don't have SELinux enabled on my system. Still many core components on my system are linked with libselinux.so.1. Will you fork Debian to patch out the SELinux support?
I don't see libselinux.so.1 on my debian system.
libselinux was designed with a research project leading it (the FLASK model). papers were written in advance.
basically they obeyed ISO 9001 QA rules. they said what they were going to do, then they did it AND NO MORE.
since then there has ben ZERO scope-creep.
the opportunity was therefore there for people to review and become comfortable with SE/Linux over the something like TEN year period in which it was developed and matured. throughout all that time there was no "oh and now we'll add feature X Y Z with absolutely ZERO discussion or consultation with the wider linux community".
by complete contrast we have a huge number of instances where the systemd team have basically gone ahead with some random additional "feature" each and every single one of which has had experienced systems adminstrators, experienced unix design engineers and security experts alike going "what the fucking hell kind of drugs are these fuckwits ON??" ok - they don't write that publicly: they're very very polite in public, but the *private* discussions...
... oh and then it gets rolled out blithely to every single linux distro.
so it's the total lack of consultation that has everybody really *really* pissed off. they could be writing perfect code with zero security flaws, perfect design, best design in the world, and people could not give a damn: they would STILL refuse to use it... because there was NO CONSULTATION or proper design.
so yes, thank you for mentioning libselinux (again) because that's how the systemd team _should_ be doing it. again, it comes down to the fact that the systemd team, led by one of the most hated prominent software developers i've heard of, is full-time employed: their priorities are different from the wider community.
I'd like to suggest, not demand, to move this discussion/quest/... somewhere else. It is no longer about the original discussion nor about linux/arm, arm-netbooks, eoma68. And it keeps demanding time from our friend Luke. Who is more than busy with changing the world ;-)
apologies but i just stopped reading everything, because the connection speed is down to 8k/sec (due to the DDOS attacks going on world-wide right now) and i'm travelling again.
l.
What is the actual overhead?
libsystemd0 takes 646kb of disk space. It adds a negligible amount of memory and run time (for the case of not using systemd).