(Initial copy) |
(Save my work before the wiki loses it again.) |
||
Line 1: | Line 1: | ||
== Services | == Enabling Services by Default == | ||
Only services that meet | Only services that meet all criteria below are permitted (but not required) to be enabled by default on package installation. | ||
For the purposes of this document, a "service" is defined as one or more of: | For the purposes of this document, a "service" is defined as one or more of: | ||
* A daemon or process started using a [http://www.freedesktop.org/software/systemd/man/systemd.service.html systemd service unit]. | * A daemon or process started using a [http://www.freedesktop.org/software/systemd/man/systemd.service.html systemd service unit]. | ||
* A daemon or process that is invoked by socket activation, either by using a [http://www.freedesktop.org/software/systemd/man/systemd.socket.html systemd socket unit], [http://standards.freedesktop.org/desktop-entry-spec/1.1/ar01s07.html D-BUS activation] or similar behavior. | * A daemon or process that is invoked by socket activation, either by using a [http://www.freedesktop.org/software/systemd/man/systemd.socket.html systemd socket unit], [http://standards.freedesktop.org/desktop-entry-spec/1.1/ar01s07.html D-BUS activation] or similar behavior. | ||
* A daemon or process that is invoked by hardware activation (i.e. started via a udev rule). | |||
* A [http://www.freedesktop.org/software/systemd/man/systemd.timer.html systemd timer unit] that runs periodically. | * A [http://www.freedesktop.org/software/systemd/man/systemd.timer.html systemd timer unit] that runs periodically. | ||
=== | Note that this includes processes which are not persistent. If something started by a systemd service unit runs for a short period of time and then exits, it is still a service. An example would be <code>iptables</code>. | ||
=== Must not alter other services=== | |||
Installation of the package providing the unit auto-started by this preset may not change the behavior of any other service running (or potentially running) on the system. | Installation of the package providing the unit auto-started by this preset may not change the behavior of any other service running (or potentially running) on the system. | ||
=== | === Must not require manual configuration to function === | ||
The service must not require configuration before it starts properly. If the end-user/administrator must make some specific configuration change before the service is able to start without error and provide useful functionality then it MUST NOT be enabled by default. | |||
XXX So... should we allow services to start by default which do nothing but exit cleanly if not configured? If not, then what about things which only function on some hardware? | |||
=== Must not listen for outside connections === | |||
The service must not listen on a network socket for connections originating on a separate physical or virtual machine. | |||
D-BUS services and hardware-activated services generally meet this requirement. | |||
== Hardware Support Services == | |||
Some hardware requires some additional service to be started in order to be useful. This may come in the form of a non-persistent setup process or in the form of a continuously-running service. If the service can be hardware activated to only start when the relevant hardware is present and do nothing when not present, and otherwise it meets the above requirements, then it SHOULD be enabled by default upon package installation. | |||
If the service cannot be hardware activated, but it is possible to configure it such that it | |||
Because full and automatic hardware support is desirable, such services SHOULD start automatically if that is possible without violating the above requirements. | |||
It is preferred that such services simply be hardware-activated if possible so that they only start when the relevant hardware is present. | |||
If such services meet the above requirements and do | |||
* They meet the above requirements for default services. | |||
* They | |||
If, when run on systems which do not possess the relevant hardware, those services exit cleanly, without error and without marking the service as "failed" from the perspective of systemd then those services SHOULD be enabled by default. | |||
XXX That's a tortuous sentence. | |||
* Manual configuration is not required (as above) | |||
Services which suport | |||
== Approved Exceptions == | |||
Some services which are permitted to be enabled by default as specific exceptions. Services that should be enabled by default throughout all of Fedora must be approved by [https://fedorahosted.org/fesco/newticket FESCo]. Services that should be enabled or disabled by default only on one or more of the Fedora Editions must be approved by those Editions' [https://fedoraproject.org/wiki/Fedora.next#Working_groups Working Groups]. | |||
Example: | |||
* FESCo approves openssh-server to run by default on Fedora in general. | |||
* Workstation WG approves openssh-server to be disabled by default on the Workstation Edition. |
Revision as of 20:39, 12 July 2018
Enabling Services by Default
Only services that meet all criteria below are permitted (but not required) to be enabled by default on package installation.
For the purposes of this document, a "service" is defined as one or more of:
- A daemon or process started using a systemd service unit.
- A daemon or process that is invoked by socket activation, either by using a systemd socket unit, D-BUS activation or similar behavior.
- A daemon or process that is invoked by hardware activation (i.e. started via a udev rule).
- A systemd timer unit that runs periodically.
Note that this includes processes which are not persistent. If something started by a systemd service unit runs for a short period of time and then exits, it is still a service. An example would be iptables
.
Must not alter other services
Installation of the package providing the unit auto-started by this preset may not change the behavior of any other service running (or potentially running) on the system.
Must not require manual configuration to function
The service must not require configuration before it starts properly. If the end-user/administrator must make some specific configuration change before the service is able to start without error and provide useful functionality then it MUST NOT be enabled by default.
XXX So... should we allow services to start by default which do nothing but exit cleanly if not configured? If not, then what about things which only function on some hardware?
Must not listen for outside connections
The service must not listen on a network socket for connections originating on a separate physical or virtual machine.
D-BUS services and hardware-activated services generally meet this requirement.
Hardware Support Services
Some hardware requires some additional service to be started in order to be useful. This may come in the form of a non-persistent setup process or in the form of a continuously-running service. If the service can be hardware activated to only start when the relevant hardware is present and do nothing when not present, and otherwise it meets the above requirements, then it SHOULD be enabled by default upon package installation.
If the service cannot be hardware activated, but it is possible to configure it such that it
Because full and automatic hardware support is desirable, such services SHOULD start automatically if that is possible without violating the above requirements.
It is preferred that such services simply be hardware-activated if possible so that they only start when the relevant hardware is present.
If such services meet the above requirements and do
- They meet the above requirements for default services.
- They
If, when run on systems which do not possess the relevant hardware, those services exit cleanly, without error and without marking the service as "failed" from the perspective of systemd then those services SHOULD be enabled by default.
XXX That's a tortuous sentence.
- Manual configuration is not required (as above)
Services which suport
Approved Exceptions
Some services which are permitted to be enabled by default as specific exceptions. Services that should be enabled by default throughout all of Fedora must be approved by FESCo. Services that should be enabled or disabled by default only on one or more of the Fedora Editions must be approved by those Editions' Working Groups.
Example:
- FESCo approves openssh-server to run by default on Fedora in general.
- Workstation WG approves openssh-server to be disabled by default on the Workstation Edition.