Portable System Services

Session information has not yet been published for this event.

*
Refereed Presentation
Scheduled: Friday, November 4, 2016 from 11:00 – 11:45am in Sweeney F

One Line Summary

systemd's primary functionality is service management. Let's bring service management to the next level, by introducing "Portable System Services", a new concept how services may be packaged up with all their required libraries, data and other artifacts and may be shipped as single-file images.

Abstract

Traditional service management on UNIX involves installing service scripts, service binaries, service data and necessary libraries into the host system using package managers like RPM or DEB. This toolbox approach is very powerful but in many ways hard to manage, as combining several services onto the same host might result in package and library version conflicts, and quick installation and removal of services will necessarily leave artifacts on the host (for example system users). Moreover running various independent services within the same system context might be considered problematic from a security PoV.

With systemd’s “Portable System Service” approach the goal is to package up services with all their data into single-file images, that can be dropped-in and removed easily and without affecting the host system or leaving artifacts around.

System services that are packaged as Portable System Service in most ways behave like traditional system services, in particular when used with tools like “systemctl” interaction. However, they may be packaged independently of the host’s package manager.

This talk will focus on the details of the concept and touch various topics regarding service management, in particular stronger sandboxing for system services, handling of system services running in separate kernel namespaces while still providing integration into the host’s concepts, dynamic (“transient”) user ID allocation, service-bound lifecycles of service resources on disk and IPC, and a lot more. We’ll also focus on the relationship to Containers, and where this approach provides different or similar functionality.

Tags

systemd, service management, service manager, system manager, init system

Presentation Materials

slides

Speaker

Leave a private comment to organizers about this proposal