Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign upDisable all the unnecessary services in Dom0 #95
Comments
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
|
Modified by joanna on 14 Mar 2011 21:31 UTC |
marmarek
assigned
rootkovska
Mar 8, 2015
marmarek
added this to the Release 1 Beta 1 milestone
Mar 8, 2015
marmarek
added
enhancement
C: core
P: major
P: minor
and removed
P: major
labels
Mar 8, 2015
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
marmarek
Mar 8, 2015
Member
Comment by joanna on 15 Mar 2011 00:11 UTC
Perhaps we can also enable irqbalance.
|
Comment by joanna on 15 Mar 2011 00:11 UTC |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
marmarek
Mar 8, 2015
Member
Comment by joanna on 1 Apr 2011 23:27 UTC
I think the idea was to move all the chkconfig * off from qubes-core-dom0.rpm to the first boot, right?
|
Comment by joanna on 1 Apr 2011 23:27 UTC |
marmarek
added
bug
and removed
enhancement
labels
Mar 8, 2015
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
|
Modified by joanna on 1 Apr 2011 23:27 UTC |
marmarek
added
P: major
and removed
P: minor
labels
Mar 8, 2015
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
|
Modified by joanna on 2 Apr 2011 22:30 UTC |
marmarek
added
C: installer
and removed
C: core
labels
Mar 8, 2015
marmarek
unassigned
rootkovska
Mar 8, 2015
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
marmarek
Mar 8, 2015
Member
Comment by joanna on 3 Apr 2011 11:48 UTC
Would be better to do this in doPostAction, specifically in installclass.postAction.
|
Comment by joanna on 3 Apr 2011 11:48 UTC |
marmarek
assigned
rootkovska
Mar 8, 2015
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
marmarek
Mar 8, 2015
Member
Comment by joanna on 3 Apr 2011 15:15 UTC
Actually we don't want NetworkManager and iptables in Dom0 either.
|
Comment by joanna on 3 Apr 2011 15:15 UTC |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
|
Modified by joanna on 3 Apr 2011 15:16 UTC |
marmarek
unassigned
rootkovska
Mar 8, 2015
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
marmarek
Mar 8, 2015
Member
Comment by joanna on 3 Apr 2011 15:16 UTC
Actually we want to do this in firstboot...
|
Comment by joanna on 3 Apr 2011 15:16 UTC |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
marmarek
Mar 8, 2015
Member
Comment by joanna on 3 Apr 2011 23:08 UTC
qubes-core-dom0 is not trying to disable/enable any 3rd party services anymore:
http://git.qubes-os.org/?p=joanna/core.git;a=commitdiff;h=2f278b8647cf3fca0bce311490d3f25733935ba7
|
Comment by joanna on 3 Apr 2011 23:08 UTC http://git.qubes-os.org/?p=joanna/core.git;a=commitdiff;h=2f278b8647cf3fca0bce311490d3f25733935ba7 |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
|
Modified by smoku on 4 Apr 2011 13:56 UTC |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
marmarek
Mar 8, 2015
Member
Comment by smoku on 4 Apr 2011 16:31 UTC
We cannot do this in firstboot.
The RC script runs services via simple loop:
for i in /etc/rc$runlevel.d/S*; do ...
and fiddling with Sxx* links in this loop won't change the already created i-list.
Changes will be effective after next boot only.
But it's easy enough to be done from Anaconda postAction. Just remove some files in /etc/rc*.d
Or we can revert to qubes-core-dom0 package doing this. Its %post-installation scripts are launched in installation chroot and may modify the installed system.
|
Comment by smoku on 4 Apr 2011 16:31 UTC The RC script runs services via simple loop: and fiddling with Sxx* links in this loop won't change the already created i-list. But it's easy enough to be done from Anaconda postAction. Just remove some files in /etc/rc*.d Or we can revert to qubes-core-dom0 package doing this. Its %post-installation scripts are launched in installation chroot and may modify the installed system. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
marmarek
Mar 8, 2015
Member
Comment by joanna on 4 Apr 2011 16:33 UTC
Ok, I will try adding this to the postAction hook in qubes.py class.
|
Comment by joanna on 4 Apr 2011 16:33 UTC |
marmarek
assigned
rootkovska
Mar 8, 2015
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
|
Modified by joanna on 4 Apr 2011 16:33 UTC |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
marmarek
Mar 8, 2015
Member
Comment by joanna on 5 Apr 2011 21:16 UTC
Done (in anaconda postAction):
|
Comment by joanna on 5 Apr 2011 21:16 UTC |
marmarek commentedMar 8, 2015
Reported by joanna on 14 Mar 2011 16:35 UTC
The installer should ensure only the absolutely necessary services run in Dom0. This is mostly to optimize the startup time and save on resources.
This is the proposed list of essential services that should be left:
NetworkManager 0:off 1:off 2:on 3:on 4:on 5:on 6:off
haldaemon 0:off 1:off 2:on 3:on 4:on 5:on 6:off
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
messagebus 0:off 1:off 2:on 3:on 4:on 5:on 6:off
qubes_core 0:off 1:off 2:on 3:on 4:on 5:on 6:off
qubes_netvm 0:off 1:off 2:on 3:on 4:on 5:on 6:off
qubes_setupdvm 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
xenconsoled 0:off 1:off 2:on 3:on 4:on 5:on 6:off
xend 0:off 1:off 2:on 3:on 4:on 5:on 6:off
xenstored 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Migrated-From: https://wiki.qubes-os.org/ticket/95