Re: racoon and bug 372665
On Wed, Mar 07, 2007 at 07:17:00AM +0530, Ganesan Rajagopal wrote:
> >>>>> "Milan" == Milan P Stanic <mps@oss.co.yu> writes:
> > I don't think so (except maybe udev, but servers can happily work without
> > udev). What is the reason to start nfs from "one time initialization"
> > subsystem? Portmap and nfs can be started in runlevel 2 to 5.
>
> That's debatable. However current Debian policy as per /etc/rcS.d/README is
>
> =====
> The following sequence points are defined at this time:
>
> * After the S40 scripts have executed, all local file systems are mounted
> and networking is available. All device drivers have been initialized.
>
> * After the S60 scripts have executed, the system clock has been set, NFS
> filesystems have been mounted (unless the system depends on the automounter,
> which is started later) and the filesystems have been cleaned.
> =====
Yes, it is true. But is also says that:
=====
The scripts in this directory whose names begin with an 'S' are executed
once when booting the system, even when booting directly into single
user mode.
=====
Look at "are executed once". Daemons could be executed once when booting
the system but also could be stopped, started and restarted during normal
server (or workstation) operation.
> Besides NFS, if your entire access to the network requires IPsec, you cannot
> even ssh outside the box unless racoon sets up a tunnel. It's really a
> critical service in that sense.
So could be other VPN subsystems (OpenVPN, VPNC, SSH etc).
I would think that mountnfs.sh should be moved somewhere else
(/etc/rc{2-5}.d/) where portmap have symlinks already. If we mount
remote filesystems so early why samba is not started from /etc/rcS.d/ ?
Policy is ambiguous (at least) here, IMO.
Reply to: