Opened 2 years ago

Closed 2 years ago

#95 closed defect (fixed)

Disable all the unnecessary services in Dom0

Reported by: joanna Owned by: joanna
Priority: major Milestone: Release 1 Beta 1
Component: installer Keywords:
Cc:

Description

The installer should ensure only the absolutely necessary services run in Dom0. This is mostly to optimize the startup time and save on resources.

This is the proposed list of essential services that should be left:
NetworkManager? 0:off 1:off 2:on 3:on 4:on 5:on 6:off
haldaemon 0:off 1:off 2:on 3:on 4:on 5:on 6:off
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
messagebus 0:off 1:off 2:on 3:on 4:on 5:on 6:off
qubes_core 0:off 1:off 2:on 3:on 4:on 5:on 6:off
qubes_netvm 0:off 1:off 2:on 3:on 4:on 5:on 6:off
qubes_setupdvm 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
xenconsoled 0:off 1:off 2:on 3:on 4:on 5:on 6:off
xend 0:off 1:off 2:on 3:on 4:on 5:on 6:off
xenstored 0:off 1:off 2:on 3:on 4:on 5:on 6:off

Change History (15)

comment:1 Changed 2 years ago by joanna

  • Priority changed from major to minor

comment:2 Changed 2 years ago by joanna

Perhaps we can also enable irqbalance.

comment:3 Changed 2 years ago by joanna

  • Type changed from enhancement to defect

I think the idea was to move all the chkconfig * off from qubes-core-dom0.rpm to the first boot, right?

comment:4 Changed 2 years ago by joanna

  • Priority changed from minor to major

comment:5 Changed 2 years ago by joanna

  • Component changed from core to installer
  • Owner changed from joanna to somebody

comment:6 Changed 2 years ago by joanna

  • Owner changed from somebody to joanna
  • Status changed from new to accepted

Would be better to do this in doPostAction, specifically in installclass.postAction.

comment:7 Changed 2 years ago by joanna

Actually we don't want NetworkManager? and iptables in Dom0 either.

comment:8 Changed 2 years ago by joanna

  • Owner changed from joanna to smoku
  • Status changed from accepted to assigned

comment:9 Changed 2 years ago by joanna

Actually we want to do this in firstboot...

comment:10 Changed 2 years ago by joanna

qubes-core-dom0 is not trying to disable/enable any 3rd party services anymore:

http://git.qubes-os.org/?p=joanna/core.git;a=commitdiff;h=2f278b8647cf3fca0bce311490d3f25733935ba7

comment:11 Changed 2 years ago by smoku

  • Status changed from assigned to accepted

comment:12 Changed 2 years ago by smoku

We cannot do this in firstboot.

The RC script runs services via simple loop:

for i in /etc/rc$runlevel.d/S*; do ...

and fiddling with Sxx* links in this loop won't change the already created i-list.
Changes will be effective after next boot only.

But it's easy enough to be done from Anaconda postAction. Just remove some files in /etc/rc*.d

Or we can revert to qubes-core-dom0 package doing this. Its %post-installation scripts are launched in installation chroot and may modify the installed system.

comment:13 Changed 2 years ago by joanna

  • Owner changed from smoku to joanna
  • Status changed from accepted to assigned

Ok, I will try adding this to the postAction hook in qubes.py class.

comment:14 Changed 2 years ago by joanna

  • Status changed from assigned to accepted

comment:15 Changed 2 years ago by joanna

  • Resolution set to fixed
  • Status changed from accepted to closed

Done (in anaconda postAction):

http://git.qubes-os.org/?p=joanna/installer.git;a=commitdiff;h=a9795ae4a6b3da6697902c1ff1fb3181b7ec4864

Note: See TracTickets for help on using tickets.