LibC status and others...

Matthew Dillon dillon at apollo.backplane.com
Fri Dec 12 16:55:49 PST 2003


:>     Eventually we will rely on the IPC service entirely for normal
:>     system operation and fall-back onto the flatfiles when the IPC service
:>     is not available (i.e. get rid of the DBM stuff).
:
:IMO, in the end, we do not need the fallback, because our supervisor will
:restart the service as soon as it dies (not that that would happen...).
:and when, the supervisor does not supervise the service... we are in
:single-user mode.
:
:in case of a crash within a request, libc might sleep a second, and try
:again. in this time, our supervisor should have restarted the daemon.

    You always need a fallback to make the system robust in critical 
    situations, such as when things fail.  For example, lets say the
    service binary cannot be exec'd due to corruption.  The entire system
    pretty much depends on being able to make certain password and group 
    lookups (at a minimum).

    A fallback can take many forms.  For example, the IPC service could
    write out and/or maintain a minimal password and group file itself
    for later flatfile access in case of failure.  Or the kernel could be
    made to record fallback records, or we could just revert to a minimal,
    static flat file.  It's simply there to ensure that the system remains
    as accessible as possible to the sysop even in the face of a critical 
    services failure.

					-Matt
					Matthew Dillon 
					<dillon at xxxxxxxxxxxxx>





More information about the Kernel mailing list