File: README.md

package info (click to toggle)
xchpst 0.8.2-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 332 kB
  • sloc: ansic: 3,220; sh: 75; makefile: 51
file content (56 lines) | stat: -rw-r--r-- 2,152 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
 
# eXtended CHange Process STate

`xchpst` extends _runit_'s `chpst` tool with options for hardening
runit-supervised services with Linux facilities including:

- namespaces
- capabilities
- read-only bind mounts
- isolated and transient areas of the filesystem hierarchy

`xchpst` is written from scratch and is backwards compatible with the `chpst`
command line options.

The documentation effort for this tool is exclusively on the
[man page](https://gitlab.com/init-tools/xchpst/-/jobs/artifacts/master/file/xchpst.8.txt?job=build-job)
([source](xchpst.8)).

Issues and merge requests welcome on the [project
page](https://gitlab.com/init-tools/xchpst).

Releases will take the form of git tags signed by my OpenPGP key[^pgp1] or
those of any other co-maintainers that may arise.

The [CHANGELOG](CHANGELOG) represents the notable net differences between
releases. Semantic versioning is employed.

Thanks for your interest - please send feedback!

-- Andrew Bower, 1 January 2025.

## Build dependencies

Conforms with C dialect C23 with some features avoided to allow compilation
with gcc-12 on Debian bookworm.

* GNU make
* gcc-12 or later
* libcap-dev[^libcap]

## Compatibility strategy

The driving goal of this utility is to allow Linux users to take advantage of
the capabilities of their kernels while using daemontools-style supervision
suites. An additional design goal is to provide maximal compatibility with
traditional tooling associated with those suites, which makes xchpst
potentially more widely useful.

Patches to support compatibility with non-Linux kernels, older compilers and
libc editions are welcome but these should be implemented without pulling in
additional layers of autotools or modern equivalents - let's only include the
logic to handle variations that are actually seen today in target deployment
environments and perform a check in the makefile or require the packager to
control a define, to keep things simple.

[^pgp1]: RSA/4096 [`06AB 786E 936C 6C73 F6D8 130C 4510 3394 30FC 9F34`](https://sw.cdefg.uk/xchpst/xchpst-signing-keys.gpg).
[^libcap]: Optional: build with `NO_CAP=1` to omit capabilities support