This inverts the parent-child relationship so users don't have to tweak
this option to "all" (meaning daemon + whatever is running in the same
Unitâ„¢) manually. The MAINPID half of the message tells it to look after
the real daemon.
To my taste this is worse, because it breaks the direct filiation,
which means "type=simple" isn't really true anymore. Good on systemd to
accept a different MAINPID even with type=simple, but having the daemon
run as a grandchild of the supervisor when it doesn't have to feels
more hackish than accepting a notification from another process.
Honestly, I'd rather document in the source that the NotifyAccess
option
should be changed. The default seems very unnecessarily restrictive.
If only there was an easy, portable way of ensuring only a process, its
descendants, or trusted local services had access to the communication
channel for readiness notification, without a central registry of
everything running in the system...
Preach.
--
Laurent
