Could you elaborate on this? As someone who uses SystemD extensively on workstations and servers for spawning and managing both system-level and user-level services, I do find minimal issues overall with SystemD minus some certain functionalities such as socket spawning/respawning.
Of course some of default SystemD’s housekeeping services do suck and I replace them with others. I would like to see the ability to just remove those services outright from my systems as separate packages since they do remain useless, but it isn’t that big of an issue.
I also use systemd a lot and it baffles me people can claim sysvinit was more reliable with a straight face.
Half the time I restarted MySQL in the sysvinit days (pre-upstart as well), it would fail to stop it then try to start a new instance of it with the old one still running and the only way to fix it was to manually stop the other instance.
Process management is like the one thing systemd really does well thanks to cgroups, it’s impossible for it to lose track of processes because the process lied about its pidfile.
SysV init does one job, it runs a set of scripts in an admin defined order, the init portion of SystemD attempts to solve a dependency graph at boot time and execute the startup scripts (units) in the order it devines from that. The big problems I’ve had around that have been services silently failing to start because it failed to resolve the ordering, and the difficulty of inserting a new unit into the ordering in a specific place. It’s doable if there happens to be a target at the point you want, but if not you can’t really do it as the existing, and any new, services all sequenced on the existing target. With SysV, of course, setting the service start order is trivial.
The thing is, if SystemD was just an init system it wouldn’t be as bad, and has some useful ideas, but it tries to replace huge swathes of the system. As you say, some, and I’d say most, of the default housekeeping services suck, and you need to replace them. Unfortunately this then breaks the much vaunted integration of those services. Leaving them on the system isn’t a great plan as it just leaves the extra attack surface. So now you need to contemplate repackaging it to exclude the stuff you don’t need, which is a huge pain, and makes keeping up-to-date a big job. You’ve also got to worry about breaking dependencies from other packages.
Probably the biggest issue though is the huge attack surface SystemD exposes on your system. We’ve just seen an example of how that can be taken advantage of, with malware in a library way down the dependency chain from the system library that gets jammed into all sorts of things. I understand there is an effort underway to reduce those dependencies, but it’ll always be worse than simply not doing that in the first place.
The architectural and design issues are to do with the way the different parts are so tightly linked when they have no rational reason for being, the level of complexity introduced to core services and the incoherence of some of the choices around behavior. A recent bugbear was the automounter. It works most of the time, but if a mount unit fails it just gives access to the mountpoint, when by definition you obviously and explicitly didn’t want that. It also has a nasty habit of marking the unit failed, so future attempts also get bypassed until you reset it or have a recovery unit to do that.
Anyway this turned into a wall of text, and its late, so I’m going to stop there, I hope it’s reasonable coherent.
Systemd has a larger attack surface area since it touches more things, even though you can assign user accounts and such. Just the simple fact that it does more things than simply executing a shell script (like everything before systemd does) makes it more vulnerable.
Systemd has a larger attack surface area since it touches more things
That’s what the critics always say but are the things it manages unnecessary? If not, you’d use other tools for that but the overall attack surface would be the same.
Could you elaborate on this? As someone who uses SystemD extensively on workstations and servers for spawning and managing both system-level and user-level services, I do find minimal issues overall with SystemD minus some certain functionalities such as socket spawning/respawning.
Of course some of default SystemD’s housekeeping services do suck and I replace them with others. I would like to see the ability to just remove those services outright from my systems as separate packages since they do remain useless, but it isn’t that big of an issue.
I also use systemd a lot and it baffles me people can claim sysvinit was more reliable with a straight face.
Half the time I restarted MySQL in the sysvinit days (pre-upstart as well), it would fail to stop it then try to start a new instance of it with the old one still running and the only way to fix it was to manually stop the other instance.
Process management is like the one thing systemd really does well thanks to cgroups, it’s impossible for it to lose track of processes because the process lied about its pidfile.
SysV init does one job, it runs a set of scripts in an admin defined order, the init portion of SystemD attempts to solve a dependency graph at boot time and execute the startup scripts (units) in the order it devines from that. The big problems I’ve had around that have been services silently failing to start because it failed to resolve the ordering, and the difficulty of inserting a new unit into the ordering in a specific place. It’s doable if there happens to be a target at the point you want, but if not you can’t really do it as the existing, and any new, services all sequenced on the existing target. With SysV, of course, setting the service start order is trivial.
The thing is, if SystemD was just an init system it wouldn’t be as bad, and has some useful ideas, but it tries to replace huge swathes of the system. As you say, some, and I’d say most, of the default housekeeping services suck, and you need to replace them. Unfortunately this then breaks the much vaunted integration of those services. Leaving them on the system isn’t a great plan as it just leaves the extra attack surface. So now you need to contemplate repackaging it to exclude the stuff you don’t need, which is a huge pain, and makes keeping up-to-date a big job. You’ve also got to worry about breaking dependencies from other packages.
Probably the biggest issue though is the huge attack surface SystemD exposes on your system. We’ve just seen an example of how that can be taken advantage of, with malware in a library way down the dependency chain from the system library that gets jammed into all sorts of things. I understand there is an effort underway to reduce those dependencies, but it’ll always be worse than simply not doing that in the first place.
The architectural and design issues are to do with the way the different parts are so tightly linked when they have no rational reason for being, the level of complexity introduced to core services and the incoherence of some of the choices around behavior. A recent bugbear was the automounter. It works most of the time, but if a mount unit fails it just gives access to the mountpoint, when by definition you obviously and explicitly didn’t want that. It also has a nasty habit of marking the unit failed, so future attempts also get bypassed until you reset it or have a recovery unit to do that.
Anyway this turned into a wall of text, and its late, so I’m going to stop there, I hope it’s reasonable coherent.
Systemd has a larger attack surface area since it touches more things, even though you can assign user accounts and such. Just the simple fact that it does more things than simply executing a shell script (like everything before systemd does) makes it more vulnerable.
That’s what the critics always say but are the things it manages unnecessary? If not, you’d use other tools for that but the overall attack surface would be the same.