320
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 01 Apr 2024
320 points (93.2% liked)
linuxmemes
21211 readers
57 users here now
Hint: :q!
Sister communities:
- LemmyMemes: Memes
- LemmyShitpost: Anything and everything goes.
- RISA: Star Trek memes and shitposts
Community rules (click to expand)
1. Follow the site-wide rules
- Instance-wide TOS: https://legal.lemmy.world/tos/
- Lemmy code of conduct: https://join-lemmy.org/docs/code_of_conduct.html
2. Be civil
- Understand the difference between a joke and an insult.
- Do not harrass or attack members of the community for any reason.
- Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
- Bigotry will not be tolerated.
- These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
3. Post Linux-related content
- Including Unix and BSD.
- Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of
sudo
in Windows. - No porn. Even if you watch it on a Linux machine.
4. No recent reposts
- Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.
Please report posts and comments that break these rules!
founded 1 year ago
MODERATORS
Could you elaborate on this? As someone who uses SystemD extensively on workstations and servers for spawning and managing both system-level and user-level services, I do find minimal issues overall with SystemD minus some certain functionalities such as socket spawning/respawning.
Of course some of default SystemD's housekeeping services do suck and I replace them with others. I would like to see the ability to just remove those services outright from my systems as separate packages since they do remain useless, but it isn't that big of an issue.
I also use systemd a lot and it baffles me people can claim sysvinit was more reliable with a straight face.
Half the time I restarted MySQL in the sysvinit days (pre-upstart as well), it would fail to stop it then try to start a new instance of it with the old one still running and the only way to fix it was to manually stop the other instance.
Process management is like the one thing systemd really does well thanks to cgroups, it's impossible for it to lose track of processes because the process lied about its pidfile.
SysV init does one job, it runs a set of scripts in an admin defined order, the init portion of SystemD attempts to solve a dependency graph at boot time and execute the startup scripts (units) in the order it devines from that. The big problems I've had around that have been services silently failing to start because it failed to resolve the ordering, and the difficulty of inserting a new unit into the ordering in a specific place. It's doable if there happens to be a target at the point you want, but if not you can't really do it as the existing, and any new, services all sequenced on the existing target. With SysV, of course, setting the service start order is trivial.
The thing is, if SystemD was just an init system it wouldn't be as bad, and has some useful ideas, but it tries to replace huge swathes of the system. As you say, some, and I'd say most, of the default housekeeping services suck, and you need to replace them. Unfortunately this then breaks the much vaunted integration of those services. Leaving them on the system isn't a great plan as it just leaves the extra attack surface. So now you need to contemplate repackaging it to exclude the stuff you don't need, which is a huge pain, and makes keeping up-to-date a big job. You've also got to worry about breaking dependencies from other packages.
Probably the biggest issue though is the huge attack surface SystemD exposes on your system. We've just seen an example of how that can be taken advantage of, with malware in a library way down the dependency chain from the system library that gets jammed into all sorts of things. I understand there is an effort underway to reduce those dependencies, but it'll always be worse than simply not doing that in the first place.
The architectural and design issues are to do with the way the different parts are so tightly linked when they have no rational reason for being, the level of complexity introduced to core services and the incoherence of some of the choices around behavior. A recent bugbear was the automounter. It works most of the time, but if a mount unit fails it just gives access to the mountpoint, when by definition you obviously and explicitly didn't want that. It also has a nasty habit of marking the unit failed, so future attempts also get bypassed until you reset it or have a recovery unit to do that.
Anyway this turned into a wall of text, and its late, so I'm going to stop there, I hope it's reasonable coherent.
Systemd has a larger attack surface area since it touches more things, even though you can assign user accounts and such. Just the simple fact that it does more things than simply executing a shell script (like everything before systemd does) makes it more vulnerable.
That's what the critics always say but are the things it manages unnecessary? If not, you'd use other tools for that but the overall attack surface would be the same.