Linux: concerns over systemd adoption and Debian's decision to switch

• Previous message (by thread): Linux: concerns over systemd adoption and Debian's decision to switch
• Next message (by thread): Linux: concerns over systemd adoption and Debian's decision to switch
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Oct 22, 2014 at 2:13 PM, John Schiel <jschiel at flowtools.net> wrote:
> On 10/22/2014 10:43 AM, C. Jon Larsen wrote:
>>
>> Incorrect assumption. systemd is a massive security hole waiting to happen
>> and it does not follow the unix philosophy of done 1 thing and do it
>> well/correct.
>
> i was beginning to wonder how secure systemd is also.

Personally, I feel that the systemd developers have given a lot of
thought to security, both in the systemd code itself and because
systemd makes it practical to use advanced features of the Linux
kernel that can improve security.

One example is the fact that systemd makes it very easy to give a
service a private /tmp and /var/tmp directory that no other service
uses by using Linux's filesystem namespaces.  That can avoid all sorts
of tmpfile race conditions that have caused problems in the past.

Doing that in sysvinit, while possible, wasn't easy because you'd have
to modify each init.d script (and redo the change every time upstream
released a new update) to create/manage the filesystem namespace.  In
practice it was never done.

-- 
Jeff Ollie

• Previous message (by thread): Linux: concerns over systemd adoption and Debian's decision to switch
• Next message (by thread): Linux: concerns over systemd adoption and Debian's decision to switch
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]