Mathieu Bridon wrote:
Well, socket activation gives you better speed and resource usage as
already mentioned, but it also gives you:
[some really nifty features]
So basically, much improved service availability (which is what matters
to your business, isn't it?), and easier configuration/maintenance
(granted, once you've learnt the new commands/tricks).
Knowing that the security issue is highly exaggerated (as Lennart has
repeatedly stated, systemd doesn't read network packets), does that seem
like a better trade-off?
It might be an acceptable trade-off but I'm not yet convinced that such a
trade-off is necessary. Is it really impossible to have both a simple, network-
unaware Init and all the nifty features of SystemD?
Imagine a stripped-down Init that does only two things: First it forks and
executes SystemD, and then it just sits around and reaps orphan zombies.
SystemD would then run as process 2 and do all its socket activation and other
magic from there. Process 1 would then be immune to network-based attacks, and
it would be possible to kill SystemD if desired (although it would surely
leave the system rather handicapped).
The only thing I can think of that would be a problem is if SystemD needs to
be notified when processes die even when those processes aren't children of
SystemD. Is that the case? Is there anything else that only process 1 can do?
Björn Persson