Have fun wasting your time compiling broken ports and not having a package manager that fetches what you need quickly and in working order.
Also, enjoy slashing your wrists out of frustration on shell scripts and a crappy flaky init system that completely fucks itself completely over whenever one shell script does work properly. Truely, BSD ports are the real cluster fuck and so is their obsolete init system.

No, rather it?s the BSD ?community? no? the BSD cult that?s nothing more than a group of mentally ill assholes which maximizes idiotic decisions.
By the way, I heard BSD is trying to copycat something similar by porting launchd. Looks like you?ll have to leave BSD too. And you should cause is nothing more than a crappy copy of system.

Yes, congrats to system because their code is way cleaner and more functional then BSD code. Just compare the two. BSD is a utter mess, horribly bloated and ugly to look at. Systemd code by contrast is clean, correct and so well thought out. The only code that?s cleaner and correct is the Linux kernel.

What is this "good process supervisor"? Systemd is an existing solution, while you propose something that doesn't exist. Do any process supervisors other than systemd it provide access to cgroups, namespacing, containers and and who knows what other features the linux kernel might offer? BSD's rc scripts are marginally better than what we have in linux distros, but why is a system based on shellscripts somehow automatically better than one based on actual declarative configuration files? It's certainly not simpler, given that it's pretty difficult to use kernel interfaces from shell code.

I don't understand this argument about size and attack surface. Every time I see it it sounds like systemd is some gigantic thing that does everything in one process, which is nowhere close to the truth. As far as I know Systemd's PID1 is pretty much as small as it can be. You're just automatically assuming it must be worse than some magical "minimal init" just because it provides more functionality and is therefore prone to crashing and malfunctioning. The *kernel* is larger and much more complicated, and it still manages to work reliably on almost everything it runs on.

[/QUOTE]

And yet, the users did show a clear preference with popcon :


And yeah, the commitee was split in half, but there is at least 1 upstart coder on the commitee, so I would have been surprised he wouldn't choose his own solution. And even with that, the pro-upstart campwas not able to answer the various questions and the old design bugs :

In fact, systemd do not try to reexec on crash. Systemd loop on itself to avoid panicing the kernel, see install_crash_handler in src/core/main.c
And the reexec is reliable, as this is done on every boot to be able to unmount the initrd initial root.

Regarding the suggestion of having a PID 2, that's cute but requires more complexity in practice to avoid race conditions. Since PID 1 is the new owner of orphaned process, we need to watch over those process. And when one die, we need to do something, like saying the service is down. Of course, the problem is that this data ( ie, the matching between service and PID ) is in another process, so we need to communicate that to the process PID 2. So, a naive approach is that we send the signal and the PID over some specific socket, serialized so PID 2 can handle the case. That surely work fine on paper, but now, what happen if the PID is reused ? (If someone use PID randomisation and there is lots of process creation, this could happen sooner or later. In fact, without PID randomisation, it could happen. So now, we have a list of PID in PID2, and we receive a message saying "this process got killed", and we just have a PID. Except that we do not know when the PID was valid. So PID 2 receive a message with a PID, and cannot be sure that the PID in the list is the one that correspond. If there is no process with this PID, fine, that mean there is a service that died, and we can find which one it was. If not, then we need to find which one died.

So usually, that's quite easy, the surviving process can be identified, it is in a cgroup and you can get the service, so the other is the one that died. Now, what if 2 process died by reusing a PID, and didn't died in the same way ? what happen if one stopped because it was shortlived, and the 2nd one crashed ?

Now, you have a issue, because you cannot know which process is which. And it does matter, because that's the difference between failed and work as intended. So I am sure someone will suggest to add a timestamp. But due to the asynchronous nature of signals ( and especially since you need to do a call to waitid to get the information required ), you know have yet another race condition.

People suggested to use PR_SET_CHILD_SUBREAPER. Again, this work on paper, but what about when PID 2 crash ? ( becuase, if people accuse "PID 1 is to important to crash", we can also see what happen in the same case with the so called PID 2 ). All the processes are reparented to PID 1. So we are back on square 1, with added complexity.

And even if someone fix that, you just managed to go from "PID 1 just run PID 2" to "PID 1 run PID 2 and serve as a proxy for signal received". You can also add "PID 1 need to supervise PID 2". You didn't touched the way you would communicate safely between PID 1 and PID 2 ( and in both direction, since PID 2 also need to tell to PID 1 to shutdown ). You didn't touch on the need of restarting PID 1 and PID 2 in the initrd to be able to unmount it ( ie, why now you would need to reexec PID 1 and maybe PID 2, so twice the complexity ).

And the whole PID 2 idea doesn't even help on separating privileges, since now, everything got moved to PID 2 ( ie, it run as root, it can go in any selinux domain per design, and it listen on all interface of the current design, and add its own communication channel with PID 1 ). And you have 2 process supervising each others.

Of course, in practice, crashes do not happen that much, so most people do not care or do not try to understand why it happens. But thinking "exceptional cases do not count" is not really inspiring confidence. People keep talking on how initscript are good, but that's crap. Take openbsd init scripts. They do matching based on process name. So one can just create a process, rename it, and suddenly, the initscript is confused. Debian bind script suffer from the same kind of race condition on PID reuse, due to the asynchronous nature of rndc communication with the main daemon. Yeah, that's the kind of stuff that happen almost never for a single server. And that likely happen on a regular basis when you manage a big server farm.

No, I'm just saying that's the most common MO, so one should be concerned about a lot more than just PID1 security, and securing those other things should actually have top priority.

You can DoS a machine without attacking PID1.

If someone gained access to the blind user, there's several things they could exploit to gain root, so I don't know why you're singling out PID1 as being extra special in this regard. Even with systemd, PID1 is *not* the largest attack surface.

Basically, you're giving way too much focus to PID1, just to create an anti-systemd argument, when in perspective other processes will much more likely be the target of an attack.

If sysvinit or systemd fails to re-exec in a reliable way then it is a particular bug that causes problems, not something inherently flawed in eg. systemd.

Systemd is of course superior in every way to other Linux init systems when it comes to supervising PID1 and PID2 etc. PID1 (systemd) actually know whether PID2 or PID47 have crashed, and can restart them in an intelligent way, including not needlessly trying to restart a process if it crashes immediately twenty times in a row.

So who supervises PID1? Well, it is easy as pie to configure systemd to use a hardware watchdog to monitor if PID1 is responsive or not, and reboot the entire system if PID1 hangs. Since it is systemd, the reboot will be a fast one too :-). Systemd is simply designed with integrated support for watchdogs.

Anyway: the main point here is to illustrate that systemd has a total supervising chain of everything, including itself. It is designed to be extremely robust, reliable and safe, and be so in an easy manner.

Most motherboards these days have inbuilt hardware watchdogs: try "wdctl" from the "util-linux" package to see if your motherboard has a hardware watchdog.

For more info on watchdogs and systemd:

Hey, don't sock puppet. That BS is just kindergarten. Anyways BSD rc init is specifically designed to NOT break if a script in rc.d goes awry, so that's hogwash. Shell scripts are easier to debug and actually work unlike your systemd cack. Pkgng and ports are designed to provide a choice to the community and both work fine, when a port doesn't build the maintainer is very helpful unlike the unholy monsters that are the developers of Linux distros. BSD also derives many tools used in Linux. But, because of Linux being a GNU slave, their code is unclean and tainted by the GPL. The GPL is Marxism not freedom like the BSD or MIT licenses.

Yes, congrats to system because their code is way cleaner and more functional then BSD code. Just compare the two. BSD is a utter mess, horribly bloated and ugly to look at. Systemd code by contrast is clean, correct and so well thought out. The only code that?s cleaner and correct is the Linux kernel.[/QUOTE]

Launchd is a low priority port and yes, if it became the equivalent of systemd for Linux I'd leave BSD behind. I have no desire to use an OS that resembles or tries to be like Windows or OS X.

Thus far I actually like OpenRC because it preserves some of the advantages of shell scripts and is far less monolithic. Also it's BSD licensed so any of the BSDs could adopt it. However we have no need for something new for the present.

And anyways now that someone mentioned it, SELinux is horrible. It is like UAC under Windows except its persistent filth that interferes with the security I have already in place on my deprecated OpenVZ Linux machines. I have no choice but to shut it off entirely. Thus another reason why OpenBSD is more secure, it actually uses security that works and doesn't interfere with your attempts to harden the machine. FreeBSD is equally secure from my field testing, and it has the most advanced filesystem, ZFS for use in the system by default. It makes BTRFS look like a blood sucking tick.

I think systemd support scripts just for legacy reasons. The service files are much better than those init scripts.

And you don't have any idea of what is the cost to provide. I'm talking about real world. Choice is a beautiful word when you don't have to develop a way to these choices work, you simply choice and doesn't do anymore.

BTW, as you said you are an infosec enthusiast, just to remember: thanks to systemd technologies, we won't need to run Xserver as root anymore.

you can run x rootless for a while now
thank X devs for that, systemd had nothing to do with it

only reason why not many distros do that is that a user needs privileges to read /dev/input/* (maybe even write, idk; also tty's, but that is another thing)
should be easy to set up, check the many tutorials on how

maybe libinput (the wayland spawned thing) should take care of this (didn't check thou)

i don't know of many things made possible with systemd "technologies"
can't think of one actually, maybe you can point some out

If you can write scripts, you can quickly learn to write service files

If you need to run a custom script-or a custom binary, you can write a service file to trigger it. If you are new to systemd (as I am), the best way to do this is probably to crib code from a service file that runs at the same time and in the same way as your desired program.

Example: When I ported my multi-encrypted disk unlocker to dracut/systemd, I first ran it as a dracut hook in initqueue. I soon found it started more quickly if called directly by systemd, but at first this caused a bug: systemd would be closing down the initramfs daemons before all non-root volumes could be unlocked if there were more than two of them, one using a keyfile, or one needing a diferent passphrase. Since systemd was able to call and then wait for the dracut hooks, obviously this could be stopped. I borrowed some of the code from dracut-initqueue.service for my own service file, and the problem was fixed. Custom initramfs boot script in /sbin with systemd and dracut (ported from debian unstable) in Ubuntu, hell yeah!

Boot times with systemd and systemd in the initramfs is about 5 seconds faster than with Upstart and initramfs-tools, though benchmarking boot times with a long passphrase requires a lot of timed test runs to average out passphrase entry times. A lot of the debugging came down to using "DefaultDependencies=no" to get out of a circular dependency. Systemd was actually smart enough to respond to a circular dependency by killing the offending process, re-resolving the process dependencies, and attempting to keep going.