If you manage to infect your systemd unit list which requires root privilege and give it a permission to run on boot I don't think it's an attack vector anymore its one's stupidity. Systemd is the furthest thing from an outside attack. Someone might poison your bashrc and its more possible than someone inserting a malicious unit file and asking you to run.
this post was submitted on 25 Jan 2024
7 points (56.9% liked)
Linux
47361 readers
1202 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by AlpΓ‘r-Etele MΓ©der, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
the init is just a binary, the others systemd features are different programs from different binary, and you are not forced to use them, you can use only the init and don't use the others, it's not gonna affect security, systemd init is the most tested one
and you can't, a lot of technology that make NixOS and others immutable distros works exists only because of systemd
and if others init system worked as well, the entire of the linux community would not have changed voluntarily nor indenpendently to it
What do you think of some day seeing a fork of nixOS that uses other init systems and works well? Or is it just me that likes this idea?
doubt, is too much work just to make a systemd alternative, without the reliability and support that systemd have, but i think it could be a fun hack
To set the record straight, since you apparently have no idea of the history: systemd isn't the original Linux init system, and wasn't foisted on the Linux community because it was technically superior for most people's use cases. It still isn't the only viable Linux init system, but it pulled a Microsoftian embrace-extend-extinguish on udev, which makes it more difficult to switch away. Its current popularity is still not based on technical merits. Instead, it's political, because most people don't care about what init they're using and most distro-makers take the path of least resistance.
It's true that you're not required to use all of the individual executables that comprise systemd, but most distros will require you to install them. So they're still present as unwanted clutter, and bugs could still pose a security risk if an attacker can run the executables. (This doesn't mean that OpenRC or runit would necessarily be any more secureβevery non-trivial piece of software has bugs, and some percentage of those are going to be security-relevant. You're not required to care about small amounts of on-disk clutter, either, but some people choose to make their system partitions small and micromanage the contents even if they're not working on embedded.)
Compiling your own copy of systemd without the clutter, judging from the contents of the systemd ebuild, requires setting more than 30 compiler options. And then installing the result manually without trashing your system. Not trivial, in other words.
If systemd works for you, then by all means use it, but accept that other people may choose to install something different on their own machines for what you consider to be bad reasons, or no reason at all, and arguing about it just annoys them without providing any benefit to you.
My understanding as a NixOS user is a lot of its fundamentals are very strongly coupled to systemd. It's responsible for things like running system activation scripts and managing any services it exposes options to, so replacing it sounds like a tall order.
I'm not aware of any Nix-based alternatives, but I'd definitely welcome them! Oh and also, as others have pointed out, Guix might fit the bill depending on your needs.
Thx, I will check out Guix. Seems a very interesting distro π₯
It really does, I need to check it out sometime!
If you like NixOS for its packages, you can install a Systemd free OS, and then add Nix package manager. For example Nix-bin is packaged for Debian and the Systemd free Devuan : https://pkginfo.devuan.org/cgi-bin/policy-query.html?c=package&q=nix-bin&x=submit Here is a very old howto for Void Linux, but maybe still works : https://voidlinux.org/news/2014/01/Using-the-Nix-package-manager.html
Log files are "bloat"? Yeesh...
GNU Guix?
GNU Guix, definitely going to check out! I think also most of the packages I have are foss, for non-foss I have flatpak anyway π€π
Does Void linux come with a way to handle systemd service files? I'm curious how people do it when so many packages require a daemon running.
For daemons, its simply symlinking the services in the 'sv' folder to the var/services, it should be running after that.
Not sure how compatibility with systemd apps work on other inits but for what I know the packages that are shipped focus on specifically the init system that you are running (from whatever repo you use to install on the distro, for example artix has other inits besides runit).
Edit: Also you have the 'sv' command on runit that acts exactly like systemctl. You can stop, start and all that stuff
You need to take a look at Artix Linux first before considering this. They offer four different init systems, including runit, s6, dinit, and openrc. The Artix devs have done a lot of work creating service scripts that interact with many common packages. They also have done integrated eudev and have created an elogind alternative called seatd in a push to remove systemd from their distro.
I'm not on NixOS (I use Artix with runit), but imho if you're going to take on creating another systemd-less distro, Artix is the one to take inspiration from. They simply have done it better than the others (Devuan, Void) imho.
I personally would be interested in seeing a NixOS fork without systemd, solely because it sounds intriguing. But I'll admit it sounds like it would be a pain to maintain.
I'm going to move to Void Linux soon as well! I'm very excited.
But I did saw this simple ln -s (symlink) between the /etc/sv folder and /var/services. But who is maintaining / creating those runit files? The Void community? What if something is indeed missing?
Its just a way to setup the daemons to start every time you boot, I don't think there is really a maintenance of sorts is just replacing systemctl with sv.
Edit: Works well, I don't think you should worry about it, probably there is a deeper explanation on the void linux docs
It's called guix.