Ive been runing Debian 12 (kde) since bookworm was released and am loving it.

I have recently discovered Devuan which seems to be Debian without systemd - what is the benefit of removing this init system?

  • Ew0@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    11
    arrow-down
    19
    ·
    edit-2
    1 year ago

    Not to mention runit is a few thousand lines of code, systemd is 1.5 million plus. From a theoretical standpoint it’s an extra massive attack surface.

    • Tobias Hunger@programming.dev
      link
      fedilink
      arrow-up
      14
      arrow-down
      4
      ·
      1 year ago

      That comparison is bad on several levels:

      First off, systemd-the-repo does contain way more than an init system. But yes, I am pretty sure systemd-the-init is slightly bigger than runit.

      Secondly: Systemd-init does set up some useful linux kernel features for the processes it manages in an easy and consistent way. That’s why other services started to depend on systemd-the-init by the way: Systemd does linux-specific things developers find so useful that they prefer adding a dependency on systemd over not having the functionality.

      Runit does not support any linux kernel specific features at all to stay portable to other unixes. Other alternative inits made the same design choice.

      Thirdly: The overall attack surface of the system without systemd is bigger than a typical systemd system. That’s because so much code run by the init system is way more locked down as systemd provides easy ways to lock down services in a cross-distribution way. Note that the lockdown functionality is 100% linux kernel features, so it involves little code in the init itself. Users of other inits can of course add the same lockdown features as service-specific startup code into the init scripts. We saw how well that works across distributions with sysv-init…

      Finally lots of security features implemented outside systemd-the-init require a systemd system as they need the lockdown features offered by the systemd-init. One example is systemd-logind: That depends on systemd-init to be secure where the pre-systemd attempts all failed to archive that goal. Logind makes sure only the user sitting at a screen/keyboard can actually interact with the device interfaces of the kernel device files managing that hardware, so no other user but you can see ehat you type and take screenshots of your screen. Contrast that to devuans approach: Add all users allowed to start the UI to a group and make the devices controllable by that group. Much simpler, KISS and the Unix way… but it also allowes all users on the system that ssh into the machine somebody sits on can log what other users can type. Apparently that is not a problem, since no system ever will have more than one user in the age of personal laptops and desktops. That seriously isvtheir answer… and they even rejected to maintain the ubuntu-before-systemd logind replacement when canonical asked them, because such functionality is not needed im Devuan.

      • Ew0@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        1 year ago

        Runit is brilliantly simple, and as the old granite maul examine text says, “simplicity is the best weapon”.

        I’m sorry, you won’t be able to convince me to use it, it doesn’t feel KISS (I left Arch when they swapped). Fuck binary logs too. The only place I use it is on my phone which is SailfishOS.

        Void to me is what Arch used to be – I tend to use minimal replacements where I can, e.g. Openntpd as ntp, socklog as logger, seatd as logind, zfsbootmenu instead of systemd-boot, no polkit et cetera.

        it’s the closest usable distro for me to cut most of the poetteringware out apart from messing around with Gentoo (which I can’t be arsed with any more). I am not a fan.

        Like or dislike systemd, be it convenient or not, you can’t deny it’s a behemoth.