Bug#727708: Quick upstart and systemd feature comparison

[Ansgar Burchardt <ansgar@debian.org>]

Ian Jackson <ijackson@chiark.greenend.org.uk> writes:
> Russ Allbery writes ("Bug#727708: Quick upstart and systemd feature comparison"):
>> * Lots of really interesting defense-in-depth security features.  I
>>   particularly liked ReadWriteDirectories, ReadOnlyDirectories,
>>   InaccessibleDirectories, PrivateNetwork, and NoNewPrivileges, which
>>   provide a sort of lightweight process containment that would be much
>>   easier to use than a full-blown chroot, and in some ways more powerful.
>
> I think that this functionality should be provided by "auxiliary verb"
> wrapper commands, not welded into init.

That has a number of problems:

 * Init can no longer switch to non-root as most of these features need
   higher privileges to setup. One would lose the User= and Group=
   settings.
 * We would be back at writing shell scripts for configuration:
   no-new-privileges private-network read-only-directory /etc -- some-daemon
 * One would have to change all options at once as there is just one
   command line to change. There is no way to say "just disable (enable)
   <x>" as one has with overriding specific entries from a .service file.
 * The order of invocations of the wrapper commands might matter and
   break things if done wrong. Not having to worry about this as init
   takes care of it removes one source of errors.

So I think having these features integrated into init rather than
wrapper commands is preferable.

Ansgar