Systemd Introduces "Portable Services" Functionality, Similar To Containers
Lennart is at it again, making complicated things that nobody asked for.
The past several months Lennart Poettering has been working on a "portable services" concept and that big ticket new feature has now landed in Systemd. Portable services are akin to containers but different.
[...] A portable service is ultimately just an OS tree, either inside of a directory tree, or inside a raw disk image containing a Linux file system. This tree is called the "image". It can be "attached" or "detached" from the system. When "attached" specific systemd units from the image are made available on the host system, then behaving pretty much exactly like locally installed system services. When "detached" these units are removed again from the host, leaving no artifacts around (except maybe messages they might have logged).
[...] The primary focus use-case of "portable services" is to extend the host system with encapsulated extensions, but provide almost full integration with the rest of the system, though possibly restricted by effective security knobs. This focus includes system extensions otherwise sometimes called "super-privileged containers".
(Score: 3, Insightful) by Anonymous Coward on Wednesday May 30 2018, @02:03AM (5 children)
So glad that there are now a good number of non-systemd distros to choose from.
(Score: 3, Insightful) by moondrake on Wednesday May 30 2018, @02:27PM (4 children)
are there really?
I would like to have a bleeding edge distro, preferably a rolling release, and packages (either in distro or via 3rd party repos) most obscure things that are out there.
I would think maybe gentoo, but I hear not that much positive about it recently (and i prefer I can install a package, rather than compile it, otherwise i would not want a distro where nearly everything is available as package already).
Apart from arch, ubuntu, fedora and OpenSuse, I have not tried many distros. Does something exist similar to these but without systemd?
(Score: 1, Informative) by Anonymous Coward on Wednesday May 30 2018, @02:38PM (1 child)
Try Void Linux. Azuma Hazuki did a review in her journal [soylentnews.org]. Void Linux arm64 also seems to work great on a Raspberry Pi; I found Void on Distrowatch looking for an arm64 non-systemd distro. I used it for about a week until I felt brave enough to give an arm64 Gentoo install a try (only arm32 is/was well supported on Gentoo).
(Score: 1) by Deeo Kain on Thursday May 31 2018, @03:13PM
Are you aware of this about Void Linux?
https://www.theregister.co.uk/2018/05/16/contributing_to_keep_small_linux_alive/ [theregister.co.uk]
(Score: 2) by DarkMorph on Wednesday May 30 2018, @10:53PM (1 child)
Personally, given how powerful personal computers' CPUs have become, I can say the number of packages I actually have a problem with spontaneously compiling on a whim due to their compile times, I can count on one hand.
And I think it's worth noting that the distros that do not supply systemd by default (or at all) often supply the choice of init system. Which is how it should be, by all distros. It would be far more acceptable, I'm sure, had distros such as Debian simply maintained the option of switching the init system rather than forcing just the one.
(Score: 0) by Anonymous Coward on Thursday May 31 2018, @06:21PM
> It would be far more acceptable, I'm sure, had distros such as Debian simply maintained the option of switching the init system rather than forcing just the one.
One can just install sysvinit in Debian if wanted.
(Score: 1, Informative) by Anonymous Coward on Wednesday May 30 2018, @02:04AM (2 children)
So, is it making Linux a microkernel system yet?
(Score: 4, Informative) by DannyB on Wednesday May 30 2018, @01:54PM (1 child)
Um . . . No.
Next is moving the bootloader and the kernel inside systemd.
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.
(Score: 1, Interesting) by Anonymous Coward on Wednesday May 30 2018, @07:18PM
Bootloader is already there, if you enjoy using UEFI.
The kernel will happen once Torvalds decides to retire and hands the keys over to GregKH, as the latter is a close buddy of Sievers and Poettering (the clowns running the systemd show).
(Score: 5, Funny) by Anonymous Coward on Wednesday May 30 2018, @02:13AM (4 children)
Unemployment must be really low if nobody has yet managed to hire a hitman.
(Score: 5, Insightful) by Bot on Wednesday May 30 2018, @08:53AM (3 children)
There is no point in terminating Lennart, someone else will take its place. The scandal is not that a rockstar dev tackles problems outside his domain and ends up with an inefficient and cryptodocumented mess that obsoletes gigabytes of perfectly fine Linux documents and functionality. The scandal is that RedHat and Debian and Arch decided that change for the sake of change was good. This is the ugly duopoly of hardware makers and software guys making a comeback to windowsify linux.
Personally I have been using linux when you couldn't even open a .doc... I am not scared to use mx, refracta, devuan, obarun, gentoo, void...
Account abandoned.
(Score: 3, Funny) by DannyB on Wednesday May 30 2018, @01:55PM (2 children)
Funny that the name Microsoft is strangely left out of this discussion.
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.
(Score: 2) by Runaway1956 on Wednesday May 30 2018, @02:53PM (1 child)
Not really. This discussion involves operating systems for computers, not operating systems for sheeple.
(Score: 2) by DannyB on Wednesday May 30 2018, @03:36PM
It is really. This involves who would be motivated to introduce systemd into Linux and get all the big commercial distributions to use it.
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.
(Score: 5, Insightful) by Runaway1956 on Wednesday May 30 2018, @02:34AM (15 children)
System administrators generally want as few services running as possible. Each and every service offers a surface, that can be exploited. It doesn't matter if there is an exploit in the wild, the surface is still there. So, Puttering Poettering has just created a way to attach unwanted services to a running system? Isn't THAT just wonderful!! Now, any system running SystemD can have services attached, at any time. Just what we all needed.
"Sir, we've just been pwned through an Apache exploit."
"But, we've never installed Apache!"
"Sir, someone installed Apache, configured it, and exploited it. Our asses belong to this anonymous bastard!"
I've been on the fence about SystemD all this time. Since I'm the kind of guy who turns services OFF even when they are bog standard on every system, I'll be looking into other distros. As an old distro hopper, I've been interested in VOID. The write ups sound interesting.
(Score: 4, Insightful) by darkfeline on Wednesday May 30 2018, @03:22AM (11 children)
If an attacker has root access, they don't need systemd to run whatever service they want.
"Sir, we've just been pwned through an Apache exploit."
"But, we've never installed Apache!"
"Sir, someone installed Apache, configured it, and exploited it. Our asses belong to this anonymous bastard!"
"But we're not using systemd!"
"Sir, anyone can run whatever code they want when they get root. You don't need systemd to install Apache as root."
In fact, trying to use this to deploy a malicious service is pointless, since this sandboxes said service in a full jail. Why would an attacker run his script in a sandbox when he can just run it directly on the machine? It would make it harder to hide, too, what with systemd's forward secure sealed logs. The last thing you'd want to do is log your attack script's behavior in cryptographically secure signed logs.
Join the SDF Public Access UNIX System today!
(Score: 5, Insightful) by Arik on Wednesday May 30 2018, @03:45AM (6 children)
Not at all, that's perfect. All I have to do is get systemd to crash and corrupt the log files, and since they are "cryptographically secure" binaries instead of text files, you won't even be able to partially recover them.
If laughter is the best medicine, who are the best doctors?
(Score: 1, Flamebait) by darkfeline on Wednesday May 30 2018, @05:59PM (5 children)
I'm sure you can provide a reproducible example of such an issue, since you're not all just talk. Ignoring the fact that the logs are signed, not encrypted, the fact that the logs are just plain text with metadata and not full on binaries like uninformed haters proclaim, and the fact that the raw logs can be extracted without the metadata with the standard strings commands, and the fact that it's trivial to flood syslog and wipe out traces of suspicious activity (you don't even have to be root!), and... Actually, that's too many facts for SN, sorry.
Join the SDF Public Access UNIX System today!
(Score: 4, Informative) by Arik on Wednesday May 30 2018, @08:20PM (4 children)
Where have you been the last few years?
Hit the search engine(s) of your choice and look for systemd log corruption. This sort of problem has been reported repeatedly for years, discussed on this very site several times.
https://www.freedesktop.org/wiki/Software/systemd/journal-files/ [freedesktop.org]
That's sort-of the official documentation for the thing. We'll come back to the sort of in a moment, but notice THE VERY FIRST PARAGRAPH here.
(Emphasis in the original.)
Ok, on to how this only sort-of the official documentation. Still right at the top of the document.
Yeah, no, I didn't make that up, just hit the link. They claim codebase infallibility. It is impossible, by definition, for Poettering to make an error when he is in the coders chair. He can't violate the spec, because as soon as he hits commit his words ARE the spec!
Anyway don't believe me, search for it, as I say many people have reported corruption problems and been told there is no way to recover. The workaround is to simultaneously export to plain text, just in case, but even once configured that workaround seems to have serious issues as well. This has been an ongoing issue for years and if you spend a little time looking you'll find some astonishing responses.
If laughter is the best medicine, who are the best doctors?
(Score: 1, Flamebait) by darkfeline on Thursday May 31 2018, @05:49PM (3 children)
So what? All you're telling me is that journal corruption happens (I never claimed that it didn't; if filesystem corruption can happen, which it can, then by definition journal corruption can happen), and that the authoritative description of the format is in the code. This addresses roughly zero of the points that I brought up. Well done.
Also, anecdotal evidence isn't very valuable, Here's another data point: I have never experienced systemd journal corruption, and many others also have not. If you can reliably induce it, by all means enlighten us.
Join the SDF Public Access UNIX System today!
(Score: 3, Informative) by Arik on Friday June 01 2018, @01:16AM (2 children)
When you have a normal case of log corruption, you can typically recover 90%+ of the data. It doesn't require any special tools, and a clever teenager can figure it out with no help (I know because back when I was one I did.)
When you have a corrupted binary file in a format which doesn't even have truly authoritative documentation outside of the source code, it's a very, very different situation. Recovering those files is still theoretically possible, of course, but it could not be done on any reasonable timescale without special tools. Tools which don't exist, and which will very likely never exist. The systemd authors refuse to even admit there's a problem, and who else is going to try to write a low-level utility for a format that doesn't even allow proper documentation and will probably change with every release?
It sounds like you've ignored my repeated pleas to take a few minutes and search this for yourself. As I said, there have been some quite startling replies to people who *have* experienced the issue.
And reliably inducing? C'mon, you've got root on a box and you can't figure out a way to corrupt the bit of the log that you're going to be in? Really?
If laughter is the best medicine, who are the best doctors?
(Score: 1, Troll) by darkfeline on Friday June 01 2018, @10:15PM (1 child)
Special tools like the POSIX standard strings and grep commands, and reasonable timescales like half a second? You failed to read my original post which specifically addressed this point and made yourself look like the ignorant systemd hater strawman that I described. I mentioned explicitly that the log files are mostly text with some binary metadata.
Yes, there are a lot of anecdotal cases, just like there are a lot of anecdotal cases of people corrupting perfectly stable file systems. It's hard to distinguish PEBCAK from actual bugs in these cases. The standard way of doing so is demonstrating the issue reproducibly.
So you're saying that having root lets you destroy the logs? Is that supposed to be a criticism of systemd? Here's what a real criticism looks like: syslog allows any user, or anyone on the same network if using the networked UDP protocol, to destroy logs emitted by system services.
Join the SDF Public Access UNIX System today!
(Score: 3, Informative) by Arik on Friday June 01 2018, @10:35PM
No, you failed to read my rebuttal which destroyed your spurious point.
https://www.freedesktop.org/wiki/Software/systemd/journal-files/ [freedesktop.org]
"Note that this document describes the binary on-disk format of journals only. "
You're talking about JEF. I mentioned that as well.
I'm getting tired of trying to carry on a conversation with someone that for whatever reason doesn't bother to read my points and just keeps repeating misinformation.
If laughter is the best medicine, who are the best doctors?
(Score: 0) by Anonymous Coward on Wednesday May 30 2018, @04:14AM
Read the article, no "full sandbox"
(Score: 4, Insightful) by Anonymous Coward on Wednesday May 30 2018, @07:11AM (1 child)
Systemd has root.
It also has a dbus interface where an unprivileged process can request all kinds of privileged stuff.
One bug in this code, or one line written by someone who doesn't understands security (such as that Lennart guy) or one line of code from a projects that thinks failure is a misspelling of feature (such as the systemd project), and you have the perfect recipe for disaster.
(Score: 1, Troll) by darkfeline on Wednesday May 30 2018, @06:07PM
And all other service managers also run as root (Upstart, initscripts, rc, etc.). Clearly some sacrifices have to be made for a practical system.
Personally, I trust a well-defined and type safe RPC API such as D-Bus more than a grab bag of shell scripts that traditional service managers rely on. It's much easier to accidentally (or "accidentally") drop half your system with a single typo in a shell script than with a typed schema RPC.
Less code is not necessarily safer. I would trust 100k lines of C over 10k lines of assembly, since it's much more feasible to audit the former than the later. Adding layers of abstraction (such as D-Bus) enables you to audit each layer independent of the others.
Join the SDF Public Access UNIX System today!
(Score: 0) by Anonymous Coward on Wednesday May 30 2018, @01:02PM
So what is the point in installing apache if you already pawned the host?. I agree that not necessarily systemd is the one to blame for the exploit, but installing compromisable software that never been installed in the host, doesn't makes any sense, even more if you want to stay low or unnoticed.
(Score: 5, Insightful) by Thexalon on Wednesday May 30 2018, @03:40AM
Slackware is still chugging along as one of the distros that never got excited about systemd in the first place.
I encountered a guy in uni who had the same problem Lennart seems to have: He wanted to completely revamp a system for basically no reason, and we let him do it, but in the end he couldn't actually build what he said he was going to nor could he explain why what he wanted was better than what the rest of us had built that was working just fine. The vision might be there, but it's so handwavy that nobody else can take up the work for him, nor can anybody check his work to see whether what he's trying to do makes the slightest bit of sense.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 2) by DannyB on Wednesday May 30 2018, @02:07PM
You are really saying this is about services.
Not Portable Services.
But Potterable Services.
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.
(Score: 2) by digitalaudiorock on Wednesday May 30 2018, @10:51PM
I agree and would take it one step further. Before any of this systemd itself meant a PID 1 (by many accounts larger than the kernel itself) full of crap that's never needed on any server in the first place. Those have all been unnecessary attack surfaces from the dawn of that cluster fuck. If that sounds familiar it should because it's Windows.
I use nothing but Linux and my companies product it delivered on Linux, and all of the above are happily systemd free now and forever.
(Score: 5, Informative) by Anonymous Coward on Wednesday May 30 2018, @02:51AM (3 children)
Redhat pays the clown's salary.
(Score: 1, Insightful) by Anonymous Coward on Wednesday May 30 2018, @01:16PM
Also pays for many other developments that surely your distro benefits from. The best way to boytcott lennart, could be find bad design and bad code and provide exploits that evidences he neglects security constantly..
(Score: 2) by DannyB on Wednesday May 30 2018, @01:58PM (1 child)
Lettuce consider for a moment that Microsoft may ultimately be paying for this. Or at least laughing themselves silly.
Systemd still does not contain:
* Intel Management Engine
* the bootloader
* the kernel
* Pluggable filesystem implementation, making this feature unnecessary in the kernel
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.
(Score: 1) by Ingar on Wednesday May 30 2018, @06:04PM
Systemd still does not contain:
* the bootloader
systemd-boot has been around for a while. I have been forced to use it since grub wouldn't boot from my M.2 drive. It automaticly added an entry for my Windows installation. Then I added one manually, and mine actually boots faster.
(Score: 3, Interesting) by TheGratefulNet on Wednesday May 30 2018, @02:57AM (10 children)
I did not read the article. don't plan to, either ;)
anyone know what the use-case is, or can argue in favor of this?
I always like to know the specifics of what motivated some feature. the summary does not touch on this.
if there's a good reason that we just never saw a clean solution to, before, fine; but I kind of doubt that he discovered some new technique that we just can't live without, from now on.
"It is now safe to switch off your computer."
(Score: 0) by Anonymous Coward on Wednesday May 30 2018, @03:20AM (3 children)
Smells like Poetterings lame assed answer to chroot.
Redhat needs to fire this fool. He's done enough damage.
(Score: 2) by Azuma Hazuki on Wednesday May 30 2018, @06:07AM
> Implying this isn't precisely what he was hired to do in the first place.
I am "that girl" your mother warned you about...
(Score: 3, Interesting) by DannyB on Wednesday May 30 2018, @02:01PM (1 child)
Red Hat is paying this guy to create new business opportunities for Red Hat to sell expert support for those unable to maintain the staff to keep their Linux systems running properly.
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.
(Score: 0) by Anonymous Coward on Thursday May 31 2018, @09:05PM
Exactly! Open source companies have no incentive to make the software work flawlessly or in a non-confusing manner.
(Score: 2) by Arik on Wednesday May 30 2018, @03:41AM (5 children)
If laughter is the best medicine, who are the best doctors?
(Score: 5, Interesting) by Anonymous Coward on Wednesday May 30 2018, @04:12AM (1 child)
Close but not quite there. Lennart works for Red Hat. Red Hat doesn't really sell hardware, they sell services and support. In this case, I think it is actually a push by Red Hat to help with adding another wrinkle that needs support and training, while simultaneously helping with OpenStack and OpenShift.
(Score: 5, Funny) by kazzie on Wednesday May 30 2018, @10:00AM
I think you accidentally put an 'f' in there.
(Score: 2) by DannyB on Wednesday May 30 2018, @02:03PM (2 children)
It will sell new support contracts for Red Hat.
If Red Hat is the only company that can keep your Linux systems reliably running, then you'll buy per-CPU Red Hat support contracts. Microsoft and Darl McBride will laugh at the fact that Linux has come to be exactly what they wanted it to be. A non-free, paid per CPU business. Thus largely putting an end to this silly "free" software that anyone can manage to set up and keep running.
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.
(Score: 0) by Anonymous Coward on Wednesday May 30 2018, @08:24PM (1 child)
RH is also getting increasing attention from the military-industrial complex.
And if there is one thing the MIC loves, it is over-engineered boondoggles.
(Score: 2) by DannyB on Wednesday May 30 2018, @09:32PM
Interesting. As a Java developer I can say that the Military would LOVE Java.
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.
(Score: 5, Insightful) by jmorris on Wednesday May 30 2018, @04:10AM
If anyone is actually reading his blog posts, this was foretold long ago. The goal is to eventually virtualize almost everything and most every distro imaginable under one master slim OS. It was his long term solution to solving a problem he is helping create. As Linux based systems churn ever faster more and more packages break with each Fedora release, if it hasn't yet it soon will reach a point where more packages break per release than there are volunteer resources to fix them. So facing this doom, did he intend to scale back the breakneck pace of binding everyone to needing a RHEL contract to manage the rate of change? Of course not! If package X runs on Fedora Y or Ubuntu Z, keep that in a container and run that application in that context. And if eventually whole desktops are running on a five year old virtualized distro, so what? Security flaws you say? Feh, hasn't stopped appliances and containers yet, why consider it now? Got important "innovation" to crank out, if this keeps the damned apps who can't bother to read the blogs and keep up running, so be it!
(Score: 2) by MichaelDavidCrawford on Wednesday May 30 2018, @06:23AM (4 children)
In what way is that akin to but different from "Embrace and extend"?
Yes I Have No Bananas. [gofundme.com]
(Score: 5, Funny) by Bot on Wednesday May 30 2018, @08:58AM (1 child)
Systemd extends linux like a steamroller extends the guy fallen under it.
Account abandoned.
(Score: 4, Funny) by DannyB on Wednesday May 30 2018, @02:05PM
Microsoft Loves Linux
Sharks Love Fish
Foxes Love Chickens
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.
(Score: 2) by choose another one on Wednesday May 30 2018, @09:21AM
"akin to" in that externally perceived behaviour is indistinguishable
"different from" in that it can't be the same because these are the good guys and those are the bad guys, completely different DNA, just can't tell which is which anymore
...looked from pig to man, and from man to pig, and from pig to man again; but already it was impossible to say which was which
(Score: 2) by DannyB on Wednesday May 30 2018, @02:04PM
I can assure you that Extinguish is quite different from those first two.
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.