Luke Kenneth Casson Leighton lkcl@lkcl.net writes:
if systemd is so bloated and all-encompassing that it in effect demands *all* privileges (it doesn't, but you know what i mean), it utterly defeats the object of having the security system in the first place.
This appears to be another instance of you conflating the init process with the project, but perhaps I'm misunderstanding you.
Are you claiming that systemd (the init) uses forks where sysvinit uses execs?
Surely in order to use exec as an init, one must first fork in order to avoid no longer having an init process, so what exactly are you trying to say here? Does systemd fork all its subordinate processes?
A very quick glance at the source reveals this:
http://sources.debian.net/src/systemd/232-18/CODING_STYLE/?hl=342#L342
which suggests that they are at least generally intending to avoid what you're talking about.
Perhaps you can cite some examples where they've failed in that quest.
Cheers, Phil.