Translate

Image of Modern Operating Systems (3rd Edition)
Image of Linux Kernel Development (3rd Edition)
Image of XSLT 2.0 and XPath 2.0 Programmer's Reference (Programmer to Programmer)
Image of RHCE Red Hat Certified Engineer Linux Study Guide (Exam RH302) (Certification Press)

My Thoughts on Systemd on RHEL7

From the earliest days of systemd, I have been opposed to the technology as far as it’s use on enterprise servers is concerned. Now that RHEL7 (Red Hat Enterprise Linux v7), which uses systemd instead of upstart, is starting to replace older versions of RHEL in enterprise and DOD environments, I thought I would revisit the issue.

My technical reasons for opposing systemd on servers are as follows:

  • There is no guarantee that services will be started in the same order each time a server is rebooted.
  • Logs are binary, non-transactional and in a different format than previously. This means that IA (Information Assurance) tools and systems that parse logs require modification. Furthermore, there are ongoing reports of instances of log corruption and systemd-journald using 100% CPU.
  • Lack of transparency. Instead of simple readable shell scripts, there are approximately a hundred binaries. This makes it quite different to quickly debug problems with systemd., especially edge cases that the systemd developers have not thought of or cared about.
  • The tight coupling between the dozens of systemd modules which, de facto, makes it difficult to modify or replace one module without modifying other modules to support non-standard use cases.
  • Increased potential attack surface and vectors due to numerous systemd components running with elevated privileges.
  • Many non-kernel updates now require require a system reboot.

Economically, the major work involved in migrating from a non-systemd operating system such as RHEL 6.5 to RHEL 7.2 which uses systemd version 219 for no discernable added advantage or increase in productivity is a misuse of scarce corporate or governmental resources. This is my fundamental reason for opposing systemd.

Quoting from Lennart Poettering’s blog Pid Eins:

Myth: systemd is complex.

There’s certainly some truth in that. Modern computers are complex beasts, and the OS running on it will hence have to be complex too. However, systemd is certainly not more complex than prior implementations of the same components. Much rather, it’s simpler, and has less redundancy (see above). Moreover, building a simple OS based on systemd will involve much fewer packages than a traditional Linux did. Fewer packages makes it easier to build your system, gets rid of interdependencies and of much of the different behaviour of every component involved.

Myth: systemd is bloated.

Well, bloated certainly has many different definitions. But in most definitions systemd is probably the opposite of bloat. Since systemd components share a common code base, they tend to share much more code for common code paths. Here’s an example: in a traditional Linux setup, sysvinit, start-stop-daemon, inetd, cron, dbus, all implemented a scheme to execute processes with various configuration options in a certain, hopefully clean environment. On systemd the code paths for all of this, for the configuration parsing, as well as the actual execution is shared. This means less code, less place for mistakes, less memory and cache pressure, and is thus a very good thing. And as a side-effect you actually get a ton more functionality for it.

Poettering’s claim that systemd is no more complex than upstart is frankly bogus. For example, here is a list of the startup-related files in a minimum install of CentOS 7.2:

/etc/X11/xorg.conf.d
/etc/X11/xorg.conf.d/00-keyboard.conf
/etc/binfmt.d
/etc/dbus-1/system.d/org.freedesktop.hostname1.conf
/etc/dbus-1/system.d/org.freedesktop.locale1.conf
/etc/dbus-1/system.d/org.freedesktop.login1.conf
/etc/dbus-1/system.d/org.freedesktop.machine1.conf
/etc/dbus-1/system.d/org.freedesktop.systemd1.conf
/etc/dbus-1/system.d/org.freedesktop.timedate1.conf
/etc/hostname
/etc/locale.conf
/etc/localtime
/etc/machine-id
/etc/machine-info
/etc/modules-load.d
/etc/pam.d/systemd-user
/etc/rc.d/init.d/README
/etc/rc.d/rc.local
/etc/rc.local
/etc/rsyslog.d/listen.conf
/etc/sysctl.d
/etc/systemd
/etc/systemd/bootchart.conf
/etc/systemd/coredump.conf
/etc/systemd/journald.conf
/etc/systemd/logind.conf
/etc/systemd/system
/etc/systemd/system.conf
/etc/systemd/system/runlevel2.target
/etc/systemd/system/runlevel3.target
/etc/systemd/system/runlevel4.target
/etc/systemd/system/runlevel5.target
/etc/systemd/user
/etc/systemd/user.conf
/etc/tmpfiles.d
/etc/udev
/etc/udev/hwdb.bin
/etc/udev/rules.d
/etc/udev/udev.conf
/etc/vconsole.conf
/etc/xdg/systemd
/etc/xdg/systemd/user
/etc/yum/protected.d/systemd.conf
/usr/bin/bootctl
/usr/bin/busctl
/usr/bin/coredumpctl
/usr/bin/hostnamectl
/usr/bin/journalctl
/usr/bin/kernel-install
/usr/bin/localectl
/usr/bin/loginctl
/usr/bin/machinectl
/usr/bin/systemctl
/usr/bin/systemd-analyze
/usr/bin/systemd-ask-password
/usr/bin/systemd-cat
/usr/bin/systemd-cgls
/usr/bin/systemd-cgtop
/usr/bin/systemd-coredumpctl
/usr/bin/systemd-delta
/usr/bin/systemd-detect-virt
/usr/bin/systemd-escape
/usr/bin/systemd-firstboot
/usr/bin/systemd-hwdb
/usr/bin/systemd-inhibit
/usr/bin/systemd-loginctl
/usr/bin/systemd-machine-id-setup
/usr/bin/systemd-notify
/usr/bin/systemd-nspawn
/usr/bin/systemd-path
/usr/bin/systemd-run
/usr/bin/systemd-stdio-bridge
/usr/bin/systemd-tmpfiles
/usr/bin/systemd-tty-ask-password-agent
/usr/bin/timedatectl
/usr/bin/udevadm
/usr/lib/binfmt.d
/usr/lib/kernel
/usr/lib/kernel/install.d
/usr/lib/kernel/install.d/50-depmod.install
/usr/lib/kernel/install.d/90-loaderentry.install
/usr/lib/modules-load.d
/usr/lib/rpm/macros.d/macros.systemd
/usr/lib/sysctl.d
/usr/lib/sysctl.d/50-default.conf
/usr/lib/systemd
/usr/lib/systemd/catalog
/usr/lib/systemd/catalog/systemd.catalog
/usr/lib/systemd/catalog/systemd.fr.catalog
/usr/lib/systemd/catalog/systemd.it.catalog
/usr/lib/systemd/catalog/systemd.pl.catalog
/usr/lib/systemd/catalog/systemd.pt_BR.catalog
/usr/lib/systemd/catalog/systemd.ru.catalog
/usr/lib/systemd/ntp-units.d
/usr/lib/systemd/system
/usr/lib/systemd/system-generators
/usr/lib/systemd/system-generators/systemd-cryptsetup-generator
/usr/lib/systemd/system-generators/systemd-debug-generator
/usr/lib/systemd/system-generators/systemd-efi-boot-generator
/usr/lib/systemd/system-generators/systemd-fstab-generator
/usr/lib/systemd/system-generators/systemd-getty-generator
/usr/lib/systemd/system-generators/systemd-hibernate-resume-generator
/usr/lib/systemd/system-generators/systemd-rc-local-generator
/usr/lib/systemd/system-generators/systemd-system-update-generator
/usr/lib/systemd/system-generators/systemd-sysv-generator
/usr/lib/systemd/system-preset
/usr/lib/systemd/system-preset/90-systemd.preset
/usr/lib/systemd/system-preset/99-default-disable.preset
/usr/lib/systemd/system-shutdown
/usr/lib/systemd/system-sleep
/usr/lib/systemd/system/-.slice
/usr/lib/systemd/system/autovt@.service
/usr/lib/systemd/system/basic.target
/usr/lib/systemd/system/basic.target.wants
/usr/lib/systemd/system/bluetooth.target
/usr/lib/systemd/system/console-getty.service
/usr/lib/systemd/system/console-shell.service
/usr/lib/systemd/system/container-getty@.service
/usr/lib/systemd/system/cryptsetup-pre.target
/usr/lib/systemd/system/cryptsetup.target
/usr/lib/systemd/system/ctrl-alt-del.target
/usr/lib/systemd/system/dbus-org.freedesktop.hostname1.service
/usr/lib/systemd/system/dbus-org.freedesktop.locale1.service
/usr/lib/systemd/system/dbus-org.freedesktop.login1.service
/usr/lib/systemd/system/dbus-org.freedesktop.machine1.service
/usr/lib/systemd/system/dbus-org.freedesktop.network1.service
/usr/lib/systemd/system/dbus-org.freedesktop.timedate1.service
/usr/lib/systemd/system/dbus.target.wants
/usr/lib/systemd/system/debug-shell.service
/usr/lib/systemd/system/default.target
/usr/lib/systemd/system/default.target.wants
/usr/lib/systemd/system/dev-hugepages.mount
/usr/lib/systemd/system/dev-mqueue.mount
/usr/lib/systemd/system/emergency.service
/usr/lib/systemd/system/emergency.target
/usr/lib/systemd/system/final.target
/usr/lib/systemd/system/getty.target
/usr/lib/systemd/system/getty@.service
/usr/lib/systemd/system/graphical.target
/usr/lib/systemd/system/graphical.target.wants
/usr/lib/systemd/system/graphical.target.wants/systemd-update-utmp-runlevel.service
/usr/lib/systemd/system/halt-local.service
/usr/lib/systemd/system/halt.target
/usr/lib/systemd/system/hibernate.target
/usr/lib/systemd/system/hybrid-sleep.target
/usr/lib/systemd/system/initrd-cleanup.service
/usr/lib/systemd/system/initrd-fs.target
/usr/lib/systemd/system/initrd-parse-etc.service
/usr/lib/systemd/system/initrd-root-fs.target
/usr/lib/systemd/system/initrd-switch-root.service
/usr/lib/systemd/system/initrd-switch-root.target
/usr/lib/systemd/system/initrd-udevadm-cleanup-db.service
/usr/lib/systemd/system/initrd.target
/usr/lib/systemd/system/kexec.target
/usr/lib/systemd/system/kmod-static-nodes.service
/usr/lib/systemd/system/ldconfig.service
/usr/lib/systemd/system/local-fs-pre.target
/usr/lib/systemd/system/local-fs.target
/usr/lib/systemd/system/local-fs.target.wants
/usr/lib/systemd/system/local-fs.target.wants/systemd-remount-fs.service
/usr/lib/systemd/system/machine.slice
/usr/lib/systemd/system/machines.target
/usr/lib/systemd/system/multi-user.target
/usr/lib/systemd/system/multi-user.target.wants
/usr/lib/systemd/system/multi-user.target.wants/getty.target
/usr/lib/systemd/system/multi-user.target.wants/systemd-ask-password-wall.path
/usr/lib/systemd/system/multi-user.target.wants/systemd-logind.service
/usr/lib/systemd/system/multi-user.target.wants/systemd-update-utmp-runlevel.service
/usr/lib/systemd/system/multi-user.target.wants/systemd-user-sessions.service
/usr/lib/systemd/system/network-online.target
/usr/lib/systemd/system/network-pre.target
/usr/lib/systemd/system/network.target
/usr/lib/systemd/system/nss-lookup.target
/usr/lib/systemd/system/nss-user-lookup.target
/usr/lib/systemd/system/paths.target
/usr/lib/systemd/system/poweroff.target
/usr/lib/systemd/system/poweroff.target.wants
/usr/lib/systemd/system/poweroff.target.wants/systemd-update-utmp-runlevel.service
/usr/lib/systemd/system/printer.target
/usr/lib/systemd/system/proc-sys-fs-binfmt_misc.automount
/usr/lib/systemd/system/proc-sys-fs-binfmt_misc.mount
/usr/lib/systemd/system/quotaon.service
/usr/lib/systemd/system/rc-local.service
/usr/lib/systemd/system/reboot.target
/usr/lib/systemd/system/reboot.target.wants
/usr/lib/systemd/system/reboot.target.wants/systemd-update-utmp-runlevel.service
/usr/lib/systemd/system/remote-fs-pre.target
/usr/lib/systemd/system/remote-fs.target
/usr/lib/systemd/system/rescue.service
/usr/lib/systemd/system/rescue.target
/usr/lib/systemd/system/rescue.target.wants
/usr/lib/systemd/system/rescue.target.wants/systemd-update-utmp-runlevel.service
/usr/lib/systemd/system/rpcbind.target
/usr/lib/systemd/system/runlevel0.target
/usr/lib/systemd/system/runlevel1.target
/usr/lib/systemd/system/runlevel1.target.wants
/usr/lib/systemd/system/runlevel1.target.wants/systemd-update-utmp-runlevel.service
/usr/lib/systemd/system/runlevel2.target
/usr/lib/systemd/system/runlevel2.target.wants
/usr/lib/systemd/system/runlevel2.target.wants/systemd-update-utmp-runlevel.service
/usr/lib/systemd/system/runlevel3.target
/usr/lib/systemd/system/runlevel3.target.wants
/usr/lib/systemd/system/runlevel3.target.wants/systemd-update-utmp-runlevel.service
/usr/lib/systemd/system/runlevel4.target
/usr/lib/systemd/system/runlevel4.target.wants
/usr/lib/systemd/system/runlevel4.target.wants/systemd-update-utmp-runlevel.service
/usr/lib/systemd/system/runlevel5.target
/usr/lib/systemd/system/runlevel5.target.wants
/usr/lib/systemd/system/runlevel5.target.wants/systemd-update-utmp-runlevel.service
/usr/lib/systemd/system/runlevel6.target
/usr/lib/systemd/system/serial-getty@.service
/usr/lib/systemd/system/shutdown.target
/usr/lib/systemd/system/sigpwr.target
/usr/lib/systemd/system/sleep.target
/usr/lib/systemd/system/slices.target
/usr/lib/systemd/system/smartcard.target
/usr/lib/systemd/system/sockets.target
/usr/lib/systemd/system/sockets.target.wants
/usr/lib/systemd/system/sockets.target.wants/systemd-initctl.socket
/usr/lib/systemd/system/sockets.target.wants/systemd-journald.socket
/usr/lib/systemd/system/sockets.target.wants/systemd-shutdownd.socket
/usr/lib/systemd/system/sockets.target.wants/systemd-udevd-control.socket
/usr/lib/systemd/system/sockets.target.wants/systemd-udevd-kernel.socket
/usr/lib/systemd/system/sound.target
/usr/lib/systemd/system/suspend.target
/usr/lib/systemd/system/swap.target
/usr/lib/systemd/system/sys-fs-fuse-connections.mount
/usr/lib/systemd/system/sys-kernel-config.mount
/usr/lib/systemd/system/sys-kernel-debug.mount
/usr/lib/systemd/system/sysinit.target
/usr/lib/systemd/system/sysinit.target.wants
/usr/lib/systemd/system/sysinit.target.wants/cryptsetup.target
/usr/lib/systemd/system/sysinit.target.wants/dev-hugepages.mount
/usr/lib/systemd/system/sysinit.target.wants/dev-mqueue.mount
/usr/lib/systemd/system/sysinit.target.wants/kmod-static-nodes.service
/usr/lib/systemd/system/sysinit.target.wants/ldconfig.service
/usr/lib/systemd/system/sysinit.target.wants/proc-sys-fs-binfmt_misc.automount
/usr/lib/systemd/system/sysinit.target.wants/sys-fs-fuse-connections.mount
/usr/lib/systemd/system/sysinit.target.wants/sys-kernel-config.mount
/usr/lib/systemd/system/sysinit.target.wants/sys-kernel-debug.mount
/usr/lib/systemd/system/sysinit.target.wants/systemd-ask-password-console.path
/usr/lib/systemd/system/sysinit.target.wants/systemd-binfmt.service
/usr/lib/systemd/system/sysinit.target.wants/systemd-firstboot.service
/usr/lib/systemd/system/sysinit.target.wants/systemd-hwdb-update.service
/usr/lib/systemd/system/sysinit.target.wants/systemd-journal-catalog-update.service
/usr/lib/systemd/system/sysinit.target.wants/systemd-journal-flush.service
/usr/lib/systemd/system/sysinit.target.wants/systemd-journald.service
/usr/lib/systemd/system/sysinit.target.wants/systemd-machine-id-commit.service
/usr/lib/systemd/system/sysinit.target.wants/systemd-modules-load.service
/usr/lib/systemd/system/sysinit.target.wants/systemd-random-seed.service
/usr/lib/systemd/system/sysinit.target.wants/systemd-sysctl.service
/usr/lib/systemd/system/sysinit.target.wants/systemd-tmpfiles-setup-dev.service
/usr/lib/systemd/system/sysinit.target.wants/systemd-tmpfiles-setup.service
/usr/lib/systemd/system/sysinit.target.wants/systemd-udev-trigger.service
/usr/lib/systemd/system/sysinit.target.wants/systemd-udevd.service
/usr/lib/systemd/system/sysinit.target.wants/systemd-update-done.service
/usr/lib/systemd/system/sysinit.target.wants/systemd-update-utmp.service
/usr/lib/systemd/system/sysinit.target.wants/systemd-vconsole-setup.service
/usr/lib/systemd/system/syslog.socket
/usr/lib/systemd/system/syslog.target.wants
/usr/lib/systemd/system/system-update.target
/usr/lib/systemd/system/system.slice
/usr/lib/systemd/system/systemd-ask-password-console.path
/usr/lib/systemd/system/systemd-ask-password-console.service
/usr/lib/systemd/system/systemd-ask-password-wall.path
/usr/lib/systemd/system/systemd-ask-password-wall.service
/usr/lib/systemd/system/systemd-backlight@.service
/usr/lib/systemd/system/systemd-binfmt.service
/usr/lib/systemd/system/systemd-bootchart.service
/usr/lib/systemd/system/systemd-firstboot.service
/usr/lib/systemd/system/systemd-fsck-root.service
/usr/lib/systemd/system/systemd-fsck@.service
/usr/lib/systemd/system/systemd-halt.service
/usr/lib/systemd/system/systemd-hibernate-resume@.service
/usr/lib/systemd/system/systemd-hibernate.service
/usr/lib/systemd/system/systemd-hostnamed.service
/usr/lib/systemd/system/systemd-hwdb-update.service
/usr/lib/systemd/system/systemd-hybrid-sleep.service
/usr/lib/systemd/system/systemd-initctl.service
/usr/lib/systemd/system/systemd-initctl.socket
/usr/lib/systemd/system/systemd-journal-catalog-update.service
/usr/lib/systemd/system/systemd-journal-flush.service
/usr/lib/systemd/system/systemd-journald.service
/usr/lib/systemd/system/systemd-journald.socket
/usr/lib/systemd/system/systemd-kexec.service
/usr/lib/systemd/system/systemd-localed.service
/usr/lib/systemd/system/systemd-logind.service
/usr/lib/systemd/system/systemd-machine-id-commit.service
/usr/lib/systemd/system/systemd-machined.service
/usr/lib/systemd/system/systemd-modules-load.service
/usr/lib/systemd/system/systemd-networkd.socket
/usr/lib/systemd/system/systemd-nspawn@.service
/usr/lib/systemd/system/systemd-poweroff.service
/usr/lib/systemd/system/systemd-quotacheck.service
/usr/lib/systemd/system/systemd-random-seed.service
/usr/lib/systemd/system/systemd-readahead-collect.service
/usr/lib/systemd/system/systemd-readahead-done.service
/usr/lib/systemd/system/systemd-readahead-done.timer
/usr/lib/systemd/system/systemd-readahead-drop.service
/usr/lib/systemd/system/systemd-readahead-replay.service
/usr/lib/systemd/system/systemd-reboot.service
/usr/lib/systemd/system/systemd-remount-fs.service
/usr/lib/systemd/system/systemd-rfkill@.service
/usr/lib/systemd/system/systemd-shutdownd.service
/usr/lib/systemd/system/systemd-shutdownd.socket
/usr/lib/systemd/system/systemd-suspend.service
/usr/lib/systemd/system/systemd-sysctl.service
/usr/lib/systemd/system/systemd-timedated.service
/usr/lib/systemd/system/systemd-tmpfiles-clean.service
/usr/lib/systemd/system/systemd-tmpfiles-clean.timer
/usr/lib/systemd/system/systemd-tmpfiles-setup-dev.service
/usr/lib/systemd/system/systemd-tmpfiles-setup.service
/usr/lib/systemd/system/systemd-udev-settle.service
/usr/lib/systemd/system/systemd-udev-trigger.service
/usr/lib/systemd/system/systemd-udevd-control.socket
/usr/lib/systemd/system/systemd-udevd-kernel.socket
/usr/lib/systemd/system/systemd-udevd.service
/usr/lib/systemd/system/systemd-update-done.service
/usr/lib/systemd/system/systemd-update-utmp-runlevel.service
/usr/lib/systemd/system/systemd-update-utmp.service
/usr/lib/systemd/system/systemd-user-sessions.service
/usr/lib/systemd/system/systemd-vconsole-setup.service
/usr/lib/systemd/system/time-sync.target
/usr/lib/systemd/system/timers.target
/usr/lib/systemd/system/timers.target.wants
/usr/lib/systemd/system/timers.target.wants/systemd-tmpfiles-clean.timer
/usr/lib/systemd/system/tmp.mount
/usr/lib/systemd/system/umount.target
/usr/lib/systemd/system/user.slice
/usr/lib/systemd/systemd
/usr/lib/systemd/systemd-ac-power
/usr/lib/systemd/systemd-activate
/usr/lib/systemd/systemd-backlight
/usr/lib/systemd/systemd-binfmt
/usr/lib/systemd/systemd-bootchart
/usr/lib/systemd/systemd-bus-proxyd
/usr/lib/systemd/systemd-cgroups-agent
/usr/lib/systemd/systemd-coredump
/usr/lib/systemd/systemd-cryptsetup
/usr/lib/systemd/systemd-fsck
/usr/lib/systemd/systemd-hibernate-resume
/usr/lib/systemd/systemd-hostnamed
/usr/lib/systemd/systemd-initctl
/usr/lib/systemd/systemd-journald
/usr/lib/systemd/systemd-localed
/usr/lib/systemd/systemd-logind
/usr/lib/systemd/systemd-machine-id-commit
/usr/lib/systemd/systemd-machined
/usr/lib/systemd/systemd-modules-load
/usr/lib/systemd/systemd-quotacheck
/usr/lib/systemd/systemd-random-seed
/usr/lib/systemd/systemd-readahead
/usr/lib/systemd/systemd-remount-fs
/usr/lib/systemd/systemd-reply-password
/usr/lib/systemd/systemd-rfkill
/usr/lib/systemd/systemd-shutdown
/usr/lib/systemd/systemd-shutdownd
/usr/lib/systemd/systemd-sleep
/usr/lib/systemd/systemd-socket-proxyd
/usr/lib/systemd/systemd-sysctl
/usr/lib/systemd/systemd-timedated
/usr/lib/systemd/systemd-udevd
/usr/lib/systemd/systemd-update-done
/usr/lib/systemd/systemd-update-utmp
/usr/lib/systemd/systemd-user-sessions
/usr/lib/systemd/systemd-vconsole-setup
/usr/lib/systemd/user
/usr/lib/systemd/user-generators
/usr/lib/systemd/user-preset
/usr/lib/systemd/user/basic.target
/usr/lib/systemd/user/bluetooth.target
/usr/lib/systemd/user/default.target
/usr/lib/systemd/user/exit.target
/usr/lib/systemd/user/paths.target
/usr/lib/systemd/user/printer.target
/usr/lib/systemd/user/shutdown.target
/usr/lib/systemd/user/smartcard.target
/usr/lib/systemd/user/sockets.target
/usr/lib/systemd/user/sound.target
/usr/lib/systemd/user/systemd-exit.service
/usr/lib/systemd/user/timers.target
/usr/lib/tmpfiles.d
/usr/lib/tmpfiles.d/etc.conf
/usr/lib/tmpfiles.d/legacy.conf
/usr/lib/tmpfiles.d/sap.conf
/usr/lib/tmpfiles.d/systemd-nologin.conf
/usr/lib/tmpfiles.d/systemd.conf
/usr/lib/tmpfiles.d/tmp.conf
/usr/lib/tmpfiles.d/var.conf
/usr/lib/tmpfiles.d/x11.conf
/usr/lib/udev
/usr/lib/udev/accelerometer
/usr/lib/udev/ata_id
/usr/lib/udev/cdrom_id
/usr/lib/udev/collect
/usr/lib/udev/hwdb.d
/usr/lib/udev/hwdb.d/20-OUI.hwdb
/usr/lib/udev/hwdb.d/20-acpi-vendor.hwdb
/usr/lib/udev/hwdb.d/20-bluetooth-vendor-product.hwdb
/usr/lib/udev/hwdb.d/20-net-ifname.hwdb
/usr/lib/udev/hwdb.d/20-pci-classes.hwdb
/usr/lib/udev/hwdb.d/20-pci-vendor-model.hwdb
/usr/lib/udev/hwdb.d/20-sdio-classes.hwdb
/usr/lib/udev/hwdb.d/20-sdio-vendor-model.hwdb
/usr/lib/udev/hwdb.d/20-usb-classes.hwdb
/usr/lib/udev/hwdb.d/20-usb-vendor-model.hwdb
/usr/lib/udev/hwdb.d/60-keyboard.hwdb
/usr/lib/udev/hwdb.d/70-mouse.hwdb
/usr/lib/udev/hwdb.d/70-touchpad.hwdb
/usr/lib/udev/mtd_probe
/usr/lib/udev/rules.d
/usr/lib/udev/rules.d/40-redhat.rules
/usr/lib/udev/rules.d/42-usb-hid-pm.rules
/usr/lib/udev/rules.d/50-udev-default.rules
/usr/lib/udev/rules.d/60-alias-kmsg.rules
/usr/lib/udev/rules.d/60-cdrom_id.rules
/usr/lib/udev/rules.d/60-drm.rules
/usr/lib/udev/rules.d/60-keyboard.rules
/usr/lib/udev/rules.d/60-persistent-alsa.rules
/usr/lib/udev/rules.d/60-persistent-input.rules
/usr/lib/udev/rules.d/60-persistent-serial.rules
/usr/lib/udev/rules.d/60-persistent-storage-tape.rules
/usr/lib/udev/rules.d/60-persistent-storage.rules
/usr/lib/udev/rules.d/60-persistent-v4l.rules
/usr/lib/udev/rules.d/61-accelerometer.rules
/usr/lib/udev/rules.d/64-btrfs.rules
/usr/lib/udev/rules.d/70-mouse.rules
/usr/lib/udev/rules.d/70-power-switch.rules
/usr/lib/udev/rules.d/70-touchpad.rules
/usr/lib/udev/rules.d/70-uaccess.rules
/usr/lib/udev/rules.d/71-seat.rules
/usr/lib/udev/rules.d/73-idrac.rules
/usr/lib/udev/rules.d/73-seat-late.rules
/usr/lib/udev/rules.d/75-net-description.rules
/usr/lib/udev/rules.d/75-probe_mtd.rules
/usr/lib/udev/rules.d/75-tty-description.rules
/usr/lib/udev/rules.d/78-sound-card.rules
/usr/lib/udev/rules.d/80-drivers.rules
/usr/lib/udev/rules.d/80-net-name-slot.rules
/usr/lib/udev/rules.d/80-net-setup-link.rules
/usr/lib/udev/rules.d/90-vconsole.rules
/usr/lib/udev/rules.d/95-udev-late.rules
/usr/lib/udev/rules.d/99-systemd.rules
/usr/lib/udev/scsi_id
/usr/lib/udev/v4l_id
/usr/lib64/pkgconfig/systemd.pc
/usr/sbin/halt
/usr/sbin/init
/usr/sbin/poweroff
/usr/sbin/reboot
/usr/sbin/runlevel
/usr/sbin/shutdown
/usr/sbin/telinit
/usr/sbin/udevadm
/usr/share/bash-completion/completions/bootctl
/usr/share/bash-completion/completions/busctl
/usr/share/bash-completion/completions/coredumpctl
/usr/share/bash-completion/completions/hostnamectl
/usr/share/bash-completion/completions/journalctl
/usr/share/bash-completion/completions/kernel-install
/usr/share/bash-completion/completions/localectl
/usr/share/bash-completion/completions/loginctl
/usr/share/bash-completion/completions/machinectl
/usr/share/bash-completion/completions/systemctl
/usr/share/bash-completion/completions/systemd-analyze
/usr/share/bash-completion/completions/systemd-cat
/usr/share/bash-completion/completions/systemd-cgls
/usr/share/bash-completion/completions/systemd-cgtop
/usr/share/bash-completion/completions/systemd-delta
/usr/share/bash-completion/completions/systemd-detect-virt
/usr/share/bash-completion/completions/systemd-nspawn
/usr/share/bash-completion/completions/systemd-run
/usr/share/bash-completion/completions/timedatectl
/usr/share/bash-completion/completions/udevadm
/usr/share/dbus-1/services/org.freedesktop.systemd1.service
/usr/share/dbus-1/system-services/org.freedesktop.hostname1.service
/usr/share/dbus-1/system-services/org.freedesktop.locale1.service
/usr/share/dbus-1/system-services/org.freedesktop.login1.service
/usr/share/dbus-1/system-services/org.freedesktop.machine1.service
/usr/share/dbus-1/system-services/org.freedesktop.systemd1.service
/usr/share/dbus-1/system-services/org.freedesktop.timedate1.service
/usr/share/doc/systemd
/usr/share/doc/systemd/DIFFERENCES
/usr/share/doc/systemd/DISTRO_PORTING
/usr/share/doc/systemd/GVARIANT-SERIALIZATION
/usr/share/doc/systemd/LICENSE.GPL2
/usr/share/doc/systemd/LICENSE.LGPL2.1
/usr/share/doc/systemd/LICENSE.MIT
/usr/share/doc/systemd/NEWS
/usr/share/doc/systemd/PORTING-DBUS1
/usr/share/doc/systemd/README
/usr/share/doc/systemd/sd-readahead.c
/usr/share/doc/systemd/sd-readahead.h
/usr/share/doc/systemd/sd-shutdown.h
/usr/share/licenses/systemd-219
/usr/share/licenses/systemd-219/LICENSE.GPL2
/usr/share/licenses/systemd-219/LICENSE.LGPL2.1
/usr/share/licenses/systemd-219/LICENSE.MIT
/usr/share/locale/de/LC_MESSAGES/systemd.mo
/usr/share/locale/el/LC_MESSAGES/systemd.mo
/usr/share/locale/fr/LC_MESSAGES/systemd.mo
/usr/share/locale/hu/LC_MESSAGES/systemd.mo
/usr/share/locale/it/LC_MESSAGES/systemd.mo
/usr/share/locale/pl/LC_MESSAGES/systemd.mo
/usr/share/locale/pt_BR/LC_MESSAGES/systemd.mo
/usr/share/locale/ru/LC_MESSAGES/systemd.mo
/usr/share/locale/sv/LC_MESSAGES/systemd.mo
/usr/share/locale/uk/LC_MESSAGES/systemd.mo
/usr/share/man/man1/bootctl.1.gz
/usr/share/man/man1/busctl.1.gz
/usr/share/man/man1/coredumpctl.1.gz
/usr/share/man/man1/hostnamectl.1.gz
/usr/share/man/man1/init.1.gz
/usr/share/man/man1/journalctl.1.gz
/usr/share/man/man1/localectl.1.gz
/usr/share/man/man1/loginctl.1.gz
/usr/share/man/man1/machinectl.1.gz
/usr/share/man/man1/networkctl.1.gz
/usr/share/man/man1/systemctl.1.gz
/usr/share/man/man1/systemd-analyze.1.gz
/usr/share/man/man1/systemd-ask-password.1.gz
/usr/share/man/man1/systemd-bootchart.1.gz
/usr/share/man/man1/systemd-cat.1.gz
/usr/share/man/man1/systemd-cgls.1.gz
/usr/share/man/man1/systemd-cgtop.1.gz
/usr/share/man/man1/systemd-delta.1.gz
/usr/share/man/man1/systemd-detect-virt.1.gz
/usr/share/man/man1/systemd-escape.1.gz
/usr/share/man/man1/systemd-firstboot.1.gz
/usr/share/man/man1/systemd-firstboot.service.1.gz
/usr/share/man/man1/systemd-inhibit.1.gz
/usr/share/man/man1/systemd-machine-id-commit.1.gz
/usr/share/man/man1/systemd-machine-id-setup.1.gz
/usr/share/man/man1/systemd-notify.1.gz
/usr/share/man/man1/systemd-nspawn.1.gz
/usr/share/man/man1/systemd-path.1.gz
/usr/share/man/man1/systemd-run.1.gz
/usr/share/man/man1/systemd-tty-ask-password-agent.1.gz
/usr/share/man/man1/systemd.1.gz
/usr/share/man/man1/timedatectl.1.gz
/usr/share/man/man5/binfmt.d.5.gz
/usr/share/man/man5/bootchart.conf.5.gz
/usr/share/man/man5/bootchart.conf.d.5.gz
/usr/share/man/man5/coredump.conf.5.gz
/usr/share/man/man5/coredump.conf.d.5.gz
/usr/share/man/man5/crypttab.5.gz
/usr/share/man/man5/hostname.5.gz
/usr/share/man/man5/journal-remote.conf.5.gz
/usr/share/man/man5/journal-remote.conf.d.5.gz
/usr/share/man/man5/journald.conf.5.gz
/usr/share/man/man5/journald.conf.d.5.gz
/usr/share/man/man5/locale.conf.5.gz
/usr/share/man/man5/localtime.5.gz
/usr/share/man/man5/logind.conf.5.gz
/usr/share/man/man5/logind.conf.d.5.gz
/usr/share/man/man5/machine-id.5.gz
/usr/share/man/man5/machine-info.5.gz
/usr/share/man/man5/modules-load.d.5.gz
/usr/share/man/man5/os-release.5.gz
/usr/share/man/man5/sleep.conf.d.5.gz
/usr/share/man/man5/sysctl.d.5.gz
/usr/share/man/man5/system.conf.d.5.gz
/usr/share/man/man5/systemd-sleep.conf.5.gz
/usr/share/man/man5/systemd-system.conf.5.gz
/usr/share/man/man5/systemd-user.conf.5.gz
/usr/share/man/man5/systemd.automount.5.gz
/usr/share/man/man5/systemd.device.5.gz
/usr/share/man/man5/systemd.exec.5.gz
/usr/share/man/man5/systemd.kill.5.gz
/usr/share/man/man5/systemd.mount.5.gz
/usr/share/man/man5/systemd.path.5.gz
/usr/share/man/man5/systemd.preset.5.gz
/usr/share/man/man5/systemd.resource-control.5.gz
/usr/share/man/man5/systemd.scope.5.gz
/usr/share/man/man5/systemd.service.5.gz
/usr/share/man/man5/systemd.slice.5.gz
/usr/share/man/man5/systemd.snapshot.5.gz
/usr/share/man/man5/systemd.socket.5.gz
/usr/share/man/man5/systemd.swap.5.gz
/usr/share/man/man5/systemd.target.5.gz
/usr/share/man/man5/systemd.timer.5.gz
/usr/share/man/man5/systemd.unit.5.gz
/usr/share/man/man5/sysusers.d.5.gz
/usr/share/man/man5/tmpfiles.d.5.gz
/usr/share/man/man5/udev.conf.5.gz
/usr/share/man/man5/user.conf.d.5.gz
/usr/share/man/man5/vconsole.conf.5.gz
/usr/share/man/man7/bootup.7.gz
/usr/share/man/man7/daemon.7.gz
/usr/share/man/man7/file-hierarchy.7.gz
/usr/share/man/man7/hwdb.7.gz
/usr/share/man/man7/kernel-command-line.7.gz
/usr/share/man/man7/systemd.directives.7.gz
/usr/share/man/man7/systemd.generator.7.gz
/usr/share/man/man7/systemd.index.7.gz
/usr/share/man/man7/systemd.journal-fields.7.gz
/usr/share/man/man7/systemd.special.7.gz
/usr/share/man/man7/systemd.time.7.gz
/usr/share/man/man7/udev.7.gz
/usr/share/man/man8/halt.8.gz
/usr/share/man/man8/kernel-install.8.gz
/usr/share/man/man8/libnss_myhostname.so.2.8.gz
/usr/share/man/man8/libnss_mymachines.so.2.8.gz
/usr/share/man/man8/nss-myhostname.8.gz
/usr/share/man/man8/nss-mymachines.8.gz
/usr/share/man/man8/pam_systemd.8.gz
/usr/share/man/man8/poweroff.8.gz
/usr/share/man/man8/reboot.8.gz
/usr/share/man/man8/runlevel.8.gz
/usr/share/man/man8/shutdown.8.gz
/usr/share/man/man8/systemd-activate.8.gz
/usr/share/man/man8/systemd-ask-password-console.path.8.gz
/usr/share/man/man8/systemd-ask-password-console.service.8.gz
/usr/share/man/man8/systemd-ask-password-wall.path.8.gz
/usr/share/man/man8/systemd-ask-password-wall.service.8.gz
/usr/share/man/man8/systemd-backlight.8.gz
/usr/share/man/man8/systemd-backlight@.service.8.gz
/usr/share/man/man8/systemd-binfmt.8.gz
/usr/share/man/man8/systemd-binfmt.service.8.gz
/usr/share/man/man8/systemd-coredump.8.gz
/usr/share/man/man8/systemd-cryptsetup-generator.8.gz
/usr/share/man/man8/systemd-cryptsetup.8.gz
/usr/share/man/man8/systemd-cryptsetup@.service.8.gz
/usr/share/man/man8/systemd-debug-generator.8.gz
/usr/share/man/man8/systemd-efi-boot-generator.8.gz
/usr/share/man/man8/systemd-fsck-root.service.8.gz
/usr/share/man/man8/systemd-fsck.8.gz
/usr/share/man/man8/systemd-fsck@.service.8.gz
/usr/share/man/man8/systemd-fstab-generator.8.gz
/usr/share/man/man8/systemd-getty-generator.8.gz
/usr/share/man/man8/systemd-gpt-auto-generator.8.gz
/usr/share/man/man8/systemd-halt.service.8.gz
/usr/share/man/man8/systemd-hibernate-resume-generator.8.gz
/usr/share/man/man8/systemd-hibernate-resume.8.gz
/usr/share/man/man8/systemd-hibernate-resume@.service.8.gz
/usr/share/man/man8/systemd-hibernate.service.8.gz
/usr/share/man/man8/systemd-hostnamed.8.gz
/usr/share/man/man8/systemd-hostnamed.service.8.gz
/usr/share/man/man8/systemd-hwdb.8.gz
/usr/share/man/man8/systemd-hybrid-sleep.service.8.gz
/usr/share/man/man8/systemd-initctl.8.gz
/usr/share/man/man8/systemd-initctl.service.8.gz
/usr/share/man/man8/systemd-initctl.socket.8.gz
/usr/share/man/man8/systemd-journal-upload.8.gz
/usr/share/man/man8/systemd-journald.8.gz
/usr/share/man/man8/systemd-journald.service.8.gz
/usr/share/man/man8/systemd-journald.socket.8.gz
/usr/share/man/man8/systemd-kexec.service.8.gz
/usr/share/man/man8/systemd-localed.8.gz
/usr/share/man/man8/systemd-localed.service.8.gz
/usr/share/man/man8/systemd-logind.8.gz
/usr/share/man/man8/systemd-logind.service.8.gz
/usr/share/man/man8/systemd-machine-id-commit.service.8.gz
/usr/share/man/man8/systemd-machined.8.gz
/usr/share/man/man8/systemd-machined.service.8.gz
/usr/share/man/man8/systemd-modules-load.8.gz
/usr/share/man/man8/systemd-modules-load.service.8.gz
/usr/share/man/man8/systemd-networkd-wait-online.8.gz
/usr/share/man/man8/systemd-networkd-wait-online.service.8.gz
/usr/share/man/man8/systemd-poweroff.service.8.gz
/usr/share/man/man8/systemd-quotacheck.8.gz
/usr/share/man/man8/systemd-quotacheck.service.8.gz
/usr/share/man/man8/systemd-random-seed.8.gz
/usr/share/man/man8/systemd-random-seed.service.8.gz
/usr/share/man/man8/systemd-readahead-collect.service.8.gz
/usr/share/man/man8/systemd-readahead-done.service.8.gz
/usr/share/man/man8/systemd-readahead-done.timer.8.gz
/usr/share/man/man8/systemd-readahead-replay.service.8.gz
/usr/share/man/man8/systemd-readahead.8.gz
/usr/share/man/man8/systemd-reboot.service.8.gz
/usr/share/man/man8/systemd-remount-fs.8.gz
/usr/share/man/man8/systemd-remount-fs.service.8.gz
/usr/share/man/man8/systemd-rfkill.8.gz
/usr/share/man/man8/systemd-rfkill@.service.8.gz
/usr/share/man/man8/systemd-shutdown.8.gz
/usr/share/man/man8/systemd-shutdownd.8.gz
/usr/share/man/man8/systemd-shutdownd.service.8.gz
/usr/share/man/man8/systemd-shutdownd.socket.8.gz
/usr/share/man/man8/systemd-sleep.8.gz
/usr/share/man/man8/systemd-socket-proxyd.8.gz
/usr/share/man/man8/systemd-suspend.service.8.gz
/usr/share/man/man8/systemd-sysctl.8.gz
/usr/share/man/man8/systemd-sysctl.service.8.gz
/usr/share/man/man8/systemd-system-update-generator.8.gz
/usr/share/man/man8/systemd-sysusers.8.gz
/usr/share/man/man8/systemd-sysusers.service.8.gz
/usr/share/man/man8/systemd-sysv-generator.8.gz
/usr/share/man/man8/systemd-timedated.8.gz
/usr/share/man/man8/systemd-timedated.service.8.gz
/usr/share/man/man8/systemd-tmpfiles-clean.service.8.gz
/usr/share/man/man8/systemd-tmpfiles-clean.timer.8.gz
/usr/share/man/man8/systemd-tmpfiles-setup-dev.service.8.gz
/usr/share/man/man8/systemd-tmpfiles-setup.service.8.gz
/usr/share/man/man8/systemd-tmpfiles.8.gz
/usr/share/man/man8/systemd-udevd-control.socket.8.gz
/usr/share/man/man8/systemd-udevd-kernel.socket.8.gz
/usr/share/man/man8/systemd-udevd.8.gz
/usr/share/man/man8/systemd-udevd.service.8.gz
/usr/share/man/man8/systemd-update-done.8.gz
/usr/share/man/man8/systemd-update-done.service.8.gz
/usr/share/man/man8/systemd-update-utmp-runlevel.service.8.gz
/usr/share/man/man8/systemd-update-utmp.8.gz
/usr/share/man/man8/systemd-update-utmp.service.8.gz
/usr/share/man/man8/systemd-user-sessions.8.gz
/usr/share/man/man8/systemd-user-sessions.service.8.gz
/usr/share/man/man8/systemd-vconsole-setup.8.gz
/usr/share/man/man8/systemd-vconsole-setup.service.8.gz
/usr/share/man/man8/telinit.8.gz
/usr/share/man/man8/udevadm.8.gz
/usr/share/pkgconfig
/usr/share/pkgconfig/udev.pc
/usr/share/polkit-1
/usr/share/polkit-1/actions
/usr/share/polkit-1/actions/org.freedesktop.hostname1.policy
/usr/share/polkit-1/actions/org.freedesktop.locale1.policy
/usr/share/polkit-1/actions/org.freedesktop.login1.policy
/usr/share/polkit-1/actions/org.freedesktop.machine1.policy
/usr/share/polkit-1/actions/org.freedesktop.systemd1.policy
/usr/share/polkit-1/actions/org.freedesktop.timedate1.policy
/usr/share/systemd
/usr/share/systemd/kbd-model-map
/usr/share/systemd/language-fallback-map
/usr/share/zsh
/usr/share/zsh/site-functions
/usr/share/zsh/site-functions/_bootctl
/usr/share/zsh/site-functions/_coredumpctl
/usr/share/zsh/site-functions/_hostnamectl
/usr/share/zsh/site-functions/_journalctl
/usr/share/zsh/site-functions/_kernel-install
/usr/share/zsh/site-functions/_localectl
/usr/share/zsh/site-functions/_loginctl
/usr/share/zsh/site-functions/_machinectl
/usr/share/zsh/site-functions/_sd_hosts_or_user_at_host
/usr/share/zsh/site-functions/_sd_machines
/usr/share/zsh/site-functions/_sd_outputmodes
/usr/share/zsh/site-functions/_sd_unit_files
/usr/share/zsh/site-functions/_systemctl
/usr/share/zsh/site-functions/_systemd
/usr/share/zsh/site-functions/_systemd-analyze
/usr/share/zsh/site-functions/_systemd-delta
/usr/share/zsh/site-functions/_systemd-inhibit
/usr/share/zsh/site-functions/_systemd-nspawn
/usr/share/zsh/site-functions/_systemd-run
/usr/share/zsh/site-functions/_systemd-tmpfiles
/usr/share/zsh/site-functions/_timedatectl
/usr/share/zsh/site-functions/_udevadm
/var/lib/systemd
/var/lib/systemd/backlight
/var/lib/systemd/catalog
/var/lib/systemd/catalog/database
/var/lib/systemd/clock
/var/lib/systemd/coredump
/var/lib/systemd/random-seed
/var/lib/systemd/rfkill
/var/log/btmp
/var/log/journal
/var/log/wtmp
/var/run/utmp
     
/usr/lib64/libnss_myhostname.so.2
/usr/lib64/libnss_mymachines.so.2
/usr/lib64/libsystemd-daemon.so.0
/usr/lib64/libsystemd-daemon.so.0.0.12
/usr/lib64/libsystemd-id128.so.0
/usr/lib64/libsystemd-id128.so.0.0.28
/usr/lib64/libsystemd-journal.so.0
/usr/lib64/libsystemd-journal.so.0.11.5
/usr/lib64/libsystemd-login.so.0
/usr/lib64/libsystemd-login.so.0.9.3
/usr/lib64/libsystemd.so.0
/usr/lib64/libsystemd.so.0.6.0
/usr/lib64/libudev.so.1
/usr/lib64/libudev.so.1.6.2
/usr/lib64/security/pam_systemd.so
     
/usr/bin/systemd-sysv-convert


The above list of files from the systemd and systemd-libs packages should demonstrate that Poettering’s argument regarding bloatware is both laughable and also bogus. systemd does not result in “less code, less place for mistakes, less memory and cache pressure”. It fact the result is far more lines of code, increased code complexity and a greater chance of configuration errors since system administrators have to learn how to configure their systems using systemd. Furthermore, nobody has ever demonstrated that systemd results in less memory or cache pressure.

RHEL7 was released over two years ago but DISA (Defense Information Systems Agency) has yet to release an approved STIG (Security Technical Implementation Guide) for the OS. Version 0.2 of a draft RHEL7 STIG was finally released in July 2016. A lot of the delay in releasing this STIG can be directly or indirectly traced to systemd issues.

Yes I know that the era of DoD STIGs is ending and the dawn of DoD Secure Host Baselines is here, so for completeness I will mention the OpenSCAP (Open Source Security Compliance Solution) project. The current OpenSCAP/SCAP Security Guide content for RHEL7 can be found here.

Is there technical goodness in systemd? Yes, there are some interesting technologies. Is there economic goodness in systemd on a server? Absolutely not!