Package: src:systemd Version: 240-5 Severity: wishlist More daemons are beginning to offer systemd-style socket activation, which is a very nice feature for security and isolation.
However, those daemons are difficult to run on non-systemd systems, so most upstream daemon authors continue to ship a lot of non-socket-activated code (opening sockets, dropping privileges, etc), much of which is buggy. If those non-systemd systems had a simple-to-install socket activation wrapper, then we could convince the daemons to drop their non-socket-activated codepaths, and encourage them to launch their daemons something like this: systemd-socket-activate -l $portnum -- \ runuser -u special-user -- \ daemon-command daemonarg1 daemonarg2 So what i'd like to see is minimalist systemd-socket-activate, packaged and installable separately. The current systemd-socket-activate isn't well-tuned for that -- it links to libsystemd-shared-240.so -- but if we could build it without that linkage (or statically-linked?), i think it would be useful to help convince daemon upstreams to reduce their code complexity. --dkg -- System Information: Debian Release: buster/sid APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'testing'), (200, 'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-1-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_WARN Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)