The number of security features that systemd provides is long and growing: First, it performs setup like creating runtime directories and opening sockets, so the service doesn't need privileges. Second, it makes it easy to run services as unprivileged users, removing a whole set of problems. Third, it uses kernel features like mount and network namespaces, capabilities, resource limits, to constrain services. Fourth, it implements additional filters using BPF (per-service firewalls, devices controller). Fifth, it does resource cleanup after the service is done, removing the need for privileges again.

We could use this to vastly simplify services and to provide an additional level of security for system services. Some distributions are making use of this, but not nearly enough. Fedora is probably at the forefront, but the common case is still to run as root will full access to everything the service doesn't need. Debian is now discussing a General Resolution to drop SysV Init compatibility and empower packagers to use all systemd features. Full support in the two biggest distro families would motivate upstreams to make systemd their "baseline" and build more secure services. New features like "dynamic users" could be used to make Linux systems take more modern approaches to system security.

I want the talk to serve as a prompt for a general discussion how we could modernize service packaging in distros, to avoid reimplementing security features in individual daemons, and how to stop the 90's mentality of running everything as root.