systemd’s dependencies and installation footprint

In the Debian systemd survey results, the top reported concern was that systemd is too complex, or bloated, or does too many things, or has too many dependencies.

This page lists systemd 204’s dependencies and explains what they are used for. It is supposed to contain facts, not opinion. For the corresponding opinion blog post, see http://people.debian.org/~stapelberg/2013/06/09/systemd-bloat.html. In case you want to reproduce these findings, the .deb I used to gather data can be downloaded.

1.) Control binaries for major parts of systemd

The binaries systemctl (299 KiB), journalctl (187 KiB) and loginctl (91 KiB) are the main binary to interact with the respective part of systemd. As an example, one uses systemctl restart apache2.service to restart Apache, and just running journalctl will result in a character-perfect copy of the syslog (= displays the same contents, but with colors).

systemctl and loginctl use DBus to communicate with systemd and logind respectively. journalctl is an exception — it runs without talking to journald and directly reads the journal.

2.) systemd(1) itself: PID 1

Since PID 1 is running permanently, it deserves a special section on this page with a detailed look. Here is an explanation of the columns:

Size
Size on disk, as measured by ls -hl <name> on my amd64 machine at 2013-06-08.
Optional
Whether compiling systemd without this dependency is supported by upstream. This does not automatically mean that Debian choses to make these parts optional.
Loaded anyways?
Whether this library is very likely to be loaded in memory on a typical desktop or server system anyway, e.g. when it’s used by udevd, sshd, chrome, gimp.
Used in sysvinit/upstart
Whether that library is also used in sysvinit, upstart or both.
Name Size Optional Loaded anyways? Used in sysvinit/upstart
libdbus-1.so.3 280 KiB on desktops ✔ (upstart)

Internally, systemd uses DBus on the private UNIX socket /run/systemd/private to make helper binaries talk to PID 1. When running systemctl(1) as root, it also uses the private socket. This means no actual DBus system daemon needs to be running — you actually can fix problems with the DBus daemon, if any. There is no cyclic dependency (only at compile-time). Upstart uses precisely the same mechanism.

Externally, systemd offers a documented DBus API for other programs/scripts, which is covered by the Interface Stability Promise.

libudev.so.1 74 KiB on desktops ✔ (upstart)
udev is used to find devices and gather information about them. One example is block devices, for which the boot process needs to wait before the local filesystem is considered available. Another more advanced example is serial devices: the unit serial-getty@ttyS1.service uses BindTo=dev-ttyS1.service to only be started when you actually have a serial port available. See Part XVI of systemd for administrators for more details.
libcap.so.2 17 KiB ✔ (zsh, gimp, chrome, …)
libattr.so.1 19 KiB ✔ (zsh, gimp, chrome, …)

For POSIX.1e capabilities via the Capabilities= and CapabilityBoundingSet= directives in unit files.

With Capabilities=, you can achieve the same effect as with setcap(8), e.g. allowing an unprivileged process to bind to a privileged port with the CAP_NET_BIND_SERVICE privilege.

CapabilityBoundingSet= specifies which capabilities the service and all its child processes are allowed to have and not have. With this directive, you can make sure the service never acquires additional privileges, not even when it is getting exploited and running another setuid binary.

libsystemd-daemon.so.0 14 KiB
This library contains a few functions which are useful for daemons. systemd itself uses sd_booted() for example, so it makes sense to share that code.
libselinux.so.1 124 KiB ✔ (sshd, gdm) ✔ (both)
If you use SELinux, your PID 1 (regardless of whether it is sysvinit, upstart or systemd) needs to load the SELinux policy.
libpam.so.0 55 KiB ✔ (sshd, gdm)
Support for opening a PAM session using PAMName= in a unit file. This can be used for example to have per-session /tmp directories (isolation) or to properly create/mount home directories with pam_mkhomedir.
libwrap.so.0 40 KiB on servers
Support for traditional /etc/hosts.{allow,deny} files (“TCP Wrappers”), see hosts_access(3).
libaudit.so.0 95 KiB
Support for logging unit start/stop events to the Linux Audit Framework.
libkmod.so.2 87 KiB
systemd needs the autofs4, ipv6 and unix kernel modules. It tries to load these modules in case they are missing on an improperly configured machine to prevent a boot failure. Note that modprobe uses libkmod, so upstart and sysvinit indirectly use it, too.

On most machines, systemd will bring from 236 KiB to 550 KiB of additional libraries to be loaded into memory. When recompiling systemd without its optional dependencies (e.g. for embedded systems), this shrinks to 368 KiB in the worst case.

The RSS (Resident Set Size) of systemd is 1.8 MiB, whereas sysvinit uses 0.8 MiB — both measured on typical Debian wheezy installations.

3.) Installation footprint

This section describes all the binaries that ship in the systemd Debian package, their size, dependencies and purpose.

3.1) Helper utilities

Size
Size on disk, as measured by ls -hl <name> on my amd64 machine at 2013-06-08.
sysvinit equiv
Whether there is a clear sysvinit equivalent to compare this binary to.
udev, pcre, selinux, extra deps
Whether this binary depends on udev, pcre, selinux or has any other dependencies. A ✔ means the binary depends on e.g. udev, a ✘ means it doesn’t.
Name Size sysvinit equiv udev pcre selinux extra deps
systemd-sysctl 43 KiB
Applies sysctl.d(5), like /etc/init.d/procps
systemd-modules-load 47 KiB
Loads kernel modules in early boot, see modules-load.d(5). This is handled by /etc/init.d/kmod in sysvinit.
systemd-user-sessions 43 KiB
Handles /run/nologin, like /etc/init.d/{bootmisc.sh,rmnologin}
systemd-fsck 47 KiB
Runs fsck on each file system that needs to be checked. Use the kernel parameter fsck.mode=skip to skip. This is handled by /etc/init.d/checkfs.sh in sysvinit.
systemd-quotacheck 35 KiB
Thin wrapper around quotacheck(8) which respects the quotacheck.mode=[auto|force|skip] kernel parameter and the sysvinit /forcequotacheck file
systemd-random-seed 34 KiB
Saves/restores the random seed so that enough entropy is available at early boot. Especially interesting for embedded devices.
systemd-remount-fs 39 KiB ✘?
Remounts the root file system and kernel API file systems like /sys, /proc, etc. Because these file systems are mounted early by the initrd/kernel, they need to be re-mounted to apply options from /etc/fstab.
systemd-shutdown 71 KiB ✘?

PID 1 will be replaced with this binary when shutting down, which then ensures that all filesystems are unmounted, swap devices are disabled, remaining storage devices are detached and remaining processes are killed.

It is necessary to have this code in a separate binary because otherwise rebooting after an upgrade might be broken — the running PID 1 could still depend on libraries which are not available any more, thus keeping the filesystem busy, which then cannot be re-mounted read-only.

systemd-ask-password 46 KiB
systemd-tty-ask-password-agent 66 KiB
With systemd, the environment in which services are started is completely detached from the user session, so the service has no direct access to the user’s tty. Therefore, systemd provides an API to ask for passwords.
systemd-machine-id-setup 38 KiB
This is run once at system installation time (!) to get a unique ID for the machine it runs on. The resulting /etc/machine-id is used for example by Ubuntu One, DBus, PulseAudio and others.
systemd-tmpfiles 71 KiB
Helper utility for applying tmpfiles.d(5) configuration.
systemd-binfmt 43 KiB
Registers additional binary formats for executables in the kernel at early boot, see binfmt.d(5).
systemd-cryptsetup 54 KiB
Asks for HDD passwords and then unlocks the device.

3.2) Compatibility

Name Size Dependencies
systemd-multi-seat-x 30 KiB selinux, pcre
Wrapper around X11 until X11 supports the -seat command line parameter.
systemd-update-utmp 42 KiB dbus, audit
Writes sysvinit runlevel changes to utmp and wtmp for compatibility.
systemd-initctl 42 KiB dbus, systemd-daemon
Provides the sysvinit /dev/initctl FIFO for compatibility.

3.3) Debugging, interactive tools, shell helpers

These following table lists tools which are helpful to debug/analyze your boot process or interactively gather system information.

The term “shell helper” deserves some explanation: systemd contains a number of functions which are useful in daemons or other places outside of systemd. While it’s possible to use these in a C program, it is often also useful to have them available in shell. A shell helper therefore is a very tiny binary which just exposes one of these useful C functions in a format which is handy to use in shell scripts.

Name Size udev sd-* extra deps
systemd-readahead 59 KiB
Profiles the boot process and reads files on subsequent boots to achieve a faster boot.
systemd-activate 42 KiB
Starts a socket-activated daemon from the command line (e.g. for debugging).
systemd-bootchart 91 KiB
When booting with init=/usr/lib/systemd/systemd-bootchart, this provides a graph of how your system boot works with regards to performance.
systemd-nspawn 99 KiB
Spawns a namespace container, similar to chroot(1), but more powerful. This is useful for debugging, but also used in production by some people, e.g. for isolated web server environments.
systemd-notify 34 KiB
Wrapper around sd_notify() for shell scripts.
systemd-inhibit 47 KiB
Helper utility to run a program with an inhibitor lock to prevent the system from shutting down or sleeping. For example: systemd-inhibit wodim foobar.iso
systemd-stdio-bridge 111 KiB
Internal binary used for implementing systemctl -H and systemctl -P
systemd-analyze 67 KiB
Provides boot performance analysis, either via plain text, a graphviz .dot file or a .svg plot.
systemd-delta 43 KiB
Helper tool to display your local configuration delta. This includes masked units or units which you have overwritten in /etc.
systemd-cgls 51 KiB
Displays cgroups and their processes in a tree(1)-like way
systemd-cgtop 55 KiB
top(1)-like tool for cgroups
systemd-detect-virt 35 KiB
Figures out whether it runs in a virtualized environment. Depending on your environment, you might not want to start certain services — for example udev does not make sense in an lxc container. This binary is a shell helper which exposes that functionality.
systemd-cat 30 KiB
Shell helper which connects STDOUT/STDERR of a process with the journal.
systemd-ac-power 26 KiB
Shell helper to detect whether AC power is plugged in or not.
systemd-reply-password 26 KiB
Helper program which makes it easier to implement a PasswordAgent
systemd-timestamp 22 KiB
Tiny tool which is used in the initrd to measure the time spent in kernel initialization, initrd initialization and main system initialization.

3.4) “Daemons”

All of these daemons are launched on demand only, hence the quotes in the section title. Of course, there’s always services that produce log entries, so journald will run permanently.

Name Size dbus pcre selinux sd-* extra deps
systemd-hostnamed 71 KiB
hostnamectl 59 KiB
Tiny daemon to control the host name and related metadata. Note that there are three hostnames: the static hostname (/etc/hostname), transient hostname (DHCP) and the pretty host name (e.g. “Michael’s computer”).
systemd-localed 83 KiB
localectl 63 KiB
Tiny daemon to control the system locale and keyboard mapping. Keymapping will be changed in X11 and on the virtual console.
systemd-timedated 83 KiB
timedatectl 62 KiB
Tiny daemon to control the system time and related settings.
systemd-shutdownd 46 KiB
Handles timed shutdowns.
logind 243 KiB
logind replaces ConsoleKit. It handles multi-seat environments and the difference between local/remote sessions. See Multi-Seat on Linux for more details on the basic concepts.
journald 191 KiB
Writes the system journal and exposes the /run/systemd/journal/syslog socket on which traditional syslog services such as rsyslog are listening. By default, Debian will ship with rsyslog enabled. Note that you can disable permanent storage of the journal, so that the only thing journald does is passing information to syslog and storing it temporarily in RAM.