I previously stated that systemd provided a nice juicy attack surface. There are valid arguments that not all these components are “core” systemd. Regardless, they are still components and there is an implicit trust relationship with “core” vs “components”. Yes systemd sticks everything in cgroups (another minor issue I have) but with the coming Dockerpocalypse didn’t everyone learn that cgroups were not a security mechanism (nor are containers for that matter)? I still stand by my statement that the “big one” linux exploit will somehow be tied to systemd.