Systemd 214 Comes "Stuffed With Great New Features"

Lennart Poettering announced, "Here it is, version 214. Stuffed with great new features, improvements in all areas, in particular when it comes to security, networking and socket units."

Systemd 214 offers new file-system sandboxing features, support for new network interface types via networkd, and moves towards state-less system support with being able to rebuild /var if it's empty at boot time. The systemd 214 release also has support for virtualization detect without root rights, systemd-networkd/systemd-resolved/system-bus-proxy now run as their own users, new socket unit features, and much more.

Lennart explained the new state-less system support with being able to rebuild /var as:

What I find the most exciting change: a first step towards a state-less system: we will now rebuild /var if it is empty on boot. My favourite new command line making use of this is:

systemd-nspawn -D /srv/mycontainer --read-only --tmpfs=/var -b

Which spawns an nspawn container, with the directory tree mounted read-only, and an empty, volatile /var mounted on top, that is flushed when you terminate the container. With that in place you can easily run hundreds of ad-hoc throw-away container instances from the same tree, while making sure they don't end up interfering with each other. As next step (planned for the next release): add the infrastructure to support boots with /etc empty, too (or to turn this around: with a tmpfs as root and only /usr mounted in from a read-only vendor tree).

More details on systemd 214 can be found via the release announcement.