systemd 248 RC1 Released With New "System Extension Images" Concept
The systemd 248-RC1 highlights include:
- A new concept of "system extension images" as images that can extend the /usr/ or /opt/ hierarchies at run-time with additional files. The images can be read-only and its usr/opt hierarchies combined via OverlayFS. This led to a new systemd-sysext tool with systemd 248 for managing of system extension hierarchies.
- A new /etc/veritytab configuration file for configuring dm-verity integrity protection for block devices.
- Systemd-cryptsetup can now unlock LUKS2 volumes using TPM2 hardware and FIDO2 security tokens.
- A new systemd-cryptenroll tool for adding TPM2 / FIDO2 / PKCS#11 security tokens to LUKS volumes.
- A new ConditionCPUFeature= setting that can conditionalize systemd units so they only run if matching given CPU features like RdRand.
- Various systemd-resolved improvements.
- The previously introduced systemd-oomd out-of-memory daemon now has a default memory pressure duration tunable and this service is also now considered fully-supported rather than just experimental.
- Systemd has renamed its main Git development branch from "master" to "main".
- Systemd will now set the $SYSTEMD_EXEC_PID environment variable for the spawned process to the PID of the process itself.
Those wanting to test systemd 248 ahead of its official release can fetch the latest sources and release notes via GitHub.