Systemd 247 Released With Experimental Out-of-Memory Daemon, New Credentials Capability
Systemd 247 most notably introduces the still-experimental systemd-oomd as the out-of-memory daemon with that Linux OOMD code originally developed by Facebook and later adopted for desktop use-cases. Once stabilized, the goal of systemd-oomd is for improving the behavior when the Linux system is low on memory / under memory pressure.
Beyond systemd-oomd, systemd 247 now defaults to using Btrfs with systemd-homed and other enhancements as outlined below.
- The new systemd-oomd service has been added for monitoring resource contention and can kill processes when memory/swap pressure is above the defined limits. For now this is experimental and just enabled in the developer mode.
- Systemd-homed defaults to using the Btrfs file-system when available for creating home directories in LUKS volumes. The DefaultFileSystemType= option for homed.conf remains available for changing off the default/ Btrfs was chosen since it can grow and shrink the file-system online.
- Systemd's system services now supports "credentials" logic as a means of passing privileged data to services in a safe and secure manner. The intended use-case is around passwords, cryptographic keys, and other per-service private data handling but also possibly less privileged data like usernames and certificates. Systemd-nspawn is among the early users of systemd credentials.
- JSON user records for systemd-homed adds support for "recovery keys" as a means of secondary passphrases for unlocking accounts/home directories.
- Run-time dependencies on a number of libraries are now loaded using dlopen() when found on the system. This allows minimizing the possible dependencies needed by systemd and for constructing more minimal operating system images.
- The systemd-dissect tool for inspecting operating system disk images has now been moved to /usr/bin in being promoted to being an officially supported tool with a stable interface.
- The systemd-repart partitioner can now optionally dump its output in JSON form.
- Setting the SYSTEMD_RDRAND=0 environment variable will now disable RdRand CPU instruction usage even with supported CPUs.
Systemd 247 can be downloaded from GitHub.