systemd 253-rc2 Released With More Changes To This System & Service Manager
Following last month's release of systemd 253-rc1 with many new features and changes in tow, out today is a second release candidate and is piling yet more features into this Linux system and service manager.
Systemd 253-rc1 introduced many changes like the new MemoryZSwapMax= option, support for specifying the OOM policy as part of systemd scope units, systemd-boot enhancements, systemd-cryptenroll now supports unlocking via FIDO2 tokens, a new "ukify" tool to build/measure/sign Unified Kernel Images (UKIs), and more.
In addition to all of the changes brought forth with systemd 253-rc1, yet more material has landed the past two weeks. With systemd 253-rc2 some of the additional work includes:
- New Meson build-time configuration options of -Ddefault-timeout-sec= and -Ddefault-user-timeout-sec= to control the seconds for the default timeout of starting / stopping / aborting system and user units. This will make it easier for scenarios like Fedora Linux working to shorten its shutdown time by tightening up the defaults for shutting down of systemd services.
- systemd-boot adds a "if-safe" mode to perform UEFI Secure Boot automated certificate enrollment from the EFI System Partition (ESP) only if it is considered "safe" to do so. For this release it's deemed "safe" if running within a virtual machine.
- systemd-sysusers will now automatically create /etc if it is missing.
- A new setting of SuspendEstimationSec= to control the interval to measure the battery charge level as part of the system suspend-then-hibernate service.
- The default tmpfiles.d configuration will now automatically create the credentials storage directory of with the appropriate secure permissions.
- The DDI image dissection logic that is used by RootImage= in service unit files, the "--image=" switch in tools like systemd-nspawn, etc, will now only mount file-systems of types Btrfs, EXT4, XFS, EROFS, SquashFS or VFAT. This can be overrode using the $SYSTEMD_DISSECT_FILE_SYSTEMS environment variable but that supported list of file-systems is being based on being well supported and maintained in current kernels, particularly around security support and fixes.
- Service units have a new OpenFile= setting that can be used to open arbitrary files in the file-system or arbitrary AF_UNIX sockets while passing the open file descriptor to the invoked process via the FD passing protocol. The intention with this OpenFile functionality is for unprivileged services to access select files that have restrictive access modes.
- New bootctl features.
Downloads and more details on the systemd 253-rc2 release via GitHub.
Systemd 253-rc1 introduced many changes like the new MemoryZSwapMax= option, support for specifying the OOM policy as part of systemd scope units, systemd-boot enhancements, systemd-cryptenroll now supports unlocking via FIDO2 tokens, a new "ukify" tool to build/measure/sign Unified Kernel Images (UKIs), and more.
In addition to all of the changes brought forth with systemd 253-rc1, yet more material has landed the past two weeks. With systemd 253-rc2 some of the additional work includes:
- New Meson build-time configuration options of -Ddefault-timeout-sec= and -Ddefault-user-timeout-sec= to control the seconds for the default timeout of starting / stopping / aborting system and user units. This will make it easier for scenarios like Fedora Linux working to shorten its shutdown time by tightening up the defaults for shutting down of systemd services.
- systemd-boot adds a "if-safe" mode to perform UEFI Secure Boot automated certificate enrollment from the EFI System Partition (ESP) only if it is considered "safe" to do so. For this release it's deemed "safe" if running within a virtual machine.
- systemd-sysusers will now automatically create /etc if it is missing.
- A new setting of SuspendEstimationSec= to control the interval to measure the battery charge level as part of the system suspend-then-hibernate service.
- The default tmpfiles.d configuration will now automatically create the credentials storage directory of with the appropriate secure permissions.
- The DDI image dissection logic that is used by RootImage= in service unit files, the "--image=" switch in tools like systemd-nspawn, etc, will now only mount file-systems of types Btrfs, EXT4, XFS, EROFS, SquashFS or VFAT. This can be overrode using the $SYSTEMD_DISSECT_FILE_SYSTEMS environment variable but that supported list of file-systems is being based on being well supported and maintained in current kernels, particularly around security support and fixes.
- Service units have a new OpenFile= setting that can be used to open arbitrary files in the file-system or arbitrary AF_UNIX sockets while passing the open file descriptor to the invoked process via the FD passing protocol. The intention with this OpenFile functionality is for unprivileged services to access select files that have restrictive access modes.
- New bootctl features.
Downloads and more details on the systemd 253-rc2 release via GitHub.
18 Comments