Show Your Support: This site is primarily supported by advertisements. Ads are what have allowed this site to be maintained on a daily basis for the past 18+ years. We do our best to ensure only clean, relevant ads are shown, when any nasty ads are detected, we work to remove them ASAP. If you would like to view the site without ads while still supporting our work, please consider our ad-free Phoronix Premium.
systemd 253 Is Near With RC3 Out For Testing
The systemd 253-rc1 debuted in late January and then systemd 252-rc2 arrived last week. Today's release of systemd 253-rc3 release has more bug fixes and other minor updates for systemd 253 but no major new feature work at this late stage.
In case you missed the earlier systemd 253 articles on Phoronix, highlights of this forthcoming release include:
- A new tool with systemd 253 is the "ukify" tool to build, measure, and sign Unified Kernel Images (UKIs). The intent is for systemd ukify to replace functionality currently provided by "dracut --uefi" while providing more functionality as part of the new UKI / trusted boot philosophy.
- Initrd environments not on a temporary file-system are now supported.
- A new MemoryZSwapMax= option to configure the memory.zswap.max cgroup properties.
- Systemd scope units now support the OOMPolicy= option with login session scopes now defaulting to OOMPolicy=continue so they survive the OOM killer terminating some processes in the scope.
- The maximum rate at which daemon reloads are executed can now be controlled via the ReloadLimitIntervalSec= and ReloadLimitBurst= options.
- Systemd now executes generators in a "sandbox" mount namespace with most of the file-system being read-only and then just write access for output directories and a temporary /tmp mount point.
- A new unit type of Type=notify-reload where when a unit is reloaded via signal, the manager will wait until receiving a "READ=1" notification from the unit.
- A new environment variable $SYSTEMD_DEFAULT_MOUNT_RATE_LIMIT_BURST can be used for overriding the mount units burst rate limiting for parsing /proc/self/mountinfo, with a default value of 5.
- Systemd-boot now passes its random seed directly to the kernel's RNG via the LINUX_EFI_RANDOM_SEED_TABLE_GUID configuration table.
- Systemd-boot can now be loaded from a direct kernel boot under QEMU, when embedded into the firmware, or other non-ESP scenarios.
- "systemctl kexec" now supports Xen.
- Various new options for systemd-dissect and systemd-repart.
- systemd-cryptenroll now supports unlocking via FIDO2 tokens.
- New Meson build-time configuration options of -Ddefault-timeout-sec= and -Ddefault-user-timeout-sec= to control the seconds for the default timeout of starting / stopping / aborting system and user units. This will make it easier for scenarios like Fedora Linux working to shorten its shutdown time by tightening up the defaults for shutting down of systemd services.
- systemd-boot adds a "if-safe" mode to perform UEFI Secure Boot automated certificate enrollment from the EFI System Partition (ESP) only if it is considered "safe" to do so. For this release it's deemed "safe" if running within a virtual machine.
- systemd-sysusers will now automatically create /etc if it is missing.
- A new setting of SuspendEstimationSec= to control the interval to measure the battery charge level as part of the system suspend-then-hibernate service.
- The default tmpfiles.d configuration will now automatically create the credentials storage directory of with the appropriate secure permissions.
- The DDI image dissection logic that is used by RootImage= in service unit files, the "--image=" switch in tools like systemd-nspawn, etc, will now only mount file-systems of types Btrfs, EXT4, XFS, EROFS, SquashFS or VFAT. This can be overrode using the $SYSTEMD_DISSECT_FILE_SYSTEMS environment variable but that supported list of file-systems is being based on being well supported and maintained in current kernels, particularly around security support and fixes.
- Service units have a new OpenFile= setting that can be used to open arbitrary files in the file-system or arbitrary AF_UNIX sockets while passing the open file descriptor to the invoked process via the FD passing protocol. The intention with this OpenFile functionality is for unprivileged services to access select files that have restrictive access modes.
Those wanting to fetch systemd 253-rc3 ahead of the official release can find the just-released version up on GitHub.