systemd 256 Released With run0, systemd-vpick, importctl & Other New Features
Systemd 256 ships with a massive number of new features and changes. Some of the prominent systemd 256 highlights include:
- The introduction of run0 as a new alternative to sudo.
- The "systemd.crash_action=" kernel command line option is new that configures what to happen if the system manager crashes. This systemd.crash_action= option in turn deprecates the prior "systemd.crash_reboot" option. The systemd.crash_action= values can be either freeze, reboot, or poweroff.
- Support for cgroup v1 is now considered obsolete and systemd by default will refuse to boot under it. There still is a workaround to forcibly re-enable cgroup v1 support, but long story short it's time to move on to cgroup v2.
- A new "systemd-vpick" binary is added that implements the vpick protocol. Systemd-vpick can be used for resolving paths to versioned ".v/" versioned directories.
- Another new tool in systemd 256 is "importctl" as a tool to download, import, and export disk images via systemd-importd. Previously similar functionality to importctl was available via machinectl while now is also extended to cover sysext, confext, and portable service images.
- A new unit generator "systemd-ssh-generator" is added to see if the sshd binary is installed and then bind it via per-connection socket activation to various sockets depending on the execution context.
- Encrypted service credentials can now be made available to unprivileged users via new systemd-creds options.
- Systemd can now be compiled cleanly with all OpenSSL 3.0 deprecations removed.
- For systemd service management there is a new concept of "capsules" introduced. Capsules wrap additional per-user service managers and whose users are transient and only defined as long as the service manager is running (dynamic users).
- Systemd-networkd now provides a basic Varlink interface.
- Systemd-networkd can now pick up WireGuard secrets from the systemd credentials.
- Systemd Ukify now supports Zboot kernels.
- Various library dependencies have been made from regular shared library dependencies into dlopen() ones to enhance security following the XZ backdoor incident.
- Systemd-homed can now unlock home directories when logging in via SSH.
- New systemd services include systemd-nsresourced and systemd-mountfsd.
- Various systemd programs will now look to load main configuration files from locations below /usr/lib, /usr/local/lib, and /run rather than just /etc.
- The "systemctl kill" command is now supporting the "--wait" argument to make the command wait until the signaled services terminate. The "systemctl kill --wait" can be useful due to otherwise potentially hitting racy conditions.
- Systemd ELF binaries that use libraries via dlopen() are built with a new ELF header note section. The new functionality allows for tools and packagers to programmatically discover the list of optional dependencies used by all systemd ELF binaries. There is a new "systemd/package-notes" project that provides a parser with packaging integration tools.
Downloads and more details on tonight's systemd 256 release via GitHub.
64 Comments
