Systemd 256-rc1 Brings A Huge Number Of New Features

Systemd 256-rc1 is available this evening and it comes with many new features and improvements to existing features. It's a big one.

Systemd 256-rc1 is now available and it brings many new features as well as extending additional functionality. In going through the systemd 256-rc1 change-log this evening some of the items that catch my attention include:

- Support for cgroup v1 is now considered obsolete and systemd by default will refuse to boot under it. There still is a workaround to forcibly re-enable cgroup v1 support, but long story short it's time to move on to cgroup v2.

- A new "systemd-vpick" binary is added that implements the vpick protocol. Systemd-vpick can be used for resolving paths to versioned ".v/" versioned directories. More details in the systemd documentation on systemd-vpick.

- Another new tool in systemd 256 is "importctl" as a tool to download, import, and export disk images via systemd-importd. Previously similar functionality to importctl was available via machinectl while now is also extended to cover sysext, confext, and portable service images.

- A new unit generator "systemd-ssh-generator" is added to see if the sshd binary is installed and then bind it via per-connection socket activation to various sockets depending on the execution context.

- Encrypted service credentials can now be made available to unprivileged users via new systemd-creds options.

- Systemd can now be compiled cleanly with all OpenSSL 3.0 deprecations removed.

- For systemd service management there is a new concept of "capsules" introduced. Capsules wrap additional per-user service managers and whose users are transient and only defined as long as the service manager is running (dynamic users).

- Systemd-networkd now provides a basic Varlink interface.

- Systemd-networkd can now pick up WireGuard secrets from the systemd credentials.

- Systemd Ukify now supports Zboot kernels.

- Various library dependencies have been made from regular shared library dependencies into dlopen() ones to enhance security following the XZ backdoor incident.

- Systemd-homed can now unlock home directories when logging in via SSH.

- New systemd services include systemd-nsresourced and systemd-mountfsd.

- Various systemd programs will now look to load main configuration files from locations below /usr/lib, /usr/local/lib, and /run rather than just /etc.

Downloads and the very lengthy list of changes with systemd 256-rc1 can be found via GitHub. Expect to find systemd 256 rolling out for H2'2024 Linux distributions.