Skip to content

Releases: systemd/systemd

systemd v256

11 Jun 21:50
v256
Compare
Choose a tag to compare

CHANGES WITH v2⁸:

Announcements of Future Feature Removals and Incompatible Changes:

    * Support for automatic flushing of the nscd user/group database caches
      will be dropped in a future release.

    * Support for cgroup v1 ('legacy' and 'hybrid' hierarchies) is now
      considered obsolete and systemd by default will refuse to boot under
      it. To forcibly reenable cgroup v1 support,
      SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 must be set on kernel command
      line. The meson option 'default-hierarchy=' is also deprecated, i.e.
      only cgroup v2 ('unified' hierarchy) can be selected as build-time
      default.

    * Support for System V service scripts is deprecated and will be
      removed in a future release. Please make sure to update your software
      *now* to include a native systemd unit file instead of a legacy
      System V script to retain compatibility with future systemd releases.

    * Support for the SystemdOptions EFI variable is deprecated.
      'bootctl systemd-efi-options' will emit a warning when used. It seems
      that this feature is little-used and it is better to use alternative
      approaches like credentials and confexts. The plan is to drop support
      altogether at a later point, but this might be revisited based on
      user feedback.

    * systemd-run's switch --expand-environment= which currently is disabled
      by default when combined with --scope, will be changed in a future
      release to be enabled by default.

    * Previously, systemd-networkd did not explicitly remove any bridge
      VLAN IDs assigned on bridge master and ports. Since version 256, if a
      .network file for an interface has at least one valid setting in the
      [BridgeVLAN] section, then all assigned VLAN IDs on the interface
      that are not configured in the .network file are removed.

    * IPForward= setting in .network file is deprecated and replaced with
      IPv4Forwarding= and IPv6Forwarding= settings. These new settings are
      supported both in .network file and networkd.conf. If specified in a
      .network file, they control corresponding per-link settings. If
      specified in networkd.conf, they control corresponding global
      settings. Note, previously IPv6SendRA= and IPMasquerade= implied
      IPForward=, but now they imply the new per-link settings. One of the
      simplest ways to migrate configurations, that worked as a router with
      the previous version, is enabling both IPv4Forwarding= and
      IPv6Forwarding= in networkd.conf. See systemd.network(5) and
      networkd.conf(5) for more details.

    * systemd-gpt-auto-generator will stop generating units for ESP or
      XBOOTLDR partitions if it finds mount entries for or below the /boot/
      or /efi/ hierarchies in /etc/fstab. This is to prevent the generator
      from interfering with systems where the ESP is explicitly configured
      to be mounted at some path, for example /boot/efi/ (this type of
      setup is obsolete, but still commonly found).

    * The behavior of systemd-sleep and systemd-homed has been updated to
      freeze user sessions when entering the various sleep modes or when
      locking a homed-managed home area. This is known to cause issues with
      the proprietary NVIDIA drivers. Packagers of the NVIDIA proprietary
      drivers may want to add drop-in configuration files that set
      SYSTEMD_SLEEP_FREEZE_USER_SESSIONS=false for systemd-suspend.service
      and related services, and SYSTEMD_HOME_LOCK_FREEZE_SESSION=false for
      systemd-homed.service.

    * systemd-tmpfiles and systemd-sysusers, when given a relative
      configuration file path (with at least one directory separator '/'),
      will open the file directly, instead of searching for the given
      partial path in the standard locations. The old mode wasn't useful
      because tmpfiles.d/ and sysusers.d/ configuration has a flat
      structure with no subdirectories under the standard locations and
      this change makes it easier to work with local files with those
      tools.

    * systemd-tmpfiles now properly applies nested configuration to 'R' and
      'D' stanzas. For example, with the combination of 'R /foo' and 'x
      /foo/bar', /foo/bar will now be excluded from removal.

    * systemd.crash_reboot and related settings are deprecated in favor of
      systemd.crash_action=.

    * Stable releases for version v256 and newer will now be pushed in the
      main repository. The systemd-stable repository will be used for existing
      stable branches (v255-stable and lower), and when they reach EOL it will
      be archived.

General Changes and New Features:

    * Various programs will now attempt to load the main configuration file
      from locations below /usr/lib/, /usr/local/lib/, and /run/, not just
      below /etc/. For example, systemd-logind will look for
      /etc/systemd/logind.conf, /run/systemd/logind.conf,
      /usr/local/lib/systemd/logind.conf, and /usr/lib/systemd/logind.conf,
      and use the first file that is found.  This means that the search
      logic for the main config file and for drop-ins is now the same.

      Similarly, kernel-install will look for the config files in
      /usr/lib/kernel/ and the other search locations, and now also
      supports drop-ins.

      systemd-udevd now supports drop-ins for udev.conf.

    * A new 'systemd-vpick' binary has been added. It implements the new
      vpick protocol, where a "*.v/" directory may contain multiple files
      which have versions (following the UAPI version format specification)
      embedded in the file name. The files are ordered by version and
      the newest one is selected.

      systemd-nspawn --image=/--directory=, systemd-dissect,
      systemd-portabled, and the RootDirectory=, RootImage=,
      ExtensionImages=, and ExtensionDirectories= settings for units now
      support the vpick protocol and allow the latest version to be
      selected automatically if a "*.v/" directory is specified as the
      source.

    * Encrypted service credentials can now be made accessible to
      unprivileged users. systemd-creds gained new options --user/--uid=
      for encrypting/decrypting a credential for a specific user.

    * New command-line tool 'importctl' to download, import, and export
      disk images via systemd-importd is added with the following verbs:
      pull-tar, pull-raw, import-tar, import-raw, import-fs, export-tar,
      export-raw, list-transfers, and cancel-transfer. This functionality
      was previously available in "machinectl", where it was used
      exclusively for machine images. The new "importctl" generalizes this
      for sysext, confext, and portable service images.

    * The systemd sources may now be compiled cleanly with all OpenSSL 3.0
      deprecations removed, including the OpenSSL engine logic turned off.

Service Management:

    * New system manager setting ProtectSystem= has been added. It is
      analogous to the unit setting, but applies to the whole system. It is
      enabled by default in the initrd.

      Note that this means that code executed in the initrd cannot naively
      expect to be able to write to /usr/ during boot. This affects
      dracut <= 101, which wrote "hooks" to /lib/dracut/hooks/. See
      https://github.com/dracut-ng/dracut-ng/commit/a45048b80c27ee5a45a380.

    * New unit setting WantsMountsFor= has been added. It is analogous to
      RequiresMountsFor=, but creates a Wants= dependency instead of
      Requires=. This new logic is now used in various places where mounts
      were added as dependencies for other settings (WorkingDirectory=-…,
      PrivateTmp=yes, cryptsetup lines with 'nofail').

    * New unit setting MemoryZSwapWriteback= can be used to control the new
      memory.zswap.writeback cgroup knob added in kernel 6.8.

    * The manager gained a org.freedesktop.systemd1.StartAuxiliaryScope()
      D-Bus method to devolve some processes from a service into a new
      scope. This new scope will remain running, even when the original
      service unit is restarted or stopped. This allows a service unit to
      split out some worker processes which need to continue running.
      Control group properties of the new scope are copied from the
      originating unit, so various limits are retained.

    * Units now expose properties EffectiveMemoryMax=,
      EffectiveMemoryHigh=, and EffectiveTasksMax=, which report the
      most stringent limit systemd is aware of for the given unit.

    * A new unit file specifier %D expands to $XDG_DATA_HOME (for user
      services) or /usr/share/ (for system services).

    * AllowedCPUs= now supports specifier expansion.

    * What= setting in .mount and .swap units now accepts fstab-style
      identifiers, for example UUID=… or LABEL=….

    * RestrictNetworkInterfaces= now supports alternative network interface
      names.

    * PAMName= now implies SetLoginEnvironment=yes.

    * systemd.firstboot=no can be used on the kernel command-line to
      disable interactive queries, but allow other first boot configuration
      to happen based on credentials.

    * ...
Read more

systemd v256-rc4

06 Jun 19:45
v256-rc4
Compare
Choose a tag to compare
systemd v256-rc4 Pre-release
Pre-release

CHANGES WITH 256-rc4:

Announcements of Future Feature Removals and Incompatible Changes:

    * Support for automatic flushing of the nscd user/group database caches
      will be dropped in a future release.

    * Support for cgroup v1 ('legacy' and 'hybrid' hierarchies) is now
      considered obsolete and systemd by default will refuse to boot under
      it. To forcibly reenable cgroup v1 support,
      SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 must be set on kernel command
      line. The meson option 'default-hierarchy=' is also deprecated, i.e.
      only cgroup v2 ('unified' hierarchy) can be selected as build-time
      default.

    * Support for System V service scripts is deprecated and will be
      removed in a future release. Please make sure to update your software
      *now* to include a native systemd unit file instead of a legacy
      System V script to retain compatibility with future systemd releases.

    * Support for the SystemdOptions EFI variable is deprecated.
      'bootctl systemd-efi-options' will emit a warning when used. It seems
      that this feature is little-used and it is better to use alternative
      approaches like credentials and confexts. The plan is to drop support
      altogether at a later point, but this might be revisited based on
      user feedback.

    * systemd-run's switch --expand-environment= which currently is disabled
      by default when combined with --scope, will be changed in a future
      release to be enabled by default.

    * Previously, systemd-networkd did not explicitly remove any bridge
      VLAN IDs assigned on bridge master and ports. Since version 256, if a
      .network file for an interface has at least one valid setting in the
      [BridgeVLAN] section, then all assigned VLAN IDs on the interface
      that are not configured in the .network file are removed.

    * IPForward= setting in .network file is deprecated and replaced with
      IPv4Forwarding= and IPv6Forwarding= settings. These new settings are
      supported both in .network file and networkd.conf. If specified in a
      .network file, they control corresponding per-link settings. If
      specified in networkd.conf, they control corresponding global
      settings. Note, previously IPv6SendRA= and IPMasquerade= implied
      IPForward=, but now they imply the new per-link settings. One of the
      simplest ways to migrate configurations, that worked as a router with
      the previous version, is enabling both IPv4Forwarding= and
      IPv6Forwarding= in networkd.conf. See systemd.network(5) and
      networkd.conf(5) for more details.

    * systemd-gpt-auto-generator will stop generating units for ESP or
      XBOOTLDR partitions if it finds mount entries for or below the /boot/
      or /efi/ hierarchies in /etc/fstab. This is to prevent the generator
      from interfering with systems where the ESP is explicitly configured
      to be mounted at some path, for example /boot/efi/ (this type of
      setup is obsolete, but still commonly found).

    * The behavior of systemd-sleep and systemd-homed has been updated to
      freeze user sessions when entering the various sleep modes or when
      locking a homed-managed home area. This is known to cause issues with
      the proprietary NVIDIA drivers. Packagers of the NVIDIA proprietary
      drivers may want to add drop-in configuration files that set
      SYSTEMD_SLEEP_FREEZE_USER_SESSION=false for systemd-suspend.service
      and related services, and SYSTEMD_HOME_LOCK_FREEZE_SESSION=false for
      systemd-homed.service.

    * systemd-tmpfiles and systemd-sysusers, when given a relative
      configuration file path (with at least one directory separator '/'),
      will open the file directly, instead of searching for the given
      partial path in the standard locations. The old mode wasn't useful
      because tmpfiles.d/ and sysusers.d/ configuration has a flat
      structure with no subdirectories under the standard locations and
      this change makes it easier to work with local files with those
      tools.

    * systemd-tmpfiles now properly applies nested configuration to 'R' and
      'D' stanzas. For example, with the combination of 'R /foo' and 'x
      /foo/bar', /foo/bar will now be excluded from removal.

    * systemd.crash_reboot and related settings are deprecated in favor of
      systemd.crash_action=.

General Changes and New Features:

    * Various programs will now attempt to load the main configuration file
      from locations below /usr/lib/, /usr/local/lib/, and /run/, not just
      below /etc/. For example, systemd-logind will look for
      /etc/systemd/logind.conf, /run/systemd/logind.conf,
      /usr/local/lib/systemd/logind.conf, and /usr/lib/systemd/logind.conf,
      and use the first file that is found.  This means that the search
      logic for the main config file and for drop-ins is now the same.

      Similarly, kernel-install will look for the config files in
      /usr/lib/kernel/ and the other search locations, and now also
      supports drop-ins.

      systemd-udevd now supports drop-ins for udev.conf.

    * A new 'systemd-vpick' binary has been added. It implements the new
      vpick protocol, where a "*.v/" directory may contain multiple files
      which have versions (following the UAPI version format specification)
      embedded in the file name. The files are ordered by version and
      the newest one is selected.

      systemd-nspawn --image=/--directory=, systemd-dissect,
      systemd-portabled, and the RootDirectory=, RootImage=,
      ExtensionImages=, and ExtensionDirectories= settings for units now
      support the vpick protocol and allow the latest version to be
      selected automatically if a "*.v/" directory is specified as the
      source.

    * Encrypted service credentials can now be made accessible to
      unprivileged users. systemd-creds gained new options --user/--uid=
      for encrypting/decrypting a credential for a specific user.

    * New command-line tool 'importctl' to download, import, and export
      disk images via systemd-importd is added with the following verbs:
      pull-tar, pull-raw, import-tar, import-raw, import-fs, export-tar,
      export-raw, list-transfers, and cancel-transfer. This functionality
      was previously available in "machinectl", where it was used
      exclusively for machine images. The new "importctl" generalizes this
      for sysext, confext, and portable service images.

    * The systemd sources may now be compiled cleanly with all OpenSSL 3.0
      deprecations removed, including the OpenSSL engine logic turned off.

Service Management:

    * New system manager setting ProtectSystem= has been added. It is
      analogous to the unit setting, but applies to the whole system. It is
      enabled by default in the initrd.

      Note that this means that code executed in the initrd cannot naively
      expect to be able to write to /usr/ during boot. This affects
      dracut <= 101, which wrote "hooks" to /lib/dracut/hooks/. See
      https://github.com/dracut-ng/dracut-ng/commit/a45048b80c27ee5a45a380.

    * New unit setting WantsMountsFor= has been added. It is analogous to
      RequiresMountsFor=, but creates a Wants= dependency instead of
      Requires=. This new logic is now used in various places where mounts
      were added as dependencies for other settings (WorkingDirectory=-…,
      PrivateTmp=yes, cryptsetup lines with 'nofail').

    * New unit setting MemoryZSwapWriteback= can be used to control the new
      memory.zswap.writeback cgroup knob added in kernel 6.8.

    * The manager gained a org.freedesktop.systemd1.StartAuxiliaryScope()
      D-Bus method to devolve some processes from a service into a new
      scope. This new scope will remain running, even when the original
      service unit is restarted or stopped. This allows a service unit to
      split out some worker processes which need to continue running.
      Control group properties of the new scope are copied from the
      originating unit, so various limits are retained.

    * Units now expose properties EffectiveMemoryMax=,
      EffectiveMemoryHigh=, and EffectiveTasksMax=, which report the
      most stringent limit systemd is aware of for the given unit.

    * A new unit file specifier %D expands to $XDG_DATA_HOME (for user
      services) or /usr/share/ (for system services).

    * AllowedCPUs= now supports specifier expansion.

    * What= setting in .mount and .swap units now accepts fstab-style
      identifiers, for example UUID=… or LABEL=….

    * RestrictNetworkInterfaces= now supports alternative network interface
      names.

    * PAMName= now implies SetLoginEnvironment=yes.

    * systemd.firstboot=no can be used on the kernel command-line to
      disable interactive queries, but allow other first boot configuration
      to happen based on credentials.

    * The system's hostname can be configured via the systemd.hostname
      system credential.

    * The systemd binary will no longer chainload sysvinit's "telinit"
      binary when called under the init/telinit name on a system that isn't
      booted...
Read more

systemd v256-rc3

22 May 22:20
v256-rc3
Compare
Choose a tag to compare
systemd v256-rc3 Pre-release
Pre-release

CHANGES WITH 256-rc3:

Announcements of Future Feature Removals and Incompatible Changes:

    * Support for automatic flushing of the nscd user/group database caches
      will be dropped in a future release.

    * Support for cgroup v1 ('legacy' and 'hybrid' hierarchies) is now
      considered obsolete and systemd by default will refuse to boot under
      it. To forcibly reenable cgroup v1 support,
      SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 must be set on kernel command
      line. The meson option 'default-hierarchy=' is also deprecated, i.e.
      only cgroup v2 ('unified' hierarchy) can be selected as build-time
      default.

    * Support for System V service scripts is deprecated and will be
      removed in a future release. Please make sure to update your software
      *now* to include a native systemd unit file instead of a legacy
      System V script to retain compatibility with future systemd releases.

    * Support for the SystemdOptions EFI variable is deprecated.
      'bootctl systemd-efi-options' will emit a warning when used. It seems
      that this feature is little-used and it is better to use alternative
      approaches like credentials and confexts. The plan is to drop support
      altogether at a later point, but this might be revisited based on
      user feedback.

    * systemd-run's switch --expand-environment= which currently is disabled
      by default when combined with --scope, will be changed in a future
      release to be enabled by default.

    * Previously, systemd-networkd did not explicitly remove any bridge
      VLAN IDs assigned on bridge master and ports. Since version 256, if a
      .network file for an interface has at least one valid setting in the
      [BridgeVLAN] section, then all assigned VLAN IDs on the interface
      that are not configured in the .network file are removed.

    * systemd-gpt-auto-generator will stop generating units for ESP or
      XBOOTLDR partitions if it finds mount entries for or below the /boot/
      or /efi/ hierarchies in /etc/fstab. This is to prevent the generator
      from interfering with systems where the ESP is explicitly configured
      to be mounted at some path, for example /boot/efi/ (this type of
      setup is obsolete, but still commonly found).

    * The behavior of systemd-sleep and systemd-homed has been updated to
      freeze user sessions when entering the various sleep modes or when
      locking a homed-managed home area. This is known to cause issues with
      the proprietary NVIDIA drivers. Packagers of the NVIDIA proprietary
      drivers may want to add drop-in configuration files that set
      SYSTEMD_SLEEP_FREEZE_USER_SESSION=false for systemd-suspend.service
      and related services, and SYSTEMD_HOME_LOCK_FREEZE_SESSION=false for
      systemd-homed.service.

    * systemd-tmpfiles and systemd-sysusers, when given a relative
      configuration file path (with at least one directory separator '/'),
      will open the file directly, instead of searching for the given
      partial path in the standard locations. The old mode wasn't useful
      because tmpfiles.d/ and sysusers.d/ configuration has a flat
      structure with no subdirectories under the standard locations and
      this change makes it easier to work with local files with those
      tools.

    * systemd-tmpfiles now properly applies nested configuration to 'R' and
      'D' stanzas. For example, with the combination of 'R /foo' and 'x
      /foo/bar', /foo/bar will now be excluded from removal.

    * systemd.crash_reboot and related settings are deprecated in favor of
      systemd.crash_action=.

General Changes and New Features:

    * Various programs will now attempt to load the main configuration file
      from locations below /usr/lib/, /usr/local/lib/, and /run/, not just
      below /etc/. For example, systemd-logind will look for
      /etc/systemd/logind.conf, /run/systemd/logind.conf,
      /usr/local/lib/systemd/logind.conf, and /usr/lib/systemd/logind.conf,
      and use the first file that is found.  This means that the search
      logic for the main config file and for drop-ins is now the same.

      Similarly, kernel-install will look for the config files in
      /usr/lib/kernel/ and the other search locations, and now also
      supports drop-ins.

      systemd-udevd now supports drop-ins for udev.conf.

    * A new 'systemd-vpick' binary has been added. It implements the new
      vpick protocol, where a "*.v/" directory may contain multiple files
      which have versions (following the UAPI version format specification)
      embedded in the file name. The files are ordered by version and
      the newest one is selected.

      systemd-nspawn --image=/--directory=, systemd-dissect,
      systemd-portabled, and the RootDirectory=, RootImage=,
      ExtensionImages=, and ExtensionDirectories= settings for units now
      support the vpick protocol and allow the latest version to be
      selected automatically if a "*.v/" directory is specified as the
      source.

    * Encrypted service credentials can now be made accessible to
      unprivileged users. systemd-creds gained new options --user/--uid=
      for encrypting/decrypting a credential for a specific user.

    * New command-line tool 'importctl' to download, import, and export
      disk images via systemd-importd is added with the following verbs:
      pull-tar, pull-raw, import-tar, import-raw, import-fs, export-tar,
      export-raw, list-transfers, and cancel-transfer. This functionality
      was previously available in "machinectl", where it was used
      exclusively for machine images. The new "importctl" generalizes this
      for sysext, confext, and portable service images.

    * The systemd sources may now be compiled cleanly with all OpenSSL 3.0
      deprecations removed, including the OpenSSL engine logic turned off.

Service Management:

    * New system manager setting ProtectSystem= has been added. It is
      analogous to the unit setting, but applies to the whole system. It is
      enabled by default in the initrd.

      Note that this means that code executed in the initrd cannot naively
      expect to be able to write to /usr/ during boot. This affects
      dracut <= 101, which wrote "hooks" to /lib/dracut/hooks/. See
      https://github.com/dracut-ng/dracut-ng/commit/a45048b80c27ee5a45a380.

    * New unit setting WantsMountsFor= has been added. It is analogous to
      RequiresMountsFor=, but creates a Wants= dependency instead of
      Requires=. This new logic is now used in various places where mounts
      were added as dependencies for other settings (WorkingDirectory=-…,
      PrivateTmp=yes, cryptsetup lines with 'nofail').

    * New unit setting MemoryZSwapWriteback= can be used to control the new
      memory.zswap.writeback cgroup knob added in kernel 6.8.

    * The manager gained a org.freedesktop.systemd1.StartAuxiliaryScope()
      D-Bus method to devolve some processes from a service into a new
      scope. This new scope will remain running, even when the original
      service unit is restarted or stopped. This allows a service unit to
      split out some worker processes which need to continue running.
      Control group properties of the new scope are copied from the
      originating unit, so various limits are retained.

    * Units now expose properties EffectiveMemoryMax=,
      EffectiveMemoryHigh=, and EffectiveTasksMax=, which report the
      most stringent limit systemd is aware of for the given unit.

    * A new unit file specifier %D expands to $XDG_DATA_HOME (for user
      services) or /usr/share/ (for system services).

    * AllowedCPUs= now supports specifier expansion.

    * What= setting in .mount and .swap units now accepts fstab-style
      identifiers, for example UUID=… or LABEL=….

    * RestrictNetworkInterfaces= now supports alternative network interface
      names.

    * PAMName= now implies SetLoginEnvironment=yes.

    * systemd.firstboot=no can be used on the kernel command-line to
      disable interactive queries, but allow other first boot configuration
      to happen based on credentials.

    * The system's hostname can be configured via the systemd.hostname
      system credential.

    * The systemd binary will no longer chainload sysvinit's "telinit"
      binary when called under the init/telinit name on a system that isn't
      booted with systemd. This previously has been supported to make sure
      a distribution that has both init systems installed can reasonably
      switch from one to the other via a simple reboot. Distributions
      apparently have lost interest in this, and the functionality has not
      been supported on the primary distribution this was still intended
      for a long time, and hence has been removed now.

    * A new concept called "capsules" has been introduced. "Capsules" wrap
      additional per-user service managers, whose users are transient and
      are only defined as long as the service manager is running. (This is
      implemented via DynamicUser=1), allowing a user manager to be used to
      manager a group of processes without needing to...
Read more

systemd v256-rc2

14 May 23:35
v256-rc2
Compare
Choose a tag to compare
systemd v256-rc2 Pre-release
Pre-release

CHANGES WITH 256-rc2:

Announcements of Future Feature Removals and Incompatible Changes:

    * Support for automatic flushing of the nscd user/group database caches
      will be dropped in a future release.

    * Support for cgroup v1 ('legacy' and 'hybrid' hierarchies) is now
      considered obsolete and systemd by default will refuse to boot under
      it. To forcibly reenable cgroup v1 support,
      SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 must be set on kernel command
      line. The meson option 'default-hierarchy=' is also deprecated, i.e.
      only cgroup v2 ('unified' hierarchy) can be selected as build-time
      default.

    * Support for System V service scripts is deprecated and will be
      removed in a future release. Please make sure to update your software
      *now* to include a native systemd unit file instead of a legacy
      System V script to retain compatibility with future systemd releases.

    * Support for the SystemdOptions EFI variable is deprecated.
      'bootctl systemd-efi-options' will emit a warning when used. It seems
      that this feature is little-used and it is better to use alternative
      approaches like credentials and confexts. The plan is to drop support
      altogether at a later point, but this might be revisited based on
      user feedback.

    * systemd-run's switch --expand-environment= which currently is disabled
      by default when combined with --scope, will be changed in a future
      release to be enabled by default.

    * Previously, systemd-networkd did not explicitly remove any bridge
      VLAN IDs assigned on bridge master and ports. Since version 256, if a
      .network file for an interface has at least one valid setting in the
      [BridgeVLAN] section, then all assigned VLAN IDs on the interface
      that are not configured in the .network file are removed.

    * systemd-gpt-auto-generator will stop generating units for ESP or
      XBOOTLDR partitions if it finds mount entries for or below the /boot/
      or /efi/ hierarchies in /etc/fstab. This is to prevent the generator
      from interfering with systems where the ESP is explicitly configured
      to be mounted at some path, for example /boot/efi/ (this type of
      setup is obsolete, but still commonly found).

    * The behavior of systemd-sleep and systemd-homed has been updated to
      freeze user sessions when entering the various sleep modes or when
      locking a homed-managed home area. This is known to cause issues with
      the proprietary NVIDIA drivers. Packagers of the NVIDIA proprietary
      drivers may want to add drop-in configuration files that set
      SYSTEMD_SLEEP_FREEZE_USER_SESSION=false for systemd-suspend.service
      and related services, and SYSTEMD_HOME_LOCK_FREEZE_SESSION=false for
      systemd-homed.service.

    * systemd-tmpfiles and systemd-sysusers, when given a relative
      configuration file path (with at least one directory separator '/'),
      will open the file directly, instead of searching for the given
      partial path in the standard locations. The old mode wasn't useful
      because tmpfiles.d/ and sysusers.d/ configuration has a flat
      structure with no subdirectories under the standard locations and
      this change makes it easier to work with local files with those
      tools.

    * systemd-tmpfiles now properly applies nested configuration to 'R' and
      'D' stanzas. For example, with the combination of 'R /foo' and 'x
      /foo/bar', /foo/bar will now be excluded from removal.

    * systemd.crash_reboot and related settings are deprecated in favor of
      systemd.crash_action=.

General Changes and New Features:

    * Various programs will now attempt to load the main configuration file
      from locations below /usr/lib/, /usr/local/lib/, and /run/, not just
      below /etc/. For example, systemd-logind will look for
      /etc/systemd/logind.conf, /run/systemd/logind.conf,
      /usr/local/lib/systemd/logind.conf, and /usr/lib/systemd/logind.conf,
      and use the first file that is found.  This means that the search
      logic for the main config file and for drop-ins is now the same.

      Similarly, kernel-install will look for the config files in
      /usr/lib/kernel/ and the other search locations, and now also
      supports drop-ins.

      systemd-udevd now supports drop-ins for udev.conf.

    * A new 'systemd-vpick' binary has been added. It implements the new
      vpick protocol, where a "*.v/" directory may contain multiple files
      which have versions (following the UAPI version format specification)
      embedded in the file name. The files are ordered by version and
      the newest one is selected.

      systemd-nspawn --image=/--directory=, systemd-dissect,
      systemd-portabled, and the RootDirectory=, RootImage=,
      ExtensionImages=, and ExtensionDirectories= settings for units now
      support the vpick protocol and allow the latest version to be
      selected automatically if a "*.v/" directory is specified as the
      source.

    * Encrypted service credentials can now be made accessible to
      unprivileged users. systemd-creds gained new options --user/--uid=
      for encrypting/decrypting a credential for a specific user.

    * New command-line tool 'importctl' to download, import, and export
      disk images via systemd-importd is added with the following verbs:
      pull-tar, pull-raw, import-tar, import-raw, import-fs, export-tar,
      export-raw, list-transfers, and cancel-transfer. This functionality
      was previously available in "machinectl", where it was used
      exclusively for machine images. The new "importctl" generalizes this
      for sysext, confext, and portable service images.

    * The systemd sources may now be compiled cleanly with all OpenSSL 3.0
      deprecations removed, including the OpenSSL engine logic turned off.

Service Management:

    * New system manager setting ProtectSystem= has been added. It is
      analogous to the unit setting, but applies to the whole system. It is
      enabled by default in the initrd.

      Note that this means that code executed in the initrd cannot naively
      expect to be able to write to /usr/ during boot. This affects
      dracut <= 101, which wrote "hooks" to /lib/dracut/hooks/. See
      https://github.com/dracut-ng/dracut-ng/commit/a45048b80c27ee5a45a380.

    * New unit setting WantsMountsFor= has been added. It is analogous to
      RequiresMountsFor=, but creates a Wants= dependency instead of
      Requires=. This new logic is now used in various places where mounts
      were added as dependencies for other settings (WorkingDirectory=-…,
      PrivateTmp=yes, cryptsetup lines with 'nofail').

    * New unit setting MemoryZSwapWriteback= can be used to control the new
      memory.zswap.writeback cgroup knob added in kernel 6.8.

    * The manager gained a org.freedesktop.systemd1.StartAuxiliaryScope()
      D-Bus method to devolve some processes from a service into a new
      scope. This new scope will remain running, even when the original
      service unit is restarted or stopped. This allows a service unit to
      split out some worker processes which need to continue running.
      Control group properties of the new scope are copied from the
      originating unit, so various limits are retained.

    * Units now expose properties EffectiveMemoryMax=,
      EffectiveMemoryHigh=, and EffectiveTasksMax=, which report the
      most stringent limit systemd is aware of for the given unit.

    * A new unit file specifier %D expands to $XDG_DATA_HOME (for user
      services) or /usr/share/ (for system services).

    * AllowedCPUs= now supports specifier expansion.

    * What= setting in .mount and .swap units now accepts fstab-style
      identifiers, for example UUID=… or LABEL=….

    * RestrictNetworkInterfaces= now supports alternative network interface
      names.

    * PAMName= now implies SetLoginEnvironment=yes.

    * systemd.firstboot=no can be used on the kernel command-line to
      disable interactive queries, but allow other first boot configuration
      to happen based on credentials.

    * The system's hostname can be configured via the systemd.hostname
      system credential.

    * The systemd binary will no longer chainload sysvinit's "telinit"
      binary when called under the init/telinit name on a system that isn't
      booted with systemd. This previously has been supported to make sure
      a distribution that has both init systems installed can reasonably
      switch from one to the other via a simple reboot. Distributions
      apparently have lost interest in this, and the functionality has not
      been supported on the primary distribution this was still intended
      for a long time, and hence has been removed now.

    * A new concept called "capsules" has been introduced. "Capsules" wrap
      additional per-user service managers, whose users are transient and
      are only defined as long as the service manager is running. (This is
      implemented via DynamicUser=1), allowing a user manager to be used to
      manager a group of processes without needing to...
Read more

systemd v256-rc1

26 Apr 00:08
v256-rc1
Compare
Choose a tag to compare
systemd v256-rc1 Pre-release
Pre-release

CHANGES WITH 256-rc1:

Announcements of Future Feature Removals and Incompatible Changes:

    * Support for automatic flushing of the nscd user/group database caches
      will be dropped in a future release.

    * Support for cgroup v1 ('legacy' and 'hybrid' hierarchies) is now
      considered obsolete and systemd by default will refuse to boot under
      it. To forcibly reenable cgroup v1 support,
      SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 must be set on kernel command
      line. The meson option 'default-hierarchy=' is also deprecated, i.e.
      only cgroup v2 ('unified' hierarchy) can be selected as build-time
      default.

    * Support for System V service scripts is deprecated and will be
      removed in a future release. Please make sure to update your software
      *now* to include a native systemd unit file instead of a legacy
      System V script to retain compatibility with future systemd releases.

    * Support for the SystemdOptions EFI variable is deprecated.
      'bootctl systemd-efi-options' will emit a warning when used. It seems
      that this feature is little-used and it is better to use alternative
      approaches like credentials and confexts. The plan is to drop support
      altogether at a later point, but this might be revisited based on
      user feedback.

    * systemd-run's switch --expand-environment= which currently is disabled
      by default when combined with --scope, will be changed in a future
      release to be enabled by default.

    * Previously, systemd-networkd did not explicitly remove any bridge
      VLAN IDs assigned on bridge master and ports. Since version 256, if a
      .network file for an interface has at least one valid setting in the
      [BridgeVLAN] section, then all assigned VLAN IDs on the interface
      that are not configured in the .network file are removed.

    * systemd-gpt-auto-generator will stop generating units for ESP or
      XBOOTLDR partitions if it finds mount entries for or below the /boot/
      or /efi/ hierarchies in /etc/fstab. This is to prevent the generator
      from interfering with systems where the ESP is explicitly configured
      to be mounted at some path, for example /boot/efi/ (this type of
      setup is obsolete, but still commonly found).

    * The behavior of systemd-sleep and systemd-homed has been updated to
      freeze user sessions when entering the various sleep modes or when
      locking a homed-managed home area. This is known to cause issues with
      the proprietary NVIDIA drivers. Packagers of the NVIDIA proprietary
      drivers may want to add drop-in configuration files that set
      SYSTEMD_SLEEP_FREEZE_USER_SESSION=false for systemd-suspend.service
      and related services, and SYSTEMD_HOME_LOCK_FREEZE_SESSION=false for
      systemd-homed.service.

    * systemd-tmpfiles and systemd-sysusers, when given a relative
      configuration file path (with at least one directory separator '/'),
      will open the file directly, instead of searching for the given
      partial path in the standard locations. The old mode wasn't useful
      because tmpfiles.d/ and sysusers.d/ configuration has a flat
      structure with no subdirectories under the standard locations and
      this change makes it easier to work with local files with those
      tools.

    * systemd-tmpfiles now properly applies nested configuration to 'R' and
      'D' stanzas. For example, with the combination of 'R /foo' and 'x
      /foo/bar', /foo/bar will now be excluded from removal.

General Changes and New Features:

    * Various programs will now attempt to load the main configuration file
      from locations below /usr/lib/, /usr/local/lib/, and /run/, not just
      below /etc/. For example, systemd-logind will look for
      /etc/systemd/logind.conf, /run/systemd/logind.conf,
      /usr/local/lib/systemd/logind.conf, and /usr/lib/systemd/logind.conf,
      and use the first file that is found.  This means that the search
      logic for the main config file and for drop-ins is now the same.

      Similarly, kernel-install will look for the config files in
      /usr/lib/kernel/ and the other search locations, and now also
      supports drop-ins.

      systemd-udevd now supports drop-ins for udev.conf.

    * A new 'systemd-vpick' binary has been added. It implements the new
      vpick protocol, where a "*.v/" directory may contain multiple files
      which have versions (following the UAPI version format specification)
      embedded in the file name. The files are ordered by version and
      the newest one is selected.

      systemd-nspawn --image=/--directory=, systemd-dissect,
      systemd-portabled, and the RootDirectory=, RootImage=,
      ExtensionImages=, and ExtensionDirectories= settings for units now
      support the vpick protocol and allow the latest version to be
      selected automatically if a "*.v/" directory is specified as the
      source.

    * Encrypted service credentials can now be made accessible to
      unprivileged users. systemd-creds gained new options --user/--uid=
      for encrypting/decrypting a credential for a specific user.

    * New command-line tool 'importctl' to download, import, and export
      disk images via systemd-importd is added with the following verbs:
      pull-tar, pull-raw, import-tar, import-raw, import-fs, export-tar,
      export-raw, list-transfers, and cancel-transfer. This functionality
      was previously available in "machinectl", where it was used
      exclusively for machine images. The new "importctl" generalizes this
      for sysext, confext, and portable service images.

    * The systemd sources may now be compiled cleanly with all OpenSSL 3.0
      deprecations removed, including the OpenSSL engine logic turned off.

Service Management:

    * New system manager setting ProtectSystem= has been added. It is
      analogous to the unit setting, but applies to the whole system. It is
      enabled by default in the initrd.

      Note that this means that code executed in the initrd cannot naively
      expect to be able to write to /usr/ during boot. This affects
      dracut <= 101, which wrote "hooks" to /lib/dracut/hooks/. See
      https://github.com/dracut-ng/dracut-ng/commit/a45048b80c27ee5a45a380.

    * New unit setting WantsMountsFor= has been added. It is analogous to
      RequiresMountsFor=, but creates a Wants= dependency instead of
      Requires=. This new logic is now used in various places where mounts
      were added as dependencies for other settings (WorkingDirectory=-…,
      PrivateTmp=yes, cryptsetup lines with 'nofail').

    * New unit setting MemoryZSwapWriteback= can be used to control the new
      memory.zswap.writeback cgroup knob added in kernel 6.8.

    * The manager gained a org.freedesktop.systemd1.StartAuxiliaryScope()
      D-Bus method to devolve some processes from a service into a new
      scope. This new scope will remain running, even when the original
      service unit is restarted or stopped. This allows a service unit to
      split out some worker processes which need to continue running.
      Control group properties of the new scope are copied from the
      originating unit, so various limits are retained.

    * Units now expose properties EffectiveMemoryMax=,
      EffectiveMemoryHigh=, and EffectiveTasksMax=, which report the
      most stringent limit systemd is aware of for the given unit.

    * A new unit file specifier %D expands to $XDG_DATA_HOME (for user
      services) or /usr/share/ (for system services).

    * AllowedCPUs= now supports specifier expansion.

    * What= setting in .mount and .swap units now accepts fstab-style
      identifiers, for example UUID=… or LABEL=….

    * RestrictNetworkInterfaces= now supports alternative network interface
      names.

    * PAMName= now implies SetLoginEnvironment=yes.

    * systemd.firstboot=no can be used on the kernel command-line to
      disable interactive queries, but allow other first boot configuration
      to happen based on credentials.

    * The system's hostname can be configured via the systemd.hostname
      system credential.

    * The systemd binary will no longer chainload sysvinit's "telinit"
      binary when called under the init/telinit name on a system that isn't
      booted with systemd. This previously has been supported to make sure
      a distribution that has both init systems installed can reasonably
      switch from one to the other via a simple reboot. Distributions
      apparently have lost interest in this, and the functionality has not
      been supported on the primary distribution this was still intended
      for for a long time, and hence has been removed now.

    * A new concept called "capsules" has been introduced. "Capsules" wrap
      additional per-user service managers, whose users are transient and
      are only defined as long as the service manager is running. (This is
      implemented via DynamicUser=1), allowing a user manager to be used to
      manager a group of processes without needing to create an actual user
      account. These service managers run with home directories of
      /var/l...
Read more

systemd v255

06 Dec 20:55
v255
Compare
Choose a tag to compare

systemd System and Service Manager

CHANGES WITH 255:

Announcements of Future Feature Removals and Incompatible Changes:

    * Support for split-usr (/usr/ mounted separately during late boot,
      instead of being mounted by the initrd before switching to the rootfs)
      and unmerged-usr (parallel directories /bin/ and /usr/bin/, /lib/ and
      /usr/lib/, …) has been removed. For more details, see:
      https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html

    * We intend to remove cgroup v1 support from a systemd release after
      the end of 2023. If you run services that make explicit use of
      cgroup v1 features (i.e. the "legacy hierarchy" with separate
      hierarchies for each controller), please implement compatibility with
      cgroup v2 (i.e. the "unified hierarchy") sooner rather than later.
      Most of Linux userspace has been ported over already.

    * Support for System V service scripts is now deprecated and will be
      removed in a future release. Please make sure to update your software
      *now* to include a native systemd unit file instead of a legacy
      System V script to retain compatibility with future systemd releases.

    * Support for the SystemdOptions EFI variable is deprecated.
      'bootctl systemd-efi-options' will emit a warning when used. It seems
      that this feature is little-used and it is better to use alternative
      approaches like credentials and confexts. The plan is to drop support
      altogether at a later point, but this might be revisited based on
      user feedback.

    * systemd-run's switch --expand-environment= which currently is disabled
      by default when combined with --scope, will be changed in a future
      release to be enabled by default.

    * "systemctl switch-root" is now restricted to initrd transitions only.

      Transitions between real systems should be done with
      "systemctl soft-reboot" instead.

    * The "ip=off" and "ip=none" kernel command line options interpreted by
      systemd-network-generator will now result in IPv6RA + link-local
      addressing being disabled, too. Previously DHCP was turned off, but
      IPv6RA and IPv6 link-local addressing was left enabled.

    * The NAMING_BRIDGE_MULTIFUNCTION_SLOT naming scheme has been deprecated
      and is now disabled.

    * SuspendMode=, HibernateState= and HybridSleepState= in the [Sleep]
      section of systemd-sleep.conf are now deprecated and have no effect.
      They did not (and could not) take any value other than the respective
      default. HybridSleepMode= is also deprecated, and will now always use
      the 'suspend' disk mode.

Service Manager:

    * The way services are spawned has been overhauled. Previously, a
      process was forked that shared all of the manager's memory (via
      copy-on-write) while doing all the required setup (e.g.: mount
      namespaces, CGroup configuration, etc.) before exec'ing the target
      executable. This was problematic for various reasons: several glibc
      APIs were called that are not supposed to be used after a fork but
      before an exec, copy-on-write meant that if either process (the
      manager or the child) touched a memory page a copy was triggered, and
      also the memory footprint of the child process was that of the
      manager, but with the memory limits of the service. From this version
      onward, the new process is spawned using CLONE_VM and CLONE_VFORK
      semantics via posix_spawn(3), and it immediately execs a new internal
      binary, systemd-executor, that receives the configuration to apply
      via memfd, and sets up the process before exec'ing the target
      executable. The systemd-executor binary is pinned by file descriptor
      by each manager instance (system and users), and the reference is
      updated on daemon-reexec - it is thus important to reexec all running
      manager instances when the systemd-executor and/or libsystemd*
      libraries are updated on the filesystem.

    * Most of the internal process tracking is being changed to use PIDFDs
      instead of PIDs when the kernel supports it, to improve robustness
      and reliability.

    * A new option SurviveFinalKillSignal= can be used to configure the
      unit to be skipped in the final SIGTERM/SIGKILL spree on shutdown.
      This is part of the required configuration to let a unit's processes
      survive a soft-reboot operation.

    * System extension images (sysext) can now set
      EXTENSION_RELOAD_MANAGER=1 in their extension-release files to
      automatically reload the service manager (PID 1) when
      merging/refreshing/unmerging on boot. Generally, while this can be
      used to ship services in system extension images it's recommended to
      do that via portable services instead.

    * The ExtensionImages= and ExtensionDirectories= options now support
      confexts images/directories.

    * A new option NFTSet= provides a method for integrating dynamic cgroup
      IDs into firewall rules with NFT sets. The benefit of using this
      setting is to be able to use control group as a selector in firewall
      rules easily and this in turn allows more fine grained filtering.
      Also, NFT rules for cgroup matching use numeric cgroup IDs, which
      change every time a service is restarted, making them hard to use in
      systemd environment.

    * A new option CoredumpReceive= can be set for service and scope units,
      together with Delegate=yes, to make systemd-coredump on the host
      forward core files from processes crashing inside the delegated
      CGroup subtree to systemd-coredump running in the container. This new
      option is by default used by systemd-nspawn containers that use the
      "--boot" switch.

    * A new ConditionSecurity=measured-uki option is now available, to ensure
      a unit can only run when the system has been booted from a measured UKI.

    * MemoryAvailable= now considers physical memory if there are no CGroup
      memory limits set anywhere in the tree.

    * The $USER environment variable is now always set for services, while
      previously it was only set if User= was specified. A new option
      SetLoginEnvironment= is now supported to determine whether to also set
      $HOME, $LOGNAME, and $SHELL.

    * Socket units now support a new pair of
      PollLimitBurst=/PollLimitInterval= options to configure a limit on
      how often polling events on the file descriptors backing this unit
      will be considered within a time window.

    * Scope units can now be created using PIDFDs instead of PIDs to select
      the processes they should include.

    * Sending SIGRTMIN+18 with 0x500 as sigqueue() value will now cause the
      manager to dump the list of currently pending jobs.

    * If the kernel supports MOVE_MOUNT_BENEATH, the systemctl and
      machinectl bind and mount-image verbs will now cause the new mount to
      replace the old mount (if any), instead of overmounting it.

    * Units now have MemoryPeak, MemorySwapPeak, MemorySwapCurrent and
      MemoryZSwapCurrent properties, which respectively contain the values
      of the cgroup v2's memory.peak, memory.swap.peak, memory.swap.current
      and memory.zswap.current properties. This information is also show in
      "systemctl status" output, if available.

TPM2 Support + Disk Encryption & Authentication:

    * systemd-cryptenroll now allows specifying a PCR bank and explicit hash
      value in the --tpm2-pcrs= option.

    * systemd-cryptenroll now allows specifying a TPM2 key handle (nv
      index) to be used instead of the default SRK via the new
      --tpm2-seal-key-handle= option.

    * systemd-cryptenroll now allows TPM2 enrollment using only a TPM2
      public key (in TPM2B_PUBLIC format) – without access to the TPM2
      device itself – which enables offline sealing of LUKS images for a
      specific TPM2 chip, as long as the SRK public key is known. Pass the
      public to the tool via the new --tpm2-device-key= switch.

    * systemd-cryptsetup is now installed in /usr/bin/ and is no longer an
      internal-only executable.

    * The TPM2 Storage Root Key will now be set up, if not already present,
      by a new systemd-tpm2-setup.service early boot service. The SRK will
      be stored in PEM format and TPM2_PUBLIC format (the latter is useful
      for systemd-cryptenroll --tpm2-device-key=, as mentioned above) for
      easier access. A new "srk" verb has been added to systemd-analyze to
      allow extracting it on demand if it is already set up.

    * The internal systemd-pcrphase executable has been renamed to
      systemd-pcrextend.

    * The systemd-pcrextend tool gained a new --pcr= switch to override
      which PCR to measure into.

    * systemd-pcrextend now exposes a Varlink interface at
      io.systemd.PCRExtend that can be used to do measurements and event
      logging on demand.

    * TPM measurements are now also written to an event log at
      /run/log/systemd/tpm2-measure.log, using a derivative of the TCG
      Canonical Event Log format. Previously we'd only log them to the
      jour...
Read more

systemd v255-rc4

02 Dec 02:11
v255-rc4
Compare
Choose a tag to compare
systemd v255-rc4 Pre-release
Pre-release

systemd System and Service Manager

CHANGES WITH 255 in spe:

Announcements of Future Feature Removals and Incompatible Changes:

    * Support for split-usr (/usr/ mounted separately during late boot,
      instead of being mounted by the initrd before switching to the rootfs)
      and unmerged-usr (parallel directories /bin/ and /usr/bin/, /lib/ and
      /usr/lib/, …) has been removed. For more details, see:
      https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html

    * We intend to remove cgroup v1 support from a systemd release after
      the end of 2023. If you run services that make explicit use of
      cgroup v1 features (i.e. the "legacy hierarchy" with separate
      hierarchies for each controller), please implement compatibility with
      cgroup v2 (i.e. the "unified hierarchy") sooner rather than later.
      Most of Linux userspace has been ported over already.

    * Support for System V service scripts is now deprecated and will be
      removed in a future release. Please make sure to update your software
      *now* to include a native systemd unit file instead of a legacy
      System V script to retain compatibility with future systemd releases.

    * Support for the SystemdOptions EFI variable is deprecated.
      'bootctl systemd-efi-options' will emit a warning when used. It seems
      that this feature is little-used and it is better to use alternative
      approaches like credentials and confexts. The plan is to drop support
      altogether at a later point, but this might be revisited based on
      user feedback.

    * systemd-run's switch --expand-environment= which currently is disabled
      by default when combined with --scope, will be changed in a future
      release to be enabled by default.

    * "systemctl switch-root" is now restricted to initrd transitions only.

      Transitions between real systems should be done with
      "systemctl soft-reboot" instead.

    * The "ip=off" and "ip=none" kernel command line options interpreted by
      systemd-network-generator will now result in IPv6RA + link-local
      addressing being disabled, too. Previously DHCP was turned off, but
      IPv6RA and IPv6 link-local addressing was left enabled.

    * The NAMING_BRIDGE_MULTIFUNCTION_SLOT naming scheme has been deprecated
      and is now disabled.

    * SuspendMode=, HibernateState= and HybridSleepState= in the [Sleep]
      section of systemd-sleep.conf are now deprecated and have no effect.
      They did not (and could not) take any value other than the respective
      default. HybridSleepMode= is also deprecated, and will now always use
      the 'suspend' disk mode.

Service Manager:

    * The way services are spawned has been overhauled. Previously, a
      process was forked that shared all of the manager's memory (via
      copy-on-write) while doing all the required setup (e.g.: mount
      namespaces, CGroup configuration, etc.) before exec'ing the target
      executable. This was problematic for various reasons: several glibc
      APIs were called that are not supposed to be used after a fork but
      before an exec, copy-on-write meant that if either process (the
      manager or the child) touched a memory page a copy was triggered, and
      also the memory footprint of the child process was that of the
      manager, but with the memory limits of the service. From this version
      onward, the new process is spawned using CLONE_VM and CLONE_VFORK
      semantics via posix_spawn(3), and it immediately execs a new internal
      binary, systemd-executor, that receives the configuration to apply
      via memfd, and sets up the process before exec'ing the target
      executable. The systemd-executor binary is pinned by file descriptor
      by each manager instance (system and users), and the reference is
      updated on daemon-reexec - it is thus important to reexec all running
      manager instances when the systemd-executor and/or libsystemd*
      libraries are updated on the filesystem.

    * Most of the internal process tracking is being changed to use PIDFDs
      instead of PIDs when the kernel supports it, to improve robustness
      and reliability.

    * A new option SurviveFinalKillSignal= can be used to configure the
      unit to be skipped in the final SIGTERM/SIGKILL spree on shutdown.
      This is part of the required configuration to let a unit's processes
      survive a soft-reboot operation.

    * System extension images (sysext) can now set
      EXTENSION_RELOAD_MANAGER=1 in their extension-release files to
      automatically reload the service manager (PID 1) when
      merging/refreshing/unmerging on boot. Generally, while this can be
      used to ship services in system extension images it's recommended to
      do that via portable services instead.

    * The ExtensionImages= and ExtensionDirectories= options now support
      confexts images/directories.

    * A new option NFTSet= provides a method for integrating dynamic cgroup
      IDs into firewall rules with NFT sets. The benefit of using this
      setting is to be able to use control group as a selector in firewall
      rules easily and this in turn allows more fine grained filtering.
      Also, NFT rules for cgroup matching use numeric cgroup IDs, which
      change every time a service is restarted, making them hard to use in
      systemd environment.

    * A new option CoredumpReceive= can be set for service and scope units,
      together with Delegate=yes, to make systemd-coredump on the host
      forward core files from processes crashing inside the delegated
      CGroup subtree to systemd-coredump running in the container. This new
      option is by default used by systemd-nspawn containers that use the
      "--boot" switch.

    * A new ConditionSecurity=measured-uki option is now available, to ensure
      a unit can only run when the system has been booted from a measured UKI.

    * MemoryAvailable= now considers physical memory if there are no CGroup
      memory limits set anywhere in the tree.

    * The $USER environment variable is now always set for services, while
      previously it was only set if User= was specified. A new option
      SetLoginEnvironment= is now supported to determine whether to also set
      $HOME, $LOGNAME, and $SHELL.

    * Socket units now support a new pair of
      PollLimitBurst=/PollLimitInterval= options to configure a limit on
      how often polling events on the file descriptors backing this unit
      will be considered within a time window.

    * Scope units can now be created using PIDFDs instead of PIDs to select
      the processes they should include.

    * Sending SIGRTMIN+18 with 0x500 as sigqueue() value will now cause the
      manager to dump the list of currently pending jobs.

    * If the kernel supports MOVE_MOUNT_BENEATH, the systemctl and
      machinectl bind and mount-image verbs will now cause the new mount to
      replace the old mount (if any), instead of overmounting it.

    * Units now have MemoryPeak, MemorySwapPeak, MemorySwapCurrent and
      MemoryZSwapCurrent properties, which respectively contain the values
      of the cgroup v2's memory.peak, memory.swap.peak, memory.swap.current
      and memory.zswap.current properties. This information is also show in
      "systemctl status" output, if available.

TPM2 Support + Disk Encryption & Authentication:

    * systemd-cryptenroll now allows specifying a PCR bank and explicit hash
      value in the --tpm2-pcrs= option.

    * systemd-cryptenroll now allows specifying a TPM2 key handle (nv
      index) to be used instead of the default SRK via the new
      --tpm2-seal-key-handle= option.

    * systemd-cryptenroll now allows TPM2 enrollment using only a TPM2
      public key (in TPM2B_PUBLIC format) – without access to the TPM2
      device itself – which enables offline sealing of LUKS images for a
      specific TPM2 chip, as long as the SRK public key is known. Pass the
      public to the tool via the new --tpm2-device-key= switch.

    * systemd-cryptsetup is now installed in /usr/bin/ and is no longer an
      internal-only executable.

    * The TPM2 Storage Root Key will now be set up, if not already present,
      by a new systemd-tpm2-setup.service early boot service. The SRK will
      be stored in PEM format and TPM2_PUBLIC format (the latter is useful
      for systemd-cryptenroll --tpm2-device-key=, as mentioned above) for
      easier access. A new "srk" verb has been added to systemd-analyze to
      allow extracting it on demand if it is already set up.

    * The internal systemd-pcrphase executable has been renamed to
      systemd-pcrextend.

    * The systemd-pcrextend tool gained a new --pcr= switch to override
      which PCR to measure into.

    * systemd-pcrextend now exposes a Varlink interface at
      io.systemd.PCRExtend that can be used to do measurements and event
      logging on demand.

    * TPM measurements are now also written to an event log at
      /run/log/systemd/tpm2-measure.log, using a derivative of the TCG
      Canonical Event Log format. Previously we'd only log them to the
   ...
Read more

systemd v255-rc3

22 Nov 20:46
v255-rc3
Compare
Choose a tag to compare
systemd v255-rc3 Pre-release
Pre-release

systemd System and Service Manager

CHANGES WITH 255 in spe:

Announcements of Future Feature Removals and Incompatible Changes:

    * Support for split-usr (/usr/ mounted separately during late boot,
      instead of being mounted by the initrd before switching to the rootfs)
      and unmerged-usr (parallel directories /bin/ and /usr/bin/, /lib/ and
      /usr/lib/, …) has been removed. For more details, see:
      https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html

    * We intend to remove cgroup v1 support from a systemd release after
      the end of 2023. If you run services that make explicit use of
      cgroup v1 features (i.e. the "legacy hierarchy" with separate
      hierarchies for each controller), please implement compatibility with
      cgroup v2 (i.e. the "unified hierarchy") sooner rather than later.
      Most of Linux userspace has been ported over already.

    * Support for System V service scripts is now deprecated and will be
      removed in a future release. Please make sure to update your software
      *now* to include a native systemd unit file instead of a legacy
      System V script to retain compatibility with future systemd releases.

    * Support for the SystemdOptions EFI variable is deprecated.
      'bootctl systemd-efi-options' will emit a warning when used. It seems
      that this feature is little-used and it is better to use alternative
      approaches like credentials and confexts. The plan is to drop support
      altogether at a later point, but this might be revisited based on
      user feedback.

    * systemd-run's switch --expand-environment= which currently is disabled
      by default when combined with --scope, will be changed in a future
      release to be enabled by default.

    * "systemctl switch-root" is now restricted to initrd transitions only.

      Transitions between real systems should be done with
      "systemctl soft-reboot" instead.

    * The "ip=off" and "ip=none" kernel command line options interpreted by
      systemd-network-generator will now result in IPv6RA + link-local
      addressing being disabled, too. Previously DHCP was turned off, but
      IPv6RA and IPv6 link-local addressing was left enabled.

    * The NAMING_BRIDGE_MULTIFUNCTION_SLOT naming scheme has been deprecated
      and is now disabled.

    * SuspendMode=, HibernateState= and HybridSleepState= in the [Sleep]
      section of systemd-sleep.conf are now deprecated and have no effect.
      They did not (and could not) take any value other than the respective
      default. HybridSleepMode= is also deprecated, and will now always use
      the 'suspend' disk mode.

Service Manager:

    * The way services are spawned has been overhauled. Previously, a
      process was forked that shared all of the manager's memory (via
      copy-on-write) while doing all the required setup (e.g.: mount
      namespaces, CGroup configuration, etc.) before exec'ing the target
      executable. This was problematic for various reasons: several glibc
      APIs were called that are not supposed to be used after a fork but
      before an exec, copy-on-write meant that if either process (the
      manager or the child) touched a memory page a copy was triggered, and
      also the memory footprint of the child process was that of the
      manager, but with the memory limits of the service. From this version
      onward, the new process is spawned using CLONE_VM and CLONE_VFORK
      semantics via posix_spawn(3), and it immediately execs a new internal
      binary, systemd-executor, that receives the configuration to apply
      via memfd, and sets up the process before exec'ing the target
      executable. The systemd-executor binary is pinned by file descriptor
      by each manager instance (system and users), and the reference is
      updated on daemon-reexec - it is thus important to reexec all running
      manager instances when the systemd-executor and/or libsystemd*
      libraries are updated on the filesystem.

    * Most of the internal process tracking is being changed to use PIDFDs
      instead of PIDs when the kernel supports it, to improve robustness
      and reliability.

    * A new option SurviveFinalKillSignal= can be used to configure the
      unit to be skipped in the final SIGTERM/SIGKILL spree on shutdown.
      This is part of the required configuration to let a unit's processes
      survive a soft-reboot operation.

    * System extension images (sysext) can now set
      EXTENSION_RELOAD_MANAGER=1 in their extension-release files to
      automatically reload the service manager (PID 1) when
      merging/refreshing/unmerging on boot. Generally, while this can be
      used to ship services in system extension images it's recommended to
      do that via portable services instead.

    * The ExtensionImages= and ExtensionDirectories= options now support
      confexts images/directories.

    * A new option NFTSet= provides a method for integrating dynamic cgroup
      IDs into firewall rules with NFT sets. The benefit of using this
      setting is to be able to use control group as a selector in firewall
      rules easily and this in turn allows more fine grained filtering.
      Also, NFT rules for cgroup matching use numeric cgroup IDs, which
      change every time a service is restarted, making them hard to use in
      systemd environment.

    * A new option CoredumpReceive= can be set for service and scope units,
      together with Delegate=yes, to make systemd-coredump on the host
      forward core files from processes crashing inside the delegated
      CGroup subtree to systemd-coredump running in the container. This new
      option is by default used by systemd-nspawn containers that use the
      "--boot" switch.

    * A new ConditionSecurity=measured-uki option is now available, to ensure
      a unit can only run when the system has been booted from a measured UKI.

    * MemoryAvailable= now considers physical memory if there are no CGroup
      memory limits set anywhere in the tree.

    * The $USER environment variable is now always set for services, while
      previously it was only set if User= was specified. A new option
      SetLoginEnvironment= is now supported to determine whether to also set
      $HOME, $LOGNAME, and $SHELL.

    * Socket units now support a new pair of
      PollLimitBurst=/PollLimitInterval= options to configure a limit on
      how often polling events on the file descriptors backing this unit
      will be considered within a time window.

    * Scope units can now be created using PIDFDs instead of PIDs to select
      the processes they should include.

    * Sending SIGRTMIN+18 with 0x500 as sigqueue() value will now cause the
      manager to dump the list of currently pending jobs.

    * If the kernel supports MOVE_MOUNT_BENEATH, the systemctl and
      machinectl bind and mount-image verbs will now cause the new mount to
      replace the old mount (if any), instead of overmounting it.

    * Units now have MemoryPeak, MemorySwapPeak, MemorySwapCurrent and
      MemoryZSwapCurrent properties, which respectively contain the values
      of the cgroup v2's memory.peak, memory.swap.peak, memory.swap.current
      and memory.zswap.current properties. This information is also show in
      "systemctl status" output, if available.

TPM2 Support + Disk Encryption & Authentication:

    * systemd-cryptenroll now allows specifying a PCR bank and explicit hash
      value in the --tpm2-pcrs= option.

    * systemd-cryptenroll now allows specifying a TPM2 key handle (nv
      index) to be used instead of the default SRK via the new
      --tpm2-seal-key-handle= option.

    * systemd-cryptenroll now allows TPM2 enrollment using only a TPM2
      public key (in TPM2B_PUBLIC format) – without access to the TPM2
      device itself – which enables offline sealing of LUKS images for a
      specific TPM2 chip, as long as the SRK public key is known. Pass the
      public to the tool via the new --tpm2-device-key= switch.

    * systemd-cryptsetup is now installed in /usr/bin/ and is no longer an
      internal-only executable.

    * The TPM2 Storage Root Key will now be set up, if not already present,
      by a new systemd-tpm2-setup.service early boot service. The SRK will
      be stored in PEM format and TPM2_PUBLIC format (the latter is useful
      for systemd-cryptenroll --tpm2-device-key=, as mentioned above) for
      easier access. A new "srk" verb has been added to systemd-analyze to
      allow extracting it on demand if it is already set up.

    * The internal systemd-pcrphase executable has been renamed to
      systemd-pcrextend.

    * The systemd-pcrextend tool gained a new --pcr= switch to override
      which PCR to measure into.

    * systemd-pcrextend now exposes a Varlink interface at
      io.systemd.PCRExtend that can be used to do measurements and event
      logging on demand.

    * TPM measurements are now also written to an event log at
      /run/log/systemd/tpm2-measure.log, using a derivative of the TCG
      Canonical Event Log format. Previously we'd only log them to the
   ...
Read more

systemd v255-rc2

15 Nov 16:51
v255-rc2
Compare
Choose a tag to compare
systemd v255-rc2 Pre-release
Pre-release

systemd System and Service Manager

CHANGES WITH 255 in spe:

Announcements of Future Feature Removals and Incompatible Changes:

    * Support for split-usr (/usr/ mounted separately during late boot,
      instead of being mounted by the initrd before switching to the rootfs)
      and unmerged-usr (parallel directories /bin/ and /usr/bin/, /lib/ and
      /usr/lib/, …) has been removed. For more details, see:
      https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html

    * We intend to remove cgroup v1 support from a systemd release after
      the end of 2023. If you run services that make explicit use of
      cgroup v1 features (i.e. the "legacy hierarchy" with separate
      hierarchies for each controller), please implement compatibility with
      cgroup v2 (i.e. the "unified hierarchy") sooner rather than later.
      Most of Linux userspace has been ported over already.

    * Support for System V service scripts is now deprecated and will be
      removed in a future release. Please make sure to update your software
      *now* to include a native systemd unit file instead of a legacy
      System V script to retain compatibility with future systemd releases.

    * Support for the SystemdOptions EFI variable is deprecated.
      'bootctl systemd-efi-options' will emit a warning when used. It seems
      that this feature is little-used and it is better to use alternative
      approaches like credentials and confexts. The plan is to drop support
      altogether at a later point, but this might be revisited based on
      user feedback.

    * systemd-run's switch --expand-environment= which currently is disabled
      by default when combined with --scope, will be changed in a future
      release to be enabled by default.

    * "systemctl switch-root" is now restricted to initrd transitions only.

      Transitions between real systems should be done with
      "systemctl soft-reboot" instead.

    * The "ip=off" and "ip=none" kernel command line options interpreted by
      systemd-network-generator will now result in IPv6RA + link-local
      addressing being disabled, too. Previously DHCP was turned off, but
      IPv6RA and IPv6 link-local addressing was left enabled.

    * The NAMING_BRIDGE_MULTIFUNCTION_SLOT naming scheme has been deprecated
      and is now disabled.

    * SuspendMode=, HibernateState= and HybridSleepState= in the [Sleep]
      section of systemd-sleep.conf are now deprecated and have no effect.
      They did not (and could not) take any value other than the respective
      default. HybridSleepMode= is also deprecated, and will now always use
      the 'suspend' disk mode.

Service Manager:

    * The way services are spawned has been overhauled. Previously, a
      process was forked that shared all of the manager's memory (via
      copy-on-write) while doing all the required setup (e.g.: mount
      namespaces, CGroup configuration, etc.) before exec'ing the target
      executable. This was problematic for various reasons: several glibc
      APIs were called that are not supposed to be used after a fork but
      before an exec, copy-on-write meant that if either process (the
      manager or the child) touched a memory page a copy was triggered, and
      also the memory footprint of the child process was that of the
      manager, but with the memory limits of the service. From this version
      onward, the new process is spawned using CLONE_VM and CLONE_VFORK
      semantics via posix_spawn(3), and it immediately execs a new internal
      binary, systemd-executor, that receives the configuration to apply
      via memfd, and sets up the process before exec'ing the target
      executable.

    * Most of the internal process tracking is being changed to use PIDFDs
      instead of PIDs when the kernel supports it, to improve robustness
      and reliability.

    * A new option SurviveFinalKillSignal= can be used to configure the
      unit to be skipped in the final SIGTERM/SIGKILL spree on shutdown.
      This is part of the required configuration to let a unit's processes
      survive a soft-reboot operation.

    * System extension images (sysext) can now set
      EXTENSION_RELOAD_MANAGER=1 in their extension-release files to
      automatically reload the service manager (PID 1) when
      merging/refreshing/unmerging on boot. Generally, while this can be
      used to ship services in system extension images it's recommended to
      do that via portable services instead.

    * The ExtensionImages= and ExtensionDirectories= options now support
      confexts images/directories.

    * A new option NFTSet= provides a method for integrating dynamic cgroup
      IDs into firewall rules with NFT sets. The benefit of using this
      setting is to be able to use control group as a selector in firewall
      rules easily and this in turn allows more fine grained filtering.
      Also, NFT rules for cgroup matching use numeric cgroup IDs, which
      change every time a service is restarted, making them hard to use in
      systemd environment.

    * A new option CoredumpReceive= can be set for service and scope units,
      together with Delegate=yes, to make systemd-coredump on the host
      forward core files from processes crashing inside the delegated
      CGroup subtree to systemd-coredump running in the container. This new
      option is by default used by systemd-nspawn containers that use the
      "--boot" switch.

    * A new ConditionSecurity=measured-uki option is now available, to ensure
      a unit can only run when the system has been booted from a measured UKI.

    * MemoryAvailable= now considers physical memory if there are no CGroup
      memory limits set anywhere in the tree.

    * The $USER environment variable is now always set for services, while
      previously it was only set if User= was specified. A new option
      SetLoginEnvironment= is now supported to determine whether to also set
      $HOME, $LOGNAME, and $SHELL.

    * Socket units now support a new pair of
      PollLimitBurst=/PollLimitInterval= options to configure a limit on
      how often polling events on the file descriptors backing this unit
      will be considered within a time window.

    * Scope units can now be created using PIDFDs instead of PIDs to select
      the processes they should include.

    * Sending SIGRTMIN+18 with 0x500 as sigqueue() value will now cause the
      manager to dump the list of currently pending jobs.

    * If the kernel supports MOVE_MOUNT_BENEATH, the systemctl and
      machinectl bind and mount-image verbs will now cause the new mount to
      replace the old mount (if any), instead of overmounting it.

    * Units now have MemoryPeak, MemorySwapPeak, MemorySwapCurrent and
      MemoryZSwapCurrent properties, which respectively contain the values
      of the cgroup v2's memory.peak, memory.swap.peak, memory.swap.current
      and memory.zswap.current properties. This information is also show in
      "systemctl status" output, if available.

TPM2 Support + Disk Encryption & Authentication:

    * systemd-cryptenroll now allows specifying a PCR bank and explicit hash
      value in the --tpm2-pcrs= option.

    * systemd-cryptenroll now allows specifying a TPM2 key handle (nv
      index) to be used instead of the default SRK via the new
      --tpm2-seal-key-handle= option.

    * systemd-cryptenroll now allows TPM2 enrollment using only a TPM2
      public key (in TPM2B_PUBLIC format) – without access to the TPM2
      device itself – which enables offline sealing of LUKS images for a
      specific TPM2 chip, as long as the SRK public key is known. Pass the
      public to the tool via the new --tpm2-device-key= switch.

    * systemd-cryptsetup is now installed in /usr/bin/ and is no longer an
      internal-only executable.

    * The TPM2 Storage Root Key will now be set up, if not already present,
      by a new systemd-tpm2-setup.service early boot service. The SRK will
      be stored in PEM format and TPM2_PUBLIC format (the latter is useful
      for systemd-cryptenroll --tpm2-device-key=, as mentioned above) for
      easier access. A new "srk" verb has been added to systemd-analyze to
      allow extracting it on demand if it is already set up.

    * The internal systemd-pcrphase executable has been renamed to
      systemd-pcrextend.

    * The systemd-pcrextend tool gained a new --pcr= switch to override
      which PCR to measure into.

    * systemd-pcrextend now exposes a Varlink interface at
      io.systemd.PCRExtend that can be used to do measurements and event
      logging on demand.

    * TPM measurements are now also written to an event log at
      /run/log/systemd/tpm2-measure.log, using a derivative of the TCG
      Canonical Event Log format. Previously we'd only log them to the
      journal, where they however were subject to rotation and similar.

    * A new component "systemd-pcrlock" has been added that allows managing
      local TPM2 PCR policies for PCRs 0-7 and similar, which are hard to
      predict by the OS vendor because of the inherently local nature of
      what measurements the...
Read more

systemd v255-rc1

06 Nov 11:58
v255-rc1
Compare
Choose a tag to compare
systemd v255-rc1 Pre-release
Pre-release

systemd System and Service Manager

CHANGES WITH 255 in spe:

Announcements of Future Feature Removals and Incompatible Changes:

    * Support for split-usr (/usr/ mounted separately during late boot,
      instead of being mounted by the initrd before switching to the rootfs)
      and unmerged-usr (parallel directories /bin/ and /usr/bin/, /lib/ and
      /usr/lib/, …) has been removed. For more details, see:
      https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html

    * We intend to remove cgroup v1 support from a systemd release after
      the end of 2023. If you run services that make explicit use of
      cgroup v1 features (i.e. the "legacy hierarchy" with separate
      hierarchies for each controller), please implement compatibility with
      cgroup v2 (i.e. the "unified hierarchy") sooner rather than later.
      Most of Linux userspace has been ported over already.

    * Support for System V service scripts is now deprecated and will be
      removed in a future release. Please make sure to update your software
      *now* to include a native systemd unit file instead of a legacy
      System V script to retain compatibility with future systemd releases.

    * Support for the SystemdOptions EFI variable is deprecated.
      'bootctl systemd-efi-options' will emit a warning when used. It seems
      that this feature is little-used and it is better to use alternative
      approaches like credentials and confexts. The plan is to drop support
      altogether at a later point, but this might be revisited based on
      user feedback.

    * systemd-run's switch --expand-environment= which currently is disabled
      by default when combined with --scope, will be changed in a future
      release to be enabled by default.

    * "systemctl switch-root" is now restricted to initrd transitions only.

      Transitions between real systems should be done with
      "systemctl soft-reboot" instead.

    * The "ip=off" and "ip=none" kernel command line options interpreted by
      systemd-network-generator will now result in IPv6RA + link-local
      addressing being disabled, too. Previously DHCP was turned off, but
      IPv6RA and IPv6 link-local addressing was left enabled.

    * The NAMING_BRIDGE_MULTIFUNCTION_SLOT naming scheme has been deprecated
      and is now disabled.

    * SuspendMode=, HibernateState= and HybridSleepState= in the [Sleep]
      section of systemd-sleep.conf are now deprecated and have no effect.
      They did not (and could not) take any value other than the respective
      default. HybridSleepMode= is also deprecated, and will now always use
      the 'suspend' disk mode.

Service Manager:

    * The way services are spawned has been overhauled. Previously, a
      process was forked that shared all of the manager's memory (via
      copy-on-write) while doing all the required setup (e.g.: mount
      namespaces, CGroup configuration, etc.) before exec'ing the target
      executable. This was problematic for various reasons: several glibc
      APIs were called that are not supposed to be used after a fork but
      before an exec, copy-on-write meant that if either process (the
      manager or the child) touched a memory page a copy was triggered, and
      also the memory footprint of the child process was that of the
      manager, but with the memory limits of the service. From this version
      onward, the new process is spawned using CLONE_VM and CLONE_VFORK
      semantics via posix_spawn(3), and it immediately execs a new internal
      binary, systemd-executor, that receives the configuration to apply
      via memfd, and sets up the process before exec'ing the target
      executable.

    * Most of the internal process tracking is being changed to use PIDFDs
      instead of PIDs when the kernel supports it, to improve robustness
      and reliability.

    * A new option SurviveFinalKillSignal= can be used to configure the
      unit to be skipped in the final SIGTERM/SIGKILL spree on shutdown.
      This is part of the required configuration to let a unit's processes
      survive a soft-reboot operation.

    * System extension images (sysext) can now set
      EXTENSION_RELOAD_MANAGER=1 in their extension-release files to
      automatically reload the service manager (PID 1) when
      merging/refreshing/unmerging on boot. Generally, while this can be
      used to ship services in system extension images it's recommended to
      do that via portable services instead.

    * The ExtensionImages= and ExtensionDirectories= options now support
      confexts images/directories.

    * A new option NFTSet= provides a method for integrating dynamic cgroup
      IDs into firewall rules with NFT sets. The benefit of using this
      setting is to be able to use control group as a selector in firewall
      rules easily and this in turn allows more fine grained filtering.
      Also, NFT rules for cgroup matching use numeric cgroup IDs, which
      change every time a service is restarted, making them hard to use in
      systemd environment.

    * A new option CoredumpReceive= can be set for service and scope units,
      together with Delegate=yes, to make systemd-coredump on the host
      forward core files from processes crashing inside the delegated
      CGroup subtree to systemd-coredump running in the container. This new
      option is by default used by systemd-nspawn containers that use the
      "--boot" switch.

    * A new ConditionSecurity=measured-uki option is now available, to ensure
      a unit can only run when the system has been booted from a measured UKI.

    * MemoryAvailable= now considers physical memory if there are no CGroup
      memory limits set anywhere in the tree.

    * The $USER environment variable is now always set for services, while
      previously it was only set if User= was specified. A new option
      SetLoginEnvironment= is now supported to determine whether to also set
      $HOME, $LOGNAME, and $SHELL.

    * Socket units now support a new pair of
      PollLimitBurst=/PollLimitInterval= options to configure a limit on
      how often polling events on the file descriptors backing this unit
      will be considered within a time window.

    * Scope units can now be created using PIDFDs instead of PIDs to select
      the processes they should include.

    * Sending SIGRTMIN+18 with 0x500 as sigqueue() value will now cause the
      manager to dump the list of currently pending jobs.

    * If the kernel supports MOVE_MOUNT_BENEATH, the systemctl and
      machinectl bind and mount-image verbs will now cause the new mount to
      replace the old mount (if any), instead of overmounting it.

TPM2 Support + Disk Encryption & Authentication:

    * systemd-cryptenroll now allows specifying a PCR bank and explicit hash
      value in the --tpm2-pcrs= option.

    * systemd-cryptenroll now allows specifying a TPM2 key handle to be used
      instead of the default SRK via the new --tpm2-seal-key-handle= option.

    * systemd-cryptsetup is now installed in /usr/bin/ and is no longer an
      internal-only executable.

    * The TPM2 Storage Root Key will now be set up, if not already present,
      by a new systemd-tpm2-setup.service early boot service.

    * The internal systemd-pcrphase executable has been renamed to
      systemd-pcrextend.

    * The systemd-pcrextend tool gained a new --pcr= switch to override
      which PCR to measure into.

    * systemd-pcrextend now exposes a Varlink interface at
      io.systemd.PCRExtend that can be used to do measurements and event
      logging on demand.

    * TPM measurements are now also written to an event log at
      /run/log/systemd/tpm2-measure.log, using a derivative of the TCG
      Canonical Event Log format. Previously we'd only log them to the
      journal, where they however were subject to rotation and similar.

    * A new component "systemd-pcrlock" has been added that allows managing
      local TPM2 PCR policies for PCRs 0-7 and similar, which are hard to
      predict by the OS vendor because of the inherently local nature of
      what measurements they contain, such as firmware versions of the
      system and extension cards and suchlike. pcrlock can predict PCR
      measurements ahead of time based on various inputs, such as the local
      TPM2 event log, GPT partition tables, PE binaries, UKI kernels, and
      various other things. It can then pre-calculate a TPM2 policy from
      this, which it stores in an TPM2 NV index. TPM2 objects (such as disk
      encryption keys) can be locked against this NV index, so that they
      are locked against a specific combination of system firmware and
      state. Alternatives for each component are supported to allowlist
      multiple kernel versions or boot loader version simultaneously
      without losing access to the disk encryption keys. The tool can also
      be used to analyze and validate the local TPM2 event
      log. systemd-cryptsetup, systemd-cryptenroll, systemd-repart have all
      been updated to support such policies. There's currently no support
      for locking the system's root disk...
Read more