Systemd 232 Adds ProtectKernelModules, RemoveIPC, Other New Options
Lennart Poettering has announced the release of systemd 232 and as usual this new release is packing a significant amount of new features.
Systemd 232 adds many new options like RemoveIPC for ensuring IPC objects owned by the user/group get removed on exit, ProtectKernelModules to disable explicit load/unload operations of kernel modules, ProtectSystem now supports a "strict" mode, ProtectControlGroups to disable write access to /sys/fs/cgroup, support for dynamically creating users for the lifetime of a service, a MemorySwapMax option, support for mount/automount units to be created transiently, systemd-mount was added, /efi is now the mount point for EFI boot partition, and dozens of other changes.
For those wanting to learn more about the mass amounts of new functionality provided by systemd 232 can read the release announcement for a complete briefing.
Systemd 232 adds many new options like RemoveIPC for ensuring IPC objects owned by the user/group get removed on exit, ProtectKernelModules to disable explicit load/unload operations of kernel modules, ProtectSystem now supports a "strict" mode, ProtectControlGroups to disable write access to /sys/fs/cgroup, support for dynamically creating users for the lifetime of a service, a MemorySwapMax option, support for mount/automount units to be created transiently, systemd-mount was added, /efi is now the mount point for EFI boot partition, and dozens of other changes.
For those wanting to learn more about the mass amounts of new functionality provided by systemd 232 can read the release announcement for a complete briefing.
28 Comments