systemd 256 Released With run0, systemd-vpick, importctl & Other New Features

Written by Michael Larabel in systemd on 11 June 2024 at 07:20 PM EDT. 64 Comments
SYSTEMD
Systemd 256 is out today as the latest major feature update to this integral component to modern Linux distributions.

Systemd 256 ships with a massive number of new features and changes. Some of the prominent systemd 256 highlights include:

- The introduction of run0 as a new alternative to sudo.

- The "systemd.crash_action=" kernel command line option is new that configures what to happen if the system manager crashes. This systemd.crash_action= option in turn deprecates the prior "systemd.crash_reboot" option. The systemd.crash_action= values can be either freeze, reboot, or poweroff.

- Support for cgroup v1 is now considered obsolete and systemd by default will refuse to boot under it. There still is a workaround to forcibly re-enable cgroup v1 support, but long story short it's time to move on to cgroup v2.

- A new "systemd-vpick" binary is added that implements the vpick protocol. Systemd-vpick can be used for resolving paths to versioned ".v/" versioned directories.

- Another new tool in systemd 256 is "importctl" as a tool to download, import, and export disk images via systemd-importd. Previously similar functionality to importctl was available via machinectl while now is also extended to cover sysext, confext, and portable service images.

- A new unit generator "systemd-ssh-generator" is added to see if the sshd binary is installed and then bind it via per-connection socket activation to various sockets depending on the execution context.

- Encrypted service credentials can now be made available to unprivileged users via new systemd-creds options.

- Systemd can now be compiled cleanly with all OpenSSL 3.0 deprecations removed.

- For systemd service management there is a new concept of "capsules" introduced. Capsules wrap additional per-user service managers and whose users are transient and only defined as long as the service manager is running (dynamic users).

- Systemd-networkd now provides a basic Varlink interface.

- Systemd-networkd can now pick up WireGuard secrets from the systemd credentials.

- Systemd Ukify now supports Zboot kernels.

- Various library dependencies have been made from regular shared library dependencies into dlopen() ones to enhance security following the XZ backdoor incident.

- Systemd-homed can now unlock home directories when logging in via SSH.

- New systemd services include systemd-nsresourced and systemd-mountfsd.

- Various systemd programs will now look to load main configuration files from locations below /usr/lib, /usr/local/lib, and /run rather than just /etc.

- The "systemctl kill" command is now supporting the "--wait" argument to make the command wait until the signaled services terminate. The "systemctl kill --wait" can be useful due to otherwise potentially hitting racy conditions.

- Systemd ELF binaries that use libraries via dlopen() are built with a new ELF header note section. The new functionality allows for tools and packagers to programmatically discover the list of optional dependencies used by all systemd ELF binaries. There is a new "systemd/package-notes" project that provides a parser with packaging integration tools.

systemd logo


Downloads and more details on tonight's systemd 256 release via GitHub.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week