Releases: systemd/systemd
Releases · systemd/systemd
systemd v259
Immutable
release. Only release title and notes can be modified.
CHANGES WITH 259:
Announcements of Future Feature Removals and Incompatible Changes:
* Support for System V service scripts is deprecated and will be
removed in v260. Please make sure to update your software *now* to
include a native systemd unit file instead of a legacy System V
script to retain compatibility with future systemd releases.
Following components will be removed:
* systemd-rc-local-generator,
* systemd-sysv-generator,
* systemd-sysv-install (hook for systemctl enable/disable/is-enabled).
* Required minimum versions of following components are planned to be
raised in v260:
* Linux kernel >= 5.10 (recommended >= 5.14),
* glibc >= 2.34,
* libxcrypt >= 4.4.0 (libcrypt in glibc will be no longer supported),
* util-linux >= 2.37,
* elfutils >= 0.177,
* openssl >= 3.0.0,
* cryptsetup >= 2.4.0,
* libseccomp >= 2.4.0,
* python >= 3.9.0.
* The parsing of RootImageOptions= and the mount image parameters of
ExtensionImages= and MountImages= will be changed in the next version
so that the last duplicated definition for a given partition wins and
is applied, rather than the first, to keep these options coherent with
other unit settings.
Feature Removals and Incompatible Changes:
* The cgroup2 file system is now mounted with the
"memory_hugetlb_accounting" mount option, supported since kernel 6.6.
This means that HugeTLB memory usage is now counted towards the
cgroup’s overall memory usage for the memory controller.
* The default storage mode for the journal is now 'persistent'.
Previously, the default was 'auto', so the presence or lack of
/var/log/journal determined the default storage mode, if no
overriding configuration was provided. The default can be changed
with -Djournal-storage-default=.
* systemd-networkd and systemd-nspawn no longer support creating NAT
rules via iptables/libiptc APIs; only nftables is now supported.
* systemd-boot's and systemd-stub's support for TPM 1.2 has been
removed (only TPM 2.0 supported is retained). The security value of
TPM 1.2 support is questionable in 2025, and because we never
supported it in userspace, it was always quite incomplete to the
point of uselessness.
* The image dissection logic will now enforce the VFAT file system type
for XBOOTLDR partitions, similar to how it already does this for the
ESP. This is done for security, since both the ESP and XBOOTLDR must
be directly firmware-accessible and thus cannot by protected by
cryptographic means. Thus it is essential to not mount arbitrarily
complex file systems on them. This restriction only applies if
automatic dissection is used. If other file system types shall be
used for XBOOTLDR (not recommended) this can be achieved via explicit
/etc/fstab entries.
* systemd-machined will now expose "hidden" disk images as read-only by
default (hidden images are those whose name begins with a dot). They
were already used to retain a pristine copy of the downloaded image,
while modifications were made to a 2nd, local writable copy of the
image. Hence, effectively they were read-only already, and this is
now official.
* The LUKS volume label string set by systemd-repart no longer defaults
to the literal same as the partition and file system label, but is
prefixed with "luks-". This is done so that on LUKS enabled images a
conflict between /dev/disk/by-label/ symlinks is removed, as this
symlink is generated both for file system and LUKS superblock
labels. There's a new VolumeLabel= setting for partitions that can be
used to explicitly choose a LUKS superblock label, which can be used
to explicitly revert to the old naming, if required.
Service manager/PID1:
* The service manager's Varlink IPC has been extended considerably. It
now exposes service execution settings and more. Its Unit.List() call
now can filter by cgroup or invocation ID.
* The service manager now exposes Reload() and Reexecute() Varlink IPC
calls, mirroring the calls of the same name accessible via D-Bus.
* The $LISTEN_FDS protocol has been extended to support pidfd inode
IDs. The $LISTEN_PID environment variable is now augmented with a new
$LISTEN_PIDFDID environment variable which contains the inode ID of
the pidfd of the indicated process. This removes any ambiguity
regarding PID recycling: a process which verified that $LISTEN_PID
points to its own PID can now also verify the pidfd inode ID, which
does not recycle IDs.
* The log message made when a service exits will now show the
wallclock time the service took in addition to the previously shown
CPU time.
* A new pair of properties OOMKills and ManagedOOMKills are now exposed
on service units (and other unit types that spawn processes) that
count the number of process kills made by the kernel or systemd-oomd.
* The service manager gained support for a new
RootDirectoryFileDescriptor= property when creating transient service
units. It is similar to RootDirectory= but takes a file descriptor
rather than a path to the new root directory to use.
* The service manager now supports a new UserNamespacePath= setting
which mirrors the existing IPCNamespacePath= and
NetworkNamespacePath= options, but applies to Linux user namespaces.
* The service manager gained a new ExecReloadPost= setting to configure
commands to execute after reloading of the configuration of the
service has completed.
* Service manager job activation transactions now get a per-system
unique 64-bit numeric ID assigned. This ID is logged as an additional
log field for in messages related to the transaction.
* The service manager now keeps track of transactions with ordering
cycles and exposes them in the TransactionsWithOrderingCycle D-Bus
property.
systemd-sysext/systemd-confext:
* systemd-sysext and systemd-confext now support configuration files
/etc/systemd/systemd-sysext.conf and /etc/systemd/systemd-confext.conf,
which can be used to configure mutability or the image policy to
apply to DDI images.
* systemd-sysext's and systemd-confext's --mutable= switch now accepts
a new value "help" for listing available mutability modes.
* systemd-sysext now supports configuring additional overlayfs mount
settings via the $SYSTEMD_SYSEXT_OVERLAYFS_MOUNT_OPTIONS environment
variable. Similarly systemd-confext now supports
$SYSTEMD_CONFEXT_OVERLAYFS_MOUNT_OPTIONS.
systemd-vmspawn/systemd-nspawn:
* systemd-vmspawn will now initialize the "serial" fields of block
devices attached to VMs to the filename of the file backing them on
the host. This makes it very easy to reference the right media in
case many block devices from files are attached to the same VM via
the /dev/disk/by-id/… links in the VM.
* systemd-nspawn's .nspawn file gained support for a new NamespacePath=
setting in the [Network] section which takes a path to a network
namespace inode, and which ensures the container is run inside that
when booted. (This was previously only available via a command line
switch.)
* systemd-vmspawn gained two new switches
--bind-user=/--bind-user-shell= which mirror the switches of the same
name in systemd-nspawn, and allow sharing a user account from the host
inside the VM in a simple one-step operation.
* systemd-vmspawn and systemd-nspawn gained a new --bind-user-group=
switch to add a user bound via --bind-user= to the specified group
(useful in particular for the 'wheel' or 'empower' groups).
* systemd-vmspawn now configures RSA4096 support in the vTPM, if swtpm
supports it.
* systemd-vmspawn now enables qemu guest agent via the
org.qemu.guest_agent.0 protocol when started with --console=gui.
systemd-repart:
* repart.d/ drop-ins gained support for a new TPM2PCRs= setting, which
can be used to configure the set of TPM2 PCRs to bind disk encryption
to, in case TPM2-bound encryption is used. This was previously only
settable via the systemd-repart command line. Similarly, KeyFile= has
been added to configure a binary LUKS key file to use.
* systemd-repart's functionality is now accessible via Varlink IPC.
* systemd-repart may now be invoked with a device node path specified
as "-". Instead of operating on a block device this will just
determine the minimum block device size required to apply the defined
partitions and exit.
* systemd-repart gained two new switches --defer-partitions-empty=yes
and --defer-partitions-factory-reset=yes which are similar to
--defer-partitions= but instead of expecting a list of partitions to
defer will defer al...
systemd-stable v258.3
Immutable
release. Only release title and notes can be modified.
systemd-stable v258.3
systemd v259-rc3
Immutable
release. Only release title and notes can be modified.
CHANGES WITH 259 in spe:
Announcements of Future Feature Removals and Incompatible Changes:
* Support for System V service scripts is deprecated and will be
removed in v260. Please make sure to update your software *now* to
include a native systemd unit file instead of a legacy System V
script to retain compatibility with future systemd releases.
Following components will be removed:
* systemd-rc-local-generator,
* systemd-sysv-generator,
* systemd-sysv-install (hook for systemctl enable/disable/is-enabled).
* Required minimum versions of following components are planned to be
raised in v260:
* Linux kernel >= 5.10 (recommended >= 5.14),
* glibc >= 2.34,
* libxcrypt >= 4.4.0 (libcrypt in glibc will be no longer supported),
* util-linux >= 2.37,
* elfutils >= 0.177,
* openssl >= 3.0.0,
* cryptsetup >= 2.4.0,
* libseccomp >= 2.4.0,
* python >= 3.9.0.
* The parsing of RootImageOptions= and the mount image parameters of
ExtensionImages= and MountImages= will be changed in the next version
so that the last duplicated definition for a given partition wins and
is applied, rather than the first, to keep these options coherent with
other unit settings.
Feature Removals and Incompatible Changes:
* The cgroup2 file system is now mounted with the
"memory_hugetlb_accounting" mount option, supported since kernel 6.6.
This means that HugeTLB memory usage is now counted towards the
cgroup’s overall memory usage for the memory controller.
* The default storage mode for the journal is now 'persistent'.
Previously, the default was 'auto', so the presence or lack of
/var/log/journal determined the default storage mode, if no
overriding configuration was provided. The default can be changed
with -Djournal-storage-default=.
* systemd-networkd and systemd-nspawn no longer support creating NAT
rules via iptables/libiptc APIs; only nftables is now supported.
* systemd-boot's and systemd-stub's support for TPM 1.2 has been
removed (only TPM 2.0 supported is retained). The security value of
TPM 1.2 support is questionable in 2025, and because we never
supported it in userspace, it was always quite incomplete to the
point of uselessness.
* The image dissection logic will now enforce the VFAT file system type
for XBOOTLDR partitions, similar to how it already does this for the
ESP. This is done for security, since both the ESP and XBOOTLDR must
be directly firmware-accessible and thus cannot by protected by
cryptographic means. Thus it is essential to not mount arbitrarily
complex file systems on them. This restriction only applies if
automatic dissection is used. If other file system types shall be
used for XBOOTLDR (not recommended) this can be achieved via explicit
/etc/fstab entries.
* systemd-machined will now expose "hidden" disk images as read-only by
default (hidden images are those whose name begins with a dot). They
were already used to retain a pristine copy of the downloaded image,
while modifications were made to a 2nd, local writable copy of the
image. Hence, effectively they were read-only already, and this is
now official.
* The LUKS volume label string set by systemd-repart no longer defaults
to the literal same as the partition and file system label, but is
prefixed with "luks-". This is done so that on LUKS enabled images a
conflict between /dev/disk/by-label/ symlinks is removed, as this
symlink is generated both for file system and LUKS superblock
labels. There's a new VolumeLabel= setting for partitions that can be
used to explicitly choose a LUKS superblock label, which can be used
to explicitly revert to the old naming, if required.
Service manager/PID1:
* The service manager's Varlink IPC has been extended considerably. It
now exposes service execution settings and more. Its Unit.List() call
now can filter by cgroup or invocation ID.
* The service manager now exposes Reload() and Reexecute() Varlink IPC
calls, mirroring the calls of the same name accessible via D-Bus.
* The $LISTEN_FDS protocol has been extended to support pidfd inode
IDs. The $LISTEN_PID environment variable is now augmented with a new
$LISTEN_PIDFDID environment variable which contains the inode ID of
the pidfd of the indicated process. This removes any ambiguity
regarding PID recycling: a process which verified that $LISTEN_PID
points to its own PID can now also verify the pidfd inode ID, which
does not recycle IDs.
* The log message made when a service exits will now show the
wallclock time the service took in addition to the previously shown
CPU time.
* A new pair of properties OOMKills and ManagedOOMKills are now exposed
on service units (and other unit types that spawn processes) that
count the number of process kills made by the kernel or systemd-oomd.
* The service manager gained support for a new
RootDirectoryFileDescriptor= property when creating transient service
units. It is similar to RootDirectory= but takes a file descriptor
rather than a path to the new root directory to use.
* The service manager now supports a new UserNamespacePath= setting
which mirrors the existing IPCNamespacePath= and
NetworkNamespacePath= options, but applies to Linux user namespaces.
* The service manager gained a new ExecReloadPost= setting to configure
commands to execute after reloading of the configuration of the
service has completed.
* Service manager job activation transactions now get a per-system
unique 64-bit numeric ID assigned. This ID is logged as an additional
log field for in messages related to the transaction.
* The service manager now keeps track of transactions with ordering
cycles and exposes them in the TransactionsWithOrderingCycle D-Bus
property.
systemd-sysext/systemd-confext:
* systemd-sysext and systemd-confext now support configuration files
/etc/systemd/systemd-sysext.conf and /etc/systemd/systemd-confext.conf,
which can be used to configure mutability or the image policy to
apply to DDI images.
* systemd-sysext's and systemd-confext's --mutable= switch now accepts
a new value "help" for listing available mutability modes.
* systemd-sysext now supports configuring additional overlayfs mount
settings via the $SYSTEMD_SYSEXT_OVERLAYFS_MOUNT_OPTIONS environment
variable. Similarly systemd-confext now supports
$SYSTEMD_CONFEXT_OVERLAYFS_MOUNT_OPTIONS.
systemd-vmspawn/systemd-nspawn:
* systemd-vmspawn will now initialize the "serial" fields of block
devices attached to VMs to the filename of the file backing them on
the host. This makes it very easy to reference the right media in
case many block devices from files are attached to the same VM via
the /dev/disk/by-id/… links in the VM.
* systemd-nspawn's .nspawn file gained support for a new NamespacePath=
setting in the [Network] section which takes a path to a network
namespace inode, and which ensures the container is run inside that
when booted. (This was previously only available via a command line
switch.)
* systemd-vmspawn gained two new switches
--bind-user=/--bind-user-shell= which mirror the switches of the same
name in systemd-nspawn, and allow sharing a user account from the host
inside the VM in a simple one-step operation.
* systemd-vmspawn and systemd-nspawn gained a new --bind-user-group=
switch to add a user bound via --bind-user= to the specified group
(useful in particular for the 'wheel' or 'empower' groups).
* systemd-vmspawn now configures RSA4096 support in the vTPM, if swtpm
supports it.
* systemd-vmspawn now enables qemu guest agent via the
org.qemu.guest_agent.0 protocol when started with --console=gui.
systemd-repart:
* repart.d/ drop-ins gained support for a new TPM2PCRs= setting, which
can be used to configure the set of TPM2 PCRs to bind disk encryption
to, in case TPM2-bound encryption is used. This was previously only
settable via the systemd-repart command line. Similarly, KeyFile= has
been added to configure a binary LUKS key file to use.
* systemd-repart's functionality is now accessible via Varlink IPC.
* systemd-repart may now be invoked with a device node path specified
as "-". Instead of operating on a block device this will just
determine the minimum block device size required to apply the defined
partitions and exit.
* systemd-repart gained two new switches --defer-partitions-empty=yes
and --defer-partitions-factory-reset=yes which are similar to
--defer-partitions= but instead of expecting a list of partitions to
defer will d...
systemd v259~rc2
Immutable
release. Only release title and notes can be modified.
CHANGES WITH 259 in spe:
Announcements of Future Feature Removals and Incompatible Changes:
* Support for System V service scripts is deprecated and will be
removed in v260. Please make sure to update your software *now* to
include a native systemd unit file instead of a legacy System V
script to retain compatibility with future systemd releases.
Following components will be removed:
* systemd-rc-local-generator,
* systemd-sysv-generator,
* systemd-sysv-install (hook for systemctl enable/disable/is-enabled).
* Required minimum versions of following components are planned to be
raised in v260:
* Linux kernel >= 5.10 (recommended >= 5.14),
* glibc >= 2.34,
* libxcrypt >= 4.4.0 (libcrypt in glibc will be no longer supported),
* util-linux >= 2.37,
* elfutils >= 0.177,
* openssl >= 3.0.0,
* cryptsetup >= 2.4.0,
* libseccomp >= 2.4.0,
* python >= 3.9.0.
* The parsing of RootImageOptions= and the mount image parameters of
ExtensionImages= and MountImages= will be changed in the next version
so that the last duplicated definition for a given partition wins and
is applied, rather than the first, to keep these options coherent with
other unit settings.
Feature Removals and Incompatible Changes:
* The cgroup2 file system is now mounted with the
"memory_hugetlb_accounting" mount option, supported since kernel 6.6.
This means that HugeTLB memory usage is now counted towards the
cgroup’s overall memory usage for the memory controller.
* The default storage mode for the journal is now 'persistent'.
Previously, the default was 'auto', so the presence or lack of
/var/log/journal determined the default storage mode, if no
overriding configuration was provided. The default can be changed
with -Djournal-storage-default=.
* systemd-networkd and systemd-nspawn no longer support creating NAT
rules via iptables/libiptc APIs; only nftables is now supported.
* systemd-boot's and systemd-stub's support for TPM 1.2 has been
removed (only TPM 2.0 supported is retained). The security value of
TPM 1.2 support is questionable in 2025, and because we never
supported it in userspace, it was always quite incomplete to the
point of uselessness.
* The image dissection logic will now enforce the VFAT file system type
for XBOOTLDR partitions, similar to how it already does this for the
ESP. This is done for security, since both the ESP and XBOOTLDR must
be directly firmware-accessible and thus cannot by protected by
cryptographic means. Thus it is essential to not mount arbitrarily
complex file systems on them. This restriction only applies if
automatic dissection is used. If other file system types shall be
used for XBOOTLDR (not recommended) this can be achieved via explicit
/etc/fstab entries.
* systemd-machined will now expose "hidden" disk images as read-only by
default (hidden images are those whose name begins with a dot). They
were already used to retain a pristine copy of the downloaded image,
while modifications were made to a 2nd, local writable copy of the
image. Hence, effectively they were read-only already, and this is
now official.
* The LUKS volume label string set by systemd-repart no longer defaults
to the literal same as the partition and file system label, but is
prefixed with "luks-". This is done so that on LUKS enabled images a
conflict between /dev/disk/by-label/ symlinks is removed, as this
symlink is generated both for file system and LUKS superblock
labels. There's a new VolumeLabel= setting for partitions that can be
used to explicitly choose a LUKS superblock label, which can be used
to explicitly revert to the old naming, if required.
Service manager/PID1:
* The service manager's Varlink IPC has been extended considerably. It
now exposes service execution settings and more. Its Unit.List() call
now can filter by cgroup or invocation ID.
* The service manager now exposes Reload() and Reexecute() Varlink IPC
calls, mirroring the calls of the same name accessible via D-Bus.
* The $LISTEN_FDS protocol has been extended to support pidfd inode
IDs. The $LISTEN_PID environment variable is now augmented with a new
$LISTEN_PIDFDID environment variable which contains the inode ID of
the pidfd of the indicated process. This removes any ambiguity
regarding PID recycling: a process which verified that $LISTEN_PID
points to its own PID can now also verify the pidfd inode ID, which
does not recycle IDs.
* The log message made when a service exits will now show the
wallclock time the service took in addition to the previously shown
CPU time.
* A new pair of properties OOMKills and ManagedOOMKills are now exposed
on service units (and other unit types that spawn processes) that
count the number of process kills made by the kernel or systemd-oomd.
* The service manager gained support for a new
RootDirectoryFileDescriptor= property when creating transient service
units. It is similar to RootDirectory= but takes a file descriptor
rather than a path to the new root directory to use.
* The service manager now supports a new UserNamespacePath= setting
which mirrors the existing IPCNamespacePath= and
NetworkNamespacePath= options, but applies to Linux user namespaces.
* The service manager gained a new ExecReloadPost= setting to configure
commands to execute after reloading of the configuration of the
service has completed.
* Service manager job activation transactions now get a per-system
unique 64-bit numeric ID assigned. This ID is logged as an additional
log field for in messages related to the transaction.
* The service manager now keeps track of transactions with ordering
cycles and exposes them in the TransactionsWithOrderingCycle D-Bus
property.
systemd-sysext/systemd-confext:
* systemd-sysext and systemd-confext now support configuration files
/etc/systemd/systemd-sysext.conf and /etc/systemd/systemd-confext.conf,
which can be used to configure mutability or the image policy to
apply to DDI images.
* systemd-sysext's and systemd-confext's --mutable= switch now accepts
a new value "help" for listing available mutability modes.
* systemd-sysext now supports configuring additional overlayfs mount
settings via the $SYSTEMD_SYSEXT_OVERLAYFS_MOUNT_OPTIONS environment
variable. Similarly systemd-confext now supports
$SYSTEMD_CONFEXT_OVERLAYFS_MOUNT_OPTIONS.
systemd-vmspawn/systemd-nspawn:
* systemd-vmspawn will now initialize the "serial" fields of block
devices attached to VMs to the filename of the file backing them on
the host. This makes it very easy to reference the right media in
case many block devices from files are attached to the same VM via
the /dev/disk/by-id/… links in the VM.
* systemd-nspawn's .nspawn file gained support for a new NamespacePath=
setting in the [Network] section which takes a path to a network
namespace inode, and which ensures the container is run inside that
when booted. (This was previously only available via a command line
switch.)
* systemd-vmspawn gained two new switches
--bind-user=/--bind-user-shell= which mirror the switches of the same
name in systemd-nspawn, and allow sharing a user account from the host
inside the VM in a simple one-step operation.
* systemd-vmspawn and systemd-nspawn gained a new --bind-user-group=
switch to add a user bound via --bind-user= to the specified group
(useful in particular for the 'wheel' or 'empower' groups).
* systemd-vmspawn now configures RSA4096 support in the vTPM, if swtpm
supports it.
* systemd-vmspawn now enables qemu guest agent via the
org.qemu.guest_agent.0 protocol when started with --console=gui.
systemd-repart:
* repart.d/ drop-ins gained support for a new TPM2PCRs= setting, which
can be used to configure the set of TPM2 PCRs to bind disk encryption
to, in case TPM2-bound encryption is used. This was previously only
settable via the systemd-repart command line. Similarly, KeyFile= has
been added to configure a binary LUKS key file to use.
* systemd-repart's functionality is now accessible via Varlink IPC.
* systemd-repart may now be invoked with a device node path specified
as "-". Instead of operating on a block device this will just
determine the minimum block device size required to apply the defined
partitions and exit.
* systemd-repart gained two new switches --defer-partitions-empty=yes
and --defer-partitions-factory-reset=yes which are similar to
--defer-partitions= but instead of expecting a list of partitions to
defer will d...
systemd v259~rc1
Immutable
release. Only release title and notes can be modified.
CHANGES WITH 259 in spe:
Announcements of Future Feature Removals and Incompatible Changes:
* Support for System V service scripts is deprecated and will be
removed in v260. Please make sure to update your software *now* to
include a native systemd unit file instead of a legacy System V
script to retain compatibility with future systemd releases.
Following components will be removed:
* systemd-rc-local-generator,
* systemd-sysv-generator,
* systemd-sysv-install (hook for systemctl enable/disable/is-enabled).
* Required minimum versions of following components are planned to be
raised in v260:
* Linux kernel >= 5.10 (recommended >= 5.14),
* glibc >= 2.34,
* libxcrypt >= 4.4.0 (libcrypt in glibc will be no longer supported),
* util-linux >= 2.37,
* elfutils >= 0.177,
* openssl >= 3.0.0,
* cryptsetup >= 2.4.0,
* libseccomp >= 2.4.0,
* python >= 3.9.0.
Please provide feedback on systemd-devel if this would cause problems.
* The parsing of RootImageOptions= and the mount image parameters of
ExtensionImages= and MountImages= will be changed in the next version
so that the last duplicated definition for a given partition wins and
is applied, rather than the first, to keep these options coherent with
other unit settings.
Feature Removals and Incompatible Changes:
* The cgroup2 file system is now mounted with the
"memory_hugetlb_accounting" mount option, supported since kernel 6.6.
This means that HugeTLB memory usage is now counted towards the
cgroup’s overall memory usage for the memory controller.
* The default storage mode for the journal is now 'persistent'.
Previously, the default was 'auto', so the presence or lack of
/var/log/journal determined the default storage mode, if no
overriding configuration was provided. The default can be changed
with -Djournal-storage-default=.
* systemd-networkd and systemd-nspawn no longer support creating NAT
rules via iptables/libiptc APIs; only nftables is now supported.
* systemd-boot's and systemd-stub's support for TPM 1.2 has been
removed (only TPM 2.0 supported is retained). The security value of
TPM 1.2 support is questionable in 2025, and because we never
supported it in userspace, it was always quite incomplete to the
point of uselessness.
* The image dissection logic will now enforce the VFAT file system type
for XBOOTLDR partitions, similar to how it already does this for the
ESP. This is done for security, since both the ESP and XBOOTLDR must
be directly firmware-accessible and thus cannot by protected by
cryptographic means. Thus it is essential to not mount arbitrarily
complex file systems on them. This restriction only applies if
automatic dissection is used. If other file system types shall be
used for XBOOTLDR (not recommended) this can be achieved via explicit
/etc/fstab entries.
* systemd-machined will now expose "hidden" disk images as read-only by
default (hidden images are those whose name begins with a dot). They
were already used to retain a pristine copy of the downloaded image,
while modifications were made to a 2nd, local writable copy of the
image. Hence, effectively they were read-only already, and this is
now official.
* The LUKS volume label string set by systemd-repart no longer defaults
to the literal same as the partition and file system label, but is
prefixed with "luks-". This is done so that on LUKS enabled images a
conflict between /dev/disk/by-label/ symlinks is removed, as this
symlink is generated both for file system and LUKS superblock
labels. There's a new VolumeLabel= setting for partitions that can be
used to expicitly choose a LUKS superblock label, which can be used
to explicitly revert to the old naming, if required.
Service manager/PID1:
* The service manager's Varlink IPC has been extended considerably. It
now exposes service execution settings and more. Its Unit.List() call
now can filter by cgroup or invocation ID.
* The service manager now exposes Reload() and Reexecute() Varlink IPC
calls, mirroring the calls of the same name accessible via D-Bus.
* The $LISTEN_FDS protocol has been extended to support pidfd inode
IDs. The $LISTEN_PID environment variable is now augmented with a new
$LISTEN_PIDFDID environment variable which contains the inode ID of
the pidfd of the indicated process. This removes any ambiguity
regarding PID recycling: a process which verified that $LISTEN_PID
points to its own PID can now also verify the pidfd inode ID, which
does not recycle IDs.
* The log message made when a service exits will now show the
wallclock time the service took in addition to the previously shown
CPU time.
* A new pair of properties OOMKills and ManagedOOMKills are now exposed
on service units (and other unit types that spawn processes) that
count the number of process kills made by the kernel or systemd-oomd.
* The service manager gained support for a new
RootDirectoryFileDescriptor= property when creating transient service
units. It is similar to RootDirectory= but takes a file descriptor
rather than a path to the new root directory to use.
* The service manager now supports a new UserNamespacePath= setting
which mirrors the existing IPCNamespacePath= and
NetworkNamespacePath= options, but applies to Linux user namespaces.
* The service manager gained a new ExecReloadPost= setting to configure
commands to execute after reloading of the configuration of the
service has completed.
* Service manager job activation transactions now get a per-system
unique 64-bit numeric ID assigned. This ID is logged as an additional
log field for in messages related to the transaction.
* The service manager now keeps track of transactions with ordering
cycles and exposes them in the TransactionsWithOrderingCycle D-Bus
property.
systemd-sysext/systemd-confext:
* systemd-sysext and systemd-confext now support configuration files
/etc/systemd/systemd-sysext.conf and /etc/systemd/systemd-confext.conf,
which can be used to configure mutability or the image policy to
apply to DDI images.
* systemd-sysext's and systemd-confext's --mutable= switch now accepts
a new value "help" for listing available mutability modes.
* systemd-sysext now supports configuring additional overlayfs mount
settings via the $SYSTEMD_SYSEXT_OVERLAYFS_MOUNT_OPTIONS environment
variable. Similarly systemd-confext now supports
$SYSTEMD_CONFEXT_OVERLAYFS_MOUNT_OPTIONS.
systemd-vmspawn/systemd-nspawn:
* systemd-vmspawn will now initialize the "serial" fields of block
devices attached to VMs to the filename of the file backing them on
the host. This makes it very easy to reference the right media in
case many block devices from files are attached to the same VM via
the /dev/disk/by-id/… links in the VM.
* systemd-nspawn's .nspawn file gained support for a new NamespacePath=
setting in the [Network] section which takes a path to a network
namespace inode, and which ensures the container is run inside that
when booted. (This was previously only available via a command line
switch.)
* systemd-vmspawn gained two new switches
--bind-user=/--bind-user-shell= which mirror the switches of the same
name in systemd-nspawn, and allow sharing a user account from the host
inside the VM in a simple one-step operation.
* systemd-vmspawn and systemd-nspawn gained a new --bind-user-group=
switch to add a user bound via --bind-user= to the specified group
(useful in particular for the 'wheel' or 'empower' groups).
* systemd-vmspawn now configures RSA4096 support in the vTPM, if swtpm
supports it.
* systemd-vmspawn now enables qemu guest agent via the
org.qemu.guest_agent.0 protocol when started with --console=gui.
systemd-repart:
* repart.d/ drop-ins gained support for a new TPM2PCRs= setting, which
can be used to configure the set of TPM2 PCRs to bind disk encryption
to, in case TPM2-bound encryption is used. This was previously only
settable via the systemd-repart command line. Similarly, KeyFile= has
been added to configure a binary LUKS key file to use.
* systemd-repart's functionality is now accessible via Varlink IPC.
* systemd-repart may now be invoked with a device node path specified
as "-". Instead of operating on a block device this will just
determine the minimum block device size required to apply the defined
partitions and exit.
* systemd-repart gained two new switches --defer-partitions-empty=yes
and --defer-partitions-factory-reset=yes which are similar to
--defer-p...
systemd v258.2
systemd v258.1
systemd v257.10
systemd v258
Immutable
release. Only release title and notes can be modified.
CHANGES WITH 258:
Incompatible changes:
* Support for cgroup v1 ('legacy' and 'hybrid' hierarchies) has been
removed. cgroup v2 ('unified' hierarchy) will always be mounted
during system bootup and systemd-nspawn container initialization.
* The minimum kernel baseline version has been bumped to v5.4 (released
in 2019), with the recommended version now going up to v5.7. Consult
the README file for a list of required kernel APIs.
* The default access mode of tty/pts device nodes has been changed to
0600, which was 0620 in the older releases, due to general security
concerns about terminals being written to by other users. To restore
the old default access mode, use the '-Dtty-mode=0620' meson build
option. (This effectively means "mesg n" is now the default, rather
than "mesg y", see mesg(1) man page for help.)
* ACLs for device nodes requested by "uaccess" udev tag are now always
applied/updated by systemd-udevd through "uaccess" udev builtin, and
systemd-logind no longer applies/updates ACLs but triggers "change"
uevents to make systemd-udevd apply/update ACLs. Hence, the "uaccess"
udev tag should be set not only on "add" action but also on "change"
action, and it is highly recommended that the rule is applied all
actions except for "remove" action.
Recommended example:
ACTION!="remove", SUBSYSTEM=="hidraw", TAG+="uaccess"
The following example does not work since v258:
ACTION=="add", SUBSYSTEM=="hidraw", TAG+="uaccess"
* systemd-run's --expand-environment= switch, which was disabled
by default when combined with --scope, has been changed to be
enabled by default. This brings cmdline expansion of transient
scopes on par with services.
* systemd-logind PAM sessions that previously were automatically
determined to be of class "background", and which are owned by root
or system accounts, will now automatically be set to class
"background-light" instead. PAM sessions that previously were
automatically determined to be of class "user", and which are owned
by non-root system users, will now automatically be set to class
"user-light" instead. This effectively means that cron jobs or FTP
sessions (i.e. all PAM sessions that have no TTY assigned and neither
are graphical) for system users no longer pull in a service manager
by default. This behaviour can be changed by explicitly setting the
session class (for example via the class= parameter to
pam_systemd.so, or by setting the XDG_SESSION_CLASS environment
variable as input for the service's PAM stack). This change does not
affect graphical sessions, nor does it affect regular users. This is
an incompatible change of sorts, since per-user services will
typically not be available for such PAM sessions of system users.
* systemd-udevd ignores OWNER=/GROUP= settings with a non-system
user/group specified in udev rules files, to avoid device nodes being
owned by a non-system user/group. It is recommended to check udev
rules files with 'udevadm verify' and/or 'udevadm test' commands if
the specified user/group in OWNER=/GROUP= are valid.
Similarly, systemd-networkd refuses User=/Group= settings with a
non-system user/group specified in .netdev files for Tun/Tap
interfaces.
* systemd-cryptenroll, systemd-repart and systemd-creds no longer
default to locking TPM2 enrollments to the current, literal value of
PCR 7, i.e. the PCR the SecureBoot policy is measured into by the
firmware. This change reflects the fact that nowadays SecureBoot
policies are updated (at least) as frequently as firmware code
(simply because SecureBoot policy updates are typically managed by
fwupd these days). The new default PCR mask for new TPM2 enrollments
is thus empty by default. It is recommended to use managed
systemd-pcrlock policies for binding to PCR 7 instead (as well as
combining such policies with signed policies for PCR 11). Or in other
words, it's recommended to make more use of the logic behind the
--tpm2-public-key=, --tpm2-public-key-pcrs= and --tpm2-pcrlock=
switches of the mentioned tools in place of --tpm2-pcrs=.
* Support for the SystemdOptions EFI variable has been removed.
* Meson options '-Dsplit-usr=', '-Drootlibdir=', '-Drootprefix='
(deprecated in v255), '-Ddefault-hierarchy=' (deprecated in v256),
and '-Dnscd=' (deprecated in v257) have been removed.
* OpenSSL is now the only supported cryptography backend for
systemd-resolved and systemd-importd, and support for gnutls and
gcrypt has been removed. Hence, 'gnutls' setting for the
'-Ddns-over-tls=' meson option has been deprecated. Also, the
'-Dcryptolib=' meson option has been deprecated. They will be removed
in a future release.
* systemd-logind's session tracking, which used to be performed via a
FIFO installed in the client, now uses PIDFDs. The file descriptor
returned by CreateSession() and related calls is therefore unused.
Moreover, the exit of the session leader process will immediately
cause the session to be stopped.
* To work around limitations of X11's keyboard handling systemd's
keyboard mapping hardware database (hwdb.d/60-keyboard.hwdb) so far
mapped the microphone mute and touchpad on/off/toggle keys to the
function keys F20, F21, F22, F23 instead of their correct key codes.
This key code mangling has been removed from udev.
To maintain compatibility with X11 applications that rely on the old
function key code mappings, this mangling has now been added to the
relevant X11 keyboard driver modules. In order to ensure these keys
continue to work, update to xf86-input-evdev >= 2.11.0 and
xf86-input-libinput >= 1.5.0 before updating to systemd >= 258.
* The D-Bus method org.freedesktop.systemd1.StartAuxiliaryScope() has
been removed, which was deprecated since v257.
* systemd-networkd previously emitted the machine ID as chassis ID
through LLDP protocol, but now emits a deterministic ID,
cryptographically derived from the machine ID as chassis ID. If you
want to use the previous behavior, please set
SYSTEMD_LLDP_SEND_MACHINE_ID=1 environment variable for
systemd-networkd.
* Support for the !! command line prefix on ExecStart= lines (and
related) has been removed, and if specified will be ignored. The
concept was supposed to provide compatibility with kernels that
predated the introduction of "ambient" process capabilities. However,
the kernel baseline of the systemd project is now far beyond any
kernels that lacked support for it, hence the prefix serves no
purpose anymore.
* The default keyring for systemd-importd and related tools, shipped
in /usr/lib/systemd/, has been renamed from import-pubring.gpg to
import-pubring.pgp, as it is supported by other PGP tools as well as
GPG. The local keyring /etc/systemd/import-pubring.gpg is still parsed
if present, to preserve backward compatibility.
* Normally, per-user encrypted credentials are decrypted via the the
systemd-creds.socket Varlink service, while the per-system ones are
directly encrypted within the execution context of the intended
service (which hence typically required access to /dev/tpmrm0). This
has been changed: units that enable either PrivateDevices= or use
DeviceAllow=/DevicePolicy= (and thus restrict access to device nodes)
will now also make use of the systemd-creds.socket Varlink
functionality, and will not attempt to decrypt the credentials
in-process (and attempt to try to talk to the TPM for that).
Previously, encrypted credentials for per-system services were
incompatible with PrivateDevices= and resulted in automatic extension
of the DeviceAllow= list. The latter behaviour has been removed.
* The command 'journalctl --follow' now exits with success on
SIGTERM/SIGINT and when the pipe it is writing to is disconnected.
* Support for System V style system state control has been removed:
- The /dev/initctl device node has been removed.
- The initctl, runlevel, and telinit commands have been removed.
- Support for system state control via the init command (e.g.
'init 3') has been removed.
- The units runlevel[0-6].target have been removed.
- The concept of runlevels has been removed, so runlevel transitions
are no longer recorded in the utmp/wtmp databases.
* Support for traditional /forcefsck and /fastboot files to control
execution mode of fsck on boot has been removed from systemd-fsck. To
control the mode, please use the fsck.mode= kernel command line option
or newly introduced fsck.mode credential.
* Support for traditional /forcequotacheck file to control execution
mode of quotacheck on boot has been removed from systemd-quotacheck...
systemd v258~rc4
CHANGES WITH 258 in spe:
Incompatible changes:
* Support for cgroup v1 ('legacy' and 'hybrid' hierarchies) has been
removed. cgroup v2 ('unified' hierarchy) will always be mounted
during system bootup and systemd-nspawn container initialization.
* The minimum kernel baseline version has been bumped to v5.4 (released
in 2019), with the recommended version now going up to v5.7. Consult
the README file for a list of required kernel APIs.
* The default access mode of tty/pts device nodes has been changed to
0600, which was 0620 in the older releases, due to general security
concerns about terminals being written to by other users. To restore
the old default access mode, use the '-Dtty-mode=0620' meson build
option. (This effectively means "mesg n" is now the default, rather
than "mesg y", see mesg(1) man page for help.)
* ACLs for device nodes requested by "uaccess" udev tag are now always
applied/updated by systemd-udevd through "uaccess" udev builtin, and
systemd-logind no longer applies/updates ACLs but triggers "change"
uevents to make systemd-udevd apply/update ACLs. Hence, the "uaccess"
udev tag should be set not only on "add" action but also on "change"
action, and it is highly recommended that the rule is applied all
actions except for "remove" action.
Recommended example:
ACTION!="remove", SUBSYSTEM=="hidraw", TAG+="uaccess"
The following example does not work since v258:
ACTION=="add", SUBSYSTEM=="hidraw", TAG+="uaccess"
* systemd-run's --expand-environment= switch, which was disabled
by default when combined with --scope, has been changed to be
enabled by default. This brings cmdline expansion of transient
scopes on par with services.
* systemd-logind PAM sessions that previously were automatically
determined to be of class "background", and which are owned by root
or system accounts, will now automatically be set to class
"background-light" instead. PAM sessions that previously were
automatically determined to be of class "user", and which are owned
by non-root system users, will now automatically be set to class
"user-light" instead. This effectively means that cron jobs or FTP
sessions (i.e. all PAM sessions that have no TTY assigned and neither
are graphical) for system users no longer pull in a service manager
by default. This behaviour can be changed by explicitly setting the
session class (for example via the class= parameter to
pam_systemd.so, or by setting the XDG_SESSION_CLASS environment
variable as input for the service's PAM stack). This change does not
affect graphical sessions, nor does it affect regular users. This is
an incompatible change of sorts, since per-user services will
typically not be available for such PAM sessions of system users.
* systemd-udevd ignores OWNER=/GROUP= settings with a non-system
user/group specified in udev rules files, to avoid device nodes being
owned by a non-system user/group. It is recommended to check udev
rules files with 'udevadm verify' and/or 'udevadm test' commands if
the specified user/group in OWNER=/GROUP= are valid.
Similarly, systemd-networkd refuses User=/Group= settings with a
non-system user/group specified in .netdev files for Tun/Tap
interfaces.
* systemd-cryptenroll, systemd-repart and systemd-creds no longer
default to locking TPM2 enrollments to the current, literal value of
PCR 7, i.e. the PCR the SecureBoot policy is measured into by the
firmware. This change reflects the fact that nowadays SecureBoot
policies are updated (at least) as frequently as firmware code
(simply because SecureBoot policy updates are typically managed by
fwupd these days). The new default PCR mask for new TPM2 enrollments
is thus empty by default. It is recommended to use managed
systemd-pcrlock policies for binding to PCR 7 instead (as well as
combining such policies with signed policies for PCR 11). Or in other
words, it's recommended to make more use of the logic behind the
--tpm2-public-key=, --tpm2-public-key-pcrs= and --tpm2-pcrlock=
switches of the mentioned tools in place of --tpm2-pcrs=.
* Support for the SystemdOptions EFI variable has been removed.
* Meson options '-Dsplit-usr=', '-Drootlibdir=', '-Drootprefix='
(deprecated in v255), '-Ddefault-hierarchy=' (deprecated in v256),
and '-Dnscd=' (deprecated in v257) have been removed.
* OpenSSL is now the only supported cryptography backend for
systemd-resolved and systemd-importd, and support for gnutls and
gcrypt has been removed. Hence, 'gnutls' setting for the
'-Ddns-over-tls=' meson option has been deprecated. Also, the
'-Dcryptolib=' meson option has been deprecated. They will be removed
in a future release.
* systemd-logind's session tracking, which used to be performed via a
FIFO installed in the client, now uses PIDFDs. The file descriptor
returned by CreateSession() and related calls is therefore unused.
Moreover, the exit of the session leader process will immediately
cause the session to be stopped.
* To work around limitations of X11's keyboard handling systemd's
keyboard mapping hardware database (hwdb.d/60-keyboard.hwdb) so far
mapped the microphone mute and touchpad on/off/toggle keys to the
function keys F20, F21, F22, F23 instead of their correct key codes.
This key code mangling has been removed from udev.
To maintain compatibility with X11 applications that rely on the old
function key code mappings, this mangling has now been added to the
relevant X11 keyboard driver modules. In order to ensure these keys
continue to work, update to xf86-input-evdev >= 2.11.0 and
xf86-input-libinput >= 1.5.0 before updating to systemd >= 258.
* The D-Bus method org.freedesktop.systemd1.StartAuxiliaryScope() has
been removed, which was deprecated since v257.
* systemd-networkd previously emitted the machine ID as chassis ID
through LLDP protocol, but now emits a deterministic ID,
cryptographically derived from the machine ID as chassis ID. If you
want to use the previous behavior, please set
SYSTEMD_LLDP_SEND_MACHINE_ID=1 environment variable for
systemd-networkd.
* Support for the !! command line prefix on ExecStart= lines (and
related) has been removed, and if specified will be ignored. The
concept was supposed to provide compatibility with kernels that
predated the introduction of "ambient" process capabilities. However,
the kernel baseline of the systemd project is now far beyond any
kernels that lacked support for it, hence the prefix serves no
purpose anymore.
* The default keyring for systemd-importd and related tools, shipped
in /usr/lib/systemd/, has been renamed from import-pubring.gpg to
import-pubring.pgp, as it is supported by other PGP tools as well as
GPG. The local keyring /etc/systemd/import-pubring.gpg is still parsed
if present, to preserve backward compatibility.
* Normally, per-user encrypted credentials are decrypted via the the
systemd-creds.socket Varlink service, while the per-system ones are
directly encrypted within the execution context of the intended
service (which hence typically required access to /dev/tpmrm0). This
has been changed: units that enable either PrivateDevices= or use
DeviceAllow=/DevicePolicy= (and thus restrict access to device nodes)
will now also make use of the systemd-creds.socket Varlink
functionality, and will not attempt to decrypt the credentials
in-process (and attempt to try to talk to the TPM for that).
Previously, encrypted credentials for per-system services were
incompatible with PrivateDevices= and resulted in automatic extension
of the DeviceAllow= list. The latter behaviour has been removed.
* The command 'journalctl --follow' now exits with success on
SIGTERM/SIGINT and when the pipe it is writing to is disconnected.
* Support for System V style system state control has been removed:
- The /dev/initctl device node has been removed.
- The initctl, runlevel, and telinit commands have been removed.
- Support for system state control via the init command (e.g.
'init 3') has been removed.
- The units runlevel[0-6].target have been removed.
- The concept of runlevels has been removed, so runlevel transitions
are no longer recorded in the utmp/wtmp databases.
* Support for traditional /forcefsck and /fastboot files to control
execution mode of fsck on boot has been removed from systemd-fsck. To
control the mode, please use the fsck.mode= kernel command line option
or newly introduced fsck.mode credential.
* Support for traditional /forcequotacheck file to control execution
mode of quotacheck on boot has been removed from systemd-quo...