[systemd-devel] systemd prerelease 250-rc3

systemd tag bot donotreply-systemd-tag at refi64.com
Mon Dec 20 18:58:21 UTC 2021

A new systemd ☠️ pre-release ☠️ has just been tagged. Please download the tarball here:


NOTE: This is ☠️ pre-release ☠️ software. Do not run this on production
systems, but please test this and report any issues you find to GitHub:


Changes since the previous release:

        * Support for encrypted and authenticated credentials has been added.
          This extends the credential logic introduced with v247 to support
          non-interactive symmetric encryption and authentication, based on a
          key that is stored on the /var/ file system or in the TPM2 chip (if
          available), or the combination of both (by default if a TPM2 chip
          exists the combination is used, otherwise the /var/ key only). The
          credentials are automatically decrypted at the moment a service is
          started, and are made accessible to the service itself in unencrypted
          form. A new tool 'systemd-creds' encrypts credentials for this
          purpose, and two new service file settings LoadCredentialEncrypted=
          and SetCredentialEncrypted= configure such credentials.

          This feature is useful to store sensitive material such as SSL
          certificates, passwords and similar securely at rest and only decrypt
          them when needed, and in a way that is tied to the local OS
          installation or hardware.

        * systemd-gpt-auto-generator can now automatically set up discoverable
          LUKS2 encrypted swap partitions.

        * The GPT Discoverable Partitions Specification has been substantially
          extended with support for root and /usr/ partitions for the majority
          of architectures systemd supports. This includes platforms that do
          not natively support UEFI, because even though GPT is specified under
          UEFI umbrella, it is useful on other systems too. Specifically,
          systemd-nspawn, systemd-sysext, systemd-gpt-auto-generator and
          Portable Services use the concept without requiring UEFI.

        * The GPT Discoverable Partitions Specifications has been extended with
          a new set of partitions that may carry PKCS#7 signatures for Verity
          partitions, encoded in a simple JSON format. This implements a simple
          mechanism for building disk images that are fully authenticated and
          can be tested against a set of cryptographic certificates. This is
          now implemented for the various systemd tools that can operate with
          disk images, such as systemd-nspawn, systemd-sysext, systemd-dissect,
          Portable services/RootImage=, systemd-tmpfiles, and systemd-sysusers.
          The PKCS#7 signatures are passed to the kernel (where they are
          checked against certificates from the kernel keyring), or can be
          verified against certificates provided in userspace (via a simple
          drop-in file mechanism).

        * systemd-dissect's inspection logic will now report for which uses a
          disk image is intended. Specifically, it will display whether an
          image is suitable for booting on UEFI or in a container (using
          systemd-nspawn's --image= switch), whether it can be used as portable
          service, or attached as system extension.

        * The system-extension.d/ drop-in files now support a new field
          SYSEXT_SCOPE= that may encode which purpose a system extension image
          is for: one of "initrd", "system" or "portable". This is useful to
          make images more self-descriptive, and to ensure system extensions
          cannot be attached in the wrong contexts.

        * The os-release file learnt a new PORTABLE_PREFIXES= field which may
          be used in portable service images to indicate which unit prefixes
          are supported.

        * The GPT image dissection logic in systemd-nspawn/systemd-dissect/…
          now is able to decode images for non-native architectures as well.
          This allows systemd-nspawn to boot images of non-native architectures
          if the corresponding user mode emulator is installed and
          systemd-binfmtd is running.

        * systemd-logind gained new settings HandlePowerKeyLongPress=,
          HandleRebootKeyLongPress=, HandleSuspendKeyLongPress= and
          HandleHibernateKeyLongPress= which may be used to configure actions
          when the relevant keys are pressed for more than 5s. This is useful
          on devices that only have hardware for a subset of these keys. By
          default, if the reboot key is pressed long the poweroff operation is
          now triggered, and when the suspend key is pressed long the hibernate
          operation is triggered. Long pressing the other two keys currently
          does not trigger any operation by default.

        * When showing unit status updates on the console during boot and
          shutdown, and a service is slow to start so that the cylon animation
          is shown, the most recent sd_notify() STATUS= text is now shown as
          well. Services may use this to make the boot/shutdown output easier
          to understand, and to indicate what precisely a service that is slow
          to start or stop is waiting for. In particular, the per-user service
          manager instance now reports what it is doing and which service it is
          waiting for this way to the system service manager.

        * The service manager will now re-execute on reception of the
          SIGRTMIN+25 signal. It previously already did that on SIGTERM — but
          only when running as PID 1. There was no signal to request this when
          running as per-user service manager, i.e. as any other PID than 1.
          SIGRTMIN+25 works for both system and user managers.

        * The hardware watchdog logic in PID 1 gained support for operating
          with the default timeout configured in the hardware, instead of
          insisting on re-configuring it. Set RuntimeWatchdogSec=default to
          request this behavior.

        * A new kernel command line option systemd.watchdog_sec= is now
          understood which may be used to override the hardware watchdog
          time-out for the boot.

        * A new setting DefaultOOMScoreAdjust= is now supported in
          /etc/systemd/system.conf + /etc/systemd/user.conf that may be used to
          set the default process OOM score adjustment value for processes
          forked off the service manager. For per-user service managers this
          now defaults to 100, but for per-system service managers is left as
          is. This means that by default now services forked off the user
          service manager are more likely to be killed by the OOM killer than
          system services or the managers themselves.

        * A new per-service setting RestrictFileSystems= as been added that
          restricts the file systems a service has access to by their type.
          This is based on the new BPF LSM of the Linux kernel. It provides an
          effective way to make certain API file systems unavailable to
          services (and thus minimizing attack surface). A new command
          "systemd-analyze filesystems" has been added that lists all known
          file system types (and how they are grouped together under useful
          group handles).

        * Services now support a new setting RestrictNetworkInterfaces= for
          restricting access to specific network interfaces.

        * Service unit files gained new settings StartupAllowedCPUs= and
          StartupAllowedMemoryNodes=. These are similar to their counterparts
          without the "Startup" prefix and apply during the boot process
          only. This is useful to improve boot-time behavior of the system and
          assign resources differently during boot than during regular
          runtime. This is similar to the preexisting StartupCPUWeight=
          vs. CPUWeight.

        * Related to this: the various StartupXYZ= settings
          (i.e. StartupCPUWeight=, StartupAllowedCPUs=, …) are now also applied
          during shutdown. The settings not prefixed with "Startup" hence apply
          during regular runtime, and those that are prefixed like that apply
          during boot and shutdown.

        * A new per-unit set of conditions/asserts
          [Condition|Assert][Memory|CPU|IO]Pressure= have been added to make a
          unit skip/fail activation if the system's (or a slice's) memory/cpu/io
          pressure is above the configured threshold, using the kernel PSI
          feature. For more details see systemd.unit(5) and

        * The combination of ProcSubset=pid and ProtectKernelTunables=yes and/or
          ProtectKernelLogs=yes can now be used.

        * The default maximum numbers of inodes have been raised from 64k to 1M
          for /dev, and from 400k to 1M for /tmp.

        * The per-user service manager learnt support for communicating with
          systemd-oomd to acquire OOM kill information.

        * A new service setting ExecSearchPath= has been added that allows
          changing the search path for executables for services. It affects
          where we look for the binaries specified in ExecStart= and similar,
          and the specified directories are also added the $PATH environment
          variable passed to invoked processes.

        * A new setting RuntimeRandomizedExtraSec= has been added for service
          and scope units that allows extending the runtime time-out as
          configured by RuntimeMaxSec= with a randomized amount.

        * The syntax of the service unit settings RuntimeDirectory=,
          StateDirectory=, CacheDirectory=, LogsDirectory= has been extended:
          if the specified value is now suffixed with a colon, followed by
          another filename, the latter will be created as symbolic link to the
          specified directory. This allows creating these service directories
          together with alias symlinks to make them available under multiple

        * Service unit files gained two new settings TTYRows=/TTYColumns= for
          configuring rows/columns of the TTY device passed to
          stdin/stdout/stderr of the service. This is useful to propagate TTY
          dimensions to a virtual machine.

        * A new service unit file setting ExitType= has been added that
          specifies when to assume a service has exited. By default systemd
          only watches the main process of a service. By setting
          ExitType=cgroup it can be told to wait for the last process in a
          cgroup instead.

        * Automount unit files gained a new setting ExtraOptions= that can be
          used to configure additional mount options to pass to the kernel when
          mounting the autofs instance.

        * "Urlification" (generation of ESC sequences that generate clickable
          hyperlinks in modern terminals) may now be turned off altogether
          during build-time.

        * Path units gained new TriggerLimitBurst= and TriggerLimitIntervalSec=
          settings that default to 200 and 2 s respectively. The ratelimit
          ensures that a path unit cannot cause PID1 to busy-loop when it is
          trying to trigger a service that is skipped because of a Condition*=
          not being satisfied. This matches the configuration and behaviour of
          socket units.

        * The TPM2/FIDO2/PKCS11 support in systemd-cryptsetup is now also built
          as a plug-in for cryptsetup. This means the plain cryptsetup command
          may now be used to unlock volumes set up this way.

        * The TPM2 logic in cryptsetup will now automatically detect systems
          where the TPM2 chip advertises SHA256 PCR banks but the firmware only
          updates the SHA1 banks. In such a case PCR policies will be
          automatically bound to the latter, not the former. This makes the PCR
          policies reliable, but of course do not provide the same level of
          trust as SHA256 banks.

        * The TPM2 logic in systemd-cryptsetup/systemd-cryptsetup now supports
          RSA primary keys in addition to ECC, improving compatibility with
          TPM2 chips that do not support ECC. RSA keys are much slower to use
          than ECC, and hence are only used if ECC is not available.

        * /etc/crypttab gained support for a new token-timeout= setting for
          encrypted volumes that allows configuration of the maximum time to
          wait for PKCS#11/FIDO2 tokens to be plugged in. If the time elapses
          the logic will query the user for a regular passphrase/recovery key

        * Support for activating dm-integrity volumes at boot via a new file
          /etc/integritytab and the tool systemd-integritysetup have been
          added. This is similar to /etc/crypttab and /etc/veritytab, but deals
          with dm-integrity instead of dm-crypt/dm-verity.

        * The systemd-veritysetup-generator now understands a new usrhash=
          kernel command line option for specifying the Verity root hash for
          the partition backing the /usr/ file system. A matching set of
          systemd.verity_usr_* kernel command line options has been added as
          well. These all work similar to the corresponding options for the
          root partition.

        * The sd-device API gained a new API call sd_device_get_diskseq() to
          return the DISKSEQ property of a device structure. The "disk
          sequence" concept is a new feature recently introduced to the Linux
          kernel that allows detecting reuse cycles of block devices, i.e. can
          be used to recognize when loopback block devices are reused for a
          different purpose or CD-ROM drives get their media changed.

        * A new unit systemd-boot-update.service has been added. If enabled
          (the default) and the sd-boot loader is detected to be installed, it
          is automatically updated to the newest version when out of date. This
          is useful to ensure the boot loader remains up-to-date, and updates
          automatically propagate from the OS tree in /usr/.

        * sd-boot will now build with SBAT by default in order to facilitate
          working with recent versions of Shim that require it to be present.

        * sd-boot can now parse Microsoft Windows' Boot Configuration Data.
          This is used to robustly generate boot entry titles for Windows.

        * A new generic target unit factory-reset.target has been added. It is
          hooked into systemd-logind similar in fashion to
          reboot/poweroff/suspend/hibernate, and is supposed to be used to
          initiate a factory reset operation. What precisely this operation
          entails is up for the implementer to decide, the primary goal of the
          new unit is provide a framework where to plug in the implementation
          and how to trigger it.

        * A new meson build-time option 'clock-valid-range-usec-max' has been
          added which takes a time in µs and defaults to 15 years. If the RTC
          time is noticed to be more than the specified time ahead of the
          built-in epoch of systemd (which by default is the release timestamp
          of systemd) it is assumed that the RTC is not working correctly, and
          the RTC is reset to the epoch. (It already is reset to the epoch when
          noticed to be before it.) This should increase the chance that time
          doesn't accidentally jump too far ahead due to faulty hardware or

        * A new setting SaveIntervalSec= has been added to systemd-timesyncd,
          which may be used to automatically save the current system time to
          disk in regular intervals. This is useful to maintain a roughly
          monotonic clock even without RTC hardware and with some robustness
          against abnormal system shutdown.

        * .network files gained a new UplinkInterface in the [IPv6SendRA]
          section, for automatically propagating DNS settings from other

        * The static lease DHCP server logic in systemd-networkd may now serve
          IP addresses outside of the configured IP pool range for the server.

        * CAN support in systemd-networkd gained four new settings Loopback=,
          OneShot=, PresumeAck=, ClassicDataLengthCode= for tweaking CAN
          control modes. It gained a number of further settings for tweaking
          CAN timing quanta.

        * The [CAN] section in .network file gained new TimeQuantaNSec=,
          PropagationSegment=, PhaseBufferSegment1=, PhaseBufferSegment2=,
          SyncJumpWidth=, DataTimeQuantaNSec=, DataPropagationSegment=,
          DataPhaseBufferSegment1=, DataPhaseBufferSegment2=, and
          DataSyncJumpWidth= settings to control bit-timing processed by the
          CAN interface.

        * DHCPv4 client support in systemd-networkd learnt a new Label= option
          for configuring the address label to apply to configure IPv4

        * The various systemd-udevd "ethtool" buffer settings now understand
          the special value "max" to configure the buffers to the maximum the
          hardware supports.

        * systemd-udevd's .link files may now configure a large variety of
          NIC coalescing settings, plus more hardware offload settings.

        * systemd-analyze verify gained support for a pair of new --image= +
          --root= switches for verifying units below a specific root
          directory/image instead of on the host.

        * systemd-analyze verify gained support for verifying unit files under
          an explicitly specified unit name, independently of what the filename
          actually is.

        * systemd-analyze verify gained a new switch --recursive-errors= which
          controls whether to only fail on errors found in the specified units
          or recursively any dependent units.

        * systemd-analyze security now supports a new --offline mode for
          analyzing unit files stored on disk instead of loaded units. It may
          be combined with --root=/--image to analyze unit files under a root
          directory or disk image. It also learnt a new --threshold= parameter
          for specifying an exposure level threshold: if the exposure level
          exceeds the specified value the call will fail. It also gained a new
          --security-policy= switch for configuring security policies to
          enforce on the units. A policy is a JSON file that lists which tests
          shall be weighted how much to determine the overall exposure
          level. Altogether these new features are useful for fully automatic
          analysis and enforcement of security policies on unit files.

        * systemd-analyze security gain a new --json= switch for JSON output.

        * systemd-analyze learnt a new --quiet switch for reducing
          non-essential output. It's honored by the "dot", "syscall-filter",
          "filesystems" commands.

        * systemd-analyze security gained a --profile option that can be used
          to take into account a portable profile when analyzing portable
          services, since a lot of the security-related settings are enabled
          through them.

        * systemd-analyze learnt a new inspect-elf verb that parses ELF core
          files, binaries and executables and prints metadata information,
          including the build-id and other info described on:

        * The [IPv6AcceptRA] section of .network files gained support for a new
          UseMTU= setting that may be used to control whether to apply the
          announced MTU settings to the local interface.

        * systemd-networkd now ships with new default .network files:
          80-container-vb.network which matches host-side network bridge device
          created by systemd-nspawn's --network-bridge or --network-zone
          switch, and 80-6rd-tunnel.network which matches automatically created
          sit tunnel with 6rd prefix when the DHCP 6RD option is received.

        * systemd-networkd and systemd-udevd now support IP over InfiniBand
          interfaces. The Kind= setting in .netdev file accepts "ipoib". And
          systemd.netdev files gained the [IPoIB] section.

        * systemd-networkd and systemd-udevd now support net.ifname-policy=
          option on the kernel command-line. This is implemented through the
          systemd-network-generator service that automatically generates
          appropriate .link, .network, and .netdev files.

        * systemd-networkd's handling of Endpoint= resolution for WireGuard
          interfaces has been improved.

        * systemd-networkd will now automatically configure routes to addresses
          specified in AllowedIPs=. This feature can be controlled via RouteTable=
          and RouteMetric= settings in [WireGuard] or [WireGuardPeer] sections.

        * systemd-networkd will now once again automatically generate persistent
          MAC addresses for batadv and bridge interfaces. Users can disable this
          by using MACAddress=none in .netdev files.

        * .link files gained a new WakeOnLanPassword= setting in the [Link]
          section that allows to specify a WoL "SecureOn" password on hardware
          that supports this.

        * The [DHCPv4] section in .network file gained a new Use6RD= boolean
          setting to control whether the DHCPv4 client request and process the
          DHCP 6RD option.

        * The [DHCPv6PrefixDelegation] section in .network file is renamed to
          [DHCPPrefixDelegation], as now the prefix delegation is also supported
          with DHCPv4 protocol by enabling the Use6RD= setting.

        * The [DHCPPrefixDelegation] section in .network file gained a new
          setting UplinkInterface= to specify the upstream interface.

        * The [DHCPv6] section in .network file gained a new setting
          UseDelegatedPrefix= to control whether the delegated prefixes will be
          propagated to the downstream interfaces.

        * The [IPv6AcceptRA] section of .network files now understands two new
          settings UseGateway=/UseRoutePrefix= for explicitly configuring
          whether to use the relevant fields from the IPv6 Router Advertisement

        * The ForceDHCPv6PDOtherInformation= setting in the [DHCPv6] section is
          now deprecated. Please use the WithoutRA= and UseDelegatedPrefix=
          settings in the [DHCPv6] section and the DHCPv6Client= setting in the
          [IPv6AcceptRA] section to control when the DHCPv6 client is started
          and how the delegated prefixes are handled by the DHCPv6 client.

        * The [CAKE] section of .network files gained various new settings
          AutoRateIngress=, CompensationMode=, FlowIsolationMode=, NAT=,
          MPUBytes=, PriorityQueueingPreset=, FirewallMark=, Wash=, SplitGSO=,
          and UseRawPacketSize= for configuring CAKE.

        * The IPv6Token= section in the [Network] section is deprecated, and
          the [IPv6AcceptRA] section gained the Token= setting for its
          replacement. The [IPv6Prefix] section also gained the Token= setting.
          The Token= setting gained 'eui64' mode to explicitly configure an
          address with the EUI64 algorithm based on the interface MAC address.
          The 'prefixstable' mode can now optionally take a secret key. The
          Token= setting in the [DHCPPrefixDelegation] section now supports all
          algorithms supported by the same settings in the other sections.

        * The [RoutingPolicyRule] section of .network file gained a new
          SuppressInterfaceGroup= setting.

        * The IgnoreCarrierLoss= setting in the [Network] section of .network
          files now allows a duration to be specified, controlling how long to
          wait before reacting to carrier loss.

        * The [DHCPServer] section of .network file gained a new Router=
          setting to specify the router address.

        * systemd-nspawn's --setenv= switch now supports an additional syntax:
          if only a variable name is specified (i.e. without being suffixed by
          a '=' character and a value) the current value of the environment
          variable is propagated to the container. e.g. --setenv=FOO will
          lookup the current value of $FOO in the environment, and pass it down
          to the container. Similar behavior has been added to homectl's,
          machinectl's and systemd-run's --setenv= switch.

        * systemd-nspawn gained a new switch --suppress-sync= which may be used
          to optionally suppress the effect of the sync()/fsync()/fdatasync()
          system calls for the container payload. This is useful for build
          system environments where safety against abnormal system shutdown is
          not essential as all build artifacts can be regenerated any time, but
          the performance win is beneficial.

        * systemd-nspawn will now raise the RLIMIT_NOFILE hard limit to the
          same value that PID 1 uses for most forked off processes.

        * systemd-nspawn's --bind=/--bind-ro= switches now optionally take
          uidmap/nouidmap options as last parameter. If "uidmap" is used the
          bind mounts are created with UID mapping taking place that ensures
          the host's file ownerships are mapped 1:1 to container file
          ownerships, even if user namespacing is used. This way
          files/directories bound into containers will no longer show up as
          owned by the nobody user as they typically did if no special care was
          taken to shift them manually.

        * When discovering Windows installations sd-boot will now attempt to
          show the Windows version.

        * The color scheme to use in sd-boot may now be configured at

        * sd-boot gained the ability to change screen resolution during
          boot-time, by hitting the "r" key. This will cycle through available
          resolutions and save the last selection.

        * sd-boot learnt a new hotkey "f". When pressed the system will enter
          firmware setup. This is useful in environments where it is difficult
          to hit the right keys early enough to enter the firmware, and works
          on any firmware regardless which key it natively uses.

        * sd-boot gained support for automatically booting into the menu item
          selected on the last boot (using the "@saved" identifier for menu

        * sd-boot gained support for automatically loading all EFI drivers
          placed in the /EFI/systemd/drivers/ subdirectory of the EFI System
          Partition (ESP). These drivers are loaded before the menu entries are
          loaded. This is useful e.g. to load additional file system drivers
          for the XBOOTLDR partition.

        * systemd-boot will now paint the input cursor on its own instead of
          relying on the firmware to do so, increasing compatibility with broken
          firmware that doesn't make the cursor reasonably visible.

        * sd-boot now embeds a .osrel PE section like we expect from Boot
          Loader Specification Type #2 Unified Kernels. This means sd-boot
          itself may be used in place of a Type #2 Unified Kernel. This is
          useful for debugging purposes as it allows chain-loading one a
          (development) sd-boot instance from another.

        * sd-boot now supports a new "devicetree" field in Boot Loader
          Specification Type #1 entries: if configured the specified device
          tree file is installed before the kernel is invoked. This is useful
          for installing/applying new devicetree files without updating the
          kernel image.

        * Similarly, sd-stub now can read devicetree data from a PE section
          ".dtb" and apply it before invoking the kernel.

        * sd-stub (the EFI stub that can be glued in front of a Linux kernel)
          gained the ability to pick up credentials and sysext files, wrap them
          in a cpio archive, and pass as an additional initrd to the invoked
          Linux kernel, in effect placing those files in the /.extra/ directory
          of the initrd environment. This is useful to implement trusted initrd
          environments which are fully authenticated but still can be extended
          (via sysexts) and parameterized (via encrypted/authenticated
          credentials, see above).

          Credentials can be located next to the kernel image file (credentials
          specific to a single boot entry), or in one of the shared directories
          (credentials applicable to multiple boot entries).

        * sd-stub now comes with a full man page, that explains its feature set
          and how to combine a kernel image, an initrd and the stub to build a
          complete EFI unified kernel image, implementing Boot Loader
          Specification Type #2.

        * sd-stub may now provide the initrd to the executed kernel via the
          LINUX_EFI_INITRD_MEDIA_GUID EFI protocol, adding compatibility for
          non-x86 architectures.

        * bootctl learnt new set-timeout and set-timeout-oneshot commands that
          may be used to set the boot menu time-out of the boot loader (for all
          or just the subsequent boot).

        * bootctl and kernel-install will now read KERNEL_INSTALL_MACHINE_ID
          and KERNEL_INSTALL_LAYOUT from kernel/install.conf. The first
          variable specifies the machine-id to use for installation. It would
          previously be used if set in the environment, and now it'll also be
          read automatically from the config file. The second variable is new.
          When set, it specifies the layout to use for installation directories
          on the boot partition, so that tools don't need to guess it based on
          the already-existing directories. The only value that is defined
          natively is "bls", corresponding to the layout specified in
          https://systemd.io/BOOT_LOADER_SPECIFICATION/. Plugins for
          kernel-install that implement a different layout can declare other
          values for this variable.

          'bootctl install' will now write KERNEL_INSTALL_LAYOUT=bls, on the
          assumption that if the user installed sd-boot to the ESP, they intend
          to use the entry layout understood by sd-boot. It'll also write
          KERNEL_INSTALL_MACHINE_ID= if it creates any directories using the ID
          (and it wasn't specified in the config file yet). Similarly,
          kernel-install will now write KERNEL_INSTALL_MACHINE_ID= (if it
          wasn't specified in the config file yet). Effectively, those changes
          mean that the machine-id used for boot loader entry installation is
          "frozen" upon first use and becomes independent of the actual

          Configuring KERNEL_INSTALL_MACHINE_ID fixes the following problem:
          images created for distribution ("golden images") are built with no
          machine-id, so that a unique machine-id can be created on the first
          boot. But those images may contain boot loader entries with the
          machine-id used during build included in paths. Using a "frozen"
          value allows unambiguously identifying entries that match the
          specific installation, while still permitting parallel installations
          without conflict.

          Configuring KERNEL_INSTALL_LAYOUT obviates the need for
          kernel-install to guess the installation layout. This fixes the
          problem where a (possibly empty) directory in the boot partition is
          created from a different layout causing kernel-install plugins to
          assume the wrong layout. A particular example of how this may happen
          is the grub2 package in Fedora which includes directories under /boot
          directly in its file list. Various other packages pull in grub2 as a
          dependency, so it may be installed even if unused, breaking
          installations that use the bls layout.

        * bootctl and systemd-bless-boot can now be linked statically.

        * systemd-sysext now optionally doesn't insist on extension-release.d/
          files being placed in the image under the image's file name. If the
          file system xattr user.extension-release.strict is set on the
          extension release file, it is accepted regardless of its name. This
          relaxes security restrictions a bit, as system extension may be
          attached under a wrong name this way.

        * udevadm's test-builtin command learnt a new --action= switch for
          testing the built-in with the specified action (in place of the
          default 'add').

        * udevadm info gained new switches --property=/--value for showing only
          specific udev properties/values instead of all.

        * A new hwdb database has been added that contains matches for various
          types of signal analyzers (protocol analyzers, logic analyzers,
          oscilloscopes, multimeters, bench power supplies, etc.) that should
          be accessible to regular users.

        * A new hwdb database entry has been added that carries information
          about types of cameras (regular or infrared), and in which direction
          they point (front or back).

        * A new rule to allow console users access to rfkill by default has been
          added to hwdb.

        * Device nodes for the Software Guard eXtension enclaves (sgx_vepc) are
          now also owned by the system group "sgx".

        * A new build-time meson option "extra-net-naming-schemes=" has been
          added to define additional naming schemes schemes for udev's network
          interface naming logic. This is useful for enterprise distributions
          and similar which want to pin the schemes of certain distribution
          releases under a specific name and previously had to patch the
          sources to introduce new named schemes.

        * The predictable naming logic for network interfaces has been extended
          to generate stable names from Xen netfront device information.

        * hostnamed's chassis property can now be sourced from chassis-type
          field encoded in devicetree (in addition to the existing DMI

        * systemd-cgls now optionally displays cgroup IDs and extended
          attributes for each cgroup. (Controllable via the new --xattr= +
          --cgroup-id= switches.)

        * coredumpctl gained a new --all switch for operating on all
          Journal files instead of just the local ones.

        * systemd-coredump will now use libdw/libelf via dlopen() rather than
          directly linking, allowing users to easily opt-out of backtrace/metadata
          analysis of core files, and reduce image sizes when this is not needed.

        * systemd-coredump will now analyze core files with libdw/libelf in a
          forked, sandboxed process.

        * systemd-homed will now try to unmount an activate home area in
          regular intervals once the user logged out fully. Previously this was
          attempted exactly once but if the home directory was busy for some
          reason it was not tried again.

        * systemd-homed's LUKS2 home area backend will now create a BSD file
          system lock on the image file while the home area is active
          (i.e. mounted). If a home area is found to be locked, logins are
          politely refused. This should improve behavior when using home areas
          images that are accessible via the network from multiple clients, and
          reduce the chance of accidental file system corruption in that case.

        * Optionally, systemd-homed will now drop the kernel buffer cache once
          a user has fully logged out, configurable via the new --drop-caches=
          homectl switch.

        * systemd-homed now makes use of UID mapped mounts for the home areas.
          If the kernel and used file system support it, files are now
          internally owned by the "nobody" user (i.e. the user typically used
          for indicating "this ownership is not mapped"), and dynamically
          mapped to the UID used locally on the system via the UID mapping
          mount logic of recent kernels. This makes migrating home areas
          between different systems cheaper because recursively chown()ing file
          system trees is no longer necessary.

        * systemd-homed's CIFS backend now optionally supports CIFS service
          names with a directory suffix, in order to place home directories in
          a subdirectory of a CIFS share, instead of the top-level directory.

        * systemd-homed's CIFS backend gained support for specifying additional
          mount options in the JSON user record (cifsExtraMountOptions field,
          and --cifs-extra-mount-options= homectl switch). This is for example
          useful for configuring mount options such as "noserverino" that some
          SMB3 services require (use that to run a homed home directory from a
          FritzBox SMB3 share this way).

        * systemd-homed will now default to btrfs' zstd compression for home
          areas. This is inspired by Fedora's recent decision to switch to zstd
          by default.

        * Additional mount options to use when mounting the file system of
          LUKS2 volumes in systemd-homed has been added. Via the
          $SYSTEMD_HOME_MOUNT_OPTIONS_XFS environment variables to
          systemd-homed or via the luksExtraMountOptions user record JSON
          property. (Exposed via homectl --luks-extra-mount-options)

        * homectl's resize command now takes the special size specifications
          "min" and "max" to shrink/grow the home area to the minimum/maximum
          size possible, taking disk usage/space constraints and file system
          limitations into account. Resizing is now generally graceful: the
          logic will try to get as close to the specified size as possible, but
          not consider it a failure if the request couldn't be fulfilled

        * systemd-homed gained the ability to automatically shrink home areas
          on logout to their minimal size and grow them again on next
          login. This ensures that while inactive, a home area only takes up
          the minimal space necessary, but once activated, it provides
          sufficient space for the user's needs. This behavior is only
          supported if btrfs is used as file system inside the home area
          (because only for btrfs online growing/shrinking is implemented in
          the kernel). This behavior is now enabled by default, but may be
          controlled via the new --auto-resize-mode= setting of homectl.

        * systemd-homed gained support for automatically re-balancing free disk
          space among active home areas, in case the LUKS2 backends are used,
          and no explicit disk size was requested. This way disk space is
          automatically managed and home areas resized in regular intervals and
          manual resizing when disk space becomes scarce should not be
          necessary anymore. This behavior is only supported if btrfs is used
          within the home areas (as only then online shrinking and growing is
          supported), and may be configured via the new rebalanceWeight JSON
          user record field (as exposed via the new --rebalance-weight= homectl
          setting). Re-balancing is mostly automatic, but can also be requested
          explicitly via "homectl rebalance", which is synchronous, and thus
          may be used to wait until the rebalance run is complete.

        * userdbctl gained a --json= switch for configured the JSON formatting
          to use when outputting user or group records.

        * userdbctl gained a new --multiplexer= switch for explicitly
          configuring whether to use the systemd-userdbd server side user
          record resolution logic.

        * userdbctl's ssh-authorized-keys command learnt a new --chain switch,
          for chaining up another command to execute after completing the
          look-up. Since the OpenSSH's AuthorizedKeysCommand only allows
          configuration of a single command to invoke, this maybe used to
          invoke multiple: first userdbctl's own implementation, and then any
          other also configured in the command line.

        * The sd-event API gained a new function sd_event_add_inotify_fd() that
          is similar to sd_event_add_inotify() but accepts a file descriptor
          instead of a path in the file system for referencing the inode to

        * The sd-event API gained a new function
          sd_event_source_set_ratelimit_expire_callback() that may be used to
          define a callback function that is called whenever an event source
          leaves the rate limiting phase.

        * New documentation has been added explaining which steps are necessary
          to port systemd to a new architecture:


        * The x-systemd.makefs option in /etc/fstab now explicitly supports
          ext2, ext3, and f2fs file systems.

        * Mount units and units generated from /etc/fstab entries with 'noauto'
          are now ordered the same as other units. Effectively, they will be
          started earlier (if something actually pulled them in) and stopped
          later, similarly to normal mount units that are part of
          fs-local.target. This change should be invisible to users, but
          should prevent those units from being stopped too early during

        * The systemd-getty-generator now honors a new kernel command line
          argument systemd.getty_auto= and a new environment variable
          $SYSTEMD_GETTY_AUTO that allows turning it off at boot. This is for
          example useful to turn off gettys inside of containers or similar

        * systemd-resolved now listens on a second DNS stub address:
          (in addition to, as before). If DNS requests are sent to
          this address they are propagated in "bypass" mode only, i.e. are
          almost not processed locally, but mostly forwarded as-is to the
          current upstream DNS servers. This provides a stable DNS server
          address that proxies all requests dynamically to the right upstream
          DNS servers even if these dynamically change. This stub does not do
          mDNS/LLMNR resolution. However, it will translate look-ups to
          DNS-over-TLS if necessary. This new stub is particularly useful in
          container/VM environments, or for tethering setups: use DNAT to
          redirect traffic to any IP address to this stub.

        * systemd-importd now honors new environment variables
          $SYSTEMD_IMPORT_SYNC, which may be used disable btrfs subvolume
          generation, btrfs quota setup and disk synchronization.

        * systemd-importd and systemd-resolved can now be optionally built with
          OpenSSL instead of libgcrypt.

        * systemd-repart no longer requires OpenSSL.

        * systemd-sysusers will no longer create the redundant 'nobody' group
          by default, as the 'nobody' user is already created with an
          appropriate primary group.

        * If a unit uses RuntimeMaxSec, systemctl show will now display it.

        * systemctl show-environment gained support for --output=json.

        * pam_systemd will now first try to use the X11 abstract socket, and
          fallback to the socket file in /tmp/.X11-unix/ only if that does not

        * systemd-journald will no longer go back to volatile storage
          regardless of configuration when its unit is restarted.

        * Initial support for the LoongArch architecture has been added (system
          call lists, GPT partition table UUIDs, etc).

        * systemd-journald's own logging messages are now also logged to the
          journal itself when systemd-journald logs to /dev/kmsg.

        * systemd-journald now re-enables COW for archived journal files on
          filesystems that support COW. One benefit of this change is that
          archived journal files will now get compressed on btrfs filesystems
          that have compression enabled.

        * systemd-journald now deduplicates fields in a single log message
          before adding it to the journal. In archived journal files, it will
          also punch holes for unused parts and truncate the file as
          appropriate, leading to reductions in disk usage.

        * journalctl --verify was extended with more informative error

        * More of sd-journal's functions are now resistant against journal file

        * The shutdown command learnt a new option --show, to display the
          scheduled shutdown.

        * A LICENSES/ directory is now included in the git tree. It contains a
          README.md file that explains the licenses used by source files in
          this repository.  It also contains the text of all applicable
          licenses as they appear on spdx.org.

        Contributions from: Aakash Singh, acsfer, Adolfo Jayme Barrientos,
        Adrian Vovk, Albert Brox, Alberto Mardegan, Alexander Kanavin,
        alexlzhu, Alfonso Sánchez-Beato, Alvin Šipraga, Alyssa Ross,
        Amir Omidi, Anatol Pomozov, Andika Triwidada, Andreas Rammhold,
        Andreas Valder, Andrej Lajovic, Andrew Soutar, Andrew Stone, Andy Chi,
        Anita Zhang, Anssi Hannula, Antonio Alvarez Feijoo,
        Antony Deepak Thomas, Arnaud Ferraris, Arvid E. Picciani,
        Bastien Nocera, Benjamin Berg, Benjamin Herrenschmidt, Ben Stockett,
        Bogdan Seniuc, Boqun Feng, Carl Lei, chlorophyll-zz, Chris Packham,
        Christian Brauner, Christian Göttsche, Christian Wehrli,
        Christoph Anton Mitterer, Cristian Rodríguez, Daan De Meyer,
        Daniel Maixner, Dann Frazier, Dan Streetman, Davide Cavalca,
        David Seifert, David Tardon, dependabot[bot], Dimitri John Ledkov,
        Dimitri Papadopoulos, Dimitry Ishenko, Dmitry Khlebnikov,
        Dominique Martinet, duament, Egor, Egor Ignatov, Emil Renner Berthing,
        Emily Gonyer, Ettore Atalan, Evgeny Vereshchagin, Florian Klink,
        Franck Bui, Frantisek Sumsal, Geass-LL, Gibeom Gwon, GnunuX,
        Gogo Gogsi, gregzuro, Greg Zuro, Gustavo Costa, Hans de Goede,
        Hela Basa, Henri Chain, hikigaya58, Hugo Carvalho,
        Hugo Osvaldo Barrera, Iago Lopez Galeiras, Iago López Galeiras,
        I-dont-need-name, igo95862, Jack Dähn, James Hilliard, Jan Janssen,
        Jan Kuparinen, Jan Macku, Jan Palus, Jarkko Sakkinen, Jayce Fayne,
        jiangchuangang, jlempen, John Lindgren, Jonas Dreßler, Jonas Jelten,
        Jonas Witschel, Joris Hartog, José Expósito, Julia Kartseva,
        Kai-Heng Feng, Kai Wohlfahrt, Kay Siver Bø, KennthStailey,
        Kevin Kuehler, Kevin Orr, Khem Raj, Kristian Klausen, Kyle Laker,
        lainahai, LaserEyess, Lennart Poettering, Lia Lenckowski, longpanda,
        Luca Boccassi, Luca BRUNO, Ludwig Nussel, Lukas Senionis,
        Maanya Goenka, Maciek Borzecki, Marcel Menzel, Marco Scardovi,
        Marcus Harrison, Mark Boudreau, Matthijs van Duin, Mauricio Vásquez,
        Maxime de Roucy, Max Resch, MertsA, Michael Biebl, Michael Catanzaro,
        Michal Koutný, Michal Sekletár, Miika Karanki, Mike Gilbert,
        Milo Turner, ml, monosans, Nacho Barrientos, nassir90, Nishal Kulkarni,
        nl6720, Ondrej Kozina, Paulo Neves, Pavel Březina, pedro martelletto,
        Peter Hutterer, Peter Morrow, Piotr Drąg, Rasmus Villemoes, ratijas,
        Raul Tambre, rene, Riccardo Schirone, Robert-L-Turner, Robert Scheck,
        Ross Jennings, saikat0511, Scott Lamb, Sergei Trofimovich, Sho Iizuka,
        Slava Bacherikov, Slimane Selyan Amiri, StefanBruens, Steven Siloti,
        svonohr, Taiki Sugawara, Takashi Sakamoto, Takuro Onoue, Thomas Blume,
        Thomas Haller, Thomas Mühlbacher, Tianlu Shao, Toke Høiland-Jørgensen,
        Tom Yan, Tony Asleson, Topi Miettinen, Ulrich Ölmann, Urs Ritzmann,
        Vincent Bernat, Vito Caputo, Vladimir Panteleev, WANG Xuerui, Wind/owZ,
        Wu Xiaotian, xdavidwu, Xiaotian Wu, xujing, yangmingtai, Yao Wei,
        Yao Wei (魏銘廷), Yegor Alexeyev, Yu Watanabe,
        Zbigniew Jędrzejewski-Szmek, Дамјан Георгиевски, наб

        — Warsaw, 2021-12---

More information about the systemd-devel mailing list