CHANGES WITH 250:
* Support for encrypted and authenticated credentials has been added.
This extends the credential logic introduced with v247 to support
non-interactive symmetric encryption and authentication, based on a
key that is stored on the /var/ file system or in the TPM2 chip (if
available), or the combination of both (by default if a TPM2 chip
exists the combination is used, otherwise the /var/ key only). The
credentials are automatically decrypted at the moment a service is
started, and are made accessible to the service itself in unencrypted
form. A new tool 'systemd-creds' encrypts credentials for this
purpose, and two new service file settings LoadCredentialEncrypted=
and SetCredentialEncrypted= configure such credentials.
This feature is useful to store sensitive material such as SSL
certificates, passwords and similar securely at rest and only decrypt
them when needed, and in a way that is tied to the local OS
installation or hardware.
* systemd-gpt-auto-generator can now automatically set up discoverable
LUKS2 encrypted swap partitions.
* The GPT Discoverable Partitions Specification has been substantially
extended with support for root and /usr/ partitions for the majority
of architectures systemd supports. This includes platforms that do
not natively support UEFI, because even though GPT is specified under
UEFI umbrella, it is useful on other systems too. Specifically,
systemd-nspawn, systemd-sysext, systemd-gpt-auto-generator and
Portable Services use the concept without requiring UEFI.
* The GPT Discoverable Partitions Specifications has been extended with
a new set of partitions that may carry PKCS#7 signatures for Verity
partitions, encoded in a simple JSON format. This implements a simple
mechanism for building disk images that are fully authenticated and
can be tested against a set of cryptographic certificates. This is
now implemented for the various systemd tools that can operate with
disk images, such as systemd-nspawn, systemd-sysext, systemd-dissect,
Portable services/RootImage=, systemd-tmpfiles, and systemd-sysusers.
The PKCS#7 signatures are passed to the kernel (where they are
checked against certificates from the kernel keyring), or can be
verified against certificates provided in userspace (via a simple
drop-in file mechanism).
* systemd-dissect's inspection logic will now report for which uses a
disk image is intended. Specifically, it will display whether an
image is suitable for booting on UEFI or in a container (using
systemd-nspawn's --image= switch), whether it can be used as portable
service, or attached as system extension.
* The system-extension.d/ drop-in files now support a new field
SYSEXT_SCOPE= that may encode which purpose a system extension image
is for: one of "initrd", "system" or "portable". This is useful to
make images more self-descriptive, and to ensure system extensions
cannot be attached in the wrong contexts.
* The os-release file learnt a new PORTABLE_PREFIXES= field which may
be used in portable service images to indicate which unit prefixes
* The GPT image dissection logic in systemd-nspawn/systemd-dissect/…
now is able to decode images for non-native architectures as well.
This allows systemd-nspawn to boot images of non-native architectures
if the corresponding user mode emulator is installed and
systemd-binfmtd is running.
* systemd-logind gained new settings HandlePowerKeyLongPress=,
HandleRebootKeyLongPress=, HandleSuspendKeyLongPress= and
HandleHibernateKeyLongPress= which may be used to configure actions
when the relevant keys are pressed for more than 5s. This is useful
on devices that only have hardware for a subset of these keys. By
default, if the reboot key is pressed long the poweroff operation is
now triggered, and when the suspend key is pressed long the hibernate
operation is triggered. Long pressing the other two keys currently
does not trigger any operation by default.
* When showing unit status updates on the console during boot and
shutdown, and a service is slow to start so that the cylon animation
is shown, the most recent sd_notify() STATUS= text is now shown as
well. Services may use this to make the boot/shutdown output easier
to understand, and to indicate what precisely a service that is slow
to start or stop is waiting for. In particular, the per-user service
manager instance now reports what it is doing and which service it is
waiting for this way to the system service manager.
* The service manager will now re-execute on reception of the
SIGRTMIN+25 signal. It previously already did that on SIGTERM — but
only when running as PID 1. There was no signal to request this when
running as per-user service manager, i.e. as any other PID than 1.
SIGRTMIN+25 works for both system and user managers.
* The hardware watchdog logic in PID 1 gained support for operating
with the default timeout configured in the hardware, instead of
insisting on re-configuring it. Set RuntimeWatchdogSec=default to
request this behavior.
* A new kernel command line option systemd.watchdog_sec= is now
understood which may be used to override the hardware watchdog
time-out for the boot.
* A new setting DefaultOOMScoreAdjust= is now supported in
/etc/systemd/system.conf + /etc/systemd/user.conf that may be used to
set the default process OOM score adjustment value for processes
forked off the service manager. For per-user service managers this
now defaults to 100, but for per-system service managers is left as
is. This means that by default now services forked off the user
service manager are more likely to be killed by the OOM killer than
system services or the managers themselves.
* A new per-service setting RestrictFileSystems= as been added that
restricts the file systems a service has access to by their type.
This is based on the new BPF LSM of the Linux kernel. It provides an
effective way to make certain API file systems unavailable to
services (and thus minimizing attack surface). A new command
"systemd-analyze filesystems" has been added that lists all known
file system types (and how they are grouped together under useful
* Services now support a new setting RestrictNetworkInterfaces= for
restricting access to specific network interfaces.
* Service unit files gained new settings StartupAllowedCPUs= and
StartupAllowedMemoryNodes=. These are similar to their counterparts
without the "Startup" prefix and apply during the boot process
only. This is useful to improve boot-time behavior of the system and
assign resources differently during boot than during regular
runtime. This is similar to the preexisting StartupCPUWeight=
* Related to this: the various StartupXYZ= settings
(i.e. StartupCPUWeight=, StartupAllowedCPUs=, …) are now also applied
during shutdown. The settings not prefixed with "Startup" hence apply
during regular runtime, and those that are prefixed like that apply
during boot and shutdown.
* A new per-unit set of conditions/asserts
[Condition|Assert][Memory|CPU|IO]Pressure= have been added to make a
unit skip/fail activation if the system's (or a slice's) memory/cpu/io
pressure is above the configured threshold, using the kernel PSI
feature. For more details see systemd.unit(5) and
* The combination of ProcSubset=pid and ProtectKernelTunables=yes and/or
ProtectKernelLogs=yes can now be used.
* The default maximum numbers of inodes have been raised from 64k to 1M
for /dev, and from 400k to 1M for /tmp.
* The per-user service manager learnt support for communicating with
systemd-oomd to acquire OOM kill information.
* A new service setting ExecSearchPath= has been added that allows
changing the search path for executables for services. It affects
where we look for the binaries specified in ExecStart= and similar,
and the specified directories are also added the $PATH environment
variable passed to invoked processes.
* A new setting RuntimeRandomizedExtraSec= has been added for service
and scope units that allows extending the runtime time-out as
configured by RuntimeMaxSec= with a randomized amount.
* The syntax of the service unit settings RuntimeDirectory=,
StateDirectory=, CacheDirectory=, LogsDirectory= has been extended:
if the specified value is now suffixed with a colon, followed by
another filename, the latter will be created as symbolic link to the
specified directory. This allows creating these service directories
together with alias symlinks to make them available under multiple
* Service unit files gained two new settings TTYRows=/TTYColumns= for
configuring rows/columns of the TTY device passed to
stdin/stdout/stderr of the service. This is useful to propagate TTY
dimensions to a virtual machine.
* A new service unit file setting ExitType= has been added that
specifies when to assume a service has exited. By default systemd
only watches the main process of a service. By setting
ExitType=cgroup it can be told to wait for the last process in a
* Automount unit files gained a new setting ExtraOptions= that can be
used to configure additional mount options to pass to the kernel when
mounting the autofs instance.
* "Urlification" (generation of ESC sequences that generate clickable
hyperlinks in modern terminals) may now be turned off altogether
* Path units gained new TriggerLimitBurst= and TriggerLimitIntervalSec=
settings that default to 200 and 2 s respectively. The ratelimit
ensures that a path unit cannot cause PID1 to busy-loop when it is
trying to trigger a service that is skipped because of a Condition*=
not being satisfied. This matches the configuration and behaviour of
* The TPM2/FIDO2/PKCS11 support in systemd-cryptsetup is now also built
as a plug-in for cryptsetup. This means the plain cryptsetup command
may now be used to unlock volumes set up this way.
* The TPM2 logic in cryptsetup will now automatically detect systems
where the TPM2 chip advertises SHA256 PCR banks but the firmware only
updates the SHA1 banks. In such a case PCR policies will be
automatically bound to the latter, not the former. This makes the PCR
policies reliable, but of course do not provide the same level of
trust as SHA256 banks.
* The TPM2 logic in systemd-cryptsetup/systemd-cryptsetup now supports
RSA primary keys in addition to ECC, improving compatibility with
TPM2 chips that do not support ECC. RSA keys are much slower to use
than ECC, and hence are only used if ECC is not available.
* /etc/crypttab gained support for a new token-timeout= setting for
encrypted volumes that allows configuration of the maximum time to
wait for PKCS#11/FIDO2 tokens to be plugged in. If the time elapses
the logic will query the user for a regular passphrase/recovery key
* Support for activating dm-integrity volumes at boot via a new file
/etc/integritytab and the tool systemd-integritysetup have been
added. This is similar to /etc/crypttab and /etc/veritytab, but deals
with dm-integrity instead of dm-crypt/dm-verity.
* The systemd-veritysetup-generator now understands a new usrhash=
kernel command line option for specifying the Verity root hash for
the partition backing the /usr/ file system. A matching set of
systemd.verity_usr_* kernel command line options has been added as
well. These all work similar to the corresponding options for the
* The sd-device API gained a new API call sd_device_get_diskseq() to
return the DISKSEQ property of a device structure. The "disk
sequence" concept is a new feature recently introduced to the Linux
kernel that allows detecting reuse cycles of block devices, i.e. can
be used to recognize when loopback block devices are reused for a
different purpose or CD-ROM drives get their media changed.
* A new unit systemd-boot-update.service has been added. If enabled
(the default) and the sd-boot loader is detected to be installed, it
is automatically updated to the newest version when out of date. This
is useful to ensure the boot loader remains up-to-date, and updates
automatically propagate from the OS tree in /usr/.
* sd-boot will now build with SBAT by default in order to facilitate
working with recent versions of Shim that require it to be present.
* sd-boot can now parse Microsoft Windows' Boot Configuration Data.
This is used to robustly generate boot entry titles for Windows.
* A new generic target unit factory-reset.target has been added. It is
hooked into systemd-logind similar in fashion to
reboot/poweroff/suspend/hibernate, and is supposed to be used to
initiate a factory reset operation. What precisely this operation
entails is up for the implementer to decide, the primary goal of the
new unit is provide a framework where to plug in the implementation
and how to trigger it.
* A new meson build-time option 'clock-valid-range-usec-max' has been
added which takes a time in µs and defaults to 15 years. If the RTC
time is noticed to be more than the specified time ahead of the
built-in epoch of systemd (which by default is the release timestamp
of systemd) it is assumed that the RTC is not working correctly, and
the RTC is reset to the epoch. (It already is reset to the epoch when
noticed to be before it.) This should increase the chance that time
doesn't accidentally jump too far ahead due to faulty hardware or
* A new setting SaveIntervalSec= has been added to systemd-timesyncd,
which may be used to automatically save the current system time to
disk in regular intervals. This is useful to maintain a roughly
monotonic clock even without RTC hardware and with some robustness
against abnormal system shutdown.
* .network files gained a new UplinkInterface in the [IPv6SendRA]
section, for automatically propagating DNS settings from other
* The static lease DHCP server logic in systemd-networkd may now serve
IP addresses outside of the configured IP pool range for the server.
* CAN support in systemd-networkd gained four new settings Loopback=,
OneShot=, PresumeAck=, ClassicDataLengthCode= for tweaking CAN
control modes. It gained a number of further settings for tweaking
CAN timing quanta.
* The [CAN] section in .network file gained new TimeQuantaNSec=,
PropagationSegment=, PhaseBufferSegment1=, PhaseBufferSegment2=,
SyncJumpWidth=, DataTimeQuantaNSec=, DataPropagationSegment=,
DataPhaseBufferSegment1=, DataPhaseBufferSegment2=, and
DataSyncJumpWidth= settings to control bit-timing processed by the
* DHCPv4 client support in systemd-networkd learnt a new Label= option
for configuring the address label to apply to configure IPv4
* The various systemd-udevd "ethtool" buffer settings now understand
the special value "max" to configure the buffers to the maximum the
* systemd-udevd's .link files may now configure a large variety of
NIC coalescing settings, plus more hardware offload settings.
* systemd-analyze verify gained support for a pair of new --image= +
--root= switches for verifying units below a specific root
directory/image instead of on the host.
* systemd-analyze verify gained support for verifying unit files under
an explicitly specified unit name, independently of what the filename
* systemd-analyze verify gained a new switch --recursive-errors= which
controls whether to only fail on errors found in the specified units
or recursively any dependent units.
* systemd-analyze security now supports a new --offline mode for
analyzing unit files stored on disk instead of loaded units. It may
be combined with --root=/--image to analyze unit files under a root
directory or disk image. It also learnt a new --threshold= parameter
for specifying an exposure level threshold: if the exposure level
exceeds the specified value the call will fail. It also gained a new
--security-policy= switch for configuring security policies to
enforce on the units. A policy is a JSON file that lists which tests
shall be weighted how much to determine the overall exposure
level. Altogether these new features are useful for fully automatic
analysis and enforcement of security policies on unit files.
* systemd-analyze security gain a new --json= switch for JSON output.
* systemd-analyze learnt a new --quiet switch for reducing
non-essential output. It's honored by the "dot", "syscall-filter",
* systemd-analyze security gained a --profile option that can be used
to take into account a portable profile when analyzing portable
services, since a lot of the security-related settings are enabled
* systemd-analyze learnt a new inspect-elf verb that parses ELF core
files, binaries and executables and prints metadata information,
including the build-id and other info described on:
* The [IPv6AcceptRA] section of .network files gained support for a new
UseMTU= setting that may be used to control whether to apply the
announced MTU settings to the local interface.
* systemd-networkd now ships with new default .network files:
80-container-vb.network which matches host-side network bridge device
created by systemd-nspawn's --network-bridge or --network-zone
switch, and 80-6rd-tunnel.network which matches automatically created
sit tunnel with 6rd prefix when the DHCP 6RD option is received.
* systemd-networkd and systemd-udevd now support IP over InfiniBand
interfaces. The Kind= setting in .netdev file accepts "ipoib". And
systemd.netdev files gained the [IPoIB] section.
* systemd-networkd and systemd-udevd now support net.ifname-policy=
option on the kernel command-line. This is implemented through the
systemd-network-generator service that automatically generates
appropriate .link, .network, and .netdev files.
* systemd-networkd's handling of Endpoint= resolution for WireGuard
interfaces has been improved.
* systemd-networkd will now automatically configure routes to addresses
specified in AllowedIPs=. This feature can be controlled via RouteTable=
and RouteMetric= settings in [WireGuard] or [WireGuardPeer] sections.
* systemd-networkd will now once again automatically generate persistent
MAC addresses for batadv and bridge interfaces. Users can disable this
by using MACAddress=none in .netdev files.
* .link files gained a new WakeOnLanPassword= setting in the [Link]
section that allows to specify a WoL "SecureOn" password on hardware
that supports this.
* The [DHCPv4] section in .network file gained a new Use6RD= boolean
setting to control whether the DHCPv4 client request and process the
DHCP 6RD option.
* The [DHCPv6PrefixDelegation] section in .network file is renamed to
[DHCPPrefixDelegation], as now the prefix delegation is also supported
with DHCPv4 protocol by enabling the Use6RD= setting.
* The [DHCPPrefixDelegation] section in .network file gained a new
setting UplinkInterface= to specify the upstream interface.
* The [DHCPv6] section in .network file gained a new setting
UseDelegatedPrefix= to control whether the delegated prefixes will be
propagated to the downstream interfaces.
* The [IPv6AcceptRA] section of .network files now understands two new
settings UseGateway=/UseRoutePrefix= for explicitly configuring
whether to use the relevant fields from the IPv6 Router Advertisement
* The ForceDHCPv6PDOtherInformation= setting in the [DHCPv6] section is
now deprecated. Please use the WithoutRA= and UseDelegatedPrefix=
settings in the [DHCPv6] section and the DHCPv6Client= setting in the
[IPv6AcceptRA] section to control when the DHCPv6 client is started
and how the delegated prefixes are handled by the DHCPv6 client.
* The [CAKE] section of .network files gained various new settings
AutoRateIngress=, CompensationMode=, FlowIsolationMode=, NAT=,
MPUBytes=, PriorityQueueingPreset=, FirewallMark=, Wash=, SplitGSO=,
and UseRawPacketSize= for configuring CAKE.
* The IPv6Token= section in the [Network] section is deprecated, and
the [IPv6AcceptRA] section gained the Token= setting for its
replacement. The [IPv6Prefix] section also gained the Token= setting.
The Token= setting gained 'eui64' mode to explicitly configure an
address with the EUI64 algorithm based on the interface MAC address.
The 'prefixstable' mode can now optionally take a secret key. The
Token= setting in the [DHCPPrefixDelegation] section now supports all
algorithms supported by the same settings in the other sections.
* The [RoutingPolicyRule] section of .network file gained a new
* The IgnoreCarrierLoss= setting in the [Network] section of .network
files now allows a duration to be specified, controlling how long to
wait before reacting to carrier loss.
* The [DHCPServer] section of .network file gained a new Router=
setting to specify the router address.
* systemd-nspawn's --setenv= switch now supports an additional syntax:
if only a variable name is specified (i.e. without being suffixed by
a '=' character and a value) the current value of the environment
variable is propagated to the container. e.g. --setenv=FOO will
lookup the current value of $FOO in the environment, and pass it down
to the container. Similar behavior has been added to homectl's,
machinectl's and systemd-run's --setenv= switch.
* systemd-nspawn gained a new switch --suppress-sync= which may be used
to optionally suppress the effect of the sync()/fsync()/fdatasync()
system calls for the container payload. This is useful for build
system environments where safety against abnormal system shutdown is
not essential as all build artifacts can be regenerated any time, but
the performance win is beneficial.
* systemd-nspawn will now raise the RLIMIT_NOFILE hard limit to the
same value that PID 1 uses for most forked off processes.
* systemd-nspawn's --bind=/--bind-ro= switches now optionally take
uidmap/nouidmap options as last parameter. If "uidmap" is used the
bind mounts are created with UID mapping taking place that ensures
the host's file ownerships are mapped 1:1 to container file
ownerships, even if user namespacing is used. This way
files/directories bound into containers will no longer show up as
owned by the nobody user as they typically did if no special care was
taken to shift them manually.
* When discovering Windows installations sd-boot will now attempt to
show the Windows version.
* The color scheme to use in sd-boot may now be configured at
* sd-boot gained the ability to change screen resolution during
boot-time, by hitting the "r" key. This will cycle through available
resolutions and save the last selection.
* sd-boot learnt a new hotkey "f". When pressed the system will enter
firmware setup. This is useful in environments where it is difficult
to hit the right keys early enough to enter the firmware, and works
on any firmware regardless which key it natively uses.
* sd-boot gained support for automatically booting into the menu item
selected on the last boot (using the "@saved" identifier for menu
* sd-boot gained support for automatically loading all EFI drivers
placed in the /EFI/systemd/drivers/ subdirectory of the EFI System
Partition (ESP). These drivers are loaded before the menu entries are
loaded. This is useful e.g. to load additional file system drivers
for the XBOOTLDR partition.
* systemd-boot will now paint the input cursor on its own instead of
relying on the firmware to do so, increasing compatibility with broken
firmware that doesn't make the cursor reasonably visible.
* sd-boot now embeds a .osrel PE section like we expect from Boot
Loader Specification Type #2 Unified Kernels. This means sd-boot
itself may be used in place of a Type #2 Unified Kernel. This is
useful for debugging purposes as it allows chain-loading one a
(development) sd-boot instance from another.
* sd-boot now supports a new "devicetree" field in Boot Loader
Specification Type #1 entries: if configured the specified device
tree file is installed before the kernel is invoked. This is useful
for installing/applying new devicetree files without updating the
* Similarly, sd-stub now can read devicetree data from a PE section
".dtb" and apply it before invoking the kernel.
* sd-stub (the EFI stub that can be glued in front of a Linux kernel)
gained the ability to pick up credentials and sysext files, wrap them
in a cpio archive, and pass as an additional initrd to the invoked
Linux kernel, in effect placing those files in the /.extra/ directory
of the initrd environment. This is useful to implement trusted initrd
environments which are fully authenticated but still can be extended
(via sysexts) and parameterized (via encrypted/authenticated
credentials, see above).
Credentials can be located next to the kernel image file (credentials
specific to a single boot entry), or in one of the shared directories
(credentials applicable to multiple boot entries).
* sd-stub now comes with a full man page, that explains its feature set
and how to combine a kernel image, an initrd and the stub to build a
complete EFI unified kernel image, implementing Boot Loader
Specification Type #2.
* sd-stub may now provide the initrd to the executed kernel via the
LINUX_EFI_INITRD_MEDIA_GUID EFI protocol, adding compatibility for
* bootctl learnt new set-timeout and set-timeout-oneshot commands that
may be used to set the boot menu time-out of the boot loader (for all
or just the subsequent boot).
* bootctl and kernel-install will now read KERNEL_INSTALL_MACHINE_ID
and KERNEL_INSTALL_LAYOUT from kernel/install.conf. The first
variable specifies the machine-id to use for installation. It would
previously be used if set in the environment, and now it'll also be
read automatically from the config file. The second variable is new.
When set, it specifies the layout to use for installation directories
on the boot partition, so that tools don't need to guess it based on
the already-existing directories. The only value that is defined
natively is "bls", corresponding to the layout specified in
https://systemd.io/BOOT_LOADER_SPECIFICATION/. Plugins for
kernel-install that implement a different layout can declare other
values for this variable.
'bootctl install' will now write KERNEL_INSTALL_LAYOUT=bls, on the
assumption that if the user installed sd-boot to the ESP, they intend
to use the entry layout understood by sd-boot. It'll also write
KERNEL_INSTALL_MACHINE_ID= if it creates any directories using the ID
(and it wasn't specified in the config file yet). Similarly,
kernel-install will now write KERNEL_INSTALL_MACHINE_ID= (if it
wasn't specified in the config file yet). Effectively, those changes
mean that the machine-id used for boot loader entry installation is
"frozen" upon first use and becomes independent of the actual
Configuring KERNEL_INSTALL_MACHINE_ID fixes the following problem:
images created for distribution ("golden images") are built with no
machine-id, so that a unique machine-id can be created on the first
boot. But those images may contain boot loader entries with the
machine-id used during build included in paths. Using a "frozen"
value allows unambiguously identifying entries that match the
specific installation, while still permitting parallel installations
Configuring KERNEL_INSTALL_LAYOUT obviates the need for
kernel-install to guess the installation layout. This fixes the
problem where a (possibly empty) directory in the boot partition is
created from a different layout causing kernel-install plugins to
assume the wrong layout. A particular example of how this may happen
is the grub2 package in Fedora which includes directories under /boot
directly in its file list. Various other packages pull in grub2 as a
dependency, so it may be installed even if unused, breaking
installations that use the bls layout.
* bootctl and systemd-bless-boot can now be linked statically.
* systemd-sysext now optionally doesn't insist on extension-release.d/
files being placed in the image under the image's file name. If the
file system xattr user.extension-release.strict is set on the
extension release file, it is accepted regardless of its name. This
relaxes security restrictions a bit, as system extension may be
attached under a wrong name this way.
* udevadm's test-builtin command learnt a new --action= switch for
testing the built-in with the specified action (in place of the
* udevadm info gained new switches --property=/--value for showing only
specific udev properties/values instead of all.
* A new hwdb database has been added that contains matches for various
types of signal analyzers (protocol analyzers, logic analyzers,
oscilloscopes, multimeters, bench power supplies, etc.) that should
be accessible to regular users.
* A new hwdb database entry has been added that carries information
about types of cameras (regular or infrared), and in which direction
they point (front or back).
* A new rule to allow console users access to rfkill by default has been
added to hwdb.
* Device nodes for the Software Guard eXtension enclaves (sgx_vepc) are
now also owned by the system group "sgx".
* A new build-time meson option "extra-net-naming-schemes=" has been
added to define additional naming schemes schemes for udev's network
interface naming logic. This is useful for enterprise distributions
and similar which want to pin the schemes of certain distribution
releases under a specific name and previously had to patch the
sources to introduce new named schemes.
* The predictable naming logic for network interfaces has been extended
to generate stable names from Xen netfront device information.
* hostnamed's chassis property can now be sourced from chassis-type
field encoded in devicetree (in addition to the existing DMI
* systemd-cgls now optionally displays cgroup IDs and extended
attributes for each cgroup. (Controllable via the new --xattr= +
* coredumpctl gained a new --all switch for operating on all
Journal files instead of just the local ones.
* systemd-coredump will now use libdw/libelf via dlopen() rather than
directly linking, allowing users to easily opt-out of backtrace/metadata
analysis of core files, and reduce image sizes when this is not needed.
* systemd-coredump will now analyze core files with libdw/libelf in a
forked, sandboxed process.
* systemd-homed will now try to unmount an activate home area in
regular intervals once the user logged out fully. Previously this was
attempted exactly once but if the home directory was busy for some
reason it was not tried again.
* systemd-homed's LUKS2 home area backend will now create a BSD file
system lock on the image file while the home area is active
(i.e. mounted). If a home area is found to be locked, logins are
politely refused. This should improve behavior when using home areas
images that are accessible via the network from multiple clients, and
reduce the chance of accidental file system corruption in that case.
* Optionally, systemd-homed will now drop the kernel buffer cache once
a user has fully logged out, configurable via the new --drop-caches=
* systemd-homed now makes use of UID mapped mounts for the home areas.
If the kernel and used file system support it, files are now
internally owned by the "nobody" user (i.e. the user typically used
for indicating "this ownership is not mapped"), and dynamically
mapped to the UID used locally on the system via the UID mapping
mount logic of recent kernels. This makes migrating home areas
between different systems cheaper because recursively chown()ing file
system trees is no longer necessary.
* systemd-homed's CIFS backend now optionally supports CIFS service
names with a directory suffix, in order to place home directories in
a subdirectory of a CIFS share, instead of the top-level directory.
* systemd-homed's CIFS backend gained support for specifying additional
mount options in the JSON user record (cifsExtraMountOptions field,
and --cifs-extra-mount-options= homectl switch). This is for example
useful for configuring mount options such as "noserverino" that some
SMB3 services require (use that to run a homed home directory from a
FritzBox SMB3 share this way).
* systemd-homed will now default to btrfs' zstd compression for home
areas. This is inspired by Fedora's recent decision to switch to zstd
* Additional mount options to use when mounting the file system of
LUKS2 volumes in systemd-homed has been added. Via the
$SYSTEMD_HOME_MOUNT_OPTIONS_XFS environment variables to
systemd-homed or via the luksExtraMountOptions user record JSON
property. (Exposed via homectl --luks-extra-mount-options)
* homectl's resize command now takes the special size specifications
"min" and "max" to shrink/grow the home area to the minimum/maximum
size possible, taking disk usage/space constraints and file system
limitations into account. Resizing is now generally graceful: the
logic will try to get as close to the specified size as possible, but
not consider it a failure if the request couldn't be fulfilled
* systemd-homed gained the ability to automatically shrink home areas
on logout to their minimal size and grow them again on next
login. This ensures that while inactive, a home area only takes up
the minimal space necessary, but once activated, it provides
sufficient space for the user's needs. This behavior is only
supported if btrfs is used as file system inside the home area
(because only for btrfs online growing/shrinking is implemented in
the kernel). This behavior is now enabled by default, but may be
controlled via the new --auto-resize-mode= setting of homectl.
* systemd-homed gained support for automatically re-balancing free disk
space among active home areas, in case the LUKS2 backends are used,
and no explicit disk size was requested. This way disk space is
automatically managed and home areas resized in regular intervals and
manual resizing when disk space becomes scarce should not be
necessary anymore. This behavior is only supported if btrfs is used
within the home areas (as only then online shrinking and growing is
supported), and may be configured via the new rebalanceWeight JSON
user record field (as exposed via the new --rebalance-weight= homectl
setting). Re-balancing is mostly automatic, but can also be requested
explicitly via "homectl rebalance", which is synchronous, and thus
may be used to wait until the rebalance run is complete.
* userdbctl gained a --json= switch for configured the JSON formatting
to use when outputting user or group records.
* userdbctl gained a new --multiplexer= switch for explicitly
configuring whether to use the systemd-userdbd server side user
record resolution logic.
* userdbctl's ssh-authorized-keys command learnt a new --chain switch,
for chaining up another command to execute after completing the
look-up. Since the OpenSSH's AuthorizedKeysCommand only allows
configuration of a single command to invoke, this maybe used to
invoke multiple: first userdbctl's own implementation, and then any
other also configured in the command line.
* The sd-event API gained a new function sd_event_add_inotify_fd() that
is similar to sd_event_add_inotify() but accepts a file descriptor
instead of a path in the file system for referencing the inode to
* The sd-event API gained a new function
sd_event_source_set_ratelimit_expire_callback() that may be used to
define a callback function that is called whenever an event source
leaves the rate limiting phase.
* New documentation has been added explaining which steps are necessary
to port systemd to a new architecture:
* The x-systemd.makefs option in /etc/fstab now explicitly supports
ext2, ext3, and f2fs file systems.
* Mount units and units generated from /etc/fstab entries with 'noauto'
are now ordered the same as other units. Effectively, they will be
started earlier (if something actually pulled them in) and stopped
later, similarly to normal mount units that are part of
fs-local.target. This change should be invisible to users, but
should prevent those units from being stopped too early during
* The systemd-getty-generator now honors a new kernel command line
argument systemd.getty_auto= and a new environment variable
$SYSTEMD_GETTY_AUTO that allows turning it off at boot. This is for
example useful to turn off gettys inside of containers or similar
* systemd-resolved now listens on a second DNS stub address: 127.0.0.54
(in addition to 127.0.0.53, as before). If DNS requests are sent to
this address they are propagated in "bypass" mode only, i.e. are
almost not processed locally, but mostly forwarded as-is to the
current upstream DNS servers. This provides a stable DNS server
address that proxies all requests dynamically to the right upstream
DNS servers even if these dynamically change. This stub does not do
mDNS/LLMNR resolution. However, it will translate look-ups to
DNS-over-TLS if necessary. This new stub is particularly useful in
container/VM environments, or for tethering setups: use DNAT to
redirect traffic to any IP address to this stub.
* systemd-importd now honors new environment variables
$SYSTEMD_IMPORT_SYNC, which may be used disable btrfs subvolume
generation, btrfs quota setup and disk synchronization.
* systemd-importd and systemd-resolved can now be optionally built with
OpenSSL instead of libgcrypt.
* systemd-repart no longer requires OpenSSL.
* systemd-sysusers will no longer create the redundant 'nobody' group
by default, as the 'nobody' user is already created with an
appropriate primary group.
* If a unit uses RuntimeMaxSec, systemctl show will now display it.
* systemctl show-environment gained support for --output=json.
* pam_systemd will now first try to use the X11 abstract socket, and
fallback to the socket file in /tmp/.X11-unix/ only if that does not
* systemd-journald will no longer go back to volatile storage
regardless of configuration when its unit is restarted.
* Initial support for the LoongArch architecture has been added (system
call lists, GPT partition table UUIDs, etc).
* systemd-journald's own logging messages are now also logged to the
journal itself when systemd-journald logs to /dev/kmsg.
* systemd-journald now re-enables COW for archived journal files on
filesystems that support COW. One benefit of this change is that
archived journal files will now get compressed on btrfs filesystems
that have compression enabled.
* systemd-journald now deduplicates fields in a single log message
before adding it to the journal. In archived journal files, it will
also punch holes for unused parts and truncate the file as
appropriate, leading to reductions in disk usage.
* journalctl --verify was extended with more informative error
* More of sd-journal's functions are now resistant against journal file
* The shutdown command learnt a new option --show, to display the
* A LICENSES/ directory is now included in the git tree. It contains a
README.md file that explains the licenses used by source files in
this repository. It also contains the text of all applicable
licenses as they appear on spdx.org.
Contributions from: Aakash Singh, acsfer, Adolfo Jayme Barrientos,
Adrian Vovk, Albert Brox, Alberto Mardegan, Alexander Kanavin,
alexlzhu, Alfonso Sánchez-Beato, Alvin Šipraga, Alyssa Ross,
Amir Omidi, Anatol Pomozov, Andika Triwidada, Andreas Rammhold,
Andreas Valder, Andrej Lajovic, Andrew Soutar, Andrew Stone, Andy Chi,
Anita Zhang, Anssi Hannula, Antonio Alvarez Feijoo,
Antony Deepak Thomas, Arnaud Ferraris, Arvid E. Picciani,
Bastien Nocera, Benjamin Berg, Benjamin Herrenschmidt, Ben Stockett,
Bogdan Seniuc, Boqun Feng, Carl Lei, chlorophyll-zz, Chris Packham,
Christian Brauner, Christian Göttsche, Christian Wehrli,
Christoph Anton Mitterer, Cristian Rodríguez, Daan De Meyer,
Daniel Maixner, Dann Frazier, Dan Streetman, Davide Cavalca,
David Seifert, David Tardon, dependabot[bot], Dimitri John Ledkov,
Dimitri Papadopoulos, Dimitry Ishenko, Dmitry Khlebnikov,
Dominique Martinet, duament, Egor, Egor Ignatov, Emil Renner Berthing,
Emily Gonyer, Ettore Atalan, Evgeny Vereshchagin, Florian Klink,
Franck Bui, Frantisek Sumsal, Geass-LL, Gibeom Gwon, GnunuX,
Gogo Gogsi, gregzuro, Greg Zuro, Gustavo Costa, Hans de Goede,
Hela Basa, Henri Chain, hikigaya58, Hugo Carvalho,
Hugo Osvaldo Barrera, Iago Lopez Galeiras, Iago López Galeiras,
I-dont-need-name, igo95862, Jack Dähn, James Hilliard, Jan Janssen,
Jan Kuparinen, Jan Macku, Jan Palus, Jarkko Sakkinen, Jayce Fayne,
jiangchuangang, jlempen, John Lindgren, Jonas Dreßler, Jonas Jelten,
Jonas Witschel, Joris Hartog, José Expósito, Julia Kartseva,
Kai-Heng Feng, Kai Wohlfahrt, Kay Siver Bø, KennthStailey,
Kevin Kuehler, Kevin Orr, Khem Raj, Kristian Klausen, Kyle Laker,
lainahai, LaserEyess, Lennart Poettering, Lia Lenckowski, longpanda,
Luca Boccassi, Luca BRUNO, Ludwig Nussel, Lukas Senionis,
Maanya Goenka, Maciek Borzecki, Marcel Menzel, Marco Scardovi,
Marcus Harrison, Mark Boudreau, Matthijs van Duin, Mauricio Vásquez,
Maxime de Roucy, Max Resch, MertsA, Michael Biebl, Michael Catanzaro,
Michal Koutný, Michal Sekletár, Miika Karanki, Mike Gilbert,
Milo Turner, ml, monosans, Nacho Barrientos, nassir90, Nishal Kulkarni,
nl6720, Ondrej Kozina, Paulo Neves, Pavel Březina, pedro martelletto,
Peter Hutterer, Peter Morrow, Piotr Drąg, Rasmus Villemoes, ratijas,
Raul Tambre, rene, Riccardo Schirone, Robert-L-Turner, Robert Scheck,
Ross Jennings, saikat0511, Scott Lamb, Scott Worley,
Sergei Trofimovich, Sho Iizuka, Slava Bacherikov, Slimane Selyan Amiri,
StefanBruens, Steven Siloti, svonohr, Taiki Sugawara, Takashi Sakamoto,
Takuro Onoue, Thomas Blume, Thomas Haller, Thomas Mühlbacher,
Tianlu Shao, Toke Høiland-Jørgensen, Tom Yan, Tony Asleson,
Topi Miettinen, Ulrich Ölmann, Urs Ritzmann, Vincent Bernat,
Vito Caputo, Vladimir Panteleev, WANG Xuerui, Wind/owZ, Wu Xiaotian,
xdavidwu, Xiaotian Wu, xujing, yangmingtai, Yao Wei, Yao Wei (魏銘廷),
Yegor Alexeyev, Yu Watanabe, Zbigniew Jędrzejewski-Szmek,
Дамјан Георгиевски, наб
— Warsaw, 2021-12-23