The new version of systemd 249 has just been introduced which arrives almost fulfilling its predictable development cycle (approx every 4 months) and in which a series of improvements, bug fixes and especially new functions have been introduced.
And it is that in this new version presented the ability to define users / groups in JSON format, the Journal protocol is stabilized, simplifies the organization of disk partition loading that replace each other, adds the ability to bind BPF programs to services, implements user ID mapping on mounted partitions, offers a large part of the new network configuration, and the ability to run containers.
For those unfamiliar with systemd, you should know that this is a set of system administration daemons, libraries and tools designed as a central administration and configuration platform to interact with the kernel of the GNU / Linux Operating System.
Main new features of systemd 249
Among the changes that stand out the most of this new version presented, we can find whate in systemd-ask-password and systemd-sysusers added support for asking for set passwords using the new systemd 247 mechanism to securely transfer sensitive data using intermediate files in a separate directory, as by default the credentials are received from the process with PID1, which receives them, for example, from the container manager, which Allows you to organize a user's password settings on first boot.
In Systemd-firstboot support is added to use secure data transmission Confidential to request various system parameters, which can be used to initialize the system configuration when a container image is first started that does not have the required configuration in the / etc directory.
En userdb and nss-systemd have been given access to additional user definitions located in the directories / etc / userdb /, / run / userdb /, / run / host / userdb / and / usr / lib / userdb /, which are specified in JSON format. It should be noted that this feature will provide an additional mechanism to create users in the system, providing full integration with NSS and / etc / shadow.
Another change that stands out is that a mechanism that simplifies the organization of the update by replacing disk partitions. If the disk image contains two partitions / o / usr and udev it has not detected the parameter 'root =' or is processing disk images specified with the option «–Image»In the utilities systemd-nspawn and systemd-disect, the boot partition can be calculated by comparing GPT tags (assuming the GPT tag mentions the version number of the partition's contents and systemd will select the partition with the most recent changes).
En systemd-nspawn, the option "–Private-user-chown" has been replaced by a more universal option "–private-user-property", What can be Chown as equivalent to «–Private-user-chown«,» Off »to disable the previous setting, to map user IDs on mounted filesystems and» auto «to select» map «if the kernel has the necessary functionality (5.12+), or back to recursively«chown"otherwise.
On the other hand in the process PID 1, at boot time, the unit name and description is guaranteed to are displayed simultaneously, plus the output can be changed through the parameter «StatusUnitFormat = combined»In system.conf or the kernel command line option "Systemd.status-unit-format = combined".
Of the other changes that stand out:
- A new hardware foundation for FireWire devices (IEEE 1394) has been added to udev.
- The BPFProgram configuration has been added to the service files, with which you can organize the loading of BPF programs into the kernel and manage them with links to certain systemd services.
- Nss-systemd provides synthesis of user / group entries in / Etc / shadow using hashed passwords from systemd-homed.
- Systemd-fstab-generator and systemd-distribu now have the ability to boot from disks that only have a / usr partition and no root partitions (the root partition will be generated by the systemd-distribu utility on first boot).
- Systemd-solved adds the domain "home.arpa" to the NTA (Negative Trust Anchors) list, which is recommended for local home networks, but not used in DNSSEC.
- The "%" specifiers are parsed in the CPUAffinity parameter.
- Added parameter ManageForeignRoutingPolicyRules to .network files, which can be used to exclude third-party routing policies from being processed by systemd-networkd.
- Added the RequiredFamilyForOnline parameter to ".network" files to determine the presence of an IPv4 or IPv6 address as a sign that the network interface is "online". Networkctl provides an "online" status screen for each link.
- OutgoingInterface parameter added to ".network" files to define outgoing interfaces when configuring network bridges.
If you want to know more about it, you can check the details In the following link.