After four months of development, se announced the release of the new version of "systemd 247".
And in this new version, added experimental out-of-memory driver, an incompatible update of udev rules was carried out, the file system Btrfs is enabled by default in systemd-homed, a mechanism for the secure transfer of confidential data services, the systemd-disect utility is stabilized and much more.
Main new features of systemd 247
In this new version the udev rules have been modified to break compatibility with previous versions and ensure udev correctly implements the uevent "bind" and "unbind" events introduced in Linux kernel device model 4.14 and generally built for USB sticks and devices for which you need to download firmware before starting work.
To use the new systemd-udevd distributions udev rules will need to be updated replacing the calls. In addition to changing the udev rules supplied in different packages, it will also be necessary to make changes to various monitoring programs, libraries, and utilities that work with udev rules.
It is argued that the need for such a change is not due to problems in systemd or udev, but to a radical change in compatibility in the Linux kernel, which has led to more and more drivers using the bind and bind events. Unbind, which require a fundamental change in logic to support event handling.
As a solution, systemd-udevd has completely redesigned the concept of tags, allowing you to tag and filter devices as you track them. The tags Udev are now connected to a device and cannot be removed before removing the device. This ensures that applications can get the uevent for tags after the "unbind" call has been applied, as the tag is no longer associated with the device event, but with the device itself, and does not change after a new event.
Another of the changes that stands out is the experimental support for early response to low system memory (systemd-oomd), implemented on the basis of the oomd driver developed by Facebook.
Oomd uses the PSI (Pressure Stall Information) kernel subsystem, which allows user space to analyze information about the waiting time of various resources (CPU, memory, I / O) to accurately assess the level of system utilization and the nature of the throttle.
In system services, se proposed a new logic for the secure transfer of confidential data, such as passwords and encryption keys, as well as related information, such as usernames and certificates (involved in systemd-nspawn).
To organize data transfer, two parameters are offered, SetCredential and LoadCredential, and the credentials themselves are transferred through intermediate files in a separate directory, defined through the $ CREDENTIALS_DIRECTORY environment variable.
On the other hand, we can find that eThe Btrfs file system is now used by default when creating home directories on LUKS partitions using systemd-homed service to manage portable home directories.
To change the type of FS, you can use the DefaultFileSystemType parameter in homed.conf. It should be noted that, unlike ext4 and xfs, using Btrfs allows not only to increase, but also to decrease the size of the mounted partition.
JSON user profiles hosted in the system added support for recovery keys, that include auto-generated spare passphrases to unlock an account or home directory in the event that a FIDO2 or PKCS # 11 token is lost. To attach the recovery key to the account, the option "–recovery-key »And the key itself is displayed as a QR code for scanning and keeping in a safe place.
For each encrypted directory with LUKS, systemd-homed implements a handling that indicates that the directory was not properly unmounted. freed block cleanup did not start before close.
Finally, if you want to know more about it you can check the following link.