A new version of the free system manager systemd has been released.
Changes that break backward compatibility:
-
Now mounting a separate partition / usr / Only supported at the initramfs stage.
-
A future release will remove support for System V init scripts and cgroups v1.
-
Options SuspendMode=, HibernateState= и HybridSleepState= from section [Sleep] are deprecated in systemd-sleep.conf and have no effect on system behavior.
Changes in the work of the supervisor:
-
Daemons are now initialized using posix_spawn() instead of a combination of fork() and exec(); pull request #27890.
-
systemd now uses PIDFD file descriptors to keep track of child processes; this simplifies the logic of the supervisor’s work; pull request #29142, #29594, #29455.
-
New option SurviveFinalKillSignal= allows the daemon to avoid stopping when using the soft-reboot mechanism; pull request #28545.
-
Units now support options MemoryPeak=, MemorySwapPeak=, MemorySwapCurrent= и MemoryZSwapCurrent=; these options correspond to the parameters memory.peak, memory.swap.peak, memory.swap.current и memory.zswap.current properties from cgroups v2.
-
New option ConditionSecurity= allows you to tell systemd that the service should only be started if the system was booted with a verified UKI image.
TPM2 support:
-
systemd-cryptenroll now allows you to specify a specific PCR slot and hash.
-
systemd-cryptenroll allows you to specify a key index; pull request #29427.
-
It is now possible to bind a LUKS volume to a specific TPM2 chip without having access to it, if the public key is known.
-
The systemd-cryptsetup binary has been moved to / usr / bin / and can be used outside of systemd.
-
The systemd-pcrphase internal component has been renamed to systemd-pcrextend.
-
A new component, systemd-pcrlock, allows you to predict PCR entries based on available system information; pull request #28891.
systemd-boot, systemd-stub, ukify, bootctl, kernel-install:
-
bootctl now allows you to determine whether the system was booted from uki.
-
systemd-boot supports hotkeys for shutting down and rebooting the system.
-
systemd-boot no longer loads untrusted Devicetree blobs when SecureBoot is enabled.
-
systemd-boot and systemd-stub now have different identifiers in the .sbat section, and UEFI can call them independently; pull request #29196.
-
The ukify component is no longer experimental; the executable is now located in / usr / bin /.
systemd-networkd:
-
Added support for Rapid Commit technology.
-
dbus interface systemd-networkd now allows you to obtain information about the status of the DHCP client; commit #28896.
-
Option NFTSet= allows you to bind the network interface configuration to a set of rules nftables.
-
Section [IPv6AcceptRA] supports new options: UsePREF64=, UseHopLimit=, UseICMP6RateLimit= и NFTSet=.
-
Section [IPv6SendRA] now supports options RetransmitSec=, HopLimit=, HomeAgent=, HomeAgentLifetimeSec= и HomeAgentPreference=.
-
Configuration files generated from kernel command line options now have the prefix 70; The priority of these files is now higher than the priority of the default configuration files.
Source: linux.org.ru