planet.freedesktop.org [Unofficial]Nov 21

Mastodon Stories for systemd v258

https://fed.brid.gy/r/https://0pointer.net/blog/mastodon-stories-for-systemd-v258.html

Lennart PoetteringNov 18

I forgot to post a link list blog story for my mastodon series for #systemd258, but I have caught up now. If you haven't had a look yet, here's the list of mastodon posts:

https://0pointer.net/blog/mastodon-stories-for-systemd-v258.html

Mastodon Stories for systemd v258

Posts and writings by Lennart Poettering

Show threadTriMoonSep 20, 2025

@pid_eins

Grats 👍
I have already marked the new hashtag as "following" 😃

#systemd258 #systemd259

Lennart PoetteringSep 17, 2025
The 55th episode of my #systemd258 series of posts is the last one btw. Today we tagged the final release 🍾🎉🎊🍰🎂✨, and our focus now moves to #systemd259. Hopefully we can speed up the release cycle this time, and switch to smaller but more frequent releases. Stay tuned for the 259 posts coming in a month or two.
Lennart PoetteringSep 17, 2025

5️⃣5️⃣ Here's the 55th post highlighting key new features of the upcoming v258 release of systemd. #systemd258

Everybody loves eBPF, i.e. the Linux kernel's virtual machine for tracing, filtering, security mechanisms and a lot more. Many of the BPF concepts are tied to the cgroup hierarchy: you can pin a BPF program to a cgroup (and thus a service or container or so), and this will cause it to be applied to all processes running in that cgroup.

Lennart PoetteringSep 17, 2025

5️⃣4️⃣ Here's the 54th post highlighting key new features of the upcoming v258 release of systemd. #systemd258

Since a longer time systemd has been providing support for DDIs, i.e. for GPT disk images that carry expressive GPT partition types for their partitions so that the GPT partition table alone is enough to know how to assemble things and where to mount what. The logic in systemd that processes the GPT information and assembles it is named "image dissection".

Show threadTriMoonSep 12, 2025

@pid_eins

All that's left IIRC is the ability for user mount units to function without requiring root permissions, which ain't working yet IIRC.

But great steps so far 👍

#systemd258

Lennart PoetteringSep 12, 2025

5️⃣3️⃣ Here's the 53rd post highlighting key new features of the upcoming v258 release of systemd. #systemd258

This is a short one, but a double feature, both about systemd's service credentials concept:

Firstly, encrypted credentials finally work fine now if you use LoadCredentialEncrypted= in a per-user unit. v257 added the concept of user-scoped encrypted credentials, but by mistake I didn't actually hook this up with LoadCredentialEncrypted=. This is addressed now.

Lennart PoetteringSep 10, 2025

5️⃣2️⃣ Here's the 52nd post highlighting key new features of the upcoming v258 release of systemd. #systemd258

PrivateUsers= is one of the many sandboxing knobs in service unit files. It configures a minimal user namespace for the service code to run in. So far you could set it to "self", which would set up the user namespace mapping for the service to map the root user and the service's user to itself, and leave everything else unmapped.

Lennart PoetteringSep 3, 2025

5️⃣1️⃣ Here's the 51st post highlighting key new features of the upcoming v258 release of systemd. #systemd258

For a long time systemd has supported the "ask-password" protocol that allows system components (i.e. non-interactive, low-level stuff) to query passwords and other secrets interactively, during boot and runtime. The original usecase was disk encryption: early during boot, in the initrd, we must query the user for a disk unlock passphrase, and only then can transition into the…