planet.freedesktop.orgMastodon Stories for systemd v260
https://fed.brid.gy/r/https://0pointer.net/blog/mastodon-stories-for-systemd-v260.html
Lennart PoetteringI just finished my #systemd260 series of posts. And I now also prepped a blog story linking to every single one of them here:
https://0pointer.net/blog/mastodon-stories-for-systemd-v260.html
Make sure to stay tuned for the #systemd261 series, most likely starting already in a few weeks!
2️⃣1️⃣ Here's the 21st and last post highlighting key new features of the recently published v260 release of systemd. #systemd260 #systemd
If you have been following this series of posts I am sure you recognized some repeating themes. One of them is the progressing Varlinkification of systemd's functionality. The last item on my list of features to post about for v260 is another one in this theme:
"bootctl install" is what gets systemd-boot installed in your ESP. With v260 there's now a Varlink…
2️⃣0️⃣ Here's the 20th post highlighting key new features of the recently published v260 release of systemd. #systemd260 #systemd
One ongoing project inside of systemd is to rework systemd-nspawn to not do its own namespacing/sandboxing but make it mostly just a frontend to systemd's own namespacing/sandboxing that is implemented for system services. The goal is to make it play a role similar to systemd-run: i.e. a command line tool that just allocates a transient service, and thus simplify…
RE: https://mastodon.social/@daandemeyer/116144059697098766
1️⃣9️⃣ Here's the 19th post highlighting key new features of the recently published v260 release of systemd. #systemd260 #systemd
For this one, I am just gonna quote @daandemeyer about the delegation of multiuple UID ranges.
1️⃣8️⃣ Here's the 18th post highlighting key new features of the recently published v260 release of systemd. #systemd260 #systemd
Accessing the journal is primarily done via journalctl. Since a long time it has optionally provided output in JSON mode. But a tool that can generate JSON output is so very close to a Varlink service! Starting v260, journalctl actually *is* a Varlink service, if you want.
More specifically: you can now access the journal through a simple Varlink IPC interface…
1️⃣7️⃣ Here's the 17th post highlighting key new features of the recently published v260 release of systemd. #systemd260 #systemd
When generating disk images for secure environments – in particular Confidential Computing environments – it's often essential to pin a specific encrypted disk to an installation, to make it hard to swap out the properly protected disk with one with a much weaker protection.
In episode 16 we already discussed one mechanism to enforce a tight but generic policy on…
1️⃣6️⃣ Here's the 16th post highlighting key new features of the recently published v260 release of systemd. #systemd260 #systemd
systemd puts a lot of focus on DDIs, i.e. Discoverable Disk Images, which are disk images with a GPT partition table typically enveloping a triplet of an erofs fs, a dm-verity partition and signature partition for the verity root hash.
While that is the usual setup, it's by no means the only: the dissection logic that assembles a file system hierarchy from a disk image…
1️⃣5️⃣ Here's the 15th post highlighting key new features of the just published v260 release of systemd. #systemd260 #systemd
Portable services are a powerful mechanism for shipping services on disk images (DDIs) and attaching them to the local system. It's a really nice way to ship isolated OS trees for services, but at the same time allow relatively close integration with the rest of the OS. (Which is quite unlike docker style containers, which are really about isolation, …
1️⃣4️⃣ Here's the 14th post highlighting key new features of the just published v260 release of systemd. #systemd260 #systemd
For a long time systemd-logind has known a concept we dubbed "uaccess" for managing access to device nodes in /dev/ based on which user owns the session currently in the foreground of a specific seat. (A "seat" is the combination of devices that interface with a human, i.e. a keyboard, a mouse, a screen, audio devices, and some more).