Tech News
← Back to articles

systemd v259 Released

2025-12-18 | original
read original related products more articles

CHANGES WITH 259:

Announcements of Future Feature Removals and Incompatible Changes:

* Support for System V service scripts is deprecated and will be removed in v260. Please make sure to update your software *now* to include a native systemd unit file instead of a legacy System V script to retain compatibility with future systemd releases. Following components will be removed: * systemd-rc-local-generator, * systemd-sysv-generator, * systemd-sysv-install (hook for systemctl enable/disable/is-enabled). * Required minimum versions of following components are planned to be raised in v260: * Linux kernel >= 5.10 (recommended >= 5.14), * glibc >= 2.34, * libxcrypt >= 4.4.0 (libcrypt in glibc will be no longer supported), * util-linux >= 2.37, * elfutils >= 0.177, * openssl >= 3.0.0, * cryptsetup >= 2.4.0, * libseccomp >= 2.4.0, * python >= 3.9.0. * The parsing of RootImageOptions= and the mount image parameters of ExtensionImages= and MountImages= will be changed in the next version so that the last duplicated definition for a given partition wins and is applied, rather than the first, to keep these options coherent with other unit settings.

Feature Removals and Incompatible Changes:

* The cgroup2 file system is now mounted with the "memory_hugetlb_accounting" mount option, supported since kernel 6.6. This means that HugeTLB memory usage is now counted towards the cgroup’s overall memory usage for the memory controller. * The default storage mode for the journal is now 'persistent'. Previously, the default was 'auto', so the presence or lack of /var/log/journal determined the default storage mode, if no overriding configuration was provided. The default can be changed with -Djournal-storage-default=. * systemd-networkd and systemd-nspawn no longer support creating NAT rules via iptables/libiptc APIs; only nftables is now supported. * systemd-boot's and systemd-stub's support for TPM 1.2 has been removed (only TPM 2.0 supported is retained). The security value of TPM 1.2 support is questionable in 2025, and because we never supported it in userspace, it was always quite incomplete to the point of uselessness. * The image dissection logic will now enforce the VFAT file system type for XBOOTLDR partitions, similar to how it already does this for the ESP. This is done for security, since both the ESP and XBOOTLDR must be directly firmware-accessible and thus cannot by protected by cryptographic means. Thus it is essential to not mount arbitrarily complex file systems on them. This restriction only applies if automatic dissection is used. If other file system types shall be used for XBOOTLDR (not recommended) this can be achieved via explicit /etc/fstab entries. * systemd-machined will now expose "hidden" disk images as read-only by default (hidden images are those whose name begins with a dot). They were already used to retain a pristine copy of the downloaded image, while modifications were made to a 2nd, local writable copy of the image. Hence, effectively they were read-only already, and this is now official. * The LUKS volume label string set by systemd-repart no longer defaults to the literal same as the partition and file system label, but is prefixed with "luks-". This is done so that on LUKS enabled images a conflict between /dev/disk/by-label/ symlinks is removed, as this symlink is generated both for file system and LUKS superblock labels. There's a new VolumeLabel= setting for partitions that can be used to explicitly choose a LUKS superblock label, which can be used to explicitly revert to the old naming, if required.

Service manager/PID1:

* The service manager's Varlink IPC has been extended considerably. It now exposes service execution settings and more. Its Unit.List() call now can filter by cgroup or invocation ID. * The service manager now exposes Reload() and Reexecute() Varlink IPC calls, mirroring the calls of the same name accessible via D-Bus. * The $LISTEN_FDS protocol has been extended to support pidfd inode IDs. The $LISTEN_PID environment variable is now augmented with a new $LISTEN_PIDFDID environment variable which contains the inode ID of the pidfd of the indicated process. This removes any ambiguity regarding PID recycling: a process which verified that $LISTEN_PID points to its own PID can now also verify the pidfd inode ID, which does not recycle IDs. * The log message made when a service exits will now show the wallclock time the service took in addition to the previously shown CPU time. * A new pair of properties OOMKills and ManagedOOMKills are now exposed on service units (and other unit types that spawn processes) that count the number of process kills made by the kernel or systemd-oomd. * The service manager gained support for a new RootDirectoryFileDescriptor= property when creating transient service units. It is similar to RootDirectory= but takes a file descriptor rather than a path to the new root directory to use. * The service manager now supports a new UserNamespacePath= setting which mirrors the existing IPCNamespacePath= and NetworkNamespacePath= options, but applies to Linux user namespaces. * The service manager gained a new ExecReloadPost= setting to configure commands to execute after reloading of the configuration of the service has completed. * Service manager job activation transactions now get a per-system unique 64-bit numeric ID assigned. This ID is logged as an additional log field for in messages related to the transaction. * The service manager now keeps track of transactions with ordering cycles and exposes them in the TransactionsWithOrderingCycle D-Bus property.

systemd-sysext/systemd-confext:

* systemd-sysext and systemd-confext now support configuration files /etc/systemd/systemd-sysext.conf and /etc/systemd/systemd-confext.conf, which can be used to configure mutability or the image policy to apply to DDI images. * systemd-sysext's and systemd-confext's --mutable= switch now accepts a new value "help" for listing available mutability modes. * systemd-sysext now supports configuring additional overlayfs mount settings via the $SYSTEMD_SYSEXT_OVERLAYFS_MOUNT_OPTIONS environment variable. Similarly systemd-confext now supports $SYSTEMD_CONFEXT_OVERLAYFS_MOUNT_OPTIONS.

systemd-vmspawn/systemd-nspawn:

... continue reading

Related:
Terrifying New Photos Emerge From the Jeffrey Epstein Estate
Show HN: Spice Cayenne – SQL acceleration built on Vortex
LinkedIn’s profile verification push is accelerating — and India is leading the charge in 2025
Oura’s Year in Review confirms just how stressed all of us are
Clop ransomware targets Gladinet CentreStack in data theft attacks

© 2025 GoKawiil