Skip to content

systemd v253

Compare
Choose a tag to compare
@bluca bluca released this 15 Feb 19:26
· 9732 commits to main since this release
v253

systemd System and Service Manager

CHANGES WITH 253:

Announcements of Future Feature Removals and Incompatible Changes:

    * We intend to remove cgroup v1 support from systemd release after the
      end of 2023. If you run services that make explicit use of cgroup v1
      features (i.e. the "legacy hierarchy" with separate hierarchies for
      each controller), please implement compatibility with cgroup v2 (i.e.
      the "unified hierarchy") sooner rather than later. Most of Linux
      userspace has been ported over already.

    * We intend to remove support for split-usr (/usr mounted separately
      during boot) and unmerged-usr (parallel directories /bin and
      /usr/bin, /lib and /usr/lib, etc). This will happen in the second
      half of 2023, in the first release that falls into that time window.
      For more details, see:
      https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html

    * We intend to change behaviour w.r.t. units of the per-user service
      manager and sandboxing options, so that they work without having to
      manually enable PrivateUsers= as well, which is not required for
      system units. To make this work, we will implicitly enable user
      namespaces (PrivateUsers=yes) when a sandboxing option is enabled in a
      user unit. The drawback is that system users will no longer be visible
      (and appear as 'nobody') to the user unit when a sandboxing option is
      enabled. By definition a sandboxed user unit should run with reduced
      privileges, so impact should be small. This will remove a great source
      of confusion that has been reported by users over the years, due to
      how these options require an extra setting to be manually enabled when
      used in the per-user service manager, as opposed as to the system
      service manager. We plan to enable this change in the next release
      later this year. For more details, see:
      https://lists.freedesktop.org/archives/systemd-devel/2022-December/048682.html

Deprecations and incompatible changes:

    * systemctl will now warn when invoked without /proc/ mounted
      (e.g. when invoked after chroot() into an directory tree without the
      API mount points like /proc/ being set up.)  Operation in such an
      environment is not fully supported.

    * The return value of 'systemctl is-active|is-enabled|is-failed' for
      unknown units is changed: previously 1 or 3 were returned, but now 4
      (EXIT_PROGRAM_OR_SERVICES_STATUS_UNKNOWN) is used as documented.

    * 'udevadm hwdb' subcommand is deprecated and will emit a warning.
      systemd-hwdb (added in 2014) should be used instead.

    * 'bootctl --json' now outputs a single JSON array, instead of a stream
      of newline-separated JSON objects.

    * Udev rules in 60-evdev.rules have been changed to load hwdb
      properties for all modalias patterns. Previously only the first
      matching pattern was used. This could change what properties are
      assigned if the user has more and less specific patterns that could
      match the same device, but it is expected that the change will have
      no effect for most users.

    * systemd-networkd-wait-online exits successfully when all interfaces
      are ready or unmanaged. Previously, if neither '--any' nor
      '--interface=' options were used, at least one interface had to be in
      configured state. This change allows the case where systemd-networkd
      is enabled, but no interfaces are configured, to be handled
      gracefully. It may occur in particular when a different network
      manager is also enabled and used.

    * Some compatibility helpers were dropped: EmergencyAction= in the user
      manager, as well as measuring kernel command line into PCR 8 in
      systemd-stub, along with the -Defi-tpm-pcr-compat compile-time
      option.

    * The '-Dupdate-helper-user-timeout=' build-time option has been
      renamed to '-Dupdate-helper-user-timeout-sec=', and now takes an
      integer as parameter instead of a string.

    * The DDI image dissection logic (which backs RootImage= in service
      unit files, the --image= switch in various tools such as
      systemd-nspawn, as well as systemd-dissect) will now only mount file
      systems of types btrfs, ext4, xfs, erofs, squashfs, vfat. This list
      can be overridden via the $SYSTEMD_DISSECT_FILE_SYSTEMS environment
      variable. These file systems are fairly well supported and maintained
      in current kernels, while others are usually more niche, exotic or
      legacy and thus typically do not receive the same level of security
      support and fixes.

    * The default per-link multicast DNS mode is changed to "yes"
      (that was previously "no"). As the default global multicast DNS mode
      has been "yes" (but can be changed by the build option), now the
      multicast DNS is enabled on all links by default. You can disable the
      multicast DNS on all links by setting MulticastDNS= in resolved.conf,
      or on an interface by calling "resolvectl mdns INTERFACE no".

New components:

    * A tool 'ukify' tool to build, measure, and sign Unified Kernel Images
      (UKIs) has been added. This replaces functionality provided by
      'dracut --uefi' and extends it with automatic calculation of PE file
      offsets, insertion of signed PCR policies generated by
      systemd-measure, support for initrd concatenation, signing of the
      embedded Linux image and the combined image with sbsign, and
      heuristics to autodetect the kernel uname and verify the splash
      image.

Changes in systemd and units:

    * A new service type Type=notify-reload is defined. When such a unit is
      reloaded a UNIX process signal (typically SIGHUP) is sent to the main
      service process. The manager will then wait until it receives a
      "RELOADING=1" followed by a "READY=1" notification from the unit as
      response (via sd_notify()). Otherwise, this type is the same as
      Type=notify. A new setting ReloadSignal= may be used to change the
      signal to send from the default of SIGHUP.

      user@.service, systemd-networkd.service, systemd-udevd.service, and
      systemd-logind have been updated to this type.

    * Initrd environments which are not on a pure memory file system (e.g.
      overlayfs combination as opposed to tmpfs) are now supported. With
      this change, during the initrd → host transition ("switch root")
      systemd will erase all files of the initrd only when the initrd is
      backed by a memory file system such as tmpfs.

    * New per-unit MemoryZSwapMax= option has been added to configure
      memory.zswap.max cgroup properties (the maximum amount of zswap
      used).

    * A new LogFilterPatterns= option has been added for units. It may be
      used to specify accept/deny regular expressions for log messages
      generated by the unit, that shall be enforced by systemd-journald.
      Rejected messages are neither stored in the journal nor forwarded.
      This option may be used to suppress noisy or uninteresting messages
      from units.

    * The manager has a new
      org.freedesktop.systemd1.Manager.GetUnitByPIDFD() D-Bus method to
      query process ownership via a PIDFD, which is more resilient against
      PID recycling issues.

    * Scope units now support OOMPolicy=. Login session scopes default to
      OOMPolicy=continue, allowing login scopes to survive the OOM killer
      terminating some processes in the scope.

    * systemd-fstab-generator now supports x-systemd.makefs option for
      /sysroot/ (in the initrd).

    * The maximum rate at which daemon reloads are executed can now be
      limited with the new ReloadLimitIntervalSec=/ReloadLimitBurst=
      options. (Or the equivalent on the kernel command line:
      systemd.reload_limit_interval_sec=/systemd.reload_limit_burst=). In
      addition, systemd now logs the originating unit and PID when a reload
      request is received over D-Bus.

    * When enabling a swap device systemd will now reinitialize the device
      when the page size of the swap space does not match the page size of
      the running kernel. Note that this requires the 'swapon' utility to
      provide the '--fixpgsz' option, as implemented by util-linux, and it
      is not supported by busybox at the time of writing.

    * systemd now executes generator programs in a mount namespace
      "sandbox" with most of the file system read-only and write access
      restricted to the output directories, and with a temporary /tmp/
      mount provided. This provides a safeguard against programming errors
      in the generators, but also fixes here-docs in shells, which
      previously didn't work in early boot when /tmp/ wasn't available
      yet. (This feature has no security implications, because the code is
      still privileged and can trivially exit the sandbox.)

    * The system manager will now parse a new "vmm.notify_socket"
      system credential, which may be supplied to a VM via SMBIOS. If
      found, the manager will send a "READY=1" notification on the
      specified socket after boot is complete. This allows readiness
      notification to be sent from a VM guest to the VM host over a VSOCK
      socket.

    * The sample PAM configuration file for systemd-user@.service now
      includes a call to pam_namespace. This puts children of user@.service
      in the expected namespace. (Many distributions replace their file
      with something custom, so this change has limited effect.)

    * A new environment variable $SYSTEMD_DEFAULT_MOUNT_RATE_LIMIT_BURST
      can be used to override the mount units burst late limit for
      parsing '/proc/self/mountinfo', which was introduced in v249.
      Defaults to 5.

    * Drop-ins for init.scope changing control group resource limits are
      now applied, while they were previously ignored.

    * New build-time configuration options '-Ddefault-timeout-sec=' and
      '-Ddefault-user-timeout-sec=' have been added, to let distributions
      choose the default timeout for starting/stopping/aborting system and
      user units respectively.

    * Service units gained a new setting OpenFile= which may be used to
      open arbitrary files in the file system (or connect to arbitrary
      AF_UNIX sockets in the file system), and pass the open file
      descriptor to the invoked process via the usual file descriptor
      passing protocol. This is useful to give unprivileged services access
      to select files which have restrictive access modes that would
      normally not allow this. It's also useful in case RootDirectory= or
      RootImage= is used to allow access to files from the host environment
      (which is after all not visible from the service if these two options
      are used.)

Changes in udev:

    * The new net naming scheme "v253" has been introduced. In the new
      scheme, ID_NET_NAME_PATH is also set for USB devices not connected via
      a PCI bus. This extends the coverage of predictable interface names
      in some embedded systems.

      The "amba" bus path is now included in ID_NET_NAME_PATH, resulting in
      a more informative path on some embedded systems.

    * Partition block devices will now also get symlinks in
      /dev/disk/by-diskseq/<seq>-part<n>, which may be used to reference
      block device nodes via the kernel's "diskseq" value. Previously those
      symlinks were only created for the main block device.

    * A new operator '-=' is supported for SYMLINK variables. This allows
      symlinks to be unconfigured even if an earlier rule added them.

    * 'udevadm --trigger --settle' now also works for network devices
      that are being renamed.

Changes in sd-boot, bootctl, and the Boot Loader Specification:

    * systemd-boot now passes its random seed directly to the kernel's RNG
      via the LINUX_EFI_RANDOM_SEED_TABLE_GUID configuration table, which
      means the RNG gets seeded very early in boot before userspace has
      started.

    * systemd-boot will pass a disk-backed random seed – even when secure
      boot is enabled – if it can additionally get a random seed from EFI
      itself (via EFI's RNG protocol), or a prior seed in
      LINUX_EFI_RANDOM_SEED_TABLE_GUID from a preceding bootloader.

    * systemd-boot-system-token.service was renamed to
      systemd-boot-random-seed.service and extended to always save a random
      seed to ESP on every boot when a compatible boot loader is used. This
      allows a refreshed random seed to be used in the boot loader.

    * systemd-boot handles various seed inputs using a domain- and
      field-separated hashing scheme.

    * systemd-boot's 'random-seed-mode' option has been removed. A system
      token is now always required to be present for random seeds to be
      used.

    * systemd-boot now supports being loaded from other locations than the
      ESP, for example for direct kernel boot under QEMU or when embedded
      into the firmware.

    * systemd-boot now parses SMBIOS information to detect
      virtualization. This information is used to skip some warnings which
      are not useful in a VM and to conditionalize other aspects of
      behaviour.

    * systemd-boot now supports a new 'if-safe' mode that will perform UEFI
      Secure Boot automated certificate enrollment from the ESP only if it
      is considered 'safe' to do so. At the moment 'safe' means running in
      a virtual machine.

    * systemd-stub now processes random seeds in the same way as
      systemd-boot already does, in case a unified kernel image is being
      used from a different bootloader than systemd-boot, or without any
      boot load at all.

    * bootctl will now generate a system token on all EFI systems, even
      virtualized ones, and is activated in the case that the system token
      is missing from either sd-boot and sd-stub booted systems.

    * bootctl now implements two new verbs: 'kernel-identify' prints the
      type of a kernel image file, and 'kernel-inspect' provides
      information about the embedded command line and kernel version of
      UKIs.

    * bootctl now honours $KERNEL_INSTALL_CONF_ROOT with the same meaning
      as for kernel-install.

    * The JSON output of "bootctl list" will now contain two more fields:
      isDefault and isSelected are boolean fields set to true on the
      default and currently booted boot menu entries.

    * bootctl gained a new verb "unlink" for removing a boot loader entry
      type #1 file from disk in a safe and robust way.

    * bootctl also gained a new verb "cleanup" that automatically removes
      all files from the ESP's and XBOOTLDR's "entry-token" directory, that
      is not referenced anymore by any installed Type #1 boot loader
      specification entry. This is particularly useful in environments where
      a large number of entries reference the same or partly the same
      resources (for example, for snapshot-based setups).

Changes in kernel-install:

    * A new "installation layout" can be configured as layout=uki. With
      this setting, a Boot Loader Specification Type#1 entry will not be
      created.  Instead, a new kernel-install plugin 90-uki-copy.install
      will copy any .efi files from the staging area into the boot
      partition. A plugin to generate the UKI .efi file must be provided
      separately.

Changes in systemctl:

    * 'systemctl reboot' has dropped support for accepting a positional
      argument as the argument to the reboot(2) syscall. Please use the
      --reboot-argument= option instead.

    * 'systemctl disable' will now warn when called on units without
      install information. A new --no-warn option has been added that
      silences this warning.

    * New option '--drop-in=' can be used to tell 'systemctl edit' the name
      of the drop-in to edit. (Previously, 'override.conf' was always
      used.)

    * 'systemctl list-dependencies' now respects --type= and --state=.

    * 'systemctl kexec' now supports XEN VMM environments.

    * 'systemctl edit' will now tell the invoked editor to jump into the
      first line with actual unit file data, skipping over synthesized
      comments.

Changes in systemd-networkd and related tools:

    * The [DHCPv4] section in .network file gained new SocketPriority=
      setting that assigns the Linux socket priority used by the DHCPv4 raw
      socket. This may be used in conjunction with the
      EgressQOSMaps=setting in [VLAN] section of .netdev file to send the
      desired ethernet 802.1Q frame priority for DHCPv4 initial
      packets. This cannot be achieved with netfilter mangle tables because
      of the raw socket bypass.

    * The [DHCPv4] and [IPv6AcceptRA] sections in .network file gained a
      new QuickAck= boolean setting that enables the TCP quick ACK mode for
      the routes configured by the acquired DHCPv4 lease or received router
      advertisements (RAs).

    * The RouteMetric= option (for DHCPv4, DHCPv6, and IPv6 advertised
      routes) now accepts three values, for high, medium, and low preference
      of the router (which can be set with the RouterPreference=) setting.

    * systemd-networkd-wait-online now supports matching via alternative
      interface names.

    * The [DHCPv6] section in .network file gained new SendRelease=
      setting which enables the DHCPv6 client to send release when
      it stops. This is the analog of the [DHCPv4] SendRelease= setting.
      It is enabled by default.

    * If the Address= setting in [Network] or [Address] sections in .network
      specified without its prefix length, then now systemd-networkd assumes
      /32 for IPv4 or /128 for IPv6 addresses.

    * networkctl shows network and link file dropins in status output.

Changes in systemd-dissect:

    * systemd-dissect gained a new option --list, to print the paths of
      all files and directories in a DDI.

    * systemd-dissect gained a new option --mtree, to generate a file
      manifest compatible with BSD mtree(5) of a DDI

    * systemd-dissect gained a new option --with, to execute a command with
      the specified DDI temporarily mounted and used as working
      directory. This is for example useful to convert a DDI to "tar"
      simply by running it within a "systemd-dissect --with" invocation.

    * systemd-dissect gained a new option --discover, to search for
      Discoverable Disk Images (DDIs) in well-known directories of the
      system. This will list machine, portable service and system extension
      disk images.

    * systemd-dissect now understands 2nd stage initrd images stored as a
      Discoverable Disk Image (DDI).

    * systemd-dissect will now display the main UUID of GPT DDIs (i.e. the
      disk UUID stored in the GPT header) among the other data it can show.

    * systemd-dissect gained a new --in-memory switch to operate on an
      in-memory copy of the specified DDI file. This is useful to access a
      DDI with write access without persisting any changes. It's also
      useful for accessing a DDI without keeping the originating file
      system busy.

    * The DDI dissection logic will now automatically detect the intended
      sector size of disk images stored in files, based on the GPT
      partition table arrangement. Loopback block devices for such DDIs
      will then be configured automatically for the right sector size. This
      is useful to make dealing with modern 4K sector size DDIs fully
      automatic. The systemd-dissect tool will now show the detected sector
      size among the other DDI information in its output.

Changes in systemd-repart:

    * systemd-repart gained new options --include-partitions= and
      --exclude-partitions= to filter operation on partitions by type UUID.
      This allows systemd-repart to be used to build images in which the
      type of one partition is set based on the contents of another
      partition (for example when the boot partition shall include a verity
      hash of the root partition).

    * systemd-repart also gained a --defer-partitions= option that is
      similar to --exclude-partitions=, but the size of the partition is
      still taken into account when sizing partitions, but without
      populating it.

    * systemd-repart gained a new --sector-size= option to specify what
      sector size should be used when an image is created.

    * systemd-repart now supports generating erofs file systems via
      CopyFiles= (a read-only file system similar to squashfs).

    * The Minimize= option was extended to accept "best" (which means the
      most minimal image possible, but may require multiple attempts) and
      "guess" (which means a reasonably small image).

    * The systemd-growfs binary now comes with a regular unit file template
      systemd-growfs@.service which can be instantiated directly for any
      desired file system. (Previously, the unit was generated dynamically
      by various generators, but no regular unit file template was
      available.)

Changes in journal tools:

    * Various systemd tools will append extra fields to log messages when
      in debug mode, or when SYSTEMD_ENABLE_LOG_CONTEXT=1 is set. Currently
      this includes information about D-Bus messages when sd-bus is used,
      e.g. DBUS_SENDER=, DBUS_DESTINATION=, and DBUS_PATH=, and information
      about devices when sd-device is used, e.g. DEVNAME= and DRIVER=.
      Details of what is logged and when are subject to change.

    * The systemd-journald-audit.socket can now be disabled via the usual
      "systemctl disable" mechanism to stop collection of audit
      messages. Please note that it is not enabled statically anymore and
      must be handled by the preset/enablement logic in package
      installation scripts.

    * New options MaxUse=, KeepFree=, MaxFileSize=, and MaxFiles= can
      be used to curtail disk use by systemd-journal-remote. This is
      similar to the options supported by systemd-journald.

Changes in systemd-cryptenroll, systemd-cryptsetup, and related components:

    * When enrolling new keys systemd-cryptenroll now supports unlocking
      via FIDO2 tokens (option --unlock-fido2-device=). Previously, a
      password was strictly required to be specified.

    * systemd-cryptsetup now supports pre-flight requests for FIDO2 tokens
      (except for tokens with user verification, UV) to identify tokens
      before authentication. Multiple FIDO2 tokens can now be enrolled at
      the same time, and systemd-cryptsetup will automatically select one
      that corresponds to one of the available LUKS key slots.

    * systemd-cryptsetup now supports new options tpm2-measure-bank= and
      tpm2-measure-pcr= in crypttab(5). These allow specifying the TPM2 PCR
      bank and number into which the volume key should be measured. This is
      automatically enabled for the encrypted root volume discovered and
      activated by systemd-gpt-auto-generator.

    * systemd-gpt-auto-generator mounts the ESP and XBOOTLDR partitions with
      "noexec,nosuid,nodev".

    * systemd-gpt-auto-generator will now honour the rootfstype= and
      rootflags= kernel command line switches for root file systems it
      discovers, to match behaviour in case an explicit root fs is
      specified via root=.

    * systemd-pcrphase gained new options --machine-id and --file-system=
      to measure the machine-id and mount point information into PCR 15. New
      service unit files systemd-pcrmachine.service and
      systemd-pcrfs@.service have been added that invoke the tool with
      these switches during early boot.

    * systemd-pcrphase gained a --graceful switch will make it exit cleanly
      with a success exit code even if no TPM device is detected.

    * systemd-cryptenroll now stores the user-supplied PIN with a salt,
      making it harder to brute-force.

Changes in other tools:

    * systemd-homed gained support for luksPbkdfForceIterations (the
      intended number of iterations for the PBKDF operation on LUKS).

    * Environment variables $SYSTEMD_HOME_MKFS_OPTIONS_BTRFS,
      $SYSTEMD_HOME_MKFS_OPTIONS_EXT4, and $SYSTEMD_HOME_MKFS_OPTIONS_XFS
      may now be used to specify additional arguments for mkfs when
      systemd-homed formats a file system.

    * systemd-hostnamed now exports the contents of
      /sys/class/dmi/id/bios_vendor and /sys/class/dmi/id/bios_date via two
      new D-Bus properties: FirmwareVendor and FirmwareDate. This allows
      unprivileged code to access those values.

      systemd-hostnamed also exports the SUPPORT_END= field from
      os-release(5) as OperatingSystemSupportEnd. hostnamectl make uses of
      this to show the status of the installed system.

    * systemd-measure gained an --append= option to sign multiple phase
      paths with different signing keys. This allows secrets to be
      accessible only in certain parts of the boot sequence. Note that
      'ukify' provides similar functionality in a more accessible form.

    * systemd-timesyncd will now write a structured log message with
      MESSAGE_ID set to SD_MESSAGE_TIME_BUMP when it bumps the clock based
      on a on-disk timestamp, similarly to what it did when reaching
      synchronization via NTP.

    * systemd-timesyncd will now update the on-disk timestamp file on each
      boot at least once, making it more likely that the system time
      increases in subsequent boots.

    * systemd-vconsole-setup gained support for system/service credentials:
      vconsole.keymap/vconsole.keymap_toggle and
      vconsole.font/vconsole.font_map/vconsole.font_unimap are analogous
      the similarly-named options in vconsole.conf.

    * systemd-localed will now save the XKB keyboard configuration to
      /etc/vconsole.conf, and also read it from there with a higher
      preference than the /etc/X11/xorg.conf.d/00-keyboard.conf config
      file. Previously, this information was stored in the former file in
      converted form, and only in latter file in the original form. Tools
      which want to access keyboard configuration can now do so from a
      standard location.

    * systemd-resolved gained support for configuring the nameservers and
      search domains via kernel command line (nameserver=, domain=) and
      credentials (network.dns, network.search_domains).

    * systemd-resolved will now synthesize host names for the DNS stub
      addresses it supports. Specifically when "_localdnsstub" is resolved,
      127.0.0.53 is returned, and if "_localdnsproxy" is resolved
      127.0.0.54 is returned.

    * systemd-notify will now send a "RELOADING=1" notification when called
      with --reloading, and "STOPPING=1" when called with --stopping. This
      can be used to implement notifications from units where it's easier
      to call a program than to use the sd-daemon library.

    * systemd-analyze's 'plot' command can now output its information in
      JSON, controlled via the --json= switch. Also, new --table, and
      --no-legend options have been added.

    * 'machinectl enable' will now automatically enable machines.target
      unit in addition to adding the machine unit to the target.

      Similarly, 'machinectl start|stop' gained a --now option to enable or
      disable the machine unit when starting or stopping it.

    * systemd-sysusers will now create /etc/ if it is missing.

    * systemd-sleep 'HibernateDelaySec=' setting is changed back to
      pre-v252's behaviour, and a new 'SuspendEstimationSec=' setting is
      added to provide the new initial value for the new automated battery
      estimation functionality. If 'HibernateDelaySec=' is set to any value,
      the automated estimate (and thus the automated hibernation on low
      battery to avoid data loss) functionality will be disabled.

    * Default tmpfiles.d/ configuration will now automatically create
      credentials storage directory '/etc/credstore/' with the appropriate,
      secure permissions. If '/run/credstore/' exists, its permissions will
      be fixed too in case they are not correct.

Changes in libsystemd and shared code:

    * sd-bus gained new convenience functions sd_bus_emit_signal_to(),
      sd_bus_emit_signal_tov(), and sd_bus_message_new_signal_to().

    * sd-id128 functions now return -EUCLEAN (instead of -EIO) when the
      128bit ID in files such as /etc/machine-id has an invalid
      format. They also accept NULL as output parameter in more places,
      which is useful when the caller only wants to validate the inputs and
      does not need the output value.

    * sd-login gained new functions sd_pidfd_get_session(),
      sd_pidfd_get_owner_uid(), sd_pidfd_get_unit(),
      sd_pidfd_get_user_unit(), sd_pidfd_get_slice(),
      sd_pidfd_get_user_slice(), sd_pidfd_get_machine_name(), and
      sd_pidfd_get_cgroup(), that are analogous to sd_pid_get_*(),
      but accept a PIDFD instead of a PID.

    * sd-path (and systemd-path) now export four new paths:
      SD_PATH_SYSTEMD_SYSTEM_ENVIRONMENT_GENERATOR,
      SD_PATH_SYSTEMD_USER_ENVIRONMENT_GENERATOR,
      SD_PATH_SYSTEMD_SEARCH_SYSTEM_ENVIRONMENT_GENERATOR, and
      SD_PATH_SYSTEMD_SEARCH_USER_ENVIRONMENT_GENERATOR,

    * sd_notify() now supports AF_VSOCK as transport for notification
      messages (in addition to the existing AF_UNIX support). This is
      enabled if $NOTIFY_SOCKET is set in a "vsock:CID:port" format.

    * Detection of chroot() environments now works if /proc/ is not
      mounted.  This affects systemd-detect-virt --chroot, but also means
      that systemd tools will silently skip various operations in such an
      environment.

    * "Lockheed Martin Hardened Security for Intel Processors" (HS SRE)
      virtualization is now detected.

Changes in the build system:

    * Standalone variants of systemd-repart and systemd-shutdown may now be
      built (if -Dstandalone=true).

    * systemd-ac-power has been moved from /usr/lib/ to /usr/bin/, to, for
      example, allow scripts to conditionalize execution on AC power
      supply.

    * The libp11kit library is now loaded through dlopen(3).

Changes in the documentation:

    * Specifications that are not closely tied to systemd have moved to
      https://uapi-group.org/specifications/: the Boot Loader Specification
      and the Discoverable Partitions Specification.

    Contributions from: 김인수, 13r0ck, Aidan Dang, Alberto Planas,
    Alvin Šipraga, Andika Triwidada, AndyChi, angus-p, Anita Zhang,
    Antonio Alvarez Feijoo, Arsen Arsenović, asavah, Benjamin Fogle,
    Benjamin Tissoires, berenddeschouwer, BerndAdameit,
    Bernd Steinhauser, blutch112, cake03, Callum Farmer, Carlo Teubner,
    Charles Hardin, chris, Christian Brauner, Christian Göttsche,
    Cristian Rodríguez, Daan De Meyer, Dan Streetman, DaPigGuy,
    Darrell Kavanagh, David Tardon, dependabot[bot], Dirk Su,
    Dmitry V. Levin, drosdeck, Edson Juliano Drosdeck, edupont,
    Eric DeVolder, Erik Moqvist, Evgeny Vereshchagin, Fabian Gurtner,
    Felix Riemann, Franck Bui, Frantisek Sumsal, Geert Lorang,
    Gerd Hoffmann, Gio, Hannoskaj, Hans de Goede, Hugo Carvalho,
    igo95862, Ilya Leoshkevich, Ivan Shapovalov, Jacek Migacz,
    Jade Lovelace, Jan Engelhardt, Jan Janssen, Jan Macku, January,
    Jason A. Donenfeld, jcg, Jean-Tiare Le Bigot, Jelle van der Waa,
    Jeremy Linton, Jian Zhang, Jiayi Chen, Jia Zhang, Joerg Behrmann,
    Jörg Thalheim, Joshua Goins, joshuazivkovic, Joshua Zivkovic,
    Kai-Chuan Hsieh, Khem Raj, Koba Ko, Lennart Poettering, lichao,
    Li kunyu, Luca Boccassi, Luca BRUNO, Ludwig Nussel,
    Łukasz Stelmach, Lycowolf, marcel151, Marcus Schäfer, Marek Vasut,
    Mark Laws, Michael Biebl, Michał Kotyla, Michal Koutný,
    Michal Sekletár, Mike Gilbert, Mike Yuan, MkfsSion, ml,
    msizanoen1, mvzlb, MVZ Ludwigsburg, Neil Moore, Nick Rosbrook,
    noodlejetski, Pasha Vorobyev, Peter Cai, p-fpv, Phaedrus Leeds,
    Philipp Jungkamp, Quentin Deslandes, Raul Tambre, Ray Strode,
    reuben olinsky, Richard E. van der Luit, Richard Phibel,
    Ricky Tigg, Robin Humble, rogg, Rudi Heitbaum, Sam James,
    Samuel Cabrero, Samuel Thibault, Siddhesh Poyarekar, Simon Brand,
    Space Meyer, Spindle Security, Steve Ramage, Takashi Sakamoto,
    Thomas Haller, Tonći Galić, Topi Miettinen, Torsten Hilbrich,
    Tuetuopay, uerdogan, Ulrich Ölmann, Valentin David,
    Vitaly Kuznetsov, Vito Caputo, Waltibaba, Will Fancher,
    William Roberts, wouter bolsterlee, Youfu Zhang, Yu Watanabe,
    Zbigniew Jędrzejewski-Szmek, Дамјан Георгиевски,
    наб

    — Warsaw, 2023-02-15