6 min read
fairly difficult
The systemd System and Service Manager . Contribute to systemd/systemd development by creating an account on GitHub.
systemd System and Service Manager


* A concept of system extension images is introduced. Such images may

be used to extend the /usr/ and /opt/ directory hierarchies at

runtime with additional files (even if the file system is read-only).

When a system extension image is activated, its /usr/ and /opt/

hierarchies and os-release information are combined via overlayfs

with the file system hierarchy of the host OS.

A new systemd-sysext tool can be used to merge, unmerge, list, and

refresh system extension hierarchies. See

The systemd-sysext.service automatically merges installed system

extensions during boot (before, but not in very early

boot, since various file systems have to be mounted first).

The SYSEXT_LEVEL= field in os-release(5) may be used to specify the

supported system extension level.

* A new ExtensionImages= unit setting can be used to apply the same

system extension image concept from systemd-sysext to the namespaced

file hierarchy of specific services, following the same rules and


* Support for a new special "root=tmpfs" kernel command-line option has

been added. When specified, a tmpfs is mounted on /, and mount.usr=

should be used to point to the operating system implementation.

* A new configuration file /etc/veritytab may be used to configure

dm-verity integrity protection for block devices. Each line is in the

format "volume-name data-device hash-device roothash options",

similar to /etc/crypttab.

* A new kernel command-line option systemd.verity.root_options= may be

used to configure dm-verity behaviour for the root device.

* The key file specified in /etc/crypttab (the third field) may now

refer to an AF_UNIX/SOCK_STREAM socket in the file system. The key is

acquired by connecting to that socket and reading from it. This

allows the implementation of a service to provide key information

dynamically, at…
Read full article