Systemd keeps expanding. The latest release candidate arrives at a time when Linux distributions prepare for the second half of 2026. Phoronix reported that systemd 261-rc3 landed with mostly bug fixes from earlier candidates. Yet the series as a whole signals broader ambitions for the init system that now reaches into operating system installation, cloud metadata handling and storage management.
Released just hours ago, rc3 focuses on stability. Individual binaries now embed dlopen ELF metadata notes. This small but technical adjustment improves how libraries load at runtime. Testers had uncovered issues in rc1 and rc2. The fixes address them directly. And the stable version looms soon. Many expect it in distributions shipping later this year.
Look back to May. The first candidate dropped on May 22. Phoronix covered the arrival of systemd-sysinstall. This textual tool offers a modern approach to OS setup. It wraps systemd’s existing partitioning and credential capabilities. Administrators can boot from USB media, configure disks and set up boot loaders without traditional installers. The move feels logical. Systemd already controls repartitioning through repart and boot management via bootctl. Adding installation completes the picture.
Cloud environments receive dedicated attention. The new IMDS subsystem brings Instance Metadata Service support straight into systemd. A daemon called systemd-imdsd exposes a Varlink IPC API. Local programs query metadata without cloud-specific clients. The hardware database recognizes major providers. Amazon EC2, Microsoft Azure, Google Compute Engine, Hetzner, Oracle Cloud and others appear in hwdb.d/40-imds.hwdb. A generator pulls the service into the boot process when it detects a supported cloud. Generic images become possible. They work with metadata where available. They run cleanly without it otherwise.
A companion tool, systemd-imds, imports fields as system credentials. Those credentials feed later services. Measurements protect the data before import. Networking to IMDS endpoints can lock down for security. The choice trades compatibility with tools like cloud-init. Builders decide at compile time with a meson option. Such details matter for enterprise deployments that demand tight controls.
Storage gains its own command. Storagectl presents a unified command-line and Varlink interface. It exposes managed storage resources consistently. The addition pairs with other systemd utilities that already handle devices and mounts. Operators now control storage through familiar patterns instead of vendor tools.
Security and measurement features grew too. From the official release notes on GitHub, a new service runs swtpm as software TPM fallback. It activates through a kernel command line parameter for systems lacking hardware TPMs. The software TPM derives keys from a boot secret and stores state in the ESP. Protection remains limited compared with discrete chips. Still, some environments prefer any TPM over none.
Systemd-stub and systemd-boot now measure additional SMBIOS types into PCR 1. ConditionSecurity=measured-os checks for measured boot semantics more broadly than before. It covers cases where firmware lacks TPM but the OS provides one, including pure software implementations. These changes tighten the trusted computing chain.
Live Update Orchestration support arrived in PID 1. When the kernel offers LUO or Kexec Handover, systemd preserves file descriptor stores across kexec. Units request preservation with FileDescriptorStorePreserve=yes. User sessions gain similar persistence. The manager exposes a ReloadCount property. New Varlink methods allow shutdown requests without D-Bus. Pressure watches monitor CPU and IO. A MinimumUptimeSec knob prevents tight reboot loops.
Restrictions tightened in several areas. RestrictFileSystemAccess= uses BPF LSM to limit execution to signed dm-verity filesystems. CPUSetPartition= configures cgroup partition types. The nspawn container tool renamed –user= to –uid= with deprecation warnings. Future defaults will restrict address families in containers.
Announcements in the notes preview removals coming in version 262. Support for the legacy /run/boot-loader-entries directory ends. The experimental systemd-sysupdated D-Bus API disappears in favor of direct Varlink communication. Updatectl will adapt. These moves simplify code. They push users toward newer interfaces already present.
Other adjustments affect builds and compatibility. Musl libc requirements rose to version 1.2.6. Libsystemd no longer guarantees linkage to libm. Distributors must handle the dependency explicitly in some cases. Udev database version 0 support vanished. Live upgrades from releases before 247 no longer work.
Tmpfiles gained new capabilities. A root.conf sets permissions on the slash directory to 0555. The –inline option passes directives on the command line. Directives k and K set file capabilities. Sysext and confext services now merge extensions from initrd. This removes earlier limitations during early boot.
Critics have long watched systemd’s growth. Each release adds scope. The OS installer pushes further into territory once held by Anaconda, Debian Installer or Calamares. Cloud IMDS integration reduces reliance on separate agents. Storagectl centralizes another management domain. The pattern continues. Systemd absorbs functions that distributions and administrators once assembled from multiple packages.
Yet the project delivers stability alongside expansion. Rc3 focuses on fixes. Earlier candidates introduced the headline features. Developers test aggressively before final release. The GitHub notes detail hundreds of changes. They credit specific fixes and contributors though individual names rarely appear in news summaries.
Distributions already package the candidates. Fedora rawhide and ELN carry early builds. Debian accepted rc2 into unstable. The cadence suggests a final 261 before summer ends. Administrators should review the deprecations now. Adjust scripts that relied on removed options or directories. Test IMDS behavior in cloud images. Prepare for the BPF-based restrictions if they plan to enable them.
The ELF metadata note in binaries marks a quieter improvement. It helps dynamic loading tools understand dependencies better. Such low-level tweaks accumulate. They reduce bugs that surface only under specific library combinations or container setups. Small. But valuable for the massive installed base that boots systemd every day.
Pressure notification settings give services direct insight into system load. Developers can react to CPU or IO pressure without external monitoring daemons. The ConditionFraction= and ConditionMachineTag= options support fleet-wide rollouts. Hashing the machine ID against a tag determines whether a unit activates. Staged deployments become native. No extra orchestration layer required.
TPM measurements now align better between TPM and confidential computing registers. The separator measurement isolates firmware from host events. These details matter most in attestation-heavy environments. Governments, financial institutions and cloud providers track every PCR change. Incompatible register values after an upgrade could break existing policies. The notes warn operators to update attestation configurations.
Systemd 261 reflects the project’s maturity. It no longer simply starts services. It installs operating systems, queries cloud metadata, manages storage, measures boot integrity and coordinates live updates. The init system sits at the center of the Linux userspace stack. Its decisions shape how administrators work across bare metal, virtual machines and containers.
Debate around that centrality never fades. Some praise the consistency. Others lament the expanding surface. The code continues regardless. Rc3 moves the series closer to stable. Distributions will integrate it soon. The features introduced this cycle will appear in enterprise releases through 2027 and beyond.
Watch the final release notes when they arrive. Test in non-production first. The changes touch boot, networking, security and management. Few areas remain untouched. And the next cycle already takes shape on the development branch.
WebProNews is an iEntry Publication