2️⃣2️⃣ Here's the 22nd post highlighting key new features of the recently released v259 release of systemd. #systemd259 #systemd

In v258 systemd-nspawn gained support for running unpriviled containers from directories owned by the "foreign" UID range. To get container images owned by that you had to manually chown() the images (recursively), for example via systemd-dissect --shift. And while the systemd-nspawn invocation is not privileged, that re-chown()-ing definitely has requires privileges.

2️⃣2️⃣ Here's the 22nd post highlighting key new features of the recently released v259 release of systemd. #systemd259 #systemd

In v258 systemd-nspawn gained support for running unpriviled containers from directories owned by the "foreign" UID range. To get container images owned by that you had to manually chown() the images (recursively), for example via systemd-dissect --shift. And while the systemd-nspawn invocation is not privileged, that re-chown()-ing definitely has requires privileges.

1️⃣9️⃣ Here's the 19th post highlighting key new features of the recently released v259 release of systemd. #systemd259 #systemd

Each systemd service has various ExecXYZ= stanzas that control what command to execute on which operation. Most importantly, there's of course ExecStart= which configures the command to run for actually starting the service. Then there's ExecStartPre=, ExecStartPost=, ExecReload=, ExecStop=, ExecStopPost=.

And with systemd v259 there's one more knob like this: