Systemd 261 was officially released on June 19, 2026, bringing a host of new capabilities that extend the init system and service manager well beyond traditional process management. The release encompasses OS provisioning, cloud metadata handling, enhanced TPM support, live kernel handover, and new cgroup controls.

A built-in OS installer

Perhaps the most headline-grabbing addition is systemd-sysinstall, a straightforward text-mode installer for operating systems. It wraps systemd’s existing partitioning capabilities, credential management, and system administration tools into a single workflow, allowing the OS to be copied from a temporary boot medium — such as a USB drive — onto the target machine. This marks a notable shift in scope for the project, bringing native installation functionality into the systemd ecosystem.

Instance Metadata Service (IMDS)

Version 261 introduces a new subsystem for the Instance Metadata Service, or IMDS. The new systemd-imdsd daemon provides local programs with a unified Varlink-based interface for accessing cloud metadata, rather than requiring each application to speak directly to a cloud provider’s proprietary endpoint.

Alongside the daemon, a hardware database (hwdb.d/40-imds.hwdb) was added to identify public cloud platforms via SMBIOS information. Supported platforms include Amazon EC2, Microsoft Azure, Google Compute Engine, Oracle Cloud, Tencent Cloud, Hetzner, Alibaba ECS, Scaleway, and Vultr. The release also adds an option to restrict network access to cloud metadata services for recognized clouds — recommended for secure installations, though this may conflict with traditional IMDS clients such as cloud-init.

New storagectl command

A new command-line tool and Varlink interface called storagectl has been added to expose storage resources in a unified way for managed user storage. This fills a gap in systemd’s coverage of storage lifecycle management.

Additional highlights

  • Software TPM fallback: The new systemd-tpm2-swtpm.service runs the IBM Software TPM (“swtpm”) as an automatic fallback on systems that lack a physical TPM chip.
  • Live kernel handover: PID1 now supports the Linux kernel’s Live Update Orchestrator (LUO) and Kexec Handover (KHO) systems, enabling system units’ FD Stores to be preserved across kexec for near-instant reboots without full reinitialisation.
  • Root directory permissions: A new tmpfiles.d/root.conf entry enforces root directory permissions to 0555.
  • CPU set partitions: A new CPUSetPartition= unit setting allows configuration of cgroup CPU set partition types (root, isolated, or member) for systemd services.
  • Filesystem access restrictions: The new RestrictFileSystemAccess= directive uses a BPF LSM program to restrict execution to binaries residing on a signed, DM-Verity-protected filesystem.
  • Varlink shutdown method: A Varlink method has been added to the systemd manager interface for requesting system shutdown.
  • Zswap writeback defaults: DefaultMemoryZSwapWriteback= is a new manager-level setting for a system-wide Zswap writeback default, overriding per-unit settings.
  • dlopen ELF metadata: Individual binaries now embed dlopen ELF metadata comments, improving introspection and dependency tracking.

The release also signals future removals in systemd 262, including the dropping of /run/boot-loader-entries/ support and the experimental systemd-sysupdated D-Bus API, with clients directed to use Varlink instead.

Source code and full changelog available on GitHub.