4️⃣9️⃣ Here's the 49th post highlighting key new features of the upcoming v258 release of systemd. #systemd258
One of the key features of systemd from day 1 on is socket activation, i.e. a mechanism where systemd binds sockets on behalf of services, watches them and only activates the services themselves later, possibly only at the moment they are actively used.
This has various benefits, for example reduces ahead of time cost of running a large number of services (which improves boot times).
📣 Reminder: Ticket prices go up in a few days for All Systems Go! 2025, the foundational user-space Linux technologies event in Berlin.
🎟️ Get yours today @ https://ti.to/all-systems-go/all-systems-go-2025
ℹ️ And more info @ https://all-systems-go.io/
AI agents can potentially gain extensive access to user data, and even write or execute arbitrary code.
OpenAI Codex CLI uses #Landlock sandboxing to reduce the risk of buggy or malicious commands: https://github.com/openai/codex/pull/763
For now, it only blocks arbitrary file changes, but there’s room to strengthen protections further, and the ongoing rewrite in #Rust will help: https://github.com/openai/codex/pull/629
Landlock is designed for exactly this kind of use case, providing unprivileged and flexible access control.