From 1ee3720e76c4406afdc45a91b8777247b647abfe Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 2 Feb 2023 15:45:09 +0100 Subject: [PATCH] NEWS: various fixes --- NEWS | 325 +++++++++++++++++++++++++++++++---------------------------- 1 file changed, 170 insertions(+), 155 deletions(-) diff --git a/NEWS b/NEWS index 2592c6a3d2e..53cce201609 100644 --- a/NEWS +++ b/NEWS @@ -2,12 +2,12 @@ systemd System and Service Manager CHANGES WITH 253 in spe: - Deprecations and incompatible changes + Deprecations and incompatible changes: - * systemctl will now warn when invoked without /proc mounted (e.g. when - invoked after chroot into an image without the API mount points like - /proc being set up.) Operation in such an environment is not fully - supported. + * systemctl will now warn when invoked without /proc/ mounted + (e.g. when invoked after chroot() into an directory tree without the + API mount points like /proc/ being set up.) Operation in such an + environment is not fully supported. * The return value of 'systemctl is-active|is-enabled|is-failed' for unknown units is changed: previously 1 or 3 were returned, but now 4 @@ -16,14 +16,15 @@ CHANGES WITH 253 in spe: * 'udevadm hwdb' subcommand is deprecated and will emit a warning. systemd-hwdb (added in 2014) should be used instead. - * 'bootctl --json' now outputs well-formed JSON, instead of a stream + * 'bootctl --json' now outputs a single JSON array, instead of a stream of newline-separated JSON objects. - * Udev rules in 60-evdev.rules have been changed to load hwdb properties - for all modalias patterns. Previously only the first matching pattern - was used. This could change what properties are assigned if the user - has more and less specific patterns that could match the same device, - but it is expected that the change will have no effect for most users. + * Udev rules in 60-evdev.rules have been changed to load hwdb + properties for all modalias patterns. Previously only the first + matching pattern was used. This could change what properties are + assigned if the user has more and less specific patterns that could + match the same device, but it is expected that the change will have + no effect for most users. * systemd-networkd-wait-online exits successfully when all interfaces are ready or unmanaged. Previously, if neither '--any' nor @@ -34,99 +35,102 @@ CHANGES WITH 253 in spe: manager is also enabled and used. * Some compatibility helpers were dropped: EmergencyAction= in the user - manager, measuring kernel command line into PCR 8 along with the - -Defi-tpm-pcr-compat compile-time option. + manager, as well as measuring kernel command line into PCR 8 in + systemd-stub, along with the -Defi-tpm-pcr-compat compile-time + option. - * The '-Dupdate-helper-user-timeout=' build-time option has been renamed - to '-Dupdate-helper-user-timeout-sec=', and now takes an integer as - parameter instead of a string. + * The '-Dupdate-helper-user-timeout=' build-time option has been + renamed to '-Dupdate-helper-user-timeout-sec=', and now takes an + integer as parameter instead of a string. New components: * A tool 'ukify' tool to build, measure, and sign Unified Kernel Images (UKIs) has been added. This replaces functionality provided by - 'dracut --uefi' and extends it with automatic calculation of offsets, - insertion of signed PCR policies generated by systemd-measure, - support for initrd concatenation, signing of the embedded Linux image - and the combined image with sbsign, and heuristics to autodetect the - kernel uname and verify the splash image. + 'dracut --uefi' and extends it with automatic calculation of PE file + offsets, insertion of signed PCR policies generated by + systemd-measure, support for initrd concatenation, signing of the + embedded Linux image and the combined image with sbsign, and + heuristics to autodetect the kernel uname and verify the splash + image. Changes in systemd and units: - * A new unit type Type=notify-reload is defined. When such a unit is - reloaded via a signal, the manager will wait until it receives a - "READY=1" notification from the unit. Otherwise, this type is the - same as Type=notify. + * A new service type Type=notify-reload is defined. When such a unit is + reloaded a signal (typically SIGHUP) is sent to the main service + process. The manager will then wait until it receives a "RELOADING=1" + followed by a "READY=1" notification from the unit as response (via + sd_notify()). Otherwise, this type is the same as Type=notify. user@.service, systemd-networkd.service, systemd-udevd.service, and - systemd-logind have been updated to this type; their reloads are now - synchronous. + systemd-logind have been updated to this type. - * Initrd environments which are not on a temporary file system (for - example an overlayfs combination) are now supported. Systemd will only - skip removal of the files in the initrd if it doesn't detect a - temporary file system. + * Initrd environments which are not on a pure memory file system (e.g. + overlayfs combination as opposed to tmpfs) are now supported. With + this change, during the initrd → host transition ("switch root") + systemd will no longer erase all files of the initrd unless it's + backed by a memory file system such as tmpfs. - * New MemoryZSwapMax= option has been added to configure - memory.zswap.max cgroup properties (the maximum amount of zswap used). + * New per-unit MemoryZSwapMax= option has been added to configure + memory.zswap.max cgroup properties (the maximum amount of zswap + used). - * New LogFilterPatterns= option can be used to specify regexp - accept/deny patterns for log entries generated by the unit. Based on - the option value, the manager sets the - user.journald_log_filter_patterns extended attribute on the unit - cgroup. systemd-journald checks for this attribute when receiving - messages, and will filter messages by matching the MESSAGE= part. + * A new LogFilterPatterns= option has been added for units. It may be + used to specify accept/deny regular expressions for log messages + generated by the unit, that shall be enforced by systemd-journald. Rejected messages are neither stored in the journal nor forwarded. - This option can be used to filter noisy or uninteresting messages + This option may be used to suppress noisy or uninteresting messages from units. * The manager has a new - org.freedesktop.systemd1.Manager.GetUnitByPIDFD() method to query - process ownership via a PIDFD, which is more resilient against PID - recycling issues. + org.freedesktop.systemd1.Manager.GetUnitByPIDFD() D-Bus method to + query process ownership via a PIDFD, which is more resilient against + PID recycling issues. * Scope units now support OOMPolicy=. Login session scopes default to OOMPolicy=continue, allowing login scopes to survive the OOM killer terminating some processes in the scope. * systemd-fstab-generator now supports x-systemd.makefs option for - /sysroot (in the initrd). + /sysroot/ (in the initrd). * The maximum rate at which daemon reloads are executed can now be limited with the new ReloadLimitIntervalSec=/ReloadLimitBurst= options. (Or the equivalent on the kernel command line: - systemd.reload_limit_interval_sec=/systemd.reload_limit_burst=). - In addition, systemd now logs the originating unit and PID when - a reload request is received over D-Bus. + systemd.reload_limit_interval_sec=/systemd.reload_limit_burst=). In + addition, systemd now logs the originating unit and PID when a reload + request is received over D-Bus. - * When enabling a swap device, instead of failing, systemd will now - reinitialize the device when the page size of the swap space does not - match the page size of the running kernel. + * When enabling a swap device systemd will now reinitialize the device + when the page size of the swap space does not match the page size of + the running kernel. - * Systemd now executes generators in a mount namespace "sandbox" with - most of the file system read-only, but with write access to the - output directories, and with a temporary /tmp/ mount provided. This - provides a safeguard against programming errors in the generators, - but also fixes here-docs in shells, which previously didn't work in - early boot when /tmp/ wasn't available yet. (This feature has no - security implications, because the code is still privileged and can - trivially exit the sandbox.) + * systemd now executes generator programs in a mount namespace + "sandbox" with most of the file system read-only and write access + restricted to the output directories, and with a temporary /tmp/ + mount provided. This provides a safeguard against programming errors + in the generators, but also fixes here-docs in shells, which + previously didn't work in early boot when /tmp/ wasn't available + yet. (This feature has no security implications, because the code is + still privileged and can trivially exit the sandbox.) - * The manager will load the vmm.notify_socket credential. If found, - it will send a "READY=1" notification on the specified socket after - boot is complete. This allows readiness notification to be sent - from a VM guest to the host over a VSOCK socket. + * The system manager manager will now parse a new "vmm.notify_socket" + system credential, which may be supplied to a VM via SMBIOS. If + found, it will send a "READY=1" notification on the specified socket + after boot is complete. This allows readiness notification to be sent + from a VM guest to the VM host over a VSOCK socket. * The sample PAM configuration file for systemd-user@.service now includes a call to pam_namespace. This puts children of user@.service in the expected namespace. (Many distributions replace their file with something custom, so this change has limited effect.) - * A new environment variable $SYSTEMD_DEFAULT_MOUNT_RATE_LIMIT_BURST can - can be used to override the mount units burst late limit for parsing - '/proc/self/mountinfo', which was introduced in v249. Defaults to 5. + * A new environment variable $SYSTEMD_DEFAULT_MOUNT_RATE_LIMIT_BURST + can can be used to override the mount units burst late limit for + parsing '/proc/self/mountinfo', which was introduced in + v249. Defaults to 5. - * Drop-ins for init.scope changing control cgroup resource limits are + * Drop-ins for init.scope changing control group resource limits are now applied, while they were previously ignored. * New build-time configuration options '-Ddefault-timeout-sec=' and @@ -144,7 +148,7 @@ CHANGES WITH 253 in spe: The "amba" bus path is now included in ID_NET_NAME_PATH, resulting in a more informative path on some embedded systems. - * Block partitions will now also get symlinks in + * Partition block devices will now also get symlinks in /dev/disk/by-diskseq/-part, which may be used to reference block device nodes via the kernel's "diskseq" value. Previously those symlinks were only created for the main block device. @@ -162,16 +166,15 @@ CHANGES WITH 253 in spe: means the RNG gets seeded very early in boot before userspace has started. - * systemd-boot will pass a random seed when secure boot is enabled if - it can additionally get a random seed from EFI itself, via EFI's RNG - protocol or a prior seed in LINUX_EFI_RANDOM_SEED_TABLE_GUID from a - preceding bootloader. + * systemd-boot will pass a disk-backed random seed – even when secure + boot is enabled – if it can additionally get a random seed from EFI + itself (via EFI's RNG protocol), or a prior seed in + LINUX_EFI_RANDOM_SEED_TABLE_GUID from a preceding bootloader. * systemd-boot-system-token.service was renamed to - systemd-boot-random-seed.service and extended to always save the - random seed to ESP on every boot when a compatible boot loader is - used. This allows a refreshed random seed to be used in the boot - loader. + systemd-boot-random-seed.service and extended to always save a random + seed to ESP on every boot when a compatible boot loader is used. This + allows a refreshed random seed to be used in the boot loader. * systemd-boot handles various seed inputs using a domain- and field-separated hashing scheme. @@ -180,77 +183,85 @@ CHANGES WITH 253 in spe: token is now always required to be present for random seeds to be used. - * systemd-boot now supports being loaded not from the ESP, for example - for direct kernel boot under QEMU or when embedded into the firmware. + * systemd-boot now supports being loaded from other locations than the + ESP, for example for direct kernel boot under QEMU or when embedded + into the firmware. - * systemd-boot now parses SMBIOS info to detect virtualization. This - information is used to skip some warnings which are not useful in a - VM and to conditionalize other aspects of behaviour. + * systemd-boot now parses SMBIOS information to detect + virtualization. This information is used to skip some warnings which + are not useful in a VM and to conditionalize other aspects of + behaviour. * systemd-boot now supports a new 'if-safe' mode that will perform UEFI Secure Boot automated certificate enrollment from the ESP only if it - is considered 'safe' to do so. At the moment 'safe' means running in a - virtual machine. + is considered 'safe' to do so. At the moment 'safe' means running in + a virtual machine. * systemd-stub now processes random seeds in the same way as - systemd-boot, in case a unified kernel image is being used from a - different bootloader than systemd-boot. + systemd-boot already does, in case a unified kernel image is being + used from a different bootloader than systemd-boot, or without any + boot load at all. * bootctl will now generate a system token on all EFI systems, even virtualized ones, and is activated in the case that the system token is missing from either sd-boot and sd-stub booted systems. * bootctl now implements two new verbs: 'kernel-identify' prints the - type of a kernel image, and 'kernel-inspect' provides information - about the embedded command line and kernel version. + type of a kernel image file, and 'kernel-inspect' provides + information about the embedded command line and kernel version of + UKIs. * bootctl now honours $KERNEL_INSTALL_CONF_ROOT with the same meaning as for kernel-install. Changes in kernel-install: - * A new "installation layout" can be configured as layout=uki. With this - setting, a Boot Loader Specification Type#1 entry will not be created. - Instead, a new kernel-install plugin 90-uki-copy.install will copy any - .efi files from the staging area into the boot partition. A plugin to - generate the UKI .efi file must be provided separately. + * A new "installation layout" can be configured as layout=uki. With + this setting, a Boot Loader Specification Type#1 entry will not be + created. Instead, a new kernel-install plugin 90-uki-copy.install + will copy any .efi files from the staging area into the boot + partition. A plugin to generate the UKI .efi file must be provided + separately. Changes in systemctl: * 'systemctl reboot' has dropped support for accepting a positional argument as the argument to the reboot(2) syscall. Please use the - --reboot-argument option instead. + --reboot-argument= option instead. - * 'systemctl disable' will now warn when called on units without install - information. A new --no-warn option has been added that silences this - warning. + * 'systemctl disable' will now warn when called on units without + install information. A new --no-warn option has been added that + silences this warning. * New option '--drop-in=' can be used to tell 'systemctl edit' the name - of the drop-in to edit. (Previously, 'override.conf' was always used. + of the drop-in to edit. (Previously, 'override.conf' was always + used.) * 'systemctl list-dependencies' now respects --type= and --state=. - * 'systemctl kexec' now supports XEN. + * 'systemctl kexec' now supports XEN VMM environments. Changes in systemd-networkd and related tools: * The [DHCPv4] section in .network file gained new SocketPriority= - setting that assigns the Linux socket priority used by the DHCPv4 - raw socket. Can be used in conjunction with the EgressQOSMaps=setting - in [VLAN] section of .netdev file to send the desired ethernet 802.1Q - frame priority for DHCPv4 initial packets. This cannot be achieved - with netfilter mangle tables because of the raw socket bypass. + setting that assigns the Linux socket priority used by the DHCPv4 raw + socket. This may be used in conjunction with the + EgressQOSMaps=setting in [VLAN] section of .netdev file to send the + desired ethernet 802.1Q frame priority for DHCPv4 initial + packets. This cannot be achieved with netfilter mangle tables because + of the raw socket bypass. - * The [DHCPv4] and [IPv6AcceptRA] sections in .network file gained new - QuickAck= boolean setting that enables the TCP quick ACK mode for the - routes configured by the acquired DHCPv4 lease or received router + * The [DHCPv4] and [IPv6AcceptRA] sections in .network file gained a + new QuickAck= boolean setting that enables the TCP quick ACK mode for + the routes configured by the acquired DHCPv4 lease or received router advertisements (RAs). * The RouteMetric= option (for DHCPv4, DHCPv6, and IPv6 advertised routes) now accepts three values, for high, medium, and low preference of the router (which can be set with the RouterPreference=) setting. - * systemd-networkd-wait-online now supports alternative interface names. + * systemd-networkd-wait-online now supports matching via alternative + interface names. * The [DHCPv6] section in .network file gained new SendRelease= setting which enables the DHCPv6 client to send release when @@ -265,18 +276,21 @@ CHANGES WITH 253 in spe: Changes in systemd-dissect: - * systemd-dissect gained a new option --list, to print the paths fo the - files and directories in the image. + * systemd-dissect gained a new option --list, to print the paths off + all files and directories in a DDI. - * systemd-dissect gained a new option --mtree, to generate output - compatible with BSD mtree(5). + * systemd-dissect gained a new option --mtree, to generate a file + manifest compatible with BSD mtree(5) of a DDI - * systemd-dissect gained a new option --with, to execute a command in - the image temporarily mounted. + * systemd-dissect gained a new option --with, to execute a command with + the specified DDI temporarily mounted and used as working + directory. This is for example useful to convert a DDI to "tar" + simply by running it within a "systemd-dissect --with" invocation. * systemd-dissect gained a new option --discover, to search for - Discoverable Disk Images (DDIs) in well-known directories. This will - list machine, portable service and system extension disk images. + Discoverable Disk Images (DDIs) in well-known directories of the + system. This will list machine, portable service and system extension + disk images. * systemd-dissect now understands 2nd stage initrd images stored as a Discoverable Disk Image (DDI). @@ -292,13 +306,14 @@ CHANGES WITH 253 in spe: * systemd-repart also gained a --defer-partitions= option that is similar to --exclude-partitions=, but the size of the partition is - taken into account without populating it. + still taken into account when sizing partitions, but without + populating it. * systemd-repart gained a new --sector-size= option to specify what sector size should be used when an image is created. - * systemd-repart now supports erofs (a read-only file system similar to - squashfs). + * systemd-repart now supports generating erofs file systems via + CopyFiles= (a read-only file system similar to squashfs). * The Minimize= option was extended to accept "best" (which means the most minimal image possible, but may require multiple attempts) and @@ -313,20 +328,22 @@ CHANGES WITH 253 in spe: about devices when sd-device is used, e.g. DEVNAME= and DRIVER=. Details of what is logged and when are subject to change. - * The systemd-journald-audit.socket can now be normally disabled to stop - collection of audit messages. Please note that it is not enabled - statically anymore and must be handled by the preset/enablement logic - in package installation scripts. + * The systemd-journald-audit.socket can now be disabled via the usual + "systemctl disable" mechanism to stop collection of audit + messages. Please note that it is not enabled statically anymore and + must be handled by the preset/enablement logic in package + installation scripts. * New options MaxUse=, KeepFree=, MaxFileSize=, and MaxFiles= can be used to curtail disk use by systemd-journal-remote. This is similar to the options supported by systemd-journald. Changes in systemd-cryptenroll, systemd-cryptsetup, and related - components + components: - * systemd-cryptenroll now supports unlocking via FIDO2 tokens (option - --unlock-fido2-device=). + * When enrolling new keys systemd-cryptenroll now supports unlocking + via FIDO2 tokens (option --unlock-fido2-device=). Previously, a + password was strictly required to be specified. * systemd-cryptsetup now supports pre-flight requests for FIDO2 tokens (except for tokens with user verification, UV) to identify tokens @@ -334,24 +351,18 @@ CHANGES WITH 253 in spe: the same time, and systemd-cryptsetup will automatically select one that corresponds to one of the available LUKS key slots. - * systemd-cryptsetup now supports new options tpm2-measure-pcr= and - tpm2-measure-bank= in crypttab(5). These allow specifying the - PCR bank and number into which the volume key should be measured. - - * When measuring data into a PCR, an authenticated hash (HMAC) is used - on the CPU, to further protect the data before it leaves the CPU. + * systemd-cryptsetup now supports new options tpm2-measure-bank= and + tpm2-measure-pcr= in crypttab(5). These allow specifying the TPM2 PCR + bank and number into which the volume key should be measured. * systemd-gpt-auto-generator mounts the ESP and XBOOTLDR partitions with "noexec,nosuid,nodev". * systemd-pcrphase gained new options --machine-id and --file-system= - to measure the machine-id and mount point information into a PCR. - - * The machine-id is measured into PCR 15 during early boot. - - * For the root and /var/ volumes, the mount point information and - options, and volume encryption keys in case encryption is used, will - be measured into PCR 15. + to measure the machine-id and mount point information into PCR 15. New + service unit files systemd-pcrmachine.service and + systemd-pcrfs@.service have been added that invoke the tool with + these switches during early boot. * systemd-cryptenroll now stores the user-supplied PIN with a salt, making it harder to brute-force. @@ -363,7 +374,7 @@ CHANGES WITH 253 in spe: * Environment variables $SYSTEMD_HOME_MKFS_OPTIONS_BTRFS, $SYSTEMD_HOME_MKFS_OPTIONS_EXT4, and $SYSTEMD_HOME_MKFS_OPTIONS_XFS - can be used to specify additional arguments for mkfs when + may now be used to specify additional arguments for mkfs when systemd-homed formats a file system. * systemd-hostnamed now exports the contents of @@ -372,7 +383,7 @@ CHANGES WITH 253 in spe: unprivileged code to access those values. systemd-hostnamed also exports the SUPPORT_END= field from - os-release(5) as OperatingSystemSupportEnd. timedatectl make uses of + os-release(5) as OperatingSystemSupportEnd. hostnamectl make uses of this to show the status of the installed system. * systemd-measure gained an --append= option to sign multiple phase @@ -382,14 +393,14 @@ CHANGES WITH 253 in spe: * systemd-timesyncd will now write a structured log message with MESSAGE_ID set to SD_MESSAGE_TIME_BUMP when it bumps the clock based - on a disk timestamp, similarly to what it did when reaching + on a on-disk timestamp, similarly to what it did when reaching synchronization via NTP. - systemd-timesyncd will now also update the timestamp file on each - boot, making it more likely that the system time increases in - subsequent boots. + * systemd-timesyncd will now update the on-disk timestamp file on each + boot at least once, making it more likely that the system time + increases in subsequent boots. - * systemd-vconsole-setup gained support for credentials: + * systemd-vconsole-setup gained support for system/service credentials: vconsole.keymap/vconsole.keymap_toggle and vconsole.font/vconsole.font_map/vconsole.font_unimap are analogous the similarly-named options in vconsole.conf. @@ -420,7 +431,7 @@ CHANGES WITH 253 in spe: Similarly, 'machinectl start|stop' gained a --now option to enable or disable the machine unit when starting or stopping it. - * systemd-sysusers will now create /etc if it is missing. + * systemd-sysusers will now create /etc/ if it is missing. * systemd-sleep 'HibernateDelaySec=' setting is changed back to pre-v252's behaviour, and a new 'SuspendEstimationSec=' setting is @@ -440,9 +451,10 @@ CHANGES WITH 253 in spe: sd_bus_emit_signal_tov(), and sd_bus_message_new_signal_to(). * sd-id128 functions now return -EUCLEAN (instead of -EIO) when the - id128_t parameter has an invalid format. They also accept NULL as - output parameter in more places, which is useful when the caller only - wants to check the inputs and does not need the output value. + 128bit ID in files such as /etc/machine-id has an invalid + format. They also accept NULL as output parameter in more places, + which is useful when the caller only wants to validate the inputs and + does not need the output value. * sd-login gained new functions sd_pidfd_get_session(), sd_pidfd_get_owner_uid(), sd_pidfd_get_unit(), @@ -458,21 +470,24 @@ CHANGES WITH 253 in spe: SD_PATH_SYSTEMD_SEARCH_USER_ENVIRONMENT_GENERATOR, * sd-notify now supports AF_VSOCK, in the "vsock:CID:port" format, for - the notify_socket parameter/environment variable/credential. + the $NOTIFY_SOCKET parameter/environment variable/credential. - * Detection of chroot environments now works if /proc/ is not mounted. - This affects systemd-detect-virt --chroot, but also means that systemd - tools will silently skip various operations in such an environment. + * Detection of chroot() environments now works if /proc/ is not + mounted. This affects systemd-detect-virt --chroot, but also means + that systemd tools will silently skip various operations in such an + environment. * "Lockheed Matrin Hardened Security for Intel Processors" (HS SRE) virtualization is now detected. Changes in the build system: - * Standalone variant of systemd-repart is built (if -Dstandalone=true). + * A standalone variant of systemd-repart may now be built (if + -Dstandalone=true). - * systemd-ac-power has been moved to /usr/bin/, to, for example, allow - scripts to conditionalize execution on AC power supply. + * systemd-ac-power has been moved from /usr/lib/ to /usr/bin/, to, for + example, allow scripts to conditionalize execution on AC power + supply. * The libp11kit library is now loaded through dlopen(3).