mirror of
https://github.com/systemd/systemd.git
synced 2024-11-26 19:53:45 +08:00
18123 lines
959 KiB
Plaintext
18123 lines
959 KiB
Plaintext
systemd System and Service Manager
|
||
|
||
CHANGES WITH 257 in spe:
|
||
|
||
Announcements of Future Feature Removals and Incompatible Changes:
|
||
|
||
* Support for automatic flushing of the nscd user/group database caches
|
||
has been dropped.
|
||
|
||
* Support for cgroup v1 ('legacy' and 'hybrid' hierarchies) is now
|
||
considered obsolete and systemd by default will refuse to boot under
|
||
it. To forcibly reenable cgroup v1 support,
|
||
SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 must be set on kernel command
|
||
line. The meson option 'default-hierarchy=' is also deprecated, i.e.
|
||
only cgroup v2 ('unified' hierarchy) can be selected as build-time
|
||
default.
|
||
|
||
* Support for System V service scripts is deprecated and will be
|
||
removed in a future release. Please make sure to update your software
|
||
*now* to include a native systemd unit file instead of a legacy
|
||
System V script to retain compatibility with future systemd releases.
|
||
|
||
* Support for the SystemdOptions EFI variable is deprecated.
|
||
'bootctl systemd-efi-options' will emit a warning when used. It seems
|
||
that this feature is little-used and it is better to use alternative
|
||
approaches like credentials and confexts. The plan is to drop support
|
||
altogether at a later point, but this might be revisited based on
|
||
user feedback.
|
||
|
||
* systemd-run's switch --expand-environment= which currently is disabled
|
||
by default when combined with --scope, will be changed in a future
|
||
release to be enabled by default.
|
||
|
||
— <place>, <date>
|
||
|
||
CHANGES WITH 256:
|
||
|
||
Announcements of Future Feature Removals and Incompatible Changes:
|
||
|
||
* Support for automatic flushing of the nscd user/group database caches
|
||
will be dropped in a future release.
|
||
|
||
* Support for cgroup v1 ('legacy' and 'hybrid' hierarchies) is now
|
||
considered obsolete and systemd by default will refuse to boot under
|
||
it. To forcibly reenable cgroup v1 support,
|
||
SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 must be set on kernel command
|
||
line. The meson option 'default-hierarchy=' is also deprecated, i.e.
|
||
only cgroup v2 ('unified' hierarchy) can be selected as build-time
|
||
default.
|
||
|
||
* Support for System V service scripts is deprecated and will be
|
||
removed in a future release. Please make sure to update your software
|
||
*now* to include a native systemd unit file instead of a legacy
|
||
System V script to retain compatibility with future systemd releases.
|
||
|
||
* Support for the SystemdOptions EFI variable is deprecated.
|
||
'bootctl systemd-efi-options' will emit a warning when used. It seems
|
||
that this feature is little-used and it is better to use alternative
|
||
approaches like credentials and confexts. The plan is to drop support
|
||
altogether at a later point, but this might be revisited based on
|
||
user feedback.
|
||
|
||
* systemd-run's switch --expand-environment= which currently is disabled
|
||
by default when combined with --scope, will be changed in a future
|
||
release to be enabled by default.
|
||
|
||
* Previously, systemd-networkd did not explicitly remove any bridge
|
||
VLAN IDs assigned on bridge master and ports. Since version 256, if a
|
||
.network file for an interface has at least one valid setting in the
|
||
[BridgeVLAN] section, then all assigned VLAN IDs on the interface
|
||
that are not configured in the .network file are removed.
|
||
|
||
* IPForward= setting in .network file is deprecated and replaced with
|
||
IPv4Forwarding= and IPv6Forwarding= settings. These new settings are
|
||
supported both in .network file and networkd.conf. If specified in a
|
||
.network file, they control corresponding per-link settings. If
|
||
specified in networkd.conf, they control corresponding global
|
||
settings. Note, previously IPv6SendRA= and IPMasquerade= implied
|
||
IPForward=, but now they imply the new per-link settings. One of the
|
||
simplest ways to migrate configurations, that worked as a router with
|
||
the previous version, is enabling both IPv4Forwarding= and
|
||
IPv6Forwarding= in networkd.conf. See systemd.network(5) and
|
||
networkd.conf(5) for more details.
|
||
|
||
* systemd-gpt-auto-generator will stop generating units for ESP or
|
||
XBOOTLDR partitions if it finds mount entries for or below the /boot/
|
||
or /efi/ hierarchies in /etc/fstab. This is to prevent the generator
|
||
from interfering with systems where the ESP is explicitly configured
|
||
to be mounted at some path, for example /boot/efi/ (this type of
|
||
setup is obsolete, but still commonly found).
|
||
|
||
* The behavior of systemd-sleep and systemd-homed has been updated to
|
||
freeze user sessions when entering the various sleep modes or when
|
||
locking a homed-managed home area. This is known to cause issues with
|
||
the proprietary NVIDIA drivers. Packagers of the NVIDIA proprietary
|
||
drivers may want to add drop-in configuration files that set
|
||
SYSTEMD_SLEEP_FREEZE_USER_SESSIONS=false for systemd-suspend.service
|
||
and related services, and SYSTEMD_HOME_LOCK_FREEZE_SESSION=false for
|
||
systemd-homed.service.
|
||
|
||
* systemd-tmpfiles and systemd-sysusers, when given a relative
|
||
configuration file path (with at least one directory separator '/'),
|
||
will open the file directly, instead of searching for the given
|
||
partial path in the standard locations. The old mode wasn't useful
|
||
because tmpfiles.d/ and sysusers.d/ configuration has a flat
|
||
structure with no subdirectories under the standard locations and
|
||
this change makes it easier to work with local files with those
|
||
tools.
|
||
|
||
* systemd-tmpfiles now properly applies nested configuration to 'R' and
|
||
'D' stanzas. For example, with the combination of 'R /foo' and 'x
|
||
/foo/bar', /foo/bar will now be excluded from removal.
|
||
|
||
* systemd.crash_reboot and related settings are deprecated in favor of
|
||
systemd.crash_action=.
|
||
|
||
* Stable releases for version v256 and newer will now be pushed in the
|
||
main repository. The systemd-stable repository will be used for existing
|
||
stable branches (v255-stable and lower), and when they reach EOL it will
|
||
be archived.
|
||
|
||
General Changes and New Features:
|
||
|
||
* Various programs will now attempt to load the main configuration file
|
||
from locations below /usr/lib/, /usr/local/lib/, and /run/, not just
|
||
below /etc/. For example, systemd-logind will look for
|
||
/etc/systemd/logind.conf, /run/systemd/logind.conf,
|
||
/usr/local/lib/systemd/logind.conf, and /usr/lib/systemd/logind.conf,
|
||
and use the first file that is found. This means that the search
|
||
logic for the main config file and for drop-ins is now the same.
|
||
|
||
Similarly, kernel-install will look for the config files in
|
||
/usr/lib/kernel/ and the other search locations, and now also
|
||
supports drop-ins.
|
||
|
||
systemd-udevd now supports drop-ins for udev.conf.
|
||
|
||
* A new 'systemd-vpick' binary has been added. It implements the new
|
||
vpick protocol, where a "*.v/" directory may contain multiple files
|
||
which have versions (following the UAPI version format specification)
|
||
embedded in the file name. The files are ordered by version and
|
||
the newest one is selected.
|
||
|
||
systemd-nspawn --image=/--directory=, systemd-dissect,
|
||
systemd-portabled, and the RootDirectory=, RootImage=,
|
||
ExtensionImages=, and ExtensionDirectories= settings for units now
|
||
support the vpick protocol and allow the latest version to be
|
||
selected automatically if a "*.v/" directory is specified as the
|
||
source.
|
||
|
||
* Encrypted service credentials can now be made accessible to
|
||
unprivileged users. systemd-creds gained new options --user/--uid=
|
||
for encrypting/decrypting a credential for a specific user.
|
||
|
||
* New command-line tool 'importctl' to download, import, and export
|
||
disk images via systemd-importd is added with the following verbs:
|
||
pull-tar, pull-raw, import-tar, import-raw, import-fs, export-tar,
|
||
export-raw, list-transfers, and cancel-transfer. This functionality
|
||
was previously available in "machinectl", where it was used
|
||
exclusively for machine images. The new "importctl" generalizes this
|
||
for sysext, confext, and portable service images.
|
||
|
||
* The systemd sources may now be compiled cleanly with all OpenSSL 3.0
|
||
deprecations removed, including the OpenSSL engine logic turned off.
|
||
|
||
Service Management:
|
||
|
||
* New system manager setting ProtectSystem= has been added. It is
|
||
analogous to the unit setting, but applies to the whole system. It is
|
||
enabled by default in the initrd.
|
||
|
||
Note that this means that code executed in the initrd cannot naively
|
||
expect to be able to write to /usr/ during boot. This affects
|
||
dracut <= 101, which wrote "hooks" to /lib/dracut/hooks/. See
|
||
https://github.com/dracut-ng/dracut-ng/commit/a45048b80c27ee5a45a380.
|
||
|
||
* New unit setting WantsMountsFor= has been added. It is analogous to
|
||
RequiresMountsFor=, but creates a Wants= dependency instead of
|
||
Requires=. This new logic is now used in various places where mounts
|
||
were added as dependencies for other settings (WorkingDirectory=-…,
|
||
PrivateTmp=yes, cryptsetup lines with 'nofail').
|
||
|
||
* New unit setting MemoryZSwapWriteback= can be used to control the new
|
||
memory.zswap.writeback cgroup knob added in kernel 6.8.
|
||
|
||
* The manager gained a org.freedesktop.systemd1.StartAuxiliaryScope()
|
||
D-Bus method to devolve some processes from a service into a new
|
||
scope. This new scope will remain running, even when the original
|
||
service unit is restarted or stopped. This allows a service unit to
|
||
split out some worker processes which need to continue running.
|
||
Control group properties of the new scope are copied from the
|
||
originating unit, so various limits are retained.
|
||
|
||
* Units now expose properties EffectiveMemoryMax=,
|
||
EffectiveMemoryHigh=, and EffectiveTasksMax=, which report the
|
||
most stringent limit systemd is aware of for the given unit.
|
||
|
||
* A new unit file specifier %D expands to $XDG_DATA_HOME (for user
|
||
services) or /usr/share/ (for system services).
|
||
|
||
* AllowedCPUs= now supports specifier expansion.
|
||
|
||
* What= setting in .mount and .swap units now accepts fstab-style
|
||
identifiers, for example UUID=… or LABEL=….
|
||
|
||
* RestrictNetworkInterfaces= now supports alternative network interface
|
||
names.
|
||
|
||
* PAMName= now implies SetLoginEnvironment=yes.
|
||
|
||
* systemd.firstboot=no can be used on the kernel command-line to
|
||
disable interactive queries, but allow other first boot configuration
|
||
to happen based on credentials.
|
||
|
||
* The system's hostname can be configured via the systemd.hostname
|
||
system credential.
|
||
|
||
* The systemd binary will no longer chainload sysvinit's "telinit"
|
||
binary when called under the init/telinit name on a system that isn't
|
||
booted with systemd. This previously has been supported to make sure
|
||
a distribution that has both init systems installed can reasonably
|
||
switch from one to the other via a simple reboot. Distributions
|
||
apparently have lost interest in this, and the functionality has not
|
||
been supported on the primary distribution this was still intended
|
||
for a long time, and hence has been removed now.
|
||
|
||
* A new concept called "capsules" has been introduced. "Capsules" wrap
|
||
additional per-user service managers, whose users are transient and
|
||
are only defined as long as the service manager is running. (This is
|
||
implemented via DynamicUser=1), allowing a user manager to be used to
|
||
manage a group of processes without needing to create an actual user
|
||
account. These service managers run with home directories of
|
||
/var/lib/capsules/<capsule-name> and can contain regular services and
|
||
other units. A capsule is started via a simple "systemctl start
|
||
capsule@<name>.service". See the capsule@.service(5) man page for
|
||
further details.
|
||
|
||
Various systemd tools (including, and most importantly, systemctl and
|
||
systemd-run) have been updated to interact with capsules via the new
|
||
"--capsule="/"-C" switch.
|
||
|
||
* .socket units gained a new setting PassFileDescriptorsToExec=, taking
|
||
a boolean value. If set to true the file descriptors the socket unit
|
||
encapsulates are passed to the ExecStartPost=, ExecStopPre=,
|
||
ExecStopPost= using the usual $LISTEN_FDS interface. This may be used
|
||
for doing additional initializations on the sockets once they are
|
||
allocated. (For example, to install an additional eBPF program on
|
||
them).
|
||
|
||
* The .socket setting MaxConnectionsPerSource= (which so far put a
|
||
limit on concurrent connections per IP in Accept=yes socket units),
|
||
now also has an effect on AF_UNIX sockets: it will put a limit on the
|
||
number of simultaneous connections from the same source UID (as
|
||
determined via SO_PEERCRED). This is useful for implementing IPC
|
||
services in a simple Accept=yes mode.
|
||
|
||
* The service manager will now maintain a counter of soft reboot cycles
|
||
the system went through. It may be queried via the D-Bus APIs.
|
||
|
||
* systemd's execution logic now supports the new pidfd_spawn() API
|
||
introduced by glibc 2.39, which allows us to invoke a subprocess in a
|
||
target cgroup and get a pidfd back in a single operation.
|
||
|
||
* systemd/PID 1 will now send an additional sd_notify() message to its
|
||
supervising VMM or container manager reporting the selected hostname
|
||
("X_SYSTEMD_HOSTNAME=") and machine ID ("X_SYSTEMD_MACHINE_ID=") at
|
||
boot. Moreover, the service manager will send additional sd_notify()
|
||
messages ("X_SYSTEMD_UNIT_ACTIVE=") whenever a target unit is
|
||
reached. This can be used by VMMs/container managers to schedule
|
||
access to the system precisely. For example, the moment a system
|
||
reports "ssh-access.target" being reached a VMM/container manager
|
||
knows it can now connect to the system via SSH. Finally, a new
|
||
sd_notify() message ("X_SYSTEMD_SIGNALS_LEVEL=2") is sent the moment
|
||
PID 1 has successfully completed installation of its various UNIX
|
||
process signal handlers (i.e. the moment where SIGRTMIN+4 sent to
|
||
PID 1 will start to have the effect of shutting down the system
|
||
cleanly). X_SYSTEMD_SHUTDOWN= is sent shortly before the system shuts
|
||
down, and carries a string identifying the type of shutdown,
|
||
i.e. "poweroff", "halt", "reboot". X_SYSTEMD_REBOOT_PARAMETER= is
|
||
sent at the same time and carries the string passed to "systemctl
|
||
--reboot-argument=" if there was one.
|
||
|
||
* New D-Bus properties ExecMainHandoffTimestamp and
|
||
ExecMainHandoffTimestampMonotonic are now published by services
|
||
units. This timestamp is taken as the very last operation before
|
||
handing off control to invoked binaries. This information is
|
||
available for other unit types that fork off processes (i.e. mount,
|
||
swap, socket units), but currently only via "systemd-analyze dump".
|
||
|
||
* An additional timestamp is now taken by the service manager when a
|
||
system shutdown operation is initiated. It can be queried via D-Bus
|
||
during the shutdown phase. It's passed to the following service
|
||
manager invocation on soft reboots, which will then use it to log the
|
||
overall "grey-out" time of the soft reboot operation, i.e. the time
|
||
when the shutdown began until the system is fully up again.
|
||
|
||
* "systemctl status" will now display the invocation ID in its usual
|
||
output, i.e. the 128bit ID uniquely assigned to the current runtime
|
||
cycle of the unit. The ID has been supported for a long time, but is
|
||
now more prominently displayed, as it is a very useful handle to a
|
||
specific invocation of a service.
|
||
|
||
* systemd now generates a new "taint" string "unmerged-bin" for systems
|
||
that have /usr/bin/ and /usr/sbin/ separate. It's generally
|
||
recommended to make the latter a symlink to the former these days.
|
||
|
||
* A new systemd.crash_action= kernel command line option has been added
|
||
that configures what to do after the system manager (PID 1) crashes.
|
||
This can also be configured through CrashAction= in systemd.conf.
|
||
|
||
* "systemctl kill" now supports --wait which will make the command wait
|
||
until the signalled services terminate.
|
||
|
||
Journal:
|
||
|
||
* systemd-journald can now forward journal entries to a socket
|
||
(AF_INET, AF_INET6, AF_UNIX, or AF_VSOCK). The socket can be
|
||
specified in journald.conf via a new option ForwardToSocket= or via
|
||
the 'journald.forward_to_socket' credential. Log records are sent in
|
||
the Journal Export Format. A related setting MaxLevelSocket= has been
|
||
added to control the maximum log levels for the messages sent to this
|
||
socket.
|
||
|
||
* systemd-journald now also reads the journal.storage credential when
|
||
determining where to store journal files.
|
||
|
||
* systemd-vmspawn gained a new --forward-journal= option to forward the
|
||
virtual machine's journal entries to the host. This is done over a
|
||
AF_VSOCK socket, i.e. it does not require networking in the guest.
|
||
|
||
* journalctl gained option '-i' as a shortcut for --file=.
|
||
|
||
* journalctl gained a new -T/--exclude-identifier= option to filter
|
||
out certain syslog identifiers.
|
||
|
||
* journalctl gained a new --list-namespaces option.
|
||
|
||
* systemd-journal-remote now also accepts AF_VSOCK and AF_UNIX sockets
|
||
(so it can be used to receive entries forwarded by systemd-journald).
|
||
|
||
* systemd-journal-gatewayd allows restricting the time range of
|
||
retrieved entries with a new "realtime=[<since>]:[<until>]" URL
|
||
parameter.
|
||
|
||
* systemd-cat gained a new option --namespace= to specify the target
|
||
journal namespace to which the output shall be connected.
|
||
|
||
* systemd-bsod gained a new option --tty= to specify the output TTY
|
||
|
||
Device Management:
|
||
|
||
* /dev/ now contains symlinks that combine by-path and by-{label,uuid}
|
||
information:
|
||
|
||
/dev/disk/by-path/<path>/by-<label|uuid|…>/<label|uuid|…>
|
||
|
||
This allows distinguishing partitions with identical contents on
|
||
multiple storage devices. This is useful, for example, when copying
|
||
raw disk contents between devices.
|
||
|
||
* systemd-udevd now creates persistent /dev/media/by-path/ symlinks for
|
||
media controllers. For example, the uvcvideo driver may create
|
||
/dev/media0 which will be linked as
|
||
/dev/media/by-path/pci-0000:04:00.3-usb-0:1:1.0-media-controller.
|
||
|
||
* A new unit systemd-udev-load-credentials.service has been added
|
||
to pick up udev.conf drop-ins and udev rules from credentials.
|
||
|
||
* An allowlist/denylist may be specified to filter which sysfs
|
||
attributes are used when crafting network interface names. Those
|
||
lists are stored as hwdb entries
|
||
ID_NET_NAME_ALLOW_<sysfsattr>=0|1
|
||
and
|
||
ID_NET_NAME_ALLOW=0|1.
|
||
|
||
The goal is to avoid unexpected changes to interface names when the
|
||
kernel is updated and new sysfs attributes become visible.
|
||
|
||
* A new unit tpm2.target has been added to provide a synchronization
|
||
point for units which expect the TPM hardware to be available. A new
|
||
generator "systemd-tpm2-generator" has been added that will insert
|
||
this target whenever it detects that the firmware has initialized a
|
||
TPM, but Linux hasn't loaded a driver for it yet.
|
||
|
||
* systemd-backlight now properly supports numbered devices which the
|
||
kernel creates to avoid collisions in the leds subsystem.
|
||
|
||
* systemd-hwdb update operation can be disabled with a new environment
|
||
variable SYSTEMD_HWDB_UPDATE_BYPASS=1.
|
||
|
||
systemd-hostnamed:
|
||
|
||
* systemd-hostnamed now exposes the machine ID and boot ID via
|
||
D-Bus. It also exposes the hosts AF_VSOCK CID, if available.
|
||
|
||
* systemd-hostnamed now provides a basic Varlink interface.
|
||
|
||
* systemd-hostnamed exports the full data in os-release(5) and
|
||
machine-info(5) via D-Bus and Varlink.
|
||
|
||
* hostnamectl now shows the system's product UUID and hardware serial
|
||
number if known.
|
||
|
||
Network Management:
|
||
|
||
* systemd-networkd now provides a basic Varlink interface.
|
||
|
||
* systemd-networkd's ARP proxy support gained a new option to configure
|
||
a private VLAN variant of the proxy ARP supported by the kernel under
|
||
the name IPv4ProxyARPPrivateVLAN=.
|
||
|
||
* systemd-networkd now exports the NamespaceId and NamespaceNSID
|
||
properties via D-Bus and Varlink. (which expose the inode and NSID of
|
||
the network namespace the networkd instance manages)
|
||
|
||
* systemd-networkd now supports IPv6RetransmissionTimeSec= and
|
||
UseRetransmissionTime= settings in .network files to configure
|
||
retransmission time for IPv6 neighbor solicitation messages.
|
||
|
||
* networkctl gained new verbs 'mask' and 'unmask' for masking networkd
|
||
configuration files such as .network files.
|
||
|
||
* 'networkctl edit --runtime' allows editing volatile configuration
|
||
under /run/systemd/network/.
|
||
|
||
* The implementation behind TTLPropagate= network setting has been
|
||
removed and the setting is now ignored.
|
||
|
||
* systemd-network-generator will now pick up .netdev/.link/.network/
|
||
networkd.conf configuration from system credentials.
|
||
|
||
* systemd-networkd will now pick up wireguard secrets from
|
||
credentials.
|
||
|
||
* systemd-networkd's Varlink API now supports enumerating LLDP peers.
|
||
|
||
* .link files now support new Property=, ImportProperty=,
|
||
UnsetProperty= fields for setting udev properties on a link.
|
||
|
||
* The various .link files that systemd ships for interfaces that are
|
||
supposed to be managed by systemd-networkd only now carry a
|
||
ID_NET_MANAGED_BY=io.systemd.Network udev property ensuring that
|
||
other network management solutions honouring this udev property do
|
||
not come into conflict with networkd, trying to manage these
|
||
interfaces.
|
||
|
||
* .link files now support a new ReceivePacketSteeringCPUMask= setting
|
||
for configuring which CPUs to steer incoming packets to.
|
||
|
||
* The [Network] section in .network files gained a new setting
|
||
UseDomains=, which is a single generic knob for controlling the
|
||
settings of the same name in the [DHCPv4], [DHCPv6] and
|
||
[IPv6AcceptRA].
|
||
|
||
* The 99-default.link file we ship by default (that defines the policy
|
||
for all network devices to which no other .link file applies) now
|
||
lists "mac" among AlternativeNamesPolicy=. This means that network
|
||
interfaces will now by default gain an additional MAC-address based
|
||
alternative device name. (i.e. enx…)
|
||
|
||
systemd-nspawn:
|
||
|
||
* systemd-nspawn now provides a /run/systemd/nspawn/unix-export/
|
||
directory where the container payload can expose AF_UNIX sockets to
|
||
allow them to be accessed from outside.
|
||
|
||
* systemd-nspawn will tint the terminal background for containers in a
|
||
blueish color. This can be controller with the new --background=
|
||
switch or the new $SYSTEMD_TINT_BACKGROUND environment variable.
|
||
|
||
* systemd-nspawn gained support for the 'owneridmap' option for --bind=
|
||
mounts to map the target directory owner from inside the container to
|
||
the owner of the directory bound from the host filesystem.
|
||
|
||
* systemd-nspawn now supports moving Wi-Fi network devices into a
|
||
container, just like other network interfaces.
|
||
|
||
systemd-resolved:
|
||
|
||
* systemd-resolved now reads RFC 8914 EDE error codes provided by
|
||
upstream DNS services.
|
||
|
||
* systemd-resolved and resolvectl now support RFC 9460 SVCB and HTTPS
|
||
records, as well as RFC 2915 NAPTR records.
|
||
|
||
* resolvectl gained a new option --relax-single-label= to allow
|
||
querying single-label hostnames via unicast DNS on a per-query basis.
|
||
|
||
* systemd-resolved's Varlink IPC interface now supports resolving
|
||
DNS-SD services as well as an API for resolving raw DNS RRs.
|
||
|
||
* systemd-resolved's .dnssd DNS_SD service description files now
|
||
support DNS-SD "subtypes" via the new SubType= setting.
|
||
|
||
* systemd-resolved's configuration may now be reloaded without
|
||
restarting the service. (i.e. "systemctl reload systemd-resolved" is
|
||
now supported)
|
||
|
||
SSH Integration:
|
||
|
||
* An sshd config drop-in to allow ssh keys acquired via userdbctl (for
|
||
example expose by homed accounts) to be used for authorization of
|
||
incoming SSH connections.
|
||
|
||
* A small new unit generator "systemd-ssh-generator" has been added. It
|
||
checks if the sshd binary is installed. If so, it binds it via
|
||
per-connection socket activation to various sockets depending on the
|
||
execution context:
|
||
|
||
• If the system is run in a VM providing AF_VSOCK support, it
|
||
automatically binds sshd to AF_VSOCK port 22.
|
||
|
||
• If the system is invoked as a full-OS container and the container
|
||
manager pre-mounts a directory /run/host/unix-export/, it will
|
||
bind sshd to an AF_UNIX socket /run/host/unix-export/ssh. The
|
||
idea is the container manager bind mounts the directory to an
|
||
appropriate place on the host as well, so that the AF_UNIX socket
|
||
may be used to easily connect from the host to the container.
|
||
|
||
• sshd is also bound to an AF_UNIX socket
|
||
/run/ssh-unix-local/socket, which may be to use ssh/sftp in a
|
||
"sudo"-like fashion to access resources of other local users.
|
||
|
||
• Via the kernel command line option "systemd.ssh_listen=" and the
|
||
system credential "ssh.listen" sshd may be bound to additional,
|
||
explicitly configured options, including AF_INET/AF_INET6 ports.
|
||
|
||
In particular the first two mechanisms should make dealing with local
|
||
VMs and full OS containers a lot easier, as SSH connections will
|
||
*just* *work* from the host – even if no networking is available
|
||
whatsoever.
|
||
|
||
systemd-ssh-generator optionally generates a per-connection
|
||
socket activation service file wrapping sshd. This is only done if
|
||
the distribution does not provide one on its own under the name
|
||
"sshd@.service". The generated unit only works correctly if the SSH
|
||
privilege separation ("privsep") directory exists. Unfortunately
|
||
distributions vary wildly where they place this directory. An
|
||
incomprehensive list:
|
||
|
||
• /usr/share/empty.sshd/ (new fedora)
|
||
• /var/empty/
|
||
• /var/empty/sshd/
|
||
• /run/sshd/ (debian/ubuntu?)
|
||
|
||
If the SSH privsep directory is placed below /var/ or /run/ care
|
||
needs to be taken that the directory is created automatically at boot
|
||
if needed, since these directories possibly or always come up
|
||
empty. This can be done via a tmpfiles.d/ drop-in. You may use the
|
||
"sshdprivsepdir" meson option provided by systemd to configure the
|
||
directory, in case you want systemd to create the directory as needed
|
||
automatically, if your distribution does not cover this natively.
|
||
|
||
Recommendations to distributions, in order to make things just work:
|
||
|
||
• Please provide a per-connection SSH service file under the name
|
||
"sshd@.service".
|
||
|
||
• Please move the SSH privsep dir into /usr/ (so that it is truly
|
||
immutable on image-based operating systems, is strictly under
|
||
package manager control, and never requires recreation if the
|
||
system boots up with an empty /run/ or /var/).
|
||
|
||
• As an extension of this: please consider following Fedora's lead
|
||
here, and use /usr/share/empty.sshd/ to minimize needless
|
||
differences between distributions.
|
||
|
||
• If your distribution insists on placing the directory in /var/ or
|
||
/run/ then please at least provide a tmpfiles.d/ drop-in to
|
||
recreate it automatically at boot, so that the sshd binary just
|
||
works, regardless in which context it is called.
|
||
|
||
* A small tool "systemd-ssh-proxy" has been added, which is supposed to
|
||
act as counterpart to "systemd-ssh-generator". It's a small plug-in
|
||
for the SSH client (via ProxyCommand/ProxyUseFdpass) to allow it to
|
||
connect to AF_VSOCK or AF_UNIX sockets. Example: "ssh vsock/4711"
|
||
connects to a local VM with cid 4711, or "ssh
|
||
unix/run/ssh-unix-local/socket" to connect to the local host via the
|
||
AF_UNIX socket /run/ssh-unix-local/socket.
|
||
|
||
systemd-boot and systemd-stub and Related Tools:
|
||
|
||
* TPM 1.2 PCR measurement support has been removed from systemd-stub.
|
||
TPM 1.2 is obsolete and – due to the (by today's standards) weak
|
||
cryptographic algorithms it only supports – does not actually provide
|
||
the security benefits it's supposed to provide. Given that the rest
|
||
of systemd's codebase never supported TPM 1.2, the support has now
|
||
been removed from systemd-stub as well.
|
||
|
||
* systemd-stub will now measure its payload via the new EFI
|
||
Confidential Computing APIs (CC), in addition to the pre-existing
|
||
measurements to TPM.
|
||
|
||
* confexts are loaded by systemd-stub from the ESP as well.
|
||
|
||
* kernel-install gained support for --root= for the 'list' verb.
|
||
|
||
* bootctl now provides a basic Varlink interface and can be run as a
|
||
daemon via a template unit.
|
||
|
||
* systemd-measure gained new options --certificate=, --private-key=,
|
||
and --private-key-source= to allow using OpenSSL's "engines" or
|
||
"providers" as the signing mechanism to use when creating signed
|
||
TPM2 PCR measurement values.
|
||
|
||
* ukify gained support for signing of PCR signatures via OpenSSL's
|
||
engines and providers.
|
||
|
||
* ukify now supports zboot kernels.
|
||
|
||
* systemd-boot now supports passing additional kernel command line
|
||
switches to invoked kernels via an SMBIOS Type #11 string
|
||
"io.systemd.boot.kernel-cmdline-extra". This is similar to the
|
||
pre-existing support for this in systemd-stub, but also applies to
|
||
Type #1 Boot Loader Specification Entries.
|
||
|
||
* systemd-boot's automatic SecureBoot enrollment support gained support
|
||
for enrolling "dbx" too (Previously, only db/KEK/PK enrollment was
|
||
supported). It also now supports UEFI "Custom" and "Audit" modes.
|
||
|
||
* The pcrlock policy is saved in an unencrypted credential file
|
||
"pcrlock.<entry-token>.cred" under XBOOTLDR/ESP in the
|
||
/loader/credentials/ directory. It will be picked up at boot by
|
||
systemd-stub and passed to the initrd, where it can be used to unlock
|
||
the root file system.
|
||
|
||
* systemd-pcrlock gained an --entry-token= option to configure the
|
||
entry-token.
|
||
|
||
* systemd-pcrlock now provides a basic Varlink interface and can be run
|
||
as a daemon via a template unit.
|
||
|
||
* systemd-pcrlock's TPM nvindex access policy has been modified, this
|
||
means that previous pcrlock policies stored in nvindexes are
|
||
invalidated. They must be removed (systemd-pcrlock remove-policy) and
|
||
recreated (systemd-pcrlock make-policy). For the time being
|
||
systemd-pcrlock remains an experimental feature, but it is expected
|
||
to become stable in the next release, i.e. v257.
|
||
|
||
* systemd-pcrlock's --recovery-pin= switch now takes three values:
|
||
"hide", "show", "query". If "show" is selected the automatically
|
||
generated recovery PIN is shown to the user. If "query" is selected
|
||
then the PIN is queried from the user.
|
||
|
||
* sd-stub gained support for the new ".ucode" PE section in UKIs, that
|
||
may contain CPU microcode data. When control is handed over to the
|
||
Linux kernel this data is prepended to the set of initrds passed.
|
||
|
||
systemd-run/run0:
|
||
|
||
* systemd-run is now a multi-call binary. When invoked as 'run0', it
|
||
provides as interface similar to 'sudo', with all arguments starting
|
||
at the first non-option parameter being treated the command to invoke
|
||
as root. Unlike 'sudo' and similar tools, it does not make use of
|
||
setuid binaries or other privilege escalation methods, but instead
|
||
runs the specified command as a transient unit, which is started by
|
||
the system service manager, so privileges are dropped, rather than
|
||
gained, thus implementing a much more robust and safe security
|
||
model. As usual, authorization is managed via Polkit.
|
||
|
||
* systemd-run/run0 will now tint the terminal background on supported
|
||
terminals: in a reddish tone when invoking a root service, in a
|
||
yellowish tone otherwise. This may be controlled and turned off via
|
||
the new --background= switch or the new $SYSTEMD_TINT_BACKGROUND
|
||
environment variable.
|
||
|
||
* systemd-run gained a new option '--ignore-failure' to suppress
|
||
command failures.
|
||
|
||
Command-line tools:
|
||
|
||
* 'systemctl edit --stdin' allows creation of unit files and drop-ins
|
||
with contents supplied via standard input. This is useful when creating
|
||
configuration programmatically; the tool takes care of figuring out
|
||
the file name, creating any directories, and reloading the manager
|
||
afterwards.
|
||
|
||
* 'systemctl disable --now' and 'systemctl mask --now' now work
|
||
correctly with template units.
|
||
|
||
* 'systemd-analyze architectures' lists known CPU architectures.
|
||
|
||
* 'systemd-analyze --json=…' is supported for 'architectures',
|
||
'capability', 'exit-status'.
|
||
|
||
* 'systemd-tmpfiles --purge' will purge (remove) all files and
|
||
directories created via tmpfiles.d configuration.
|
||
|
||
* systemd-id128 gained new options --no-pager, --no-legend, and
|
||
-j/--json=.
|
||
|
||
* hostnamectl gained '-j' as shortcut for '--json=pretty' or
|
||
'--json=short'.
|
||
|
||
* loginctl now supports -j/--json=.
|
||
|
||
* resolvectl now supports -j/--json= for --type=.
|
||
|
||
* systemd-tmpfiles gained a new option --dry-run to print what would be
|
||
done without actually taking action.
|
||
|
||
* varlinkctl gained a new --collect switch to collect all responses of
|
||
a method call that supports multiple replies and turns it into a
|
||
single JSON array.
|
||
|
||
* systemd-dissect gained a new --make-archive option to generate an
|
||
archive file (tar.gz and similar) from a disk image.
|
||
|
||
systemd-vmspawn:
|
||
|
||
* systemd-vmspawn gained a new --firmware= option to configure or list
|
||
firmware definitions for Qemu, a new --tpm= option to enable or
|
||
disable the use of a software TPM, a new --linux= option to specify a
|
||
kernel binary for direct kernel boot, a new --initrd= option to
|
||
specify an initrd for direct kernel boot, a new -D/--directory option
|
||
to use a plain directory as the root file system, a new
|
||
--private-users option similar to the one in systemd-nspawn, new
|
||
options --bind= and --bind-ro= to bind part of the host's file system
|
||
hierarchy into the guest, a new --extra-drive= option to attach
|
||
additional storage, and -n/--network-tap/--network-user-mode to
|
||
configure networking.
|
||
|
||
* A new systemd-vmspawn@.service can be used to launch systemd-vmspawn
|
||
as a service.
|
||
|
||
* systemd-vmspawn gained the new --console= and --background= switches
|
||
that control how to interact with the VM. As before, by default an
|
||
interactive terminal interface is provided, but now with a background
|
||
tinted with a greenish hue.
|
||
|
||
* systemd-vmspawn can now register its VMs with systemd-machined,
|
||
controlled via the --register= switch.
|
||
|
||
* machinectl's start command (and related) can now invoke images either
|
||
as containers via `systemd-nspawn` (switch is --runner=nspawn, the
|
||
default) or as VMs via `systemd-vmspawn` (switch is --runner=vmspawn,
|
||
or short -V).
|
||
|
||
* systemd-vmspawn now supports two switches --pass-ssh-key= and
|
||
--ssh-key-type= to optionally set up transient SSH keys to pass to the
|
||
invoked VMs in order to be able to SSH into them once booted.
|
||
|
||
* systemd-vmspawn will now enable various "HyperV enlightenments" and
|
||
the "VM Generation ID" on the VMs.
|
||
|
||
* A new environment variable $SYSTEMD_VMSPAWN_QEMU_EXTRA may carry
|
||
additional qemu command line options to pass to qemu.
|
||
|
||
* systemd-machined gained a new GetMachineSSHInfo() D-Bus method that is
|
||
used by systemd-vmspawn to fetch the information needed to ssh into the
|
||
machine.
|
||
|
||
* systemd-machined gained a new Varlink interface that is used by
|
||
systemd-vmspawn to register machines with additional information and
|
||
metadata.
|
||
|
||
systemd-repart:
|
||
|
||
* systemd-repart gained new options --generate-fstab= and
|
||
--generate-crypttab= to write out fstab and crypttab files matching the
|
||
generated partitions.
|
||
|
||
* systemd-repart gained a new option --private-key-source= to allow
|
||
using OpenSSL's "engines" or "providers" as the signing mechanism to
|
||
use when creating verity signature partitions.
|
||
|
||
* systemd-repart gained a new DefaultSubvolume= setting in repart.d/
|
||
drop-ins that allow configuring the default btrfs subvolume for newly
|
||
formatted btrfs file systems.
|
||
|
||
Libraries:
|
||
|
||
* libsystemd gained new call sd_bus_creds_new_from_pidfd() to get a
|
||
credentials object for a pidfd and sd_bus_creds_get_pidfd_dup() to
|
||
retrieve the pidfd from a credentials object.
|
||
|
||
* sd-bus' credentials logic will now also acquire peer's UNIX group
|
||
lists and peer's pidfd if supported and requested.
|
||
|
||
* RPM macro %_kernel_install_dir has been added with the path
|
||
to the directory for kernel-install plugins.
|
||
|
||
* The liblz4, libzstd, liblzma, libkmod, libgcrypt dependencies have
|
||
been changed from regular shared library dependencies into dlopen()
|
||
based ones.
|
||
|
||
Note that this means that those libraries might not be automatically
|
||
pulled in when ELF dependencies are resolved. In particular lack of
|
||
libkmod might cause problems with boot. This affects dracut <= 101,
|
||
see https://github.com/dracut-ng/dracut-ng/commit/04b362d713235459cf.
|
||
|
||
* systemd ELF binaries that use libraries via dlopen() are now built with
|
||
a new ELF header note section, following a new specification defined at
|
||
docs/ELF_DLOPEN_METADATA.md, that provides information about which
|
||
sonames are loaded and used if found at runtime. This allows tools and
|
||
packagers to programmatically discover the list of optional
|
||
dependencies used by all systemd ELF binaries. A parser with packaging
|
||
integration tools is available at
|
||
https://github.com/systemd/package-notes
|
||
|
||
* The sd-journal API gained a new call
|
||
sd_journal_stream_fd_with_namespace() which is just like
|
||
sd_journal_stream_fd() but creates a log stream targeted at a
|
||
specific log namespace.
|
||
|
||
* The sd-id128 API gained a new API call
|
||
sd_id128_get_invocation_app_specific() for acquiring an app-specific
|
||
ID that is derived from the service invocation ID.
|
||
|
||
* The sd-event API gained a new API call
|
||
sd_event_source_get_inotify_path() that returns the file system path
|
||
an inotify event source was created for.
|
||
|
||
systemd-cryptsetup/systemd-cryptenroll:
|
||
|
||
* The device node argument to systemd-cryptenroll is now optional. If
|
||
omitted it will be derived automatically from the backing block
|
||
device of /var/ (which quite likely is the same as the root file
|
||
system, hence effectively means if you don't specify things otherwise
|
||
the tool will now default to enrolling a key into the root file
|
||
system's LUKS device).
|
||
|
||
* systemd-cryptenroll can now enroll directly with a PKCS11 public key
|
||
(instead of a certificate).
|
||
|
||
* systemd-cryptsetup/systemd-cryptenroll now may lock a disk against a
|
||
PKCS#11 provided EC key (before it only supported RSA).
|
||
|
||
* systemd-cryptsetup gained support for crypttab option
|
||
link-volume-key= to link the volume key into the kernel keyring when
|
||
the volume is opened.
|
||
|
||
* systemd-cryptenroll will no longer enable Dictionary Attack
|
||
Protection (i.e. turn on NO_DA) for TPM enrollments that do not
|
||
involve a PIN. DA should not be necessary in that case (since key
|
||
entropy is high enough to make this unnecessary), but risks
|
||
accidental lock-out in case of unexpected PCR changes.
|
||
|
||
* systemd-cryptenroll now supports enrolling a new slot while unlocking
|
||
the old slot via TPM2 (previously unlocking only worked via password
|
||
or FIDO2).
|
||
|
||
Documentation:
|
||
|
||
* The remaining documentation that was on
|
||
https://freedesktop.org/wiki/Software/systemd/ has been moved to
|
||
https://systemd.io/.
|
||
|
||
* A new text describing the VM integration interfaces of systemd has
|
||
been added:
|
||
|
||
https://systemd.io/VM_INTERFACE
|
||
|
||
* The sd_notify() man page has gained examples with C and Python code
|
||
that shows how to implement the interface in those languages without
|
||
involving libsystemd.
|
||
|
||
systemd-homed, systemd-logind, systemd-userdbd:
|
||
|
||
* systemd-homed now supports unlocking of home directories when logging
|
||
in via SSH. Previously home directories needed to be unlocked before
|
||
an SSH login is attempted.
|
||
|
||
* JSON User Records have been extended with a separate public storage
|
||
area called "User Record Blob Directories". This is intended to store
|
||
the user's background image, avatar picture, and other similar items
|
||
which are too large to fit into the User Record itself.
|
||
|
||
systemd-homed, userdbctl, and homectl gained support for blob
|
||
directories. homectl gained --avatar= and --login-background= to
|
||
control two specific items of the blob directories.
|
||
|
||
* A new "additionalLanguages" field has been added to JSON user records
|
||
(as supported by systemd-homed and systemd-userdbd), which is closely
|
||
related to the pre-existing "preferredLanguage", and allows
|
||
specifying multiple additional languages for the user account. It is
|
||
used to initialize the $LANGUAGES environment variable when used.
|
||
|
||
* A new pair of "preferredSessionType" and "preferredSessionLauncher"
|
||
fields have been added to JSON user records, that may be used to
|
||
control which kind of desktop session to preferable activate on
|
||
logins of the user.
|
||
|
||
* homectl gained a new verb 'firstboot', and a new
|
||
systemd-homed-firstboot.service unit uses this verb to create users
|
||
in a first boot environment, either from system credentials or by
|
||
querying interactively.
|
||
|
||
* systemd-logind now supports a new "background-light" session class
|
||
which does not pull in the user@.service unit. This is intended in
|
||
particular for lighter weight per-user cron jobs which do require any
|
||
per-user service manager to be around.
|
||
|
||
* The per-user service manager will now be tracked as a distinct "manager"
|
||
session type among logind sessions of each user.
|
||
|
||
* homectl now supports an --offline mode, by which certain account
|
||
properties can be changed without unlocking the home directory.
|
||
|
||
* systemd-logind gained a new
|
||
org.freedesktop.login1.Manager.ListSessionsEx() method that provides
|
||
additional metadata compared to ListSessions(). loginctl makes use of
|
||
this to list additional fields in list-sessions.
|
||
|
||
* systemd-logind gained a new org.freedesktop.login1.Manager.Sleep()
|
||
method that automatically redirects to SuspendThenHibernate(),
|
||
Suspend(), HybridSleep(), or Hibernate(), depending on what is
|
||
supported and configured, a new configuration setting SleepOperation=,
|
||
and an accompanying helper method
|
||
org.freedesktop.login1.Manager.CanSleep() and property
|
||
org.freedesktop.login1.Manager.SleepOperation.
|
||
|
||
'systemctl sleep' calls the new method to automatically put the
|
||
machine to sleep in the most appropriate way.
|
||
|
||
Credential Management:
|
||
|
||
* systemd-creds now provides a Varlink IPC API for encrypting and
|
||
decrypting credentials.
|
||
|
||
* systemd-creds' "tpm2-absent" key selection has been renamed to
|
||
"null", since that's what it actually does: "encrypt" and "sign"
|
||
with a fixed null key. --with-key=null should only be used in very
|
||
specific cases, as it provides zero integrity or confidentiality
|
||
protections. (i.e. it's only safe to use as fallback in environments
|
||
lacking both a TPM and access to the root fs to use the host
|
||
encryption key, or when integrity is provided some other way.)
|
||
|
||
* systemd-creds gained a new switch --allow-null. If specified, the
|
||
"decrypt" verb will decode encrypted credentials that use the "null"
|
||
key (by default this is refused, since using the "null" key defeats
|
||
the authenticated encryption normally done).
|
||
|
||
Suspend & Hibernate:
|
||
|
||
* The sleep.conf configuration file gained a new MemorySleepMode=
|
||
setting for configuring the sleep mode in more detail.
|
||
|
||
* A tiny new service systemd-hibernate-clear.service has been added
|
||
which clears hibernation information from the HibernateLocation EFI
|
||
variable, in case the resume device is gone. Normally, this variable
|
||
is supposed to be cleaned up by the code that initiates the resume
|
||
from hibernation image. But when the device is missing and that code
|
||
doesn't run, this service will now do the necessary work, ensuring
|
||
that no outdated hibernation image information remains on subsequent
|
||
boots.
|
||
|
||
Unprivileged User Namespaces & Mounts:
|
||
|
||
* A small new service systemd-nsresourced.service has been added. It
|
||
provides a Varlink IPC API that assigns a free, transiently allocated
|
||
64K UID/GID range to an uninitialized user namespace a client
|
||
provides. It may be used to implement unprivileged container managers
|
||
and other programs that need dynamic user ID ranges. It also provides
|
||
interfaces to then delegate mount file descriptors, control groups
|
||
and network interfaces to user namespaces set up this way.
|
||
|
||
* A small new service systemd-mountfsd.service has been added. It
|
||
provides a Varlink IPC API for mounting DDI images, and returning a set
|
||
of mount file descriptors for it. If a user namespace fd is provided
|
||
as input, then the mounts are registered with the user namespace. To
|
||
ensure trust in the image it must provide Verity information (or
|
||
alternatively interactive polkit authentication is required).
|
||
|
||
* The systemd-dissect tool now can access DDIs fully unprivileged by
|
||
using systemd-nsresourced/systemd-mountfsd.
|
||
|
||
* If the service manager runs unprivileged (i.e. systemd --user) it now
|
||
supports RootImage= for accessing DDI images, also implemented via
|
||
the systemd-nsresourced/systemd-mountfsd.
|
||
|
||
* systemd-nspawn may now operate without privileges, if a suitable DDI
|
||
is provided via --image=, again implemented via
|
||
systemd-nsresourced/systemd-mountfsd.
|
||
|
||
Other:
|
||
|
||
* timedatectl and machinectl gained option '-P', an alias for
|
||
'--value --property=…'.
|
||
|
||
* Various tools that pretty-print config files will now highlight
|
||
configuration directives.
|
||
|
||
* varlinkctl gained support for the "ssh:" transport. This requires
|
||
OpenSSH 9.4 or newer.
|
||
|
||
* systemd-sysext gained support for enabling system extensions in
|
||
mutable fashion, where a writeable upperdir is stored under
|
||
/var/lib/extensions.mutable/, and a new --mutable= option to
|
||
configure this behaviour. An "ephemeral" mode is not also supported
|
||
where the mutable layer is configured to be a tmpfs that is
|
||
automatically released when the system extensions are reattached.
|
||
|
||
* Coredumps are now retained for two weeks by default (instead of three
|
||
days, as before).
|
||
|
||
* portablectl --copy= parameter gained a new 'mixed' argument, that will
|
||
result in resources owned by the OS (e.g.: portable profiles) to be linked
|
||
but resources owned by the portable image (e.g.: the unit files and the
|
||
images themselves) to be copied.
|
||
|
||
* systemd will now register MIME types for various of its file types
|
||
(e.g. journal files, DDIs, encrypted credentials …) via the XDG
|
||
shared-mime-info infrastructure. (Files of these types will thus be
|
||
recognized as their own thing in desktop file managers such as GNOME
|
||
Files.)
|
||
|
||
* systemd-dissect will now show the detected sector size of a given DDI
|
||
in its default output.
|
||
|
||
* systemd-portabled now generates recognizable structured log messages
|
||
whenever a portable service is attached or detached.
|
||
|
||
* Verity signature checking in userspace (i.e. checking against
|
||
/etc/verity.d/ keys) when activating DDIs can now be turned on/off
|
||
via a kernel command line option systemd.allow_userspace_verity= and
|
||
an environment variable SYSTEMD_ALLOW_USERSPACE_VERITY=.
|
||
|
||
* ext4/xfs file system quota handling has been reworked, so that
|
||
quotacheck and quotaon are now invoked as per-file-system templated
|
||
services (as opposed to single system-wide singletons), similar in
|
||
style to the fsck, growfs, pcrfs logic. This means file systems with
|
||
quota enabled can now be reasonably enabled at runtime of the system,
|
||
not just at boot.
|
||
|
||
* "systemd-analyze dot" will now also show BindsTo= dependencies.
|
||
|
||
* systemd-debug-generator gained the ability add in arbitrary units
|
||
based on them being passed in via system credentials.
|
||
|
||
* A new kernel command-line option systemd.default_debug_tty= can be
|
||
used to specify the TTY for the debug shell, independently of
|
||
enabling or disabling it.
|
||
|
||
* portablectl gained a new --clean switch that clears a portable
|
||
service's data (cache, logs, state, runtime, fdstore) when detaching
|
||
it.
|
||
|
||
Contributions from: A S Alam, AKHIL KUMAR,
|
||
Abraham Samuel Adekunle, Adrian Vovk, Adrian Wannenmacher,
|
||
Alan Liang, Alberto Planas, Alexander Zavyalov, Anders Jonsson,
|
||
Andika Triwidada, Andres Beltran, Andrew Sayers,
|
||
Antonio Alvarez Feijoo, Arian van Putten, Arthur Zamarin,
|
||
Artur Pak, AtariDreams, Benjamin Franzke, Bernhard M. Wiedemann,
|
||
Black-Hole1, Bryan Jacobs, Burak Gerz, Carlos Garnacho,
|
||
Chandra Pratap, Chris Hofstaedtler, Chris Packham, Chris Simons,
|
||
Christian Göttsche, Christian Wesselhoeft, Clayton Craft,
|
||
Colin Geniet, Colin Walters, Colin Watson, Costa Tsaousis,
|
||
Cristian Rodríguez, Daan De Meyer, Damien Challet, Dan Streetman,
|
||
Daniel Winzen, Daniele Medri, David Seifert, David Tardon,
|
||
David Venhoek, Diego Viola, Dionna Amalie Glaze,
|
||
Dmitry Konishchev, Dmitry V. Levin, Edson Juliano Drosdeck,
|
||
Eisuke Kawashima, Eli Schwartz, Emanuele Giuseppe Esposito,
|
||
Eric Daigle, Evgeny Vereshchagin, Felix Riemann,
|
||
Fernando Fernandez Mancera, Florian Fainelli, Florian Schmaus,
|
||
Franck Bui, Frantisek Sumsal, Friedrich Altheide,
|
||
Gabríel Arthúr Pétursson, Gaël Donval, Georges Basile Stavracas Neto,
|
||
Gerd Hoffmann, GNOME Foundation, Guido Leenders,
|
||
Guilhem Lettron, Göran Uddeborg, Hans de Goede, Harald Brinkmann,
|
||
Heinrich Schuchardt, Helmut Grohne, Henry Li, Heran Yang,
|
||
Holger Assmann, Ivan Kruglov, Ivan Shapovalov, Jakub Sitnicki,
|
||
James Muir, Jan Engelhardt, Jan Macku, Jarne Förster, Jeff King,
|
||
Jian-Hong Pan, JmbFountain, Joakim Nohlgård, Jonathan Conder,
|
||
Julius Alexandre, Jörg Behrmann, Kai Lueke, Kamil Szczęk,
|
||
KayJay7, Keian, Kirk, Kristian Klausen, Krzesimir Nowak,
|
||
Lain "Fearyncess" Yang, Lars Ellenberg, Lennart Poettering,
|
||
Leonard, Luca Boccassi, Lucas Salles, Ludwig Nussel,
|
||
Lukáš Nykrýn, Luna Jernberg, Luxiter, Maanya Goenka,
|
||
Maciej S. Szmigiero, Mariano Giménez, Markus Merklinger,
|
||
Martin Ivicic, Martin Srebotnjak, Martin Trigaux, Martin Wilck,
|
||
Mathias Lang, Matt Layher, Matt Muggeridge, Matteo Croce,
|
||
Matthias Lisin, Max Gautier, Max Staudt, MaxHearnden,
|
||
Michael Biebl, Michal Koutný, Michal Sekletár, Michał Kopeć,
|
||
Mike Gilbert, Mike Yuan, Mikko Ylinen, MkfsSion, Moritz Sanft,
|
||
MrSmör, Nandakumar Raghavan, Nicholas Little, Nick Cao,
|
||
Nick Rosbrook, Nicolas Bouchinet, Norbert Lange,
|
||
Ole Peder Brandtzæg, Ondrej Kozina, Oğuz Ersen,
|
||
Pablo Méndez Hernández, Pierre GRASSER, Piotr Drąg, QuonXF,
|
||
Radoslav Kolev, Rafaël Kooi, Raito Bezarius, Rasmus Villemoes,
|
||
Reid Wahl, Renjaya Raga Zenta, Richard Maw, Roland Hieber,
|
||
Ronan Pigott, Rose, Ross Burton, Saliba-san, Sam Leonard,
|
||
Samuel BF, Sarvajith Adyanthaya, Scrambled 777,
|
||
Sebastian Pucilowski, Sergei Zhmylev, Sergey A, Shulhan,
|
||
SidhuRupinder, Simon Fowler, Skia, Sludge, Stuart Hayhurst,
|
||
Susant Sahani, Takashi Sakamoto, Temuri Doghonadze, Thayne McCombs,
|
||
Thilo Fromm, Thomas Blume, Tiago Rocha Cunha, Timo Rothenpieler,
|
||
TobiPeterG, Tobias Fleig, Tomáš Pecka, Topi Miettinen,
|
||
Tycho Andersen, Unique-Usman, Usman Akinyemi, Vasiliy Kovalev,
|
||
Vasiliy Stelmachenok, Victor Berchet, Vishal Chillara Srinivas,
|
||
Vitaly Kuznetsov, Vito Caputo, Vladimir Stoiakin, Werner Sembach,
|
||
Will Springer, Winterhuman, Xiaotian Wu, Yu Watanabe,
|
||
Yuri Chornoivan, Zbigniew Jędrzejewski-Szmek, Zmyeir, anphir,
|
||
aslepykh, chenjiayi, cpackham-atlnz, cunshunxia, djantti, drewbug,
|
||
hanjinpeng, hfavisado, hulkoba, hydrargyrum, ksaleem, mburucuyapy,
|
||
medusalix, mille-feuille, mkubiak, mooo, msizanoen, networkException,
|
||
nl6720, r-vdp, runiq, sam-leonard-ct, samuelvw01, sharad3001, spdfnet,
|
||
sushmbha, wangyuhang, zeroskyx, zzywysm, İ. Ensar Gülşen,
|
||
Łukasz Stelmach, Štěpán Němec, 我超厉害, 김인수
|
||
|
||
— Edinburgh, 2024-06-11
|
||
|
||
CHANGES WITH 255:
|
||
|
||
Announcements of Future Feature Removals and Incompatible Changes:
|
||
|
||
* Support for split-usr (/usr/ mounted separately during late boot,
|
||
instead of being mounted by the initrd before switching to the rootfs)
|
||
and unmerged-usr (parallel directories /bin/ and /usr/bin/, /lib/ and
|
||
/usr/lib/, …) has been removed. For more details, see:
|
||
https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html
|
||
|
||
* We intend to remove cgroup v1 support from a systemd release after
|
||
the end of 2023. If you run services that make explicit use of
|
||
cgroup v1 features (i.e. the "legacy hierarchy" with separate
|
||
hierarchies for each controller), please implement compatibility with
|
||
cgroup v2 (i.e. the "unified hierarchy") sooner rather than later.
|
||
Most of Linux userspace has been ported over already.
|
||
|
||
* Support for System V service scripts is now deprecated and will be
|
||
removed in a future release. Please make sure to update your software
|
||
*now* to include a native systemd unit file instead of a legacy
|
||
System V script to retain compatibility with future systemd releases.
|
||
|
||
* Support for the SystemdOptions EFI variable is deprecated.
|
||
'bootctl systemd-efi-options' will emit a warning when used. It seems
|
||
that this feature is little-used and it is better to use alternative
|
||
approaches like credentials and confexts. The plan is to drop support
|
||
altogether at a later point, but this might be revisited based on
|
||
user feedback.
|
||
|
||
* systemd-run's switch --expand-environment= which currently is disabled
|
||
by default when combined with --scope, will be changed in a future
|
||
release to be enabled by default.
|
||
|
||
* "systemctl switch-root" is now restricted to initrd transitions only.
|
||
|
||
Transitions between real systems should be done with
|
||
"systemctl soft-reboot" instead.
|
||
|
||
* The "ip=off" and "ip=none" kernel command line options interpreted by
|
||
systemd-network-generator will now result in IPv6RA + link-local
|
||
addressing being disabled, too. Previously DHCP was turned off, but
|
||
IPv6RA and IPv6 link-local addressing was left enabled.
|
||
|
||
* The NAMING_BRIDGE_MULTIFUNCTION_SLOT naming scheme has been deprecated
|
||
and is now disabled.
|
||
|
||
* SuspendMode=, HibernateState= and HybridSleepState= in the [Sleep]
|
||
section of systemd-sleep.conf are now deprecated and have no effect.
|
||
They did not (and could not) take any value other than the respective
|
||
default. HybridSleepMode= is also deprecated, and will now always use
|
||
the 'suspend' disk mode.
|
||
|
||
Service Manager:
|
||
|
||
* The way services are spawned has been overhauled. Previously, a
|
||
process was forked that shared all of the manager's memory (via
|
||
copy-on-write) while doing all the required setup (e.g.: mount
|
||
namespaces, CGroup configuration, etc.) before exec'ing the target
|
||
executable. This was problematic for various reasons: several glibc
|
||
APIs were called that are not supposed to be used after a fork but
|
||
before an exec, copy-on-write meant that if either process (the
|
||
manager or the child) touched a memory page a copy was triggered, and
|
||
also the memory footprint of the child process was that of the
|
||
manager, but with the memory limits of the service. From this version
|
||
onward, the new process is spawned using CLONE_VM and CLONE_VFORK
|
||
semantics via posix_spawn(3), and it immediately execs a new internal
|
||
binary, systemd-executor, that receives the configuration to apply
|
||
via memfd, and sets up the process before exec'ing the target
|
||
executable. The systemd-executor binary is pinned by file descriptor
|
||
by each manager instance (system and users), and the reference is
|
||
updated on daemon-reexec - it is thus important to reexec all running
|
||
manager instances when the systemd-executor and/or libsystemd*
|
||
libraries are updated on the filesystem.
|
||
|
||
* Most of the internal process tracking is being changed to use PIDFDs
|
||
instead of PIDs when the kernel supports it, to improve robustness
|
||
and reliability.
|
||
|
||
* A new option SurviveFinalKillSignal= can be used to configure the
|
||
unit to be skipped in the final SIGTERM/SIGKILL spree on shutdown.
|
||
This is part of the required configuration to let a unit's processes
|
||
survive a soft-reboot operation.
|
||
|
||
* System extension images (sysext) can now set
|
||
EXTENSION_RELOAD_MANAGER=1 in their extension-release files to
|
||
automatically reload the service manager (PID 1) when
|
||
merging/refreshing/unmerging on boot. Generally, while this can be
|
||
used to ship services in system extension images it's recommended to
|
||
do that via portable services instead.
|
||
|
||
* The ExtensionImages= and ExtensionDirectories= options now support
|
||
confexts images/directories.
|
||
|
||
* A new option NFTSet= provides a method for integrating dynamic cgroup
|
||
IDs into firewall rules with NFT sets. The benefit of using this
|
||
setting is to be able to use control group as a selector in firewall
|
||
rules easily and this in turn allows more fine grained filtering.
|
||
Also, NFT rules for cgroup matching use numeric cgroup IDs, which
|
||
change every time a service is restarted, making them hard to use in
|
||
systemd environment.
|
||
|
||
* A new option CoredumpReceive= can be set for service and scope units,
|
||
together with Delegate=yes, to make systemd-coredump on the host
|
||
forward core files from processes crashing inside the delegated
|
||
CGroup subtree to systemd-coredump running in the container. This new
|
||
option is by default used by systemd-nspawn containers that use the
|
||
"--boot" switch.
|
||
|
||
* A new ConditionSecurity=measured-uki option is now available, to ensure
|
||
a unit can only run when the system has been booted from a measured UKI.
|
||
|
||
* MemoryAvailable= now considers physical memory if there are no CGroup
|
||
memory limits set anywhere in the tree.
|
||
|
||
* The $USER environment variable is now always set for services, while
|
||
previously it was only set if User= was specified. A new option
|
||
SetLoginEnvironment= is now supported to determine whether to also set
|
||
$HOME, $LOGNAME, and $SHELL.
|
||
|
||
* Socket units now support a new pair of
|
||
PollLimitBurst=/PollLimitInterval= options to configure a limit on
|
||
how often polling events on the file descriptors backing this unit
|
||
will be considered within a time window.
|
||
|
||
* Scope units can now be created using PIDFDs instead of PIDs to select
|
||
the processes they should include.
|
||
|
||
* Sending SIGRTMIN+18 with 0x500 as sigqueue() value will now cause the
|
||
manager to dump the list of currently pending jobs.
|
||
|
||
* If the kernel supports MOVE_MOUNT_BENEATH, the systemctl and
|
||
machinectl bind and mount-image verbs will now cause the new mount to
|
||
replace the old mount (if any), instead of overmounting it.
|
||
|
||
* Units now have MemoryPeak, MemorySwapPeak, MemorySwapCurrent and
|
||
MemoryZSwapCurrent properties, which respectively contain the values
|
||
of the cgroup v2's memory.peak, memory.swap.peak, memory.swap.current
|
||
and memory.zswap.current properties. This information is also shown in
|
||
"systemctl status" output, if available.
|
||
|
||
TPM2 Support + Disk Encryption & Authentication:
|
||
|
||
* systemd-cryptenroll now allows specifying a PCR bank and explicit hash
|
||
value in the --tpm2-pcrs= option.
|
||
|
||
* systemd-cryptenroll now allows specifying a TPM2 key handle (nv
|
||
index) to be used instead of the default SRK via the new
|
||
--tpm2-seal-key-handle= option.
|
||
|
||
* systemd-cryptenroll now allows TPM2 enrollment using only a TPM2
|
||
public key (in TPM2B_PUBLIC format) – without access to the TPM2
|
||
device itself – which enables offline sealing of LUKS images for a
|
||
specific TPM2 chip, as long as the SRK public key is known. Pass the
|
||
public to the tool via the new --tpm2-device-key= switch.
|
||
|
||
* systemd-cryptsetup is now installed in /usr/bin/ and is no longer an
|
||
internal-only executable.
|
||
|
||
* The TPM2 Storage Root Key will now be set up, if not already present,
|
||
by a new systemd-tpm2-setup.service early boot service. The SRK will
|
||
be stored in PEM format and TPM2_PUBLIC format (the latter is useful
|
||
for systemd-cryptenroll --tpm2-device-key=, as mentioned above) for
|
||
easier access. A new "srk" verb has been added to systemd-analyze to
|
||
allow extracting it on demand if it is already set up.
|
||
|
||
* The internal systemd-pcrphase executable has been renamed to
|
||
systemd-pcrextend.
|
||
|
||
* The systemd-pcrextend tool gained a new --pcr= switch to override
|
||
which PCR to measure into.
|
||
|
||
* systemd-pcrextend now exposes a Varlink interface at
|
||
io.systemd.PCRExtend that can be used to do measurements and event
|
||
logging on demand.
|
||
|
||
* TPM measurements are now also written to an event log at
|
||
/run/log/systemd/tpm2-measure.log, using a derivative of the TCG
|
||
Canonical Event Log format. Previously we'd only log them to the
|
||
journal, where they however were subject to rotation and similar.
|
||
|
||
* A new component "systemd-pcrlock" has been added that allows managing
|
||
local TPM2 PCR policies for PCRs 0-7 and similar, which are hard to
|
||
predict by the OS vendor because of the inherently local nature of
|
||
what measurements they contain, such as firmware versions of the
|
||
system and extension cards and suchlike. pcrlock can predict PCR
|
||
measurements ahead of time based on various inputs, such as the local
|
||
TPM2 event log, GPT partition tables, PE binaries, UKI kernels, and
|
||
various other things. It can then pre-calculate a TPM2 policy from
|
||
this, which it stores in an TPM2 NV index. TPM2 objects (such as disk
|
||
encryption keys) can be locked against this NV index, so that they
|
||
are locked against a specific combination of system firmware and
|
||
state. Alternatives for each component are supported to allowlist
|
||
multiple kernel versions or boot loader version simultaneously
|
||
without losing access to the disk encryption keys. The tool can also
|
||
be used to analyze and validate the local TPM2 event log.
|
||
systemd-cryptsetup, systemd-cryptenroll, systemd-repart have all been
|
||
updated to support such policies. There's currently no support for
|
||
locking the system's root disk against a pcrlock policy, this will be
|
||
added soon. Moreover, it is currently not possible to combine a
|
||
pcrlock policy with a signed PCR policy. This component is
|
||
experimental and its public interface is subject to change.
|
||
|
||
systemd-boot, systemd-stub, ukify, bootctl, kernel-install:
|
||
|
||
* bootctl will now show whether the system was booted from a UKI in its
|
||
status output.
|
||
|
||
* systemd-boot and systemd-stub now use different project keys in their
|
||
respective SBAT sections, so that they can be revoked individually if
|
||
needed.
|
||
|
||
* systemd-boot will no longer load unverified Devicetree blobs when UEFI
|
||
SecureBoot is enabled. For more details see:
|
||
https://github.com/systemd/systemd/security/advisories/GHSA-6m6p-rjcq-334c
|
||
|
||
* systemd-boot gained new hotkeys to reboot and power off the system
|
||
from the boot menu ("B" and "O"). If the "auto-poweroff" and
|
||
"auto-reboot" options in loader.conf are set these entries are also
|
||
shown as menu items (which is useful on devices lacking a regular
|
||
keyboard).
|
||
|
||
* systemd-boot gained a new configuration value "menu-disabled" for the
|
||
set-timeout option, to allow completely disabling the boot menu,
|
||
including the hotkey.
|
||
|
||
* systemd-boot will now measure the content of loader.conf in TPM2
|
||
PCR 5.
|
||
|
||
* systemd-stub will now concatenate the content of all kernel
|
||
command-line addons before measuring them in TPM2 PCR 12, in a single
|
||
measurement, instead of measuring them individually.
|
||
|
||
* systemd-stub will now measure and load Devicetree Blob addons, which
|
||
are searched and loaded following the same model as the existing
|
||
kernel command-line addons.
|
||
|
||
* systemd-stub will now ignore unauthenticated kernel command line options
|
||
passed from systemd-boot when running inside Confidential VMs with UEFI
|
||
SecureBoot enabled.
|
||
|
||
* systemd-stub will now load a Devicetree blob even if the firmware did
|
||
not load any beforehand (e.g.: for ACPI systems).
|
||
|
||
* ukify is no longer considered experimental, and now ships in /usr/bin/.
|
||
|
||
* ukify gained a new verb inspect to describe the sections of a UKI and
|
||
print the contents of the well-known sections.
|
||
|
||
* ukify gained a new verb genkey to generate a set of key pairs for
|
||
signing UKIs and their PCR data.
|
||
|
||
* The 90-loaderentry kernel-install hook now supports installing device
|
||
trees.
|
||
|
||
* kernel-install now supports the --json=, --root=, --image=, and
|
||
--image-policy= options for the inspect verb.
|
||
|
||
* kernel-install now supports new list and add-all verbs. The former
|
||
lists all installed kernel images (if those are available in
|
||
/usr/lib/modules/). The latter will install all the kernels it can
|
||
find to the ESP.
|
||
|
||
systemd-repart:
|
||
|
||
* A new option --copy-from= has been added that synthesizes partition
|
||
definitions from the given image, which are then applied by the
|
||
systemd-repart algorithm.
|
||
|
||
* A new option --copy-source= has been added, which can be used to specify
|
||
a directory to which CopyFiles= is considered relative to.
|
||
|
||
* New --make-ddi=confext, --make-ddi=sysext, and --make-ddi=portable
|
||
options have been added to make it easier to generate these types of
|
||
DDIs, without having to provide repart.d definitions for them.
|
||
|
||
* The dm-verity salt and UUID will now be derived from the specified
|
||
seed value.
|
||
|
||
* New VerityDataBlockSizeBytes= and VerityHashBlockSizeBytes= can now be
|
||
configured in repart.d/ configuration files.
|
||
|
||
* A new Subvolumes= setting is now supported in repart.d/ configuration
|
||
files, to indicate which directories in the target partition should be
|
||
btrfs subvolumes.
|
||
|
||
* A new --tpm2-device-key= option can be used to lock a disk against a
|
||
specific TPM2 public key. This matches the same switch the
|
||
systemd-cryptenroll tool now supports (see above).
|
||
|
||
Journal:
|
||
|
||
* The journalctl --lines= parameter now accepts +N to show the oldest N
|
||
entries instead of the newest.
|
||
|
||
* journald now ensures that sealing happens once per epoch, and sets a
|
||
new compatibility flag to distinguish old journal files that were
|
||
created before this change, for backward compatibility.
|
||
|
||
Device Management:
|
||
|
||
* udev will now create symlinks to loopback block devices in the
|
||
/dev/disk/by-loop-ref/ directory that are based on the .lo_file_name
|
||
string field selected during allocation. The systemd-dissect tool and
|
||
the util-linux losetup command now supports a complementing new switch
|
||
--loop-ref= for selecting the string. This means a loopback block
|
||
device may now be allocated under a caller-chosen reference and can
|
||
subsequently be referenced without first having to look up the block
|
||
device name the caller ended up with.
|
||
|
||
* udev also creates symlinks to loopback block devices in the
|
||
/dev/disk/by-loop-inode/ directory based on the .st_dev/st_ino fields
|
||
of the inode attached to the loopback block device. This means that
|
||
attaching a file to a loopback device will implicitly make a handle
|
||
available to be found via that file's inode information.
|
||
|
||
* udevadm info gained support for JSON output via a new --json= flag, and
|
||
for filtering output using the same mechanism that udevadm trigger
|
||
already implements.
|
||
|
||
* The predictable network interface naming logic is extended to include
|
||
the SR-IOV-R "representor" information in network interface names.
|
||
This feature was intended for v254, but even though the code was
|
||
merged, the part that actually enabled the feature was forgotten.
|
||
It is now enabled by default and is part of the new "v255" naming
|
||
scheme.
|
||
|
||
* A new hwdb/rules file has been added that sets the
|
||
ID_NET_AUTO_LINK_LOCAL_ONLY=1 udev property on all network interfaces
|
||
that should usually only be configured with link-local addressing
|
||
(IPv4LL + IPv6LL), i.e. for PC-to-PC cables ("laplink") or
|
||
Thunderbolt networking. systemd-networkd and NetworkManager (soon)
|
||
will make use of this information to apply an appropriate network
|
||
configuration by default.
|
||
|
||
* The ID_NET_DRIVER property on network interfaces is now set
|
||
relatively early in the udev rule set so that other rules may rely on
|
||
its use. This is implemented in a new "net-driver" udev built-in.
|
||
|
||
Network Management:
|
||
|
||
* The "duid-only" option for DHCPv4 client's ClientIdentifier= setting
|
||
is now dropped, as it never worked, hence it should not be used by
|
||
anyone.
|
||
|
||
* The 'prefixstable' ipv6 address generation mode now considers the SSID
|
||
when generating stable addresses, so that a different stable address
|
||
is used when roaming between wireless networks. If you already use
|
||
'prefixstable' addresses with wireless networks, the stable address
|
||
will be changed by the update.
|
||
|
||
* The DHCPv4 client gained a RapidCommit option, true by default, which
|
||
enables RFC4039 Rapid Commit behavior to obtain a lease in a
|
||
simplified 2-message exchange instead of the typical 4-message
|
||
exchange, if also supported by the DHCP server.
|
||
|
||
* The DHCPv4 client gained new InitialCongestionWindow= and
|
||
InitialAdvertisedReceiveWindow= options for route configurations.
|
||
|
||
* The DHCPv4 client gained a new RequestAddress= option that allows
|
||
to send a preferred IP address in the initial DHCPDISCOVER message.
|
||
|
||
* The DHCPv4 server and client gained support for IPv6-only mode
|
||
(RFC8925).
|
||
|
||
* The SendHostname= and Hostname= options are now available for the
|
||
DHCPv6 client, independently of the DHCPv4= option, so that these
|
||
configuration values can be set independently for each client.
|
||
|
||
* The DHCPv4 and DHCPv6 client state can now be queried via D-Bus,
|
||
including lease information.
|
||
|
||
* The DHCPv6 client can now be configured to use a custom DUID type.
|
||
|
||
* .network files gained a new IPv4ReversePathFilter= setting in the
|
||
[Network] section, to control sysctl's rp_filter setting.
|
||
|
||
* .network files gaiend a new HopLimit= setting in the [Route] section,
|
||
to configure a per-route hop limit.
|
||
|
||
* .network files gained a new TCPRetransmissionTimeoutSec= setting in
|
||
the [Route] section, to configure a per-route TCP retransmission
|
||
timeout.
|
||
|
||
* A new directive NFTSet= provides a method for integrating network
|
||
configuration into firewall rules with NFT sets. The benefit of using
|
||
this setting is that static network configuration or dynamically
|
||
obtained network addresses can be used in firewall rules with the
|
||
indirection of NFT set types.
|
||
|
||
* The [IPv6AcceptRA] section supports the following new options:
|
||
UsePREF64=, UseHopLimit=, UseICMP6RateLimit=, and NFTSet=.
|
||
|
||
* The [IPv6SendRA] section supports the following new options:
|
||
RetransmitSec=, HopLimit=, HomeAgent=, HomeAgentLifetimeSec=, and
|
||
HomeAgentPreference=.
|
||
|
||
* A new [IPv6PREF64Prefix] set of options, containing Prefix= and
|
||
LifetimeSec=, has been introduced to append pref64 options in router
|
||
advertisements (RFC8781).
|
||
|
||
* The network generator now configures the interfaces with only
|
||
link-local addressing if "ip=link-local" is specified on the kernel
|
||
command line.
|
||
|
||
* The prefix of the configuration files generated by the network
|
||
generator from the kernel command line is now prefixed with '70-',
|
||
to make them have higher precedence over the default configuration
|
||
files.
|
||
|
||
* Added a new -Ddefault-network=BOOL meson option, that causes more
|
||
.network files to be installed as enabled by default. These configuration
|
||
files will which match generic setups, e.g. 89-ethernet.network matches
|
||
all Ethernet interfaces and enables both DHCPv4 and DHCPv6 clients.
|
||
|
||
* If a ID_NET_MANAGED_BY= udev property is set on a network device and
|
||
it is any other string than "io.systemd.Network" then networkd will
|
||
not manage this device. This may be used to allow multiple network
|
||
management services to run in parallel and assign ownership of
|
||
specific devices explicitly. NetworkManager will soon implement a
|
||
similar logic.
|
||
|
||
systemctl:
|
||
|
||
* systemctl is-failed now checks the system state if no unit is
|
||
specified.
|
||
|
||
* systemctl will now automatically soft-reboot if a new root file system
|
||
is found under /run/nextroot/ when a reboot operation is invoked.
|
||
|
||
Login management:
|
||
|
||
* Wall messages now work even when utmp support is disabled, using
|
||
systemd-logind to query the necessary information.
|
||
|
||
* systemd-logind now sends a new PrepareForShutdownWithMetadata D-Bus
|
||
signal before shutdown/reboot/soft-reboot that includes additional
|
||
information compared to the PrepareForShutdown signal. Currently the
|
||
additional information is the type of operation that is about to be
|
||
executed.
|
||
|
||
Hibernation & Suspend:
|
||
|
||
* The kernel and OS versions will no longer be checked on resume from
|
||
hibernation.
|
||
|
||
* Hibernation into swap files backed by btrfs are now
|
||
supported. (Previously this was supported only for other file
|
||
systems.)
|
||
|
||
Other:
|
||
|
||
* A new systemd-vmspawn tool has been added, that aims to provide for VMs
|
||
the same interfaces and functionality that systemd-nspawn provides for
|
||
containers. For now it supports QEMU as a backend, and exposes some of
|
||
its options to the user. This component is experimental and its public
|
||
interface is subject to change.
|
||
|
||
* "systemd-analyze plot" has gained tooltips on each unit name with
|
||
related-unit information in its svg output, such as Before=,
|
||
Requires=, and similar properties.
|
||
|
||
* A new varlinkctl tool has been added to allow interfacing with
|
||
Varlink services, and introspection has been added to all such
|
||
services. This component is experimental and its public interface is
|
||
subject to change.
|
||
|
||
* systemd-sysext and systemd-confext now expose a Varlink service
|
||
at io.systemd.sysext.
|
||
|
||
* portable services now accept confexts as extensions.
|
||
|
||
* systemd-sysupdate now accepts directories in the MatchPattern= option.
|
||
|
||
* systemd-run will now output the invocation ID of the launched
|
||
transient unit and its peak memory usage.
|
||
|
||
* systemd-analyze, systemd-tmpfiles, systemd-sysusers, systemd-sysctl,
|
||
and systemd-binfmt gained a new --tldr option that can be used instead
|
||
of --cat-config to suppress uninteresting configuration lines, such as
|
||
comments and whitespace.
|
||
|
||
* resolvectl gained a new "show-server-state" command that shows
|
||
current statistics of the resolver. This is backed by a new
|
||
DumpStatistics() Varlink method provided by systemd-resolved.
|
||
|
||
* systemd-timesyncd will now emit a D-Bus signal when the LinkNTPServers
|
||
property changes.
|
||
|
||
* vconsole now supports KEYMAP=@kernel for preserving the kernel keymap
|
||
as-is.
|
||
|
||
* seccomp now supports the LoongArch64 architecture.
|
||
|
||
* seccomp may now be enabled for services running as a non-root User=
|
||
without NoNewPrivileges=yes.
|
||
|
||
* systemd-id128 now supports a new -P option to show only values. The
|
||
combination of -P and --app options is also supported.
|
||
|
||
* A new pam_systemd_loadkey.so PAM module is now available, which will
|
||
automatically fetch the passphrase used by cryptsetup to unlock the
|
||
root file system and set it as the PAM authtok. This enables, among
|
||
other things, configuring auto-unlock of the GNOME Keyring / KDE
|
||
Wallet when autologin is configured.
|
||
|
||
* Many meson options now use the 'feature' type, which means they
|
||
take enabled/disabled/auto as values.
|
||
|
||
* A new meson option -Dconfigfiledir= can be used to change where
|
||
configuration files with default values are installed to.
|
||
|
||
* Options and verbs in man pages are now tagged with the version they
|
||
were first introduced in.
|
||
|
||
* A new component "systemd-storagetm" has been added, which exposes all
|
||
local block devices as NVMe-TCP devices, fully automatically. It's
|
||
hooked into a new target unit storage-target-mode.target that is
|
||
suppsoed to be booted into via
|
||
rd.systemd.unit=storage-target-mode.target on the kernel command
|
||
line. This is intended to be used for installers and debugging to
|
||
quickly get access to the local disk. It's inspired by MacOS "target
|
||
disk mode". This component is experimental and its public interface is
|
||
subject to change.
|
||
|
||
* A new component "systemd-bsod" has been added, which can show logged
|
||
error messages full screen, if they have a log level of LOG_EMERG log
|
||
level. This component is experimental and its public interface is
|
||
subject to change.
|
||
|
||
* The systemd-dissect tool's --with command will now set the
|
||
$SYSTEMD_DISSECT_DEVICE environment variable to the block device it
|
||
operates on for the invoked process.
|
||
|
||
* The systemd-mount tool gained a new --tmpfs switch for mounting a new
|
||
'tmpfs' instance. This is useful since it does so via .mount units
|
||
and thus can be executed remotely or in containers.
|
||
|
||
* The various tools in systemd that take "verbs" (such as systemctl,
|
||
loginctl, machinectl, …) now will suggest a close verb name in case
|
||
the user specified an unrecognized one.
|
||
|
||
* libsystemd now exports a new function sd_id128_get_app_specific()
|
||
that generates "app-specific" 128bit IDs from any ID. It's similar to
|
||
sd_id128_get_machine_app_specific() and
|
||
sd_id128_get_boot_app_specific() but takes the ID to base calculation
|
||
on as input. This new functionality is also exposed in the
|
||
"systemd-id128" tool where you can now combine --app= with `show`.
|
||
|
||
* All tools that parse timestamps now can also parse RFC3339 style
|
||
timestamps that include the "T" and Z" characters.
|
||
|
||
* New documentation has been added:
|
||
|
||
https://systemd.io/FILE_DESCRIPTOR_STORE
|
||
https://systemd.io/TPM2_PCR_MEASUREMENTS
|
||
https://systemd.io/MOUNT_REQUIREMENTS
|
||
|
||
* The codebase now recognizes the suffix .confext.raw and .sysext.raw
|
||
as alternative to the .raw suffix generally accepted for DDIs. It is
|
||
recommended to name configuration extensions and system extensions
|
||
with such suffixes, to indicate their purpose in the name.
|
||
|
||
* The sd-device API gained a new function
|
||
sd_device_enumerator_add_match_property_required() which allows
|
||
configuring matches on properties that are strictly required. This is
|
||
different from the existing sd_device_enumerator_add_match_property()
|
||
matches of which one needs to apply.
|
||
|
||
* The MAC address the veth side of an nspawn container shall get
|
||
assigned may now be controlled via the $SYSTEMD_NSPAWN_NETWORK_MAC
|
||
environment variable.
|
||
|
||
* The libiptc dependency is now implemented via dlopen(), so that tools
|
||
such as networkd and nspawn no longer have a hard dependency on the
|
||
shared library when compiled with support for libiptc.
|
||
|
||
* New rpm macros have been added: %systemd_user_daemon_reexec does
|
||
daemon-reexec for all user managers, and %systemd_postun_with_reload
|
||
and %systemd_user_postun_with_reload do a reload for system and user
|
||
units on upgrades.
|
||
|
||
* coredumpctl now propagates SIGTERM to the debugger process.
|
||
|
||
Contributions from: 김인수, Abderrahim Kitouni, Adam Goldman,
|
||
Adam Williamson, Alexandre Peixoto Ferreira, Alex Hudspith,
|
||
Alvin Alvarado, André Paiusco, Antonio Alvarez Feijoo,
|
||
Anton Lundin, Arian van Putten, Arseny Maslennikov, Arthur Shau,
|
||
Balázs Úr, beh_10257, Benjamin Peterson, Bertrand Jacquin,
|
||
Brian Norris, Charles Lee, Cheng-Chia Tseng, Chris Patterson,
|
||
Christian Hergert, Christian Hesse, Christian Kirbach,
|
||
Clayton Craft, commondservice, cunshunxia, Curtis Klein, cvlc12,
|
||
Daan De Meyer, Daniele Medri, Daniel P. Berrangé, Daniel Rusek,
|
||
Daniel Thompson, Dan Nicholson, Dan Streetman, David Rheinsberg,
|
||
David Santamaría Rogado, David Tardon, dependabot[bot],
|
||
Diego Viola, Dmitry V. Levin, Emanuele Giuseppe Esposito,
|
||
Emil Renner Berthing, Emil Velikov, Etienne Dechamps, Fabian Vogt,
|
||
felixdoerre, Felix Dörre, Florian Schmaus, Franck Bui,
|
||
Frantisek Sumsal, G2-Games, Gioele Barabucci, Hugo Carvalho,
|
||
huyubiao, Iago López Galeiras, IllusionMan1212, Jade Lovelace,
|
||
janana, Jan Janssen, Jan Kuparinen, Jan Macku, Jeremy Fleischman,
|
||
Jin Liu, jjimbo137, Joerg Behrmann, Johannes Segitz, Jordan Rome,
|
||
Jordan Williams, Julien Malka, Juno Computers, Khem Raj, khm,
|
||
Kingbom Dou, Kiran Vemula, Krzesimir Nowak, Laszlo Gombos,
|
||
Lennart Poettering, linuxlion, Luca Boccassi, Lucas Adriano Salles,
|
||
Lukas, Lukáš Nykrýn, Maanya Goenka, Maarten, Malte Poll,
|
||
Marc Pervaz Boocha, Martin Beneš, Martin Joerg, Martin Wilck,
|
||
Mathieu Tortuyaux, Matthias Schiffer, Maxim Mikityanskiy,
|
||
Max Kellermann, Michael A Cassaniti, Michael Biebl, Michael Kuhn,
|
||
Michael Vasseur, Michal Koutný, Michal Sekletár, Mike Yuan,
|
||
Milton D. Miller II, mordner, msizanoen, NAHO, Nandakumar Raghavan,
|
||
Neil Wilson, Nick Rosbrook, Nils K, NRK, Oğuz Ersen,
|
||
Omojola Joshua, onenowy, Paul Meyer, Paymon MARANDI, pelaufer,
|
||
Peter Hutterer, PhylLu, Pierre GRASSER, Piotr Drąg, Priit Laes,
|
||
Rahil Bhimjiani, Raito Bezarius, Raul Cheleguini, Reto Schneider,
|
||
Richard Maw, Robby Red, RoepLuke, Roland Hieber, Roland Singer,
|
||
Ronan Pigott, Sam James, Sam Leonard, Sergey A, Susant Sahani,
|
||
Sven Joachim, Tad Fisher, Takashi Sakamoto, Thorsten Kukuk, Tj,
|
||
Tomasz Świątek, Topi Miettinen, Valentin David,
|
||
Valentin Lefebvre, Victor Westerhuis, Vincent Haupert,
|
||
Vishal Chillara Srinivas, Vito Caputo, Warren, Weblate,
|
||
Xiaotian Wu, xinpeng wang, Yaron Shahrabani, Yo-Jung Lin,
|
||
Yu Watanabe, Zbigniew Jędrzejewski-Szmek, zeroskyx,
|
||
Дамјан Георгиевски, наб
|
||
|
||
— Edinburgh, 2023-12-06
|
||
|
||
CHANGES WITH 254:
|
||
|
||
Announcements of Future Feature Removals and Incompatible Changes:
|
||
|
||
* The next release (v255) will remove support for split-usr (/usr/
|
||
mounted separately during late boot, instead of being mounted by the
|
||
initrd before switching to the rootfs) and unmerged-usr (parallel
|
||
directories /bin/ and /usr/bin/, /lib/ and /usr/lib/, …). For more
|
||
details, see:
|
||
https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html
|
||
|
||
* We intend to remove cgroup v1 support from a systemd release after
|
||
the end of 2023. If you run services that make explicit use of
|
||
cgroup v1 features (i.e. the "legacy hierarchy" with separate
|
||
hierarchies for each controller), please implement compatibility with
|
||
cgroup v2 (i.e. the "unified hierarchy") sooner rather than later.
|
||
Most of Linux userspace has been ported over already.
|
||
|
||
* Support for System V service scripts is now deprecated and will be
|
||
removed in a future release. Please make sure to update your software
|
||
*now* to include a native systemd unit file instead of a legacy
|
||
System V script to retain compatibility with future systemd releases.
|
||
|
||
* Support for the SystemdOptions EFI variable is deprecated.
|
||
'bootctl systemd-efi-options' will emit a warning when used. It seems
|
||
that this feature is little-used and it is better to use alternative
|
||
approaches like credentials and confexts. The plan is to drop support
|
||
altogether at a later point, but this might be revisited based on
|
||
user feedback.
|
||
|
||
* EnvironmentFile= now treats the line following a comment line
|
||
trailing with escape as a non comment line. For details, see:
|
||
https://github.com/systemd/systemd/issues/27975
|
||
|
||
* PrivateNetwork=yes and NetworkNamespacePath= now imply
|
||
PrivateMounts=yes unless PrivateMounts=no is explicitly specified.
|
||
|
||
* Behaviour of sandboxing options for the per-user service manager
|
||
units has changed. They now imply PrivateUsers=yes, which means user
|
||
namespaces will be implicitly enabled when a sandboxing option is
|
||
enabled in a user unit. Enabling user namespaces has the drawback
|
||
that system users will no longer be visible (and processes/files will
|
||
appear as owned by 'nobody') in the user unit.
|
||
|
||
By definition a sandboxed user unit should run with reduced
|
||
privileges, so impact should be small. This will remove a great
|
||
source of confusion that has been reported by users over the years,
|
||
due to how these options require an extra setting to be manually
|
||
enabled when used in the per-user service manager, which is not
|
||
needed in the system service manager. For more details, see:
|
||
https://lists.freedesktop.org/archives/systemd-devel/2022-December/048682.html
|
||
|
||
* systemd-run's switch --expand-environment= which currently is disabled
|
||
by default when combined with --scope, will be changed in a future
|
||
release to be enabled by default.
|
||
|
||
Security Relevant Changes:
|
||
|
||
* pam_systemd will now by default pass the CAP_WAKE_ALARM ambient
|
||
process capability to invoked session processes of regular users on
|
||
local seats (as well as to systemd --user), unless configured
|
||
otherwise via data from JSON user records, or via the PAM module's
|
||
parameter list. This is useful in order allow desktop tools such as
|
||
GNOME's Alarm Clock application to set a timer for
|
||
CLOCK_REALTIME_ALARM that wakes up the system when it elapses. A
|
||
per-user service unit file may thus use AmbientCapability= to pass
|
||
the capability to invoked processes. Note that this capability is
|
||
relatively narrow in focus (in particular compared to other process
|
||
capabilities such as CAP_SYS_ADMIN) and we already — by default —
|
||
permit more impactful operations such as system suspend to local
|
||
users.
|
||
|
||
Service Manager:
|
||
|
||
* Memory limits that apply while the unit is activating are now
|
||
supported. Previously IO and CPU settings were already supported via
|
||
StartupCPUWeight= and similar. The same logic has been added for the
|
||
various manager and unit memory settings (DefaultStartupMemoryLow=,
|
||
StartupMemoryLow=, StartupMemoryHigh=, StartupMemoryMax=,
|
||
StartupMemorySwapMax=, StartupMemoryZSwapMax=).
|
||
|
||
* The service manager gained support for enqueuing POSIX signals to
|
||
services that carry an additional integer value, exposing the
|
||
sigqueue() system call. This is accessible via new D-Bus calls
|
||
org.freedesktop.systemd1.Manager.QueueSignalUnit() and
|
||
org.freedesktop.systemd1.Unit.QueueSignal(), as well as in systemctl
|
||
via the new --kill-value= option.
|
||
|
||
* systemctl gained a new "list-paths" verb, which shows all currently
|
||
active .path units, similarly to how "systemctl list-timers" shows
|
||
active timers, and "systemctl list-sockets" shows active sockets.
|
||
|
||
* systemctl gained a new --when= switch which is honoured by the various
|
||
forms of shutdown (i.e. reboot, kexec, poweroff, halt) and allows
|
||
scheduling these operations by time, similar in fashion to how this
|
||
has been supported by SysV shutdown.
|
||
|
||
* If MemoryDenyWriteExecute= is enabled for a service and the kernel
|
||
supports the new PR_SET_MDWE prctl() call, it is used instead of the
|
||
seccomp()-based system call filter to achieve the same effect.
|
||
|
||
* A new set of kernel command line options is now understood:
|
||
systemd.tty.term.<name>=, systemd.tty.rows.<name>=,
|
||
systemd.tty.columns.<name>= allow configuring the TTY type and
|
||
dimensions for the tty specified via <name>. When systemd invokes a
|
||
service on a tty (via TTYName=) it will look for these and configure
|
||
the TTY accordingly. This is particularly useful in VM environments
|
||
to propagate host terminal settings into the appropriate TTYs of the
|
||
guest.
|
||
|
||
* A new RootEphemeral= setting is now understood in service units. It
|
||
takes a boolean argument. If enabled for services that use RootImage=
|
||
or RootDirectory= an ephemeral copy of the disk image or directory
|
||
tree is made when the service is started. It is removed automatically
|
||
when the service is stopped. That ephemeral copy is made using
|
||
btrfs/xfs reflinks or btrfs snapshots, if available.
|
||
|
||
* The service activation logic gained new settings RestartSteps= and
|
||
RestartMaxDelaySec= which allow exponentially-growing restart
|
||
intervals for Restart=.
|
||
|
||
* The service activation logic gained a new setting RestartMode= which
|
||
can be set to 'direct' to skip the inactive/failed states when
|
||
restarting, so that dependent units are not notified until the service
|
||
converges to a final (successful or failed) state. For example, this
|
||
means that OnSuccess=/OnFailure= units will not be triggered until the
|
||
service state has converged.
|
||
|
||
* PID 1 will now automatically load the virtio_console kernel module
|
||
during early initialization if running in a suitable VM. This is done
|
||
so that early-boot logging can be written to the console if available.
|
||
|
||
* Similarly, virtio-vsock support is loaded early in suitable VM
|
||
environments. PID 1 will send sd_notify() notifications via AF_VSOCK
|
||
to the VMM if configured, thus loading this early is beneficial.
|
||
|
||
* A new verb "fdstore" has been added to systemd-analyze to show the
|
||
current contents of the file descriptor store of a unit. This is
|
||
backed by a new D-Bus call DumpUnitFileDescriptorStore() provided by
|
||
the service manager.
|
||
|
||
* The service manager will now set a new $FDSTORE environment variable
|
||
when invoking processes for services that have the file descriptor
|
||
store enabled.
|
||
|
||
* A new service option FileDescriptorStorePreserve= has been added that
|
||
allows tuning the lifecycle of the per-service file descriptor store.
|
||
If set to "yes", the entries in the fd store are retained even after
|
||
the service has been fully stopped.
|
||
|
||
* The "systemctl clean" command may now be used to clear the fdstore of
|
||
a service.
|
||
|
||
* Unit *.preset files gained a new directive "ignore", in addition to
|
||
the existing "enable" and "disable". As the name suggests, matching
|
||
units are left unchanged, i.e. neither enabled nor disabled.
|
||
|
||
* Service units gained a new setting DelegateSubgroup=. It takes the
|
||
name of a sub-cgroup to place any processes the service manager forks
|
||
off in. Previously, the service manager would place all service
|
||
processes directly in the top-level cgroup it created for the
|
||
service. This usually meant that main process in a service with
|
||
delegation enabled would first have to create a subgroup and move
|
||
itself down into it, in order to not conflict with the "no processes
|
||
in inner cgroups" rule of cgroup v2. With this option, this step is
|
||
now handled by PID 1.
|
||
|
||
* The service manager will now look for .upholds/ directories,
|
||
similarly to the existing support for .wants/ and .requires/
|
||
directories. Symlinks in this directory result in Upholds=
|
||
dependencies.
|
||
|
||
The [Install] section of unit files gained support for a new
|
||
UpheldBy= directive to generate .upholds/ symlinks automatically when
|
||
a unit is enabled.
|
||
|
||
* The service manager now supports a new kernel command line option
|
||
systemd.default_device_timeout_sec=, which may be used to override
|
||
the default timeout for .device units.
|
||
|
||
* A new "soft-reboot" mechanism has been added to the service manager.
|
||
A "soft reboot" is similar to a regular reboot, except that it
|
||
affects userspace only: the service manager shuts down any running
|
||
services and other units, then optionally switches into a new root
|
||
file system (mounted to /run/nextroot/), and then passes control to a
|
||
systemd instance in the new file system which then starts the system
|
||
up again. The kernel is not rebooted and neither is the hardware,
|
||
firmware or boot loader. This provides a fast, lightweight mechanism
|
||
to quickly reset or update userspace, without the latency that a full
|
||
system reset involves. Moreover, open file descriptors may be passed
|
||
across the soft reboot into the new system where they will be passed
|
||
back to the originating services. This allows pinning resources
|
||
across the reboot, thus minimizing grey-out time further. This new
|
||
reboot mechanism is accessible via the new "systemctl soft-reboot"
|
||
command.
|
||
|
||
* Services using RootDirectory= or RootImage= will now have read-only
|
||
access to a copy of the host's os-release file under
|
||
/run/host/os-release, which will be kept up-to-date on 'soft-reboot'.
|
||
This was already the case for Portable Services, and the feature has
|
||
now been extended to all services that do not run off the host's
|
||
root filesystem.
|
||
|
||
* A new service setting MemoryKSM= has been added to enable kernel
|
||
same-page merging individually for services.
|
||
|
||
* A new service setting ImportCredentials= has been added that augments
|
||
LoadCredential= and LoadCredentialEncrypted= and searches for
|
||
credentials to import from the system, and supports globbing.
|
||
|
||
* A new job mode "restart-dependencies" has been added to the service
|
||
manager (exposed via systemctl --job-mode=). It is only valid when
|
||
used with "start" jobs, and has the effect that the "start" job will
|
||
be propagated as "restart" jobs to currently running units that have
|
||
a BindsTo= or Requires= dependency on the started unit.
|
||
|
||
* A new verb "whoami" has been added to "systemctl" which determines as
|
||
part of which unit the command is being invoked. It writes the unit
|
||
name to standard output. If one or more PIDs are specified reports
|
||
the unit names the processes referenced by the PIDs belong to.
|
||
|
||
* The system and service credential logic has been improved: there's
|
||
now a clearly defined place where system provisioning tools running
|
||
in the initrd can place credentials that will be imported into the
|
||
system's set of credentials during the initrd → host transition: the
|
||
/run/credentials/@initrd/ directory. Once the credentials placed
|
||
there are imported into the system credential set they are deleted
|
||
from this directory, and the directory itself is deleted afterwards
|
||
too.
|
||
|
||
* A new kernel command line option systemd.set_credential_binary= has
|
||
been added, that is similar to the pre-existing
|
||
systemd.set_credential= but accepts arbitrary binary credential data,
|
||
encoded in Base64. Note that the kernel command line is not a
|
||
recommend way to transfer credentials into a system, since it is
|
||
world-readable from userspace.
|
||
|
||
* The default machine ID to use may now be configured via the
|
||
system.machine_id system credential. It will only be used if no
|
||
machine ID was set yet on the host.
|
||
|
||
* On Linux kernel 6.4 and newer system and service credentials will now
|
||
be placed in a tmpfs instance that has the "noswap" mount option
|
||
set. Previously, a "ramfs" instance was used. By switching to tmpfs
|
||
ACL support and overall size limits can now be enforced, without
|
||
compromising on security, as the memory is never paged out either
|
||
way.
|
||
|
||
* The service manager now can detect when it is running in a
|
||
'Confidential Virtual Machine', and a corresponding 'cvm' value is now
|
||
accepted by ConditionSecurity= for units that want to conditionalize
|
||
themselves on this. systemd-detect-virt gained new 'cvm' and
|
||
'--list-cvm' switches to respectively perform the detection or list
|
||
all known flavours of confidential VM, depending on the vendor. The
|
||
manager will publish a 'ConfidentialVirtualization' D-Bus property,
|
||
and will also set a SYSTEMD_CONFIDENTIAL_VIRTUALIZATION= environment
|
||
variable for unit generators. Finally, udev rules can match on a new
|
||
'cvm' key that will be set when in a confidential VM.
|
||
Additionally, when running in a 'Confidential Virtual Machine', SMBIOS
|
||
strings and QEMU's fw_cfg protocol will not be used to import
|
||
credentials and kernel command line parameters by the system manager,
|
||
systemd-boot and systemd-stub, because the hypervisor is considered
|
||
untrusted in this particular setting.
|
||
|
||
Journal:
|
||
|
||
* The sd-journal API gained a new call sd_journal_get_seqnum() to
|
||
retrieve the current log record's sequence number and sequence number
|
||
ID, which allows applications to order records the same way as
|
||
journal does internally. The sequence number is now also exported in
|
||
the JSON and "export" output of the journal.
|
||
|
||
* journalctl gained a new switch --truncate-newline. If specified
|
||
multi-line log records will be truncated at the first newline,
|
||
i.e. only the first line of each log message will be shown.
|
||
|
||
* systemd-journal-upload gained support for --namespace=, similar to
|
||
the switch of the same name of journalctl.
|
||
|
||
systemd-repart:
|
||
|
||
* systemd-repart's drop-in files gained a new ExcludeFiles= option which
|
||
may be used to exclude certain files from the effect of CopyFiles=.
|
||
|
||
* systemd-repart's Verity support now implements the Minimize= setting
|
||
to minimize the size of the resulting partition.
|
||
|
||
* systemd-repart gained a new --offline= switch, which may be used to
|
||
control whether images shall be built "online" or "offline",
|
||
i.e. whether to make use of kernel facilities such as loopback block
|
||
devices and device mapper or not.
|
||
|
||
* If systemd-repart is told to populate a newly created ESP or XBOOTLDR
|
||
partition with some files, it will now default to VFAT rather than
|
||
ext4.
|
||
|
||
* systemd-repart gained a new --architecture= switch. If specified, the
|
||
per-architecture GPT partition types (i.e. the root and /usr/
|
||
partitions) configured in the partition drop-in files are
|
||
automatically adjusted to match the specified CPU architecture, in
|
||
order to simplify cross-architecture DDI building.
|
||
|
||
* systemd-repart will now default to a minimum size of 300MB for XFS
|
||
filesystems if no size parameter is specified. This matches what the
|
||
XFS tools (xfsprogs) can support.
|
||
|
||
systemd-boot, systemd-stub, ukify, bootctl, kernel-install:
|
||
|
||
* gnu-efi is no longer required to build systemd-boot and systemd-stub.
|
||
Instead, pyelftools is now needed, and it will be used to perform the
|
||
ELF -> PE relocations at build time.
|
||
|
||
* bootctl gained a new switch --print-root-device/-R that prints the
|
||
block device the root file system is backed by. If specified twice,
|
||
it returns the whole disk block device (as opposed to partition block
|
||
device) the root file system is on. It's useful for invocations such
|
||
as "cfdisk $(bootctl -RR)" to quickly show the partition table of the
|
||
running OS.
|
||
|
||
* systemd-stub will now look for the SMBIOS Type 1 field
|
||
"io.systemd.stub.kernel-cmdline-extra" and append its value to the
|
||
kernel command line it invokes. This is useful for VMMs such as qemu
|
||
to pass additional kernel command lines into the system even when
|
||
booting via full UEFI. The contents of the field are measured into
|
||
TPM PCR 12.
|
||
|
||
* The KERNEL_INSTALL_LAYOUT= setting for kernel-install gained a new
|
||
value "auto". With this value, a kernel will be automatically
|
||
analyzed, and if it qualifies as UKI, it will be installed as if the
|
||
setting was to set to "uki", otherwise as "bls".
|
||
|
||
* systemd-stub can now optionally load UEFI PE "add-on" images that may
|
||
contain additional kernel command line information. These "add-ons"
|
||
superficially look like a regular UEFI executable, and are expected
|
||
to be signed via SecureBoot/shim. However, they do not actually
|
||
contain code, but instead a subset of the PE sections that UKIs
|
||
support. They are supposed to provide a way to extend UKIs with
|
||
additional resources in a secure and authenticated way. Currently,
|
||
only the .cmdline PE section may be used in add-ons, in which case
|
||
any specified string is appended to the command line embedded into
|
||
the UKI itself. A new 'addon<EFI-ARCH>.efi.stub' is now provided that
|
||
can be used to trivially create addons, via 'ukify' or 'objcopy'. In
|
||
the future we expect other sections to be made extensible like this as
|
||
well.
|
||
|
||
* ukify has been updated to allow building these UEFI PE "add-on"
|
||
images, using the new 'addon<EFI-ARCH>.efi.stub'.
|
||
|
||
* ukify now accepts SBAT information to place in the .sbat PE section
|
||
of UKIs and addons. If a UKI is built the SBAT information from the
|
||
inner kernel is merged with any SBAT information associated with
|
||
systemd-stub and the SBAT data specified on the ukify command line.
|
||
|
||
* The kernel-install script has been rewritten in C, and reuses much of
|
||
the infrastructure of existing tools such as bootctl. It also gained
|
||
--esp-path= and --boot-path= options to override the path to the ESP,
|
||
and the $BOOT partition. Options --make-entry-directory= and
|
||
--entry-token= have been added as well, similar to bootctl's options
|
||
of the same name.
|
||
|
||
* A new kernel-install plugin 60-ukify has been added which will
|
||
combine kernel/initrd locally into a UKI and optionally sign them
|
||
with a local key. This may be used to switch to UKI mode even on
|
||
systems where a local kernel or initrd is used. (Typically UKIs are
|
||
built and signed by the vendor.)
|
||
|
||
* The ukify tool now supports "pesign" in addition to the pre-existing
|
||
"sbsign" for signing UKIs.
|
||
|
||
* systemd-measure and systemd-stub now look for the .uname PE section
|
||
that should contain the kernel's "uname -r" string.
|
||
|
||
* systemd-measure and ukify now calculate expected PCR hashes for a UKI
|
||
"offline", i.e. without access to a TPM (physical or
|
||
software-emulated).
|
||
|
||
Memory Pressure & Control:
|
||
|
||
* The sd-event API gained new calls sd_event_add_memory_pressure(),
|
||
sd_event_source_set_memory_pressure_type(),
|
||
sd_event_source_set_memory_pressure_period() to create and configure
|
||
an event source that is called whenever the OS signals memory
|
||
pressure. Another call sd_event_trim_memory() is provided that
|
||
compacts the process' memory use by releasing allocated but unused
|
||
malloc() memory back to the kernel. Services can also provide their
|
||
own custom callback to do memory trimming. This should improve system
|
||
behaviour under memory pressure, as on Linux traditionally provided
|
||
no mechanism to return process memory back to the kernel if the
|
||
kernel was under memory pressure. This makes use of the kernel's PSI
|
||
interface. Most long-running services in systemd have been hooked up
|
||
with this, and in particular systems with low memory should benefit
|
||
from this.
|
||
|
||
* Service units gained new settings MemoryPressureWatch= and
|
||
MemoryPressureThresholdSec= to configure the PSI memory pressure
|
||
logic individually. If these options are used, the
|
||
$MEMORY_PRESSURE_WATCH and $MEMORY_PRESSURE_WRITE environment
|
||
variables will be set for the invoked processes to inform them about
|
||
the requested memory pressure behaviour. (This is used by the
|
||
aforementioned sd-events API additions, if set.)
|
||
|
||
* systemd-analyze gained a new "malloc" verb that shows the output
|
||
generated by glibc's malloc_info() on services that support it. Right
|
||
now, only the service manager has been updated accordingly. This
|
||
call requires privileges.
|
||
|
||
User & Session Management:
|
||
|
||
* The sd-login API gained a new call sd_session_get_username() to
|
||
return the user name of the owner of a login session. It also gained
|
||
a new call sd_session_get_start_time() to retrieve the time the login
|
||
session started. A new call sd_session_get_leader() has been added to
|
||
return the PID of the "leader" process of a session. A new call
|
||
sd_uid_get_login_time() returns the time since the specified user has
|
||
most recently been continuously logged in with at least one session.
|
||
|
||
* JSON user records gained a new set of fields capabilityAmbientSet and
|
||
capabilityBoundingSet which contain a list of POSIX capabilities to
|
||
set for the logged in users in the ambient and bounding sets,
|
||
respectively. homectl gained the ability to configure these two sets
|
||
for users via --capability-bounding-set=/--capability-ambient-set=.
|
||
|
||
* pam_systemd learnt two new module options
|
||
default-capability-bounding-set= and default-capability-ambient-set=,
|
||
which configure the default bounding sets for users as they are
|
||
logging in, if the JSON user record doesn't specify this explicitly
|
||
(see above). The built-in default for the ambient set now contains
|
||
the CAP_WAKE_ALARM, thus allowing regular users who may log in
|
||
locally to resume from a system suspend via a timer.
|
||
|
||
* The Session D-Bus objects systemd-logind gained a new SetTTY() method
|
||
call to update the TTY of a session after it has been allocated. This
|
||
is useful for SSH sessions which are typically allocated first, and
|
||
for which a TTY is added later.
|
||
|
||
* The sd-login API gained a new call sd_pid_notifyf_with_fds() which
|
||
combines the various other sd_pid_notify() flavours into one: takes a
|
||
format string, an overriding PID, and a set of file descriptors to
|
||
send. It also gained a new call sd_pid_notify_barrier() call which is
|
||
equivalent to sd_notify_barrier() but allows the originating PID to
|
||
be specified.
|
||
|
||
* "loginctl list-users" and "loginctl list-sessions" will now show the
|
||
state of each logged in user/session in their tabular output. It will
|
||
also show the current idle state of sessions.
|
||
|
||
DDIs:
|
||
|
||
* systemd-dissect will now show the intended CPU architecture of an
|
||
inspected DDI.
|
||
|
||
* systemd-dissect will now install itself as mount helper for the "ddi"
|
||
pseudo-file system type. This means you may now mount DDIs directly
|
||
via /bin/mount or /etc/fstab, making full use of embedded Verity
|
||
information and all other DDI features.
|
||
|
||
Example: mount -t ddi myimage.raw /some/where
|
||
|
||
* The systemd-dissect tool gained the new switches --attach/--detach to
|
||
attach/detach a DDI to a loopback block device without mounting it.
|
||
It will automatically derive the right sector size from the image
|
||
and set up Verity and similar, but not mount the file systems in it.
|
||
|
||
* When systemd-gpt-auto-generator or the DDI mounting logic mount an
|
||
ESP or XBOOTLDR partition the MS_NOSYMFOLLOW mount option is now
|
||
implied. Given that these file systems are typically untrusted, this
|
||
should make mounting them automatically have less of a security
|
||
impact.
|
||
|
||
* All tools that parse DDIs (such as systemd-nspawn, systemd-dissect,
|
||
systemd-tmpfiles, …) now understand a new switch --image-policy= which
|
||
takes a string encoding image dissection policy. With this mechanism
|
||
automatic discovery and use of specific partition types and the
|
||
cryptographic requirements on the partitions (Verity, LUKS, …) can be
|
||
restricted, permitting better control of the exposed attack surfaces
|
||
when mounting disk images. systemd-gpt-auto-generator will honour such
|
||
an image policy too, configurable via the systemd.image_policy= kernel
|
||
command line option. Unit files gained the RootImagePolicy=,
|
||
MountImagePolicy= and ExtensionImagePolicy= to configure the same for
|
||
disk images a service runs off.
|
||
|
||
* systemd-analyze gained a new verb "image-policy" to validate and
|
||
parse image policy strings.
|
||
|
||
* systemd-dissect gained support for a new --validate switch to
|
||
superficially validate DDI structure, and check whether a specific
|
||
image policy allows the DDI.
|
||
|
||
* systemd-dissect gained support for a new --mtree-hash switch to
|
||
optionally disable calculating mtree hashes, which can be slow on
|
||
large images.
|
||
|
||
* systemd-dissect --copy-to, --copy-from, --list and --mtree switches
|
||
are now able to operate on directories too, other than images.
|
||
|
||
Network Management:
|
||
|
||
* networkd's GENEVE support as gained a new .network option
|
||
InheritInnerProtocol=.
|
||
|
||
* The [Tunnel] section in .netdev files has gained a new setting
|
||
IgnoreDontFragment for controlling the IPv4 "DF" flag of datagrams.
|
||
|
||
* A new global IPv6PrivacyExtensions= setting has been added that
|
||
selects the default value of the per-network setting of the same
|
||
name.
|
||
|
||
* The predictable network interface naming logic was extended to
|
||
include SR-IOV-R "representor" information in network interface
|
||
names. Unfortunately, this feature was not enabled by default and can
|
||
only be enabled at compilation time by setting
|
||
-Ddefault-net-naming-scheme=v254.
|
||
|
||
* The DHCPv4 + DHCPv6 + IPv6 RA logic in networkd gained support for
|
||
the RFC8910 captive portal option.
|
||
|
||
Device Management:
|
||
|
||
* udevadm gained the new "verify" verb for validating udev rules files
|
||
offline.
|
||
|
||
* udev gained a new tool "iocost" that can be used to configure QoS IO
|
||
cost data based on hwdb information onto suitable block devices. Also
|
||
see https://github.com/iocost-benchmark/iocost-benchmarks.
|
||
|
||
TPM2 Support + Disk Encryption & Authentication:
|
||
|
||
* systemd-cryptenroll/systemd-cryptsetup will now install a TPM2 SRK
|
||
("Storage Root Key") as first step in the TPM2, and then use that
|
||
for binding FDE to, if TPM2 support is used. This matches
|
||
recommendations of TCG (see
|
||
https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-v2.0-Provisioning-Guidance-Published-v1r1.pdf)
|
||
|
||
* systemd-cryptenroll and other tools that take TPM2 PCR parameters now
|
||
understand textual identifiers for these PCRs.
|
||
|
||
* systemd-veritysetup + /etc/veritytab gained support for a series of
|
||
new options: hash-offset=, superblock=, format=, data-block-size=,
|
||
hash-block-size=, data-blocks=, salt=, uuid=, hash=, fec-device=,
|
||
fec-offset=, fec-roots= to configure various aspects of a Verity
|
||
volume.
|
||
|
||
* systemd-cryptsetup + /etc/crypttab gained support for a new
|
||
veracrypt-pim= option for setting the Personal Iteration Multiplier
|
||
of veracrypt volumes.
|
||
|
||
* systemd-integritysetup + /etc/integritytab gained support for a new
|
||
mode= setting for controlling the dm-integrity mode (journal, bitmap,
|
||
direct) for the volume.
|
||
|
||
* systemd-analyze gained a new verb "pcrs" that shows the known TPM PCR
|
||
registers, their symbolic names and current values.
|
||
|
||
systemd-tmpfiles:
|
||
|
||
* The ACL support in tmpfiles.d/ has been updated: if an uppercase "X"
|
||
access right is specified this is equivalent to "x" but only if the
|
||
inode in question already has the executable bit set for at least
|
||
some user/group. Otherwise the "x" bit will be turned off.
|
||
|
||
* tmpfiles.d/'s C line type now understands a new modifier "+": a line
|
||
with C+ will result in a "merge" copy, i.e. all files of the source
|
||
tree are copied into the target tree, even if that tree already
|
||
exists, resulting in a combined tree of files already present in the
|
||
target tree and those copied in.
|
||
|
||
* systemd-tmpfiles gained a new --graceful switch. If specified lines
|
||
with unknown users/groups will silently be skipped.
|
||
|
||
systemd-notify:
|
||
|
||
* systemd-notify gained two new options --fd= and --fdname= for sending
|
||
arbitrary file descriptors to the service manager (while specifying an
|
||
explicit name for it).
|
||
|
||
* systemd-notify gained a new --exec switch, which makes it execute the
|
||
specified command line after sending the requested messages. This is
|
||
useful for sending out READY=1 first, and then continuing invocation
|
||
without changing process ID, so that the tool can be nicely used
|
||
within an ExecStart= line of a unit file that uses Type=notify.
|
||
|
||
sd-event + sd-bus APIs:
|
||
|
||
* The sd-event API gained a new call sd_event_source_leave_ratelimit()
|
||
which may be used to explicitly end a rate-limit state an event
|
||
source might be in, resetting all rate limiting counters.
|
||
|
||
* When the sd-bus library is used to make connections to AF_UNIX D-Bus
|
||
sockets, it will now encode the "description" set via
|
||
sd_bus_set_description() into the source socket address. It will also
|
||
look for this information when accepting a connection. This is useful
|
||
to track individual D-Bus connections on a D-Bus broker for debug
|
||
purposes.
|
||
|
||
systemd-resolved:
|
||
|
||
* systemd-resolved gained a new resolved.conf setting
|
||
StateRetentionSec= which may be used to retain cached DNS records
|
||
even after their nominal TTL, and use them in case upstream DNS
|
||
servers cannot be reached. This can be used to make name resolution
|
||
more resilient in case of network problems.
|
||
|
||
* resolvectl gained a new verb "show-cache" to show the current cache
|
||
contents of systemd-resolved. This verb communicates with the
|
||
systemd-resolved daemon and requires privileges.
|
||
|
||
Other:
|
||
|
||
* Meson >= 0.60.0 is now required to build systemd.
|
||
|
||
* The default keymap to apply may now be chosen at build-time via the
|
||
new -Ddefault-keymap= meson option.
|
||
|
||
* Most of systemd's long-running services now have a generic handler of
|
||
the SIGRTMIN+18 signal handler which executes various operations
|
||
depending on the sigqueue() parameter sent along. For example, values
|
||
0x100…0x107 allow changing the maximum log level of such
|
||
services. 0x200…0x203 allow changing the log target of such
|
||
services. 0x300 make the services trim their memory similarly to the
|
||
automatic PSI-triggered action, see above. 0x301 make the services
|
||
output their malloc_info() data to the logs.
|
||
|
||
* machinectl gained new "edit" and "cat" verbs for editing .nspawn
|
||
files, inspired by systemctl's verbs of the same name which edit unit
|
||
files. Similarly, networkctl gained the same verbs for editing
|
||
.network, .netdev, .link files.
|
||
|
||
* A new syscall filter group "@sandbox" has been added that contains
|
||
syscalls for sandboxing system calls such as those for seccomp and
|
||
Landlock.
|
||
|
||
* New documentation has been added:
|
||
|
||
https://systemd.io/COREDUMP
|
||
https://systemd.io/MEMORY_PRESSURE
|
||
smbios-type-11(7)
|
||
|
||
* systemd-firstboot gained a new --reset option. If specified, the
|
||
settings in /etc/ it knows how to initialize are reset.
|
||
|
||
* systemd-sysext is now a multi-call binary and is also installed under
|
||
the systemd-confext alias name (via a symlink). When invoked that way
|
||
it will operate on /etc/ instead of /usr/ + /opt/. It thus becomes a
|
||
powerful, atomic, secure configuration management of sorts, that
|
||
locally can merge configuration from multiple confext configuration
|
||
images into a single immutable tree.
|
||
|
||
* The --network-macvlan=, --network-ipvlan=, --network-interface=
|
||
switches of systemd-nspawn may now optionally take the intended
|
||
network interface inside the container.
|
||
|
||
* All our programs will now send an sd_notify() message with their exit
|
||
status in the EXIT_STATUS= field when exiting, using the usual
|
||
protocol, including PID 1. This is useful for VMMs and container
|
||
managers to collect an exit status from a system as it shuts down, as
|
||
set via "systemctl exit …". This is particularly useful in test cases
|
||
and similar, as invocations via a VM can now nicely propagate an exit
|
||
status to the host, similar to local processes.
|
||
|
||
* systemd-run gained a new switch --expand-environment=no to disable
|
||
server-side environment variable expansion in specified command
|
||
lines. Expansion defaults to enabled for all execution types except
|
||
--scope, where it defaults to off (and prints a warning) for backward
|
||
compatibility reasons. --scope will be flipped to enabled by default
|
||
too in a future release. If you are using --scope and passing a '$'
|
||
character in the payload you should start explicitly using
|
||
--expand-environment=yes/no according to the use case.
|
||
|
||
* The systemd-system-update-generator has been updated to also look for
|
||
the special flag file /etc/system-update in addition to the existing
|
||
support for /system-update to decide whether to enter system update
|
||
mode.
|
||
|
||
* The /dev/hugepages/ file system is now mounted with nosuid + nodev
|
||
mount options by default.
|
||
|
||
* systemd-fstab-generator now understands two new kernel command line
|
||
options systemd.mount-extra= and systemd.swap-extra=, which configure
|
||
additional mounts or swaps in a format similar to /etc/fstab. 'fsck'
|
||
will be ran on these block devices, like it already happens for
|
||
'root='. It also now supports the new fstab.extra and
|
||
fstab.extra.initrd credentials that may contain additional /etc/fstab
|
||
lines to apply at boot.
|
||
|
||
* systemd-getty-generator now understands two new credentials
|
||
getty.ttys.container and getty.ttys.serial. These credentials may
|
||
contain a list of TTY devices – one per line – to instantiate
|
||
container-getty@.service and serial-getty@.service on.
|
||
|
||
* The getty/serial-getty/container-getty units now import the 'agetty.*'
|
||
and 'login.*' credentials, which are consumed by the 'login' and
|
||
'agetty' programs starting from util-linux v2.40.
|
||
|
||
* systemd-sysupdate's sysupdate.d/ drop-ins gained a new setting
|
||
PathRelativeTo=, which can be set to "esp", "xbootldr", "boot", in
|
||
which case the Path= setting is taken relative to the ESP or XBOOTLDR
|
||
partitions, rather than the system's root directory /. The relevant
|
||
directories are automatically discovered.
|
||
|
||
* The systemd-ac-power tool gained a new switch --low, which reports
|
||
whether the battery charge is considered "low", similar to how the
|
||
s2h suspend logic checks this state to decide whether to enter system
|
||
suspend or hibernation.
|
||
|
||
* The /etc/os-release file can now have two new optional fields
|
||
VENDOR_NAME= and VENDOR_URL= to carry information about the vendor of
|
||
the OS.
|
||
|
||
* When the system hibernates, information about the device and offset
|
||
used is now written to a non-volatile EFI variable. On next boot the
|
||
system will attempt to resume from the location indicated in this EFI
|
||
variable. This should make hibernation a lot more robust, while
|
||
requiring no manual configuration of the resume location.
|
||
|
||
* The $XDG_STATE_HOME environment variable (added in more recent
|
||
versions of the XDG basedir specification) is now honoured to
|
||
implement the StateDirectory= setting in user services.
|
||
|
||
* A new component "systemd-battery-check" has been added. It may run
|
||
during early boot (usually in the initrd), and checks the battery
|
||
charge level of the system. In case the charge level is very low the
|
||
user is notified (graphically via Plymouth – if available – as well
|
||
as in text form on the console), and the system is turned off after a
|
||
10s delay. The feature can be disabled by passing
|
||
systemd.battery_check=0 through the kernel command line.
|
||
|
||
* The 'passwdqc' library is now supported as an alternative to the
|
||
'pwquality' library and can be selected at build time.
|
||
|
||
Contributions from: 김인수, 07416, Addison Snelling, Adrian Vovk,
|
||
Aidan Dang, Alexander Krabler, Alfred Klomp, Anatoli Babenia,
|
||
Andrei Stepanov, Andrew Baxter, Antonio Alvarez Feijoo,
|
||
Arian van Putten, Arthur Shau, A S Alam,
|
||
Asier Sarasua Garmendia, Balló György, Bastien Nocera,
|
||
Benjamin Herrenschmidt, Benjamin Raison, Bill Peterson,
|
||
Brad Fitzpatrick, Brett Holman, bri, Chen Qi, Chitoku,
|
||
Christian Hesse, Christoph Anton Mitterer, Christopher Gurnee,
|
||
Colin Walters, Cornelius Hoffmann, Cristian Rodríguez, cunshunxia,
|
||
cvlc12, Cyril Roelandt, Daan De Meyer, Daniele Medri,
|
||
Daniel P. Berrangé, Daniel Rusek, Dan Streetman, David Edmundson,
|
||
David Schroeder, David Tardon, dependabot[bot],
|
||
Dimitri John Ledkov, Dmitrii Fomchenkov, Dmitry V. Levin, dmkUK,
|
||
Dominique Martinet, don bright, drosdeck, Edson Juliano Drosdeck,
|
||
Egor Ignatov, EinBaum, Emanuele Giuseppe Esposito, Eric Curtin,
|
||
Erik Sjölund, Evgeny Vereshchagin, Florian Klink, Franck Bui,
|
||
François Rigault, Fran Diéguez, Franklin Yu, Frantisek Sumsal,
|
||
Fuminobu TAKEYAMA, Gaël PORTAY, Gerd Hoffmann, Gertalitec,
|
||
Gibeom Gwon, Gustavo Noronha Silva, Hannu Lounento,
|
||
Hans de Goede, Haochen Tong, HATAYAMA Daisuke, Henrik Holst,
|
||
Hoe Hao Cheng, Igor Tsiglyar, Ivan Vecera, James Hilliard,
|
||
Jan Engelhardt, Jan Janssen, Jan Luebbe, Jan Macku, Janne Sirén,
|
||
jcg, Jeidnx, Joan Bruguera, Joerg Behrmann, jonathanmetzman,
|
||
Jordan Rome, Josef Miegl, Joshua Goins, Joyce, Joyce Brum,
|
||
Juno Computers, Kai Lueke, Kevin P. Fleming, Kiran Vemula, Klaus,
|
||
Klaus Zipfel, Lawrence Thorpe, Lennart Poettering, licunlong,
|
||
Lily Foster, Luca Boccassi, Ludwig Nussel, Luna Jernberg,
|
||
maanyagoenka, Maanya Goenka, Maksim Kliazovich, Malte Poll,
|
||
Marko Korhonen, Masatake YAMATO, Mateusz Poliwczak, Matt Johnston,
|
||
Miao Wang, Micah Abbott, Michael A Cassaniti, Michal Koutný,
|
||
Michal Sekletár, Mike Yuan, mooo, Morten Linderud, msizanoen,
|
||
Nick Rosbrook, nikstur, Olivier Gayot, Omojola Joshua,
|
||
Paolo Velati, Paul Barker, Pavel Borecki, Petr Menšík,
|
||
Philipp Kern, Philip Withnall, Piotr Drąg, Quintin Hill,
|
||
Rene Hollander, Richard Phibel, Robert Meijers, Robert Scheck,
|
||
Roger Gammans, Romain Geissler, Ronan Pigott, Russell Harmon,
|
||
saikat0511, Samanta Navarro, Sam James, Sam Morris,
|
||
Simon Braunschmidt, Sjoerd Simons, Sorah Fukumori,
|
||
Stanislaw Gruszka, Stefan Roesch, Steven Luo, Steve Ramage,
|
||
Susant Sahani, taniishkaaa, Tanishka, Temuri Doghonadze,
|
||
Thierry Martin, Thomas Blume, Thomas Genty, Thomas Weißschuh,
|
||
Thorsten Kukuk, Times-Z, Tobias Powalowski, tofylion,
|
||
Topi Miettinen, Uwe Kleine-König, Velislav Ivanov,
|
||
Vitaly Kuznetsov, Vít Zikmund, Weblate, Will Fancher,
|
||
William Roberts, Winterhuman, Wolfgang Müller, Xeonacid,
|
||
Xiaotian Wu, Xi Ruoyao, Yuri Chornoivan, Yu Watanabe, Yuxiang Zhu,
|
||
Zbigniew Jędrzejewski-Szmek, zhmylove, ZjYwMj,
|
||
Дамјан Георгиевски, наб
|
||
|
||
— Edinburgh, 2023-07-28
|
||
|
||
CHANGES WITH 253:
|
||
|
||
Announcements of Future Feature Removals and Incompatible Changes:
|
||
|
||
* We intend to remove cgroup v1 support from systemd release after the
|
||
end of 2023. If you run services that make explicit use of cgroup v1
|
||
features (i.e. the "legacy hierarchy" with separate hierarchies for
|
||
each controller), please implement compatibility with cgroup v2 (i.e.
|
||
the "unified hierarchy") sooner rather than later. Most of Linux
|
||
userspace has been ported over already.
|
||
|
||
* We intend to remove support for split-usr (/usr mounted separately
|
||
during boot) and unmerged-usr (parallel directories /bin and
|
||
/usr/bin, /lib and /usr/lib, etc). This will happen in the second
|
||
half of 2023, in the first release that falls into that time window.
|
||
For more details, see:
|
||
https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html
|
||
|
||
* We intend to change behaviour w.r.t. units of the per-user service
|
||
manager and sandboxing options, so that they work without having to
|
||
manually enable PrivateUsers= as well, which is not required for
|
||
system units. To make this work, we will implicitly enable user
|
||
namespaces (PrivateUsers=yes) when a sandboxing option is enabled in a
|
||
user unit. The drawback is that system users will no longer be visible
|
||
(and appear as 'nobody') to the user unit when a sandboxing option is
|
||
enabled. By definition a sandboxed user unit should run with reduced
|
||
privileges, so impact should be small. This will remove a great source
|
||
of confusion that has been reported by users over the years, due to
|
||
how these options require an extra setting to be manually enabled when
|
||
used in the per-user service manager, as opposed as to the system
|
||
service manager. We plan to enable this change in the next release
|
||
later this year. For more details, see:
|
||
https://lists.freedesktop.org/archives/systemd-devel/2022-December/048682.html
|
||
|
||
Deprecations and incompatible changes:
|
||
|
||
* systemctl will now warn when invoked without /proc/ mounted
|
||
(e.g. when invoked after chroot() into an directory tree without the
|
||
API mount points like /proc/ being set up.) Operation in such an
|
||
environment is not fully supported.
|
||
|
||
* The return value of 'systemctl is-active|is-enabled|is-failed' for
|
||
unknown units is changed: previously 1 or 3 were returned, but now 4
|
||
(EXIT_PROGRAM_OR_SERVICES_STATUS_UNKNOWN) is used as documented.
|
||
|
||
* 'udevadm hwdb' subcommand is deprecated and will emit a warning.
|
||
systemd-hwdb (added in 2014) should be used instead.
|
||
|
||
* 'bootctl --json' now outputs a single JSON array, instead of a stream
|
||
of newline-separated JSON objects.
|
||
|
||
* Udev rules in 60-evdev.rules have been changed to load hwdb
|
||
properties for all modalias patterns. Previously only the first
|
||
matching pattern was used. This could change what properties are
|
||
assigned if the user has more and less specific patterns that could
|
||
match the same device, but it is expected that the change will have
|
||
no effect for most users.
|
||
|
||
* systemd-networkd-wait-online exits successfully when all interfaces
|
||
are ready or unmanaged. Previously, if neither '--any' nor
|
||
'--interface=' options were used, at least one interface had to be in
|
||
configured state. This change allows the case where systemd-networkd
|
||
is enabled, but no interfaces are configured, to be handled
|
||
gracefully. It may occur in particular when a different network
|
||
manager is also enabled and used.
|
||
|
||
* Some compatibility helpers were dropped: EmergencyAction= in the user
|
||
manager, as well as measuring kernel command line into PCR 8 in
|
||
systemd-stub, along with the -Defi-tpm-pcr-compat compile-time
|
||
option.
|
||
|
||
* The '-Dupdate-helper-user-timeout=' build-time option has been
|
||
renamed to '-Dupdate-helper-user-timeout-sec=', and now takes an
|
||
integer as parameter instead of a string.
|
||
|
||
* The DDI image dissection logic (which backs RootImage= in service
|
||
unit files, the --image= switch in various tools such as
|
||
systemd-nspawn, as well as systemd-dissect) will now only mount file
|
||
systems of types btrfs, ext4, xfs, erofs, squashfs, vfat. This list
|
||
can be overridden via the $SYSTEMD_DISSECT_FILE_SYSTEMS environment
|
||
variable. These file systems are fairly well supported and maintained
|
||
in current kernels, while others are usually more niche, exotic or
|
||
legacy and thus typically do not receive the same level of security
|
||
support and fixes.
|
||
|
||
* The default per-link multicast DNS mode is changed to "yes"
|
||
(that was previously "no"). As the default global multicast DNS mode
|
||
has been "yes" (but can be changed by the build option), now the
|
||
multicast DNS is enabled on all links by default. You can disable the
|
||
multicast DNS on all links by setting MulticastDNS= in resolved.conf,
|
||
or on an interface by calling "resolvectl mdns INTERFACE no".
|
||
|
||
New components:
|
||
|
||
* A tool 'ukify' tool to build, measure, and sign Unified Kernel Images
|
||
(UKIs) has been added. This replaces functionality provided by
|
||
'dracut --uefi' and extends it with automatic calculation of PE file
|
||
offsets, insertion of signed PCR policies generated by
|
||
systemd-measure, support for initrd concatenation, signing of the
|
||
embedded Linux image and the combined image with sbsign, and
|
||
heuristics to autodetect the kernel uname and verify the splash
|
||
image.
|
||
|
||
Changes in systemd and units:
|
||
|
||
* A new service type Type=notify-reload is defined. When such a unit is
|
||
reloaded a UNIX process signal (typically SIGHUP) is sent to the main
|
||
service process. The manager will then wait until it receives a
|
||
"RELOADING=1" followed by a "READY=1" notification from the unit as
|
||
response (via sd_notify()). Otherwise, this type is the same as
|
||
Type=notify. A new setting ReloadSignal= may be used to change the
|
||
signal to send from the default of SIGHUP.
|
||
|
||
user@.service, systemd-networkd.service, systemd-udevd.service, and
|
||
systemd-logind have been updated to this type.
|
||
|
||
* Initrd environments which are not on a pure memory file system (e.g.
|
||
overlayfs combination as opposed to tmpfs) are now supported. With
|
||
this change, during the initrd → host transition ("switch root")
|
||
systemd will erase all files of the initrd only when the initrd is
|
||
backed by a memory file system such as tmpfs.
|
||
|
||
* New per-unit MemoryZSwapMax= option has been added to configure
|
||
memory.zswap.max cgroup properties (the maximum amount of zswap
|
||
used).
|
||
|
||
* A new LogFilterPatterns= option has been added for units. It may be
|
||
used to specify accept/deny regular expressions for log messages
|
||
generated by the unit, that shall be enforced by systemd-journald.
|
||
Rejected messages are neither stored in the journal nor forwarded.
|
||
This option may be used to suppress noisy or uninteresting messages
|
||
from units.
|
||
|
||
* The manager has a new
|
||
org.freedesktop.systemd1.Manager.GetUnitByPIDFD() D-Bus method to
|
||
query process ownership via a PIDFD, which is more resilient against
|
||
PID recycling issues.
|
||
|
||
* Scope units now support OOMPolicy=. Login session scopes default to
|
||
OOMPolicy=continue, allowing login scopes to survive the OOM killer
|
||
terminating some processes in the scope.
|
||
|
||
* systemd-fstab-generator now supports x-systemd.makefs option for
|
||
/sysroot/ (in the initrd).
|
||
|
||
* The maximum rate at which daemon reloads are executed can now be
|
||
limited with the new ReloadLimitIntervalSec=/ReloadLimitBurst=
|
||
options. (Or the equivalent on the kernel command line:
|
||
systemd.reload_limit_interval_sec=/systemd.reload_limit_burst=). In
|
||
addition, systemd now logs the originating unit and PID when a reload
|
||
request is received over D-Bus.
|
||
|
||
* When enabling a swap device systemd will now reinitialize the device
|
||
when the page size of the swap space does not match the page size of
|
||
the running kernel. Note that this requires the 'swapon' utility to
|
||
provide the '--fixpgsz' option, as implemented by util-linux, and it
|
||
is not supported by busybox at the time of writing.
|
||
|
||
* systemd now executes generator programs in a mount namespace
|
||
"sandbox" with most of the file system read-only and write access
|
||
restricted to the output directories, and with a temporary /tmp/
|
||
mount provided. This provides a safeguard against programming errors
|
||
in the generators, but also fixes here-docs in shells, which
|
||
previously didn't work in early boot when /tmp/ wasn't available
|
||
yet. (This feature has no security implications, because the code is
|
||
still privileged and can trivially exit the sandbox.)
|
||
|
||
* The system manager will now parse a new "vmm.notify_socket"
|
||
system credential, which may be supplied to a VM via SMBIOS. If
|
||
found, the manager will send a "READY=1" notification on the
|
||
specified socket after boot is complete. This allows readiness
|
||
notification to be sent from a VM guest to the VM host over a VSOCK
|
||
socket.
|
||
|
||
* The sample PAM configuration file for systemd-user@.service now
|
||
includes a call to pam_namespace. This puts children of user@.service
|
||
in the expected namespace. (Many distributions replace their file
|
||
with something custom, so this change has limited effect.)
|
||
|
||
* A new environment variable $SYSTEMD_DEFAULT_MOUNT_RATE_LIMIT_BURST
|
||
can be used to override the mount units burst late limit for
|
||
parsing '/proc/self/mountinfo', which was introduced in v249.
|
||
Defaults to 5.
|
||
|
||
* Drop-ins for init.scope changing control group resource limits are
|
||
now applied, while they were previously ignored.
|
||
|
||
* New build-time configuration options '-Ddefault-timeout-sec=' and
|
||
'-Ddefault-user-timeout-sec=' have been added, to let distributions
|
||
choose the default timeout for starting/stopping/aborting system and
|
||
user units respectively.
|
||
|
||
* Service units gained a new setting OpenFile= which may be used to
|
||
open arbitrary files in the file system (or connect to arbitrary
|
||
AF_UNIX sockets in the file system), and pass the open file
|
||
descriptor to the invoked process via the usual file descriptor
|
||
passing protocol. This is useful to give unprivileged services access
|
||
to select files which have restrictive access modes that would
|
||
normally not allow this. It's also useful in case RootDirectory= or
|
||
RootImage= is used to allow access to files from the host environment
|
||
(which is after all not visible from the service if these two options
|
||
are used.)
|
||
|
||
Changes in udev:
|
||
|
||
* The new net naming scheme "v253" has been introduced. In the new
|
||
scheme, ID_NET_NAME_PATH is also set for USB devices not connected via
|
||
a PCI bus. This extends the coverage of predictable interface names
|
||
in some embedded systems.
|
||
|
||
The "amba" bus path is now included in ID_NET_NAME_PATH, resulting in
|
||
a more informative path on some embedded systems.
|
||
|
||
* Partition block devices will now also get symlinks in
|
||
/dev/disk/by-diskseq/<seq>-part<n>, which may be used to reference
|
||
block device nodes via the kernel's "diskseq" value. Previously those
|
||
symlinks were only created for the main block device.
|
||
|
||
* A new operator '-=' is supported for SYMLINK variables. This allows
|
||
symlinks to be unconfigured even if an earlier rule added them.
|
||
|
||
* 'udevadm --trigger --settle' now also works for network devices
|
||
that are being renamed.
|
||
|
||
Changes in sd-boot, bootctl, and the Boot Loader Specification:
|
||
|
||
* systemd-boot now passes its random seed directly to the kernel's RNG
|
||
via the LINUX_EFI_RANDOM_SEED_TABLE_GUID configuration table, which
|
||
means the RNG gets seeded very early in boot before userspace has
|
||
started.
|
||
|
||
* systemd-boot will pass a disk-backed random seed – even when secure
|
||
boot is enabled – if it can additionally get a random seed from EFI
|
||
itself (via EFI's RNG protocol), or a prior seed in
|
||
LINUX_EFI_RANDOM_SEED_TABLE_GUID from a preceding bootloader.
|
||
|
||
* systemd-boot-system-token.service was renamed to
|
||
systemd-boot-random-seed.service and extended to always save a random
|
||
seed to ESP on every boot when a compatible boot loader is used. This
|
||
allows a refreshed random seed to be used in the boot loader.
|
||
|
||
* systemd-boot handles various seed inputs using a domain- and
|
||
field-separated hashing scheme.
|
||
|
||
* systemd-boot's 'random-seed-mode' option has been removed. A system
|
||
token is now always required to be present for random seeds to be
|
||
used.
|
||
|
||
* systemd-boot now supports being loaded from other locations than the
|
||
ESP, for example for direct kernel boot under QEMU or when embedded
|
||
into the firmware.
|
||
|
||
* systemd-boot now parses SMBIOS information to detect
|
||
virtualization. This information is used to skip some warnings which
|
||
are not useful in a VM and to conditionalize other aspects of
|
||
behaviour.
|
||
|
||
* systemd-boot now supports a new 'if-safe' mode that will perform UEFI
|
||
Secure Boot automated certificate enrollment from the ESP only if it
|
||
is considered 'safe' to do so. At the moment 'safe' means running in
|
||
a virtual machine.
|
||
|
||
* systemd-stub now processes random seeds in the same way as
|
||
systemd-boot already does, in case a unified kernel image is being
|
||
used from a different bootloader than systemd-boot, or without any
|
||
boot load at all.
|
||
|
||
* bootctl will now generate a system token on all EFI systems, even
|
||
virtualized ones, and is activated in the case that the system token
|
||
is missing from either sd-boot and sd-stub booted systems.
|
||
|
||
* bootctl now implements two new verbs: 'kernel-identify' prints the
|
||
type of a kernel image file, and 'kernel-inspect' provides
|
||
information about the embedded command line and kernel version of
|
||
UKIs.
|
||
|
||
* bootctl now honours $KERNEL_INSTALL_CONF_ROOT with the same meaning
|
||
as for kernel-install.
|
||
|
||
* The JSON output of "bootctl list" will now contain two more fields:
|
||
isDefault and isSelected are boolean fields set to true on the
|
||
default and currently booted boot menu entries.
|
||
|
||
* bootctl gained a new verb "unlink" for removing a boot loader entry
|
||
type #1 file from disk in a safe and robust way.
|
||
|
||
* bootctl also gained a new verb "cleanup" that automatically removes
|
||
all files from the ESP's and XBOOTLDR's "entry-token" directory, that
|
||
is not referenced anymore by any installed Type #1 boot loader
|
||
specification entry. This is particularly useful in environments where
|
||
a large number of entries reference the same or partly the same
|
||
resources (for example, for snapshot-based setups).
|
||
|
||
Changes in kernel-install:
|
||
|
||
* A new "installation layout" can be configured as layout=uki. With
|
||
this setting, a Boot Loader Specification Type#1 entry will not be
|
||
created. Instead, a new kernel-install plugin 90-uki-copy.install
|
||
will copy any .efi files from the staging area into the boot
|
||
partition. A plugin to generate the UKI .efi file must be provided
|
||
separately.
|
||
|
||
Changes in systemctl:
|
||
|
||
* 'systemctl reboot' has dropped support for accepting a positional
|
||
argument as the argument to the reboot(2) syscall. Please use the
|
||
--reboot-argument= option instead.
|
||
|
||
* 'systemctl disable' will now warn when called on units without
|
||
install information. A new --no-warn option has been added that
|
||
silences this warning.
|
||
|
||
* New option '--drop-in=' can be used to tell 'systemctl edit' the name
|
||
of the drop-in to edit. (Previously, 'override.conf' was always
|
||
used.)
|
||
|
||
* 'systemctl list-dependencies' now respects --type= and --state=.
|
||
|
||
* 'systemctl kexec' now supports XEN VMM environments.
|
||
|
||
* 'systemctl edit' will now tell the invoked editor to jump into the
|
||
first line with actual unit file data, skipping over synthesized
|
||
comments.
|
||
|
||
Changes in systemd-networkd and related tools:
|
||
|
||
* The [DHCPv4] section in .network file gained new SocketPriority=
|
||
setting that assigns the Linux socket priority used by the DHCPv4 raw
|
||
socket. This may be used in conjunction with the
|
||
EgressQOSMaps=setting in [VLAN] section of .netdev file to send the
|
||
desired ethernet 802.1Q frame priority for DHCPv4 initial
|
||
packets. This cannot be achieved with netfilter mangle tables because
|
||
of the raw socket bypass.
|
||
|
||
* The [DHCPv4] and [IPv6AcceptRA] sections in .network file gained a
|
||
new QuickAck= boolean setting that enables the TCP quick ACK mode for
|
||
the routes configured by the acquired DHCPv4 lease or received router
|
||
advertisements (RAs).
|
||
|
||
* The RouteMetric= option (for DHCPv4, DHCPv6, and IPv6 advertised
|
||
routes) now accepts three values, for high, medium, and low preference
|
||
of the router (which can be set with the RouterPreference=) setting.
|
||
|
||
* systemd-networkd-wait-online now supports matching via alternative
|
||
interface names.
|
||
|
||
* The [DHCPv6] section in .network file gained new SendRelease=
|
||
setting which enables the DHCPv6 client to send release when
|
||
it stops. This is the analog of the [DHCPv4] SendRelease= setting.
|
||
It is enabled by default.
|
||
|
||
* If the Address= setting in [Network] or [Address] sections in .network
|
||
specified without its prefix length, then now systemd-networkd assumes
|
||
/32 for IPv4 or /128 for IPv6 addresses.
|
||
|
||
* networkctl shows network and link file dropins in status output.
|
||
|
||
Changes in systemd-dissect:
|
||
|
||
* systemd-dissect gained a new option --list, to print the paths of
|
||
all files and directories in a DDI.
|
||
|
||
* systemd-dissect gained a new option --mtree, to generate a file
|
||
manifest compatible with BSD mtree(5) of a DDI
|
||
|
||
* systemd-dissect gained a new option --with, to execute a command with
|
||
the specified DDI temporarily mounted and used as working
|
||
directory. This is for example useful to convert a DDI to "tar"
|
||
simply by running it within a "systemd-dissect --with" invocation.
|
||
|
||
* systemd-dissect gained a new option --discover, to search for
|
||
Discoverable Disk Images (DDIs) in well-known directories of the
|
||
system. This will list machine, portable service and system extension
|
||
disk images.
|
||
|
||
* systemd-dissect now understands 2nd stage initrd images stored as a
|
||
Discoverable Disk Image (DDI).
|
||
|
||
* systemd-dissect will now display the main UUID of GPT DDIs (i.e. the
|
||
disk UUID stored in the GPT header) among the other data it can show.
|
||
|
||
* systemd-dissect gained a new --in-memory switch to operate on an
|
||
in-memory copy of the specified DDI file. This is useful to access a
|
||
DDI with write access without persisting any changes. It's also
|
||
useful for accessing a DDI without keeping the originating file
|
||
system busy.
|
||
|
||
* The DDI dissection logic will now automatically detect the intended
|
||
sector size of disk images stored in files, based on the GPT
|
||
partition table arrangement. Loopback block devices for such DDIs
|
||
will then be configured automatically for the right sector size. This
|
||
is useful to make dealing with modern 4K sector size DDIs fully
|
||
automatic. The systemd-dissect tool will now show the detected sector
|
||
size among the other DDI information in its output.
|
||
|
||
Changes in systemd-repart:
|
||
|
||
* systemd-repart gained new options --include-partitions= and
|
||
--exclude-partitions= to filter operation on partitions by type UUID.
|
||
This allows systemd-repart to be used to build images in which the
|
||
type of one partition is set based on the contents of another
|
||
partition (for example when the boot partition shall include a verity
|
||
hash of the root partition).
|
||
|
||
* systemd-repart also gained a --defer-partitions= option that is
|
||
similar to --exclude-partitions=, but the size of the partition is
|
||
still taken into account when sizing partitions, but without
|
||
populating it.
|
||
|
||
* systemd-repart gained a new --sector-size= option to specify what
|
||
sector size should be used when an image is created.
|
||
|
||
* systemd-repart now supports generating erofs file systems via
|
||
CopyFiles= (a read-only file system similar to squashfs).
|
||
|
||
* The Minimize= option was extended to accept "best" (which means the
|
||
most minimal image possible, but may require multiple attempts) and
|
||
"guess" (which means a reasonably small image).
|
||
|
||
* The systemd-growfs binary now comes with a regular unit file template
|
||
systemd-growfs@.service which can be instantiated directly for any
|
||
desired file system. (Previously, the unit was generated dynamically
|
||
by various generators, but no regular unit file template was
|
||
available.)
|
||
|
||
Changes in journal tools:
|
||
|
||
* Various systemd tools will append extra fields to log messages when
|
||
in debug mode, or when SYSTEMD_ENABLE_LOG_CONTEXT=1 is set. Currently
|
||
this includes information about D-Bus messages when sd-bus is used,
|
||
e.g. DBUS_SENDER=, DBUS_DESTINATION=, and DBUS_PATH=, and information
|
||
about devices when sd-device is used, e.g. DEVNAME= and DRIVER=.
|
||
Details of what is logged and when are subject to change.
|
||
|
||
* The systemd-journald-audit.socket can now be disabled via the usual
|
||
"systemctl disable" mechanism to stop collection of audit
|
||
messages. Please note that it is not enabled statically anymore and
|
||
must be handled by the preset/enablement logic in package
|
||
installation scripts.
|
||
|
||
* New options MaxUse=, KeepFree=, MaxFileSize=, and MaxFiles= can
|
||
be used to curtail disk use by systemd-journal-remote. This is
|
||
similar to the options supported by systemd-journald.
|
||
|
||
Changes in systemd-cryptenroll, systemd-cryptsetup, and related
|
||
components:
|
||
|
||
* When enrolling new keys systemd-cryptenroll now supports unlocking
|
||
via FIDO2 tokens (option --unlock-fido2-device=). Previously, a
|
||
password was strictly required to be specified.
|
||
|
||
* systemd-cryptsetup now supports pre-flight requests for FIDO2 tokens
|
||
(except for tokens with user verification, UV) to identify tokens
|
||
before authentication. Multiple FIDO2 tokens can now be enrolled at
|
||
the same time, and systemd-cryptsetup will automatically select one
|
||
that corresponds to one of the available LUKS key slots.
|
||
|
||
* systemd-cryptsetup now supports new options tpm2-measure-bank= and
|
||
tpm2-measure-pcr= in crypttab(5). These allow specifying the TPM2 PCR
|
||
bank and number into which the volume key should be measured. This is
|
||
automatically enabled for the encrypted root volume discovered and
|
||
activated by systemd-gpt-auto-generator.
|
||
|
||
* systemd-gpt-auto-generator mounts the ESP and XBOOTLDR partitions with
|
||
"noexec,nosuid,nodev".
|
||
|
||
* systemd-gpt-auto-generator will now honour the rootfstype= and
|
||
rootflags= kernel command line switches for root file systems it
|
||
discovers, to match behaviour in case an explicit root fs is
|
||
specified via root=.
|
||
|
||
* systemd-pcrphase gained new options --machine-id and --file-system=
|
||
to measure the machine-id and mount point information into PCR 15.
|
||
New service unit files systemd-pcrmachine.service and
|
||
systemd-pcrfs@.service have been added that invoke the tool with
|
||
these switches during early boot.
|
||
|
||
* systemd-pcrphase gained a --graceful switch will make it exit cleanly
|
||
with a success exit code even if no TPM device is detected.
|
||
|
||
* systemd-cryptenroll now stores the user-supplied PIN with a salt,
|
||
making it harder to brute-force.
|
||
|
||
Changes in other tools:
|
||
|
||
* systemd-homed gained support for luksPbkdfForceIterations (the
|
||
intended number of iterations for the PBKDF operation on LUKS).
|
||
|
||
* Environment variables $SYSTEMD_HOME_MKFS_OPTIONS_BTRFS,
|
||
$SYSTEMD_HOME_MKFS_OPTIONS_EXT4, and $SYSTEMD_HOME_MKFS_OPTIONS_XFS
|
||
may now be used to specify additional arguments for mkfs when
|
||
systemd-homed formats a file system.
|
||
|
||
* systemd-hostnamed now exports the contents of
|
||
/sys/class/dmi/id/bios_vendor and /sys/class/dmi/id/bios_date via two
|
||
new D-Bus properties: FirmwareVendor and FirmwareDate. This allows
|
||
unprivileged code to access those values.
|
||
|
||
systemd-hostnamed also exports the SUPPORT_END= field from
|
||
os-release(5) as OperatingSystemSupportEnd. hostnamectl make uses of
|
||
this to show the status of the installed system.
|
||
|
||
* systemd-measure gained an --append= option to sign multiple phase
|
||
paths with different signing keys. This allows secrets to be
|
||
accessible only in certain parts of the boot sequence. Note that
|
||
'ukify' provides similar functionality in a more accessible form.
|
||
|
||
* systemd-timesyncd will now write a structured log message with
|
||
MESSAGE_ID set to SD_MESSAGE_TIME_BUMP when it bumps the clock based
|
||
on a on-disk timestamp, similarly to what it did when reaching
|
||
synchronization via NTP.
|
||
|
||
* systemd-timesyncd will now update the on-disk timestamp file on each
|
||
boot at least once, making it more likely that the system time
|
||
increases in subsequent boots.
|
||
|
||
* systemd-vconsole-setup gained support for system/service credentials:
|
||
vconsole.keymap/vconsole.keymap_toggle and
|
||
vconsole.font/vconsole.font_map/vconsole.font_unimap are analogous
|
||
the similarly-named options in vconsole.conf.
|
||
|
||
* systemd-localed will now save the XKB keyboard configuration to
|
||
/etc/vconsole.conf, and also read it from there with a higher
|
||
preference than the /etc/X11/xorg.conf.d/00-keyboard.conf config
|
||
file. Previously, this information was stored in the former file in
|
||
converted form, and only in latter file in the original form. Tools
|
||
which want to access keyboard configuration can now do so from a
|
||
standard location.
|
||
|
||
* systemd-resolved gained support for configuring the nameservers and
|
||
search domains via kernel command line (nameserver=, domain=) and
|
||
credentials (network.dns, network.search_domains).
|
||
|
||
* systemd-resolved will now synthesize host names for the DNS stub
|
||
addresses it supports. Specifically when "_localdnsstub" is resolved,
|
||
127.0.0.53 is returned, and if "_localdnsproxy" is resolved
|
||
127.0.0.54 is returned.
|
||
|
||
* systemd-notify will now send a "RELOADING=1" notification when called
|
||
with --reloading, and "STOPPING=1" when called with --stopping. This
|
||
can be used to implement notifications from units where it's easier
|
||
to call a program than to use the sd-daemon library.
|
||
|
||
* systemd-analyze's 'plot' command can now output its information in
|
||
JSON, controlled via the --json= switch. Also, new --table, and
|
||
--no-legend options have been added.
|
||
|
||
* 'machinectl enable' will now automatically enable machines.target
|
||
unit in addition to adding the machine unit to the target.
|
||
|
||
Similarly, 'machinectl start|stop' gained a --now option to enable or
|
||
disable the machine unit when starting or stopping it.
|
||
|
||
* systemd-sysusers will now create /etc/ if it is missing.
|
||
|
||
* systemd-sleep 'HibernateDelaySec=' setting is changed back to
|
||
pre-v252's behaviour, and a new 'SuspendEstimationSec=' setting is
|
||
added to provide the new initial value for the new automated battery
|
||
estimation functionality. If 'HibernateDelaySec=' is set to any value,
|
||
the automated estimate (and thus the automated hibernation on low
|
||
battery to avoid data loss) functionality will be disabled.
|
||
|
||
* Default tmpfiles.d/ configuration will now automatically create
|
||
credentials storage directory '/etc/credstore/' with the appropriate,
|
||
secure permissions. If '/run/credstore/' exists, its permissions will
|
||
be fixed too in case they are not correct.
|
||
|
||
Changes in libsystemd and shared code:
|
||
|
||
* sd-bus gained new convenience functions sd_bus_emit_signal_to(),
|
||
sd_bus_emit_signal_tov(), and sd_bus_message_new_signal_to().
|
||
|
||
* sd-id128 functions now return -EUCLEAN (instead of -EIO) when the
|
||
128-bit ID in files such as /etc/machine-id has an invalid
|
||
format. They also accept NULL as output parameter in more places,
|
||
which is useful when the caller only wants to validate the inputs and
|
||
does not need the output value.
|
||
|
||
* sd-login gained new functions sd_pidfd_get_session(),
|
||
sd_pidfd_get_owner_uid(), sd_pidfd_get_unit(),
|
||
sd_pidfd_get_user_unit(), sd_pidfd_get_slice(),
|
||
sd_pidfd_get_user_slice(), sd_pidfd_get_machine_name(), and
|
||
sd_pidfd_get_cgroup(), that are analogous to sd_pid_get_*(),
|
||
but accept a PIDFD instead of a PID.
|
||
|
||
* sd-path (and systemd-path) now export four new paths:
|
||
SD_PATH_SYSTEMD_SYSTEM_ENVIRONMENT_GENERATOR,
|
||
SD_PATH_SYSTEMD_USER_ENVIRONMENT_GENERATOR,
|
||
SD_PATH_SYSTEMD_SEARCH_SYSTEM_ENVIRONMENT_GENERATOR, and
|
||
SD_PATH_SYSTEMD_SEARCH_USER_ENVIRONMENT_GENERATOR,
|
||
|
||
* sd_notify() now supports AF_VSOCK as transport for notification
|
||
messages (in addition to the existing AF_UNIX support). This is
|
||
enabled if $NOTIFY_SOCKET is set in a "vsock:CID:port" format.
|
||
|
||
* Detection of chroot() environments now works if /proc/ is not
|
||
mounted. This affects systemd-detect-virt --chroot, but also means
|
||
that systemd tools will silently skip various operations in such an
|
||
environment.
|
||
|
||
* "Lockheed Martin Hardened Security for Intel Processors" (HS SRE)
|
||
virtualization is now detected.
|
||
|
||
Changes in the build system:
|
||
|
||
* Standalone variants of systemd-repart and systemd-shutdown may now be
|
||
built (if -Dstandalone=true).
|
||
|
||
* systemd-ac-power has been moved from /usr/lib/ to /usr/bin/, to, for
|
||
example, allow scripts to conditionalize execution on AC power
|
||
supply.
|
||
|
||
* The libp11kit library is now loaded through dlopen(3).
|
||
|
||
Changes in the documentation:
|
||
|
||
* Specifications that are not closely tied to systemd have moved to
|
||
https://uapi-group.org/specifications/: the Boot Loader Specification
|
||
and the Discoverable Partitions Specification.
|
||
|
||
Contributions from: 김인수, 13r0ck, Aidan Dang, Alberto Planas,
|
||
Alvin Šipraga, Andika Triwidada, AndyChi, angus-p, Anita Zhang,
|
||
Antonio Alvarez Feijoo, Arsen Arsenović, asavah, Benjamin Fogle,
|
||
Benjamin Tissoires, berenddeschouwer, BerndAdameit,
|
||
Bernd Steinhauser, blutch112, cake03, Callum Farmer, Carlo Teubner,
|
||
Charles Hardin, chris, Christian Brauner, Christian Göttsche,
|
||
Cristian Rodríguez, Daan De Meyer, Dan Streetman, DaPigGuy,
|
||
Darrell Kavanagh, David Tardon, dependabot[bot], Dirk Su,
|
||
Dmitry V. Levin, drosdeck, Edson Juliano Drosdeck, edupont,
|
||
Eric DeVolder, Erik Moqvist, Evgeny Vereshchagin, Fabian Gurtner,
|
||
Felix Riemann, Franck Bui, Frantisek Sumsal, Geert Lorang,
|
||
Gerd Hoffmann, Gio, Hannoskaj, Hans de Goede, Hugo Carvalho,
|
||
igo95862, Ilya Leoshkevich, Ivan Shapovalov, Jacek Migacz,
|
||
Jade Lovelace, Jan Engelhardt, Jan Janssen, Jan Macku, January,
|
||
Jason A. Donenfeld, jcg, Jean-Tiare Le Bigot, Jelle van der Waa,
|
||
Jeremy Linton, Jian Zhang, Jiayi Chen, Jia Zhang, Joerg Behrmann,
|
||
Jörg Thalheim, Joshua Goins, joshuazivkovic, Joshua Zivkovic,
|
||
Kai-Chuan Hsieh, Khem Raj, Koba Ko, Lennart Poettering, lichao,
|
||
Li kunyu, Luca Boccassi, Luca BRUNO, Ludwig Nussel,
|
||
Łukasz Stelmach, Lycowolf, marcel151, Marcus Schäfer, Marek Vasut,
|
||
Mark Laws, Michael Biebl, Michał Kotyla, Michal Koutný,
|
||
Michal Sekletár, Mike Gilbert, Mike Yuan, MkfsSion, ml,
|
||
msizanoen1, mvzlb, MVZ Ludwigsburg, Neil Moore, Nick Rosbrook,
|
||
noodlejetski, Pasha Vorobyev, Peter Cai, p-fpv, Phaedrus Leeds,
|
||
Philipp Jungkamp, Quentin Deslandes, Raul Tambre, Ray Strode,
|
||
reuben olinsky, Richard E. van der Luit, Richard Phibel,
|
||
Ricky Tigg, Robin Humble, rogg, Rudi Heitbaum, Sam James,
|
||
Samuel Cabrero, Samuel Thibault, Siddhesh Poyarekar, Simon Brand,
|
||
Space Meyer, Spindle Security, Steve Ramage, Takashi Sakamoto,
|
||
Thomas Haller, Tonći Galić, Topi Miettinen, Torsten Hilbrich,
|
||
Tuetuopay, uerdogan, Ulrich Ölmann, Valentin David,
|
||
Vitaly Kuznetsov, Vito Caputo, Waltibaba, Will Fancher,
|
||
William Roberts, wouter bolsterlee, Youfu Zhang, Yu Watanabe,
|
||
Zbigniew Jędrzejewski-Szmek, Дамјан Георгиевски,
|
||
наб
|
||
|
||
— Warsaw, 2023-02-15
|
||
|
||
CHANGES WITH 252 🎃:
|
||
|
||
Announcements of Future Feature Removals:
|
||
|
||
* We intend to remove cgroup v1 support from systemd release after the
|
||
end of 2023. If you run services that make explicit use of cgroup v1
|
||
features (i.e. the "legacy hierarchy" with separate hierarchies for
|
||
each controller), please implement compatibility with cgroup v2 (i.e.
|
||
the "unified hierarchy") sooner rather than later. Most of Linux
|
||
userspace has been ported over already.
|
||
|
||
* We intend to remove support for split-usr (/usr mounted separately
|
||
during boot) and unmerged-usr (parallel directories /bin and
|
||
/usr/bin, /lib and /usr/lib, etc). This will happen in the second
|
||
half of 2023, in the first release that falls into that time window.
|
||
For more details, see:
|
||
https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html
|
||
|
||
Compatibility Breaks:
|
||
|
||
* ConditionKernelVersion= checks that use the '=' or '!=' operators
|
||
will now do simple string comparisons (instead of version comparisons
|
||
à la stverscmp()). Version comparisons are still done for the
|
||
ordering operators '<', '>', '<=', '>='. Moreover, if no operator is
|
||
specified, a shell-style glob match is now done. This creates a minor
|
||
incompatibility compared to older systemd versions when the '*', '?',
|
||
'[', ']' characters are used, as these will now match as shell globs
|
||
instead of literally. Given that kernel version strings typically do
|
||
not include these characters we expect little breakage through this
|
||
change.
|
||
|
||
* The service manager will now read the SELinux label used for SELinux
|
||
access checks from the unit file at the time it loads the file.
|
||
Previously, the label would be read at the moment of the access
|
||
check, which was problematic since at that time the unit file might
|
||
already have been updated or removed.
|
||
|
||
New Features:
|
||
|
||
* systemd-measure is a new tool for calculating and signing expected
|
||
TPM2 PCR values for a given unified kernel image (UKI) booted via
|
||
sd-stub. The public key used for the signature and the signed
|
||
expected PCR information can be embedded inside the UKI. This
|
||
information can be extracted from the UKI by external tools and code
|
||
in the image itself and is made available to userspace in the booted
|
||
kernel.
|
||
|
||
systemd-cryptsetup, systemd-cryptenroll, and systemd-creds have been
|
||
updated to make use of this information if available in the booted
|
||
kernel: when locking an encrypted volume/credential to the TPM
|
||
systemd-cryptenroll/systemd-creds will use the public key to bind the
|
||
volume/credential to any kernel that carries PCR information signed
|
||
by the same key pair. When unlocking such volumes/credentials
|
||
systemd-cryptsetup/systemd-creds will use the signature embedded in
|
||
the booted UKI to gain access.
|
||
|
||
Binding TPM-based disk encryption to public keys/signatures of PCR
|
||
values — instead of literal PCR values — addresses the inherent
|
||
"brittleness" of traditional PCR-bound TPM disk encryption schemes:
|
||
disks remain accessible even if the UKI is updated, without any TPM
|
||
specific preparation during the OS update — as long as each UKI
|
||
carries the necessary PCR signature information.
|
||
|
||
Net effect: if you boot a properly prepared kernel, TPM-bound disk
|
||
encryption now defaults to be locked to kernels which carry PCR
|
||
signatures from the same key pair. Example: if a hypothetical distro
|
||
FooOS prepares its UKIs like this, TPM-based disk encryption is now –
|
||
by default – bound to only FooOS kernels, and encrypted volumes bound
|
||
to the TPM cannot be unlocked on kernels from other sources. (But do
|
||
note this behaviour requires preparation/enabling in the UKI, and of
|
||
course users can always enroll non-TPM ways to unlock the volume.)
|
||
|
||
* systemd-pcrphase is a new tool that is invoked at six places during
|
||
system runtime, and measures additional words into TPM2 PCR 11, to
|
||
mark milestones of the boot process. This allows binding access to
|
||
specific TPM2-encrypted secrets to specific phases of the boot
|
||
process. (Example: LUKS2 disk encryption key only accessible in the
|
||
initrd, but not later.)
|
||
|
||
Changes in systemd itself, i.e. the manager and units
|
||
|
||
* The cpu controller is delegated to user manager units by default, and
|
||
CPUWeight= settings are applied to the top-level user slice units
|
||
(app.slice, background.slice, session.slice). This provides a degree
|
||
of resource isolation between different user services competing for
|
||
the CPU.
|
||
|
||
* Systemd can optionally do a full preset in the "first boot" condition
|
||
(instead of just enable-only). This behaviour is controlled by the
|
||
compile-time option -Dfirst-boot-full-preset. Right now it defaults
|
||
to 'false', but the plan is to switch it to 'true' for the subsequent
|
||
release.
|
||
|
||
* Drop-ins are now allowed for transient units too.
|
||
|
||
* Systemd will set the taint flag 'support-ended' if it detects that
|
||
the OS image is past its end-of-support date. This date is declared
|
||
in a new /etc/os-release field SUPPORT_END= described below.
|
||
|
||
* Two new settings ConditionCredential= and AssertCredential= can be
|
||
used to skip or fail units if a certain system credential is not
|
||
provided.
|
||
|
||
* ConditionMemory= accepts size suffixes (K, M, G, T, …).
|
||
|
||
* DefaultSmackProcessLabel= can be used in system.conf and user.conf to
|
||
specify the SMACK security label to use when not specified in a unit
|
||
file.
|
||
|
||
* DefaultDeviceTimeoutSec= can be used in system.conf and user.conf to
|
||
specify the default timeout when waiting for device units to
|
||
activate.
|
||
|
||
* C.UTF-8 is used as the default locale if nothing else has been
|
||
configured.
|
||
|
||
* [Condition|Assert]Firmware= have been extended to support certain
|
||
SMBIOS fields. For example
|
||
|
||
ConditionFirmware=smbios-field(board_name = "Custom Board")
|
||
|
||
conditionalizes the unit to run only when
|
||
/sys/class/dmi/id/board_name contains "Custom Board" (without the
|
||
quotes).
|
||
|
||
* ConditionFirstBoot= now correctly evaluates as true only during the
|
||
boot phase of the first boot. A unit executed later, after booting
|
||
has completed, will no longer evaluate this condition as true.
|
||
|
||
* Socket units will now create sockets in the SELinuxContext= of the
|
||
associated service unit, if any.
|
||
|
||
* Boot phase transitions (start initrd → exit initrd → boot complete →
|
||
shutdown) will be measured into TPM2 PCR 11, so that secrets can be
|
||
bound to a specific runtime phase. E.g.: a LUKS encryption key can be
|
||
unsealed only in the initrd.
|
||
|
||
* Service credentials (i.e. SetCredential=/LoadCredential=/…) will now
|
||
also be provided to ExecStartPre= processes.
|
||
|
||
* Various units are now correctly ordered against
|
||
initrd-switch-root.target where previously a conflict without
|
||
ordering was configured. A stop job for those units would be queued,
|
||
but without the ordering it could be executed only after
|
||
initrd-switch-root.service, leading to units not being restarted in
|
||
the host system as expected.
|
||
|
||
* In order to fully support the IPMI watchdog driver, which has not yet
|
||
been ported to the new common watchdog device interface,
|
||
/dev/watchdog0 will be tried first and systemd will silently fallback
|
||
to /dev/watchdog if it is not found.
|
||
|
||
* New watchdog-related D-Bus properties are now published by systemd:
|
||
WatchdogDevice, WatchdogLastPingTimestamp,
|
||
WatchdogLastPingTimestampMonotonic.
|
||
|
||
* At shutdown, API virtual files systems (proc, sys, etc.) will be
|
||
unmounted lazily.
|
||
|
||
* At shutdown, systemd will now log about processes blocking unmounting
|
||
of file systems.
|
||
|
||
* A new meson build option 'clock-valid-range-usec-max' was added to
|
||
allow disabling system time correction if RTC returns a timestamp far
|
||
in the future.
|
||
|
||
* Propagated restart jobs will no longer be discarded while a unit is
|
||
activating.
|
||
|
||
* PID 1 will now import system credentials from SMBIOS Type 11 fields
|
||
("OEM vendor strings"), in addition to qemu_fwcfg. This provides a
|
||
simple, fast and generic path for supplying credentials to a VM,
|
||
without involving external tools such as cloud-init/ignition.
|
||
|
||
* The CPUWeight= setting of unit files now accepts a new special value
|
||
"idle", which configures "idle" level scheduling for the unit.
|
||
|
||
* Service processes that are activated due to a .timer or .path unit
|
||
triggering will now receive information about this via environment
|
||
variables. Note that this is information is lossy, as activation
|
||
might be coalesced and only one of the activating triggers will be
|
||
reported. This is hence more suited for debugging or tracing rather
|
||
than for behaviour decisions.
|
||
|
||
* The riscv_flush_icache(2) system call has been added to the list of
|
||
system calls allowed by default when SystemCallFilter= is used.
|
||
|
||
* The selinux context derived from the target executable, instead of
|
||
'init_t' used for the manager itself, is now used when creating
|
||
listening sockets for units that specify SELinuxContextFromNet=yes.
|
||
|
||
Changes in sd-boot, bootctl, and the Boot Loader Specification:
|
||
|
||
* The Boot Loader Specification has been cleaned up and clarified.
|
||
Various corner cases in version string comparisons have been fixed
|
||
(e.g. comparisons for empty strings). Boot counting is now part of
|
||
the main specification.
|
||
|
||
* New PCRs measurements are performed during boot: PCR 11 for the
|
||
kernel+initrd combo, PCR 13 for any sysext images. If a measurement
|
||
took place this is now reported to userspace via the new
|
||
StubPcrKernelImage and StubPcrInitRDSysExts EFI variables.
|
||
|
||
* As before, systemd-stub will measure kernel parameters and system
|
||
credentials into PCR 12. It will now report this fact via the
|
||
StubPcrKernelParameters EFI variable to userspace.
|
||
|
||
* The UEFI monotonic boot counter is now included in the updated random
|
||
seed file maintained by sd-boot, providing some additional entropy.
|
||
|
||
* sd-stub will use LoadImage/StartImage to execute the kernel, instead
|
||
of arranging the image manually and jumping to the kernel entry
|
||
point. sd-stub also installs a temporary UEFI SecurityOverride to
|
||
allow the (unsigned) nested image to be booted. This is safe because
|
||
the outer (signed) stub+kernel binary must have been verified before
|
||
the stub was executed.
|
||
|
||
* Booting in EFI mixed mode (a 64-bit kernel over 32-bit UEFI firmware)
|
||
is now supported by sd-boot.
|
||
|
||
* bootctl gained a bunch of new options: --all-architectures to install
|
||
binaries for all supported EFI architectures, --root= and --image=
|
||
options to operate on a directory or disk image, and
|
||
--install-source= to specify the source for binaries to install,
|
||
--efi-boot-option-description= to control the name of the boot entry.
|
||
|
||
* The sd-boot stub exports a StubFeatures flag, which is used by
|
||
bootctl to show features supported by the stub that was used to boot.
|
||
|
||
* The PE section offsets that are used by tools that assemble unified
|
||
kernel images have historically been hard-coded. This may lead to
|
||
overlapping PE sections which may break on boot. The UKI will now try
|
||
to detect and warn about this.
|
||
|
||
Any tools that assemble UKIs must update to calculate these offsets
|
||
dynamically. Future sd-stub versions may use offsets that will not
|
||
work with the currently used set of hard-coded offsets!
|
||
|
||
* sd-stub now accepts (and passes to the initrd and then to the full
|
||
OS) new PE sections '.pcrsig' and '.pcrkey' that can be used to embed
|
||
signatures of expected PCR values, to allow sealing secrets via the
|
||
TPM2 against pre-calculated PCR measurements.
|
||
|
||
Changes in the hardware database:
|
||
|
||
* 'systemd-hwdb query' now supports the --root= option.
|
||
|
||
Changes in systemctl:
|
||
|
||
* systemctl now supports --state= and --type= options for the 'show'
|
||
and 'status' verbs.
|
||
|
||
* systemctl gained a new verb 'list-automounts' to list automount
|
||
points.
|
||
|
||
* systemctl gained support for a new --image= switch to be able to
|
||
operate on the specified disk image (similar to the existing --root=
|
||
which operates relative to some directory).
|
||
|
||
Changes in systemd-networkd:
|
||
|
||
* networkd can set Linux NetLabel labels for integration with the
|
||
network control in security modules via a new NetLabel= option.
|
||
|
||
* The RapidCommit= is (re-)introduced to enable faster configuration
|
||
via DHCPv6 (RFC 3315).
|
||
|
||
* networkd gained a new option TCPCongestionControlAlgorithm= that
|
||
allows setting a per-route TCP algorithm.
|
||
|
||
* networkd gained a new option KeepFileDescriptor= to allow keeping a
|
||
reference (file descriptor) open on TUN/TAP interfaces, which is
|
||
useful to avoid link flaps while the underlying service providing the
|
||
interface is being serviced.
|
||
|
||
* RouteTable= now also accepts route table names.
|
||
|
||
Changes in systemd-nspawn:
|
||
|
||
* The --bind= and --overlay= options now support relative paths.
|
||
|
||
* The --bind= option now supports a 'rootidmap' value, which will
|
||
use id-mapped mounts to map the root user inside the container to the
|
||
owner of the mounted directory on the host.
|
||
|
||
Changes in systemd-resolved:
|
||
|
||
* systemd-resolved now persists DNSOverTLS in its state file too. This
|
||
fixes a problem when used in combination with NetworkManager, which
|
||
sends the setting only once, causing it to be lost if resolved was
|
||
restarted at any point.
|
||
|
||
* systemd-resolved now exposes a Varlink socket at
|
||
/run/systemd/resolve/io.systemd.Resolve.Monitor, accessible only for
|
||
root. Processed DNS requests in a JSON format will be published to
|
||
any clients connected to this socket.
|
||
|
||
resolvectl gained a 'monitor' verb to make use of this.
|
||
|
||
* systemd-resolved now treats unsupported DNSSEC algorithms as INSECURE
|
||
instead of returning SERVFAIL, as per RFC:
|
||
https://datatracker.ietf.org/doc/html/rfc6840#section-5.2
|
||
|
||
* OpenSSL is the default crypto backend for systemd-resolved. (gnutls
|
||
is still supported.)
|
||
|
||
Changes in libsystemd and other libraries:
|
||
|
||
* libsystemd now exports sd_bus_error_setfv() (a convenience function
|
||
for setting bus errors), sd_id128_string_equal (a convenience
|
||
function for 128-bit ID string comparisons), and
|
||
sd_bus_message_read_strv_extend() (a function to incrementally read
|
||
string arrays).
|
||
|
||
* libsystemd now exports sd_device_get_child_first()/_next() as a
|
||
high-level interface for enumerating child devices. It also supports
|
||
sd_device_new_child() for opening a child device given a device
|
||
object.
|
||
|
||
* libsystemd now exports sd_device_monitor_set()/get_description()
|
||
which allow setting a custom description that will be used in log
|
||
messages by sd_device_monitor*.
|
||
|
||
* Private shared libraries (libsystemd-shared-nnn.so,
|
||
libsystemd-core-nnn.so) are now installed into arch-specific
|
||
directories to allow multi-arch installs.
|
||
|
||
* A new sd-gpt.h header is now published, listing GUIDs from the
|
||
Discoverable Partitions specification. For more details see:
|
||
https://systemd.io/DISCOVERABLE_PARTITIONS/
|
||
|
||
* A new function sd_hwdb_new_from_path() has been added to open a hwdb
|
||
database given an explicit path to the file.
|
||
|
||
* The signal number argument to sd_event_add_signal() now can now be
|
||
ORed with the SD_EVENT_SIGNAL_PROCMASK flag, causing sigprocmask() to
|
||
be automatically invoked to block the specified signal. This is
|
||
useful to simplify invocations as the caller doesn't have to do this
|
||
manually.
|
||
|
||
* A new convenience call sd_event_set_signal_exit() has been added to
|
||
sd-event to set up signal handling so that the event loop
|
||
automatically terminates cleanly on SIGTERM/SIGINT.
|
||
|
||
Changes in other components:
|
||
|
||
* systemd-sysusers, systemd-tmpfiles, and systemd-sysctl configuration
|
||
can now be provided via the credential mechanism.
|
||
|
||
* systemd-analyze gained a new verb 'compare-versions' that implements
|
||
comparisons for versions strings (similarly to 'rpmdev-vercmp' and
|
||
'dpkg --compare-versions').
|
||
|
||
* 'systemd-analyze dump' is extended to accept glob patterns for unit
|
||
names to limit the output to matching units.
|
||
|
||
* tmpfiles.d/ lines can read file contents to write from a credential.
|
||
The new modifier char '^' is used to specify that the argument is a
|
||
credential name. This mechanism is used to automatically populate
|
||
/etc/motd, /etc/issue, and /etc/hosts from credentials.
|
||
|
||
* tmpfiles.d/ may now be configured to avoid changing uid/gid/mode of
|
||
an inode if the specification is prefixed with ':' and the inode
|
||
already exists.
|
||
|
||
* Default tmpfiles.d/ configuration now carries a line to automatically
|
||
use an 'ssh.authorized_keys.root' credential if provided to set up
|
||
the SSH authorized_keys file for the root user.
|
||
|
||
* systemd-tmpfiles will now gracefully handle absent source of "C" copy
|
||
lines.
|
||
|
||
* tmpfiles.d/ F/w lines now optionally permit encoding of the payload
|
||
in base64. This is useful to write arbitrary binary data into files.
|
||
|
||
* The pkgconfig and rpm macros files now export the directory for user
|
||
units as 'user_tmpfiles_dir' and '%_user_tmpfilesdir'.
|
||
|
||
* Detection of Apple Virtualization and detection of Parallels and
|
||
KubeVirt virtualization on non-x86 archs have been added.
|
||
|
||
* os-release gained a new field SUPPORT_END=YYYY-MM-DD to inform the
|
||
user when their system will become unsupported.
|
||
|
||
* When performing suspend-then-hibernate, the system will estimate the
|
||
discharge rate and use that to set the delay until hibernation and
|
||
hibernate immediately instead of suspending when running from a
|
||
battery and the capacity is below 5%.
|
||
|
||
* systemd-sysctl gained a --strict option to fail when a sysctl
|
||
setting is unknown to the kernel.
|
||
|
||
* machinectl supports --force for the 'copy-to' and 'copy-from'
|
||
verbs.
|
||
|
||
* coredumpctl gained the --root and --image options to look for journal
|
||
files under the specified root directory, image, or block device.
|
||
|
||
* 'journalctl -o' and similar commands now implement a new output mode
|
||
"short-delta". It is similar to "short-monotonic", but also shows the
|
||
time delta between subsequent messages.
|
||
|
||
* journalctl now respects the --quiet flag when verifying consistency
|
||
of journal files.
|
||
|
||
* Journal log messages gained a new implicit field _RUNTIME_SCOPE= that
|
||
will indicate whether a message was logged in the 'initrd' phase or
|
||
in the 'system' phase of the boot process.
|
||
|
||
* Journal files gained a new compatibility flag
|
||
'HEADER_INCOMPATIBLE_COMPACT'. Files with this flag implement changes
|
||
to the storage format that allow reducing size on disk. As with other
|
||
compatibility flags, older journalctl versions will not be able to
|
||
read journal files using this new format. The environment variable
|
||
'SYSTEMD_JOURNAL_COMPACT=0' can be passed to systemd-journald to
|
||
disable this functionality. It is enabled by default.
|
||
|
||
* systemd-run's --working-directory= switch now works when used in
|
||
combination with --scope.
|
||
|
||
* portablectl gained a --force flag to skip certain sanity checks. This
|
||
is implemented using new flags accepted by systemd-portabled for the
|
||
*WithExtensions() D-Bus methods: SD_SYSTEMD_PORTABLE_FORCE_ATTACH
|
||
flag now means that the attach/detach checks whether the units are
|
||
already present and running will be skipped. Similarly,
|
||
SD_SYSTEMD_PORTABLE_FORCE_SYSEXT flag means that the check whether
|
||
image name matches the name declared inside of the image will be
|
||
skipped. Callers must be sure to do those checks themselves if
|
||
appropriate.
|
||
|
||
* systemd-portabled will now use the original filename to check
|
||
extension-release.NAME for correctness, in case it is passed a
|
||
symlink.
|
||
|
||
* systemd-portabled now uses PrivateTmp=yes in the 'trusted' profile
|
||
too.
|
||
|
||
* sysext's extension-release files now support '_any' as a special
|
||
value for the ID= field, to allow distribution-independent extensions
|
||
(e.g.: fully statically compiled binaries, scripts). It also gained
|
||
support for a new ARCHITECTURE= field that may be used to explicitly
|
||
restrict an image to hosts of a specific architecture.
|
||
|
||
* systemd-repart now supports creating squashfs partitions. This
|
||
requires mksquashfs from squashfs-tools.
|
||
|
||
* systemd-repart gained a --split flag to also generate split
|
||
artifacts, i.e. a separate file for each partition. This is useful in
|
||
conjunction with systemd-sysupdate or other tools, or to generate
|
||
split dm-verity artifacts.
|
||
|
||
* systemd-repart is now able to generate dm-verity partitions, including
|
||
signatures.
|
||
|
||
* systemd-repart can now set a partition UUID to zero, allowing it to
|
||
be filled in later, such as when using verity partitions.
|
||
|
||
* systemd-repart now supports drop-ins for its configuration files.
|
||
|
||
* Package metadata logged by systemd-coredump in the system journal is
|
||
now more compact.
|
||
|
||
* xdg-autostart-service now expands 'tilde' characters in Exec lines.
|
||
|
||
* systemd-oomd now automatically links against libatomic, if available.
|
||
|
||
* systemd-oomd now sends out a 'Killed' D-Bus signal when a cgroup is
|
||
killed.
|
||
|
||
* scope units now also provide oom-kill status.
|
||
|
||
* systemd-pstore will now try to load only the efi_pstore kernel module
|
||
before running, ensuring that pstore can be used.
|
||
|
||
* systemd-logind gained a new StopIdleSessionSec= option to stop an idle
|
||
session after a preconfigure timeout.
|
||
|
||
* systemd-homed will now wait up to 30 seconds for workers to terminate,
|
||
rather than indefinitely.
|
||
|
||
* homectl gained a new '--luks-sector-size=' flag that allows users to
|
||
select the preferred LUKS sector size. Must be a power of 2 between 512
|
||
and 4096. systemd-userdbd records gained a corresponding field.
|
||
|
||
* systemd-sysusers will now respect the 'SOURCE_DATE_EPOCH' environment
|
||
variable when generating the 'sp_lstchg' field, to ensure an image
|
||
build can be reproducible.
|
||
|
||
* 'udevadm wait' will now listen to kernel uevents too when called with
|
||
--initialized=no.
|
||
|
||
* When naming network devices udev will now consult the Devicetree
|
||
"alias" fields for the device.
|
||
|
||
* systemd-udev will now create infiniband/by-path and
|
||
infiniband/by-ibdev links for Infiniband verbs devices.
|
||
|
||
* systemd-udev-trigger.service will now also prioritize input devices.
|
||
|
||
* ConditionACPower= and systemd-ac-power will now assume the system is
|
||
running on AC power if no battery can be found.
|
||
|
||
* All features and tools using the TPM2 will now communicate with it
|
||
using a bind key. Beforehand, the tpm2 support used encrypted sessions
|
||
by creating a primary key that was used to encrypt traffic. This
|
||
creates a problem as the key created for encrypting the traffic could
|
||
be faked by an active interposer on the bus. In cases when a pin is
|
||
used, a bind key will be used. The pin is used as the auth value for
|
||
the seal key, aka the disk encryption key, and that auth value will be
|
||
used in the session establishment. An attacker would need the pin
|
||
value to create the secure session and thus an active interposer
|
||
without the pin cannot interpose on TPM2 traffic.
|
||
|
||
* systemd-growfs no longer requires udev to run.
|
||
|
||
* systemd-backlight now will better support systems with multiple
|
||
graphic cards.
|
||
|
||
* systemd-cryptsetup's keyfile-timeout= option now also works when a
|
||
device is used as a keyfile.
|
||
|
||
* systemd-cryptenroll gained a new --unlock-key-file= option to get the
|
||
unlocking key from a key file (instead of prompting the user). Note
|
||
that this is the key for unlocking the volume in order to be able to
|
||
enroll a new key, but it is not the key that is enrolled.
|
||
|
||
* systemd-dissect gained a new --umount switch that will safely and
|
||
synchronously unmount all partitions of an image previously mounted
|
||
with 'systemd-dissect --mount'.
|
||
|
||
* When using gcrypt, all systemd tools and services will now configure
|
||
it to prefer the OS random number generator if present.
|
||
|
||
* All example code shipped with documentation has been relicensed from CC0
|
||
to MIT-0.
|
||
|
||
* Unit tests will no longer fail when running on a system without
|
||
/etc/machine-id.
|
||
|
||
Experimental features:
|
||
|
||
* BPF programs can now be compiled with bpf-gcc (requires libbpf >= 1.0
|
||
and bpftool >= 7.0).
|
||
|
||
* sd-boot can automatically enroll SecureBoot keys from files found on
|
||
the ESP. This enrollment can be either automatic ('force' mode) or
|
||
controlled by the user ('manual' mode). It is sufficient to place the
|
||
SecureBoot keys in the right place in the ESP and they will be picked
|
||
up by sd-boot and shown in the boot menu.
|
||
|
||
* The mkosi config in systemd gained support for automatically
|
||
compiling a kernel with the configuration appropriate for testing
|
||
systemd. This may be useful when developing or testing systemd in
|
||
tandem with the kernel.
|
||
|
||
Contributions from: 김인수, Adam Williamson, adrian5, Aidan Dang,
|
||
Akihiko Odaki, Alban Bedel, Albert Mikaelyan, Aleksey Vasenev,
|
||
Alexander Graf, Alexander Shopov, Alexander Wilson,
|
||
Alper Nebi Yasak, anarcat, Anders Jonsson, Andre Kalb,
|
||
Andrew Stone, Andrey Albershteyn, Anita Zhang, Ansgar Burchardt,
|
||
Antonio Alvarez Feijoo, Arnaud Ferraris, Aryan singh, asavah,
|
||
Avamander, Avram Lubkin, Balázs Meskó, Bastien Nocera,
|
||
Benjamin Franzke, BerndAdameit, bin456789, Celeste Liu,
|
||
Chih-Hsuan Yen, Christian Brauner, Christian Göttsche,
|
||
Christian Hesse, Clyde Byrd III, codefiles, Colin Walters,
|
||
Cristian Rodríguez, Daan De Meyer, Daniel Braunwarth,
|
||
Daniel Rusek, Dan Streetman, Darsey Litzenberger, David Edmundson,
|
||
David Jaša, David Rheinsberg, David Seifert, David Tardon,
|
||
dependabot[bot], Devendra Tewari, Dominique Martinet, drosdeck,
|
||
Edson Juliano Drosdeck, Eduard Tolosa, eggfly, Einsler Lee,
|
||
Elias Probst, Eli Schwartz, Evgeny Vereshchagin, exploide, Fei Li,
|
||
Foster Snowhill, Franck Bui, Frank Dana, Frantisek Sumsal,
|
||
Gerd Hoffmann, Gio, Goffredo Baroncelli, gtwang01,
|
||
Guillaume W. Bres, H A, Hans de Goede, Heinrich Schuchardt,
|
||
Hugo Carvalho, i-do-cpp, igo95862, j00512545, Jacek Migacz,
|
||
Jade Bilkey, James Hilliard, Jan B, Janis Goldschmidt,
|
||
Jan Janssen, Jan Kuparinen, Jan Luebbe, Jan Macku,
|
||
Jason A. Donenfeld, Javkhlanbayar Khongorzul, Jeremy Soller,
|
||
JeroenHD, jiangchuangang, João Loureiro,
|
||
Joaquín Ignacio Aramendía, Jochen Sprickerhof,
|
||
Johannes Schauer Marin Rodrigues, Jonas Kümmerlin,
|
||
Jonas Witschel, Jonathan Kang, Jonathan Lebon, Joost Heitbrink,
|
||
Jörg Thalheim, josh-gordon-fb, Joyce, Kai Lueke, lastkrick,
|
||
Lennart Poettering, Leon M. George, licunlong, Li kunyu,
|
||
LockBlock-dev, Loïc Collignon, Lubomir Rintel, Luca Boccassi,
|
||
Luca BRUNO, Ludwig Nussel, Łukasz Stelmach, Maccraft123,
|
||
Marc Kleine-Budde, Marius Vollmer, Martin Wilck, matoro,
|
||
Matthias Lisin, Max Gautier, Maxim Mikityanskiy, Michael Biebl,
|
||
Michal Koutný, Michal Sekletár, Michal Stanke, Mike Gilbert,
|
||
Mitchell Freiderich, msizanoen1, Nick Rosbrook, nl6720, Oğuz Ersen,
|
||
Oleg Solovyov, Olga Smirnova, Pablo Ceballos, Pavel Zhukov,
|
||
Phaedrus Leeds, Philipp Gortan, Piotr Drąg, Pyfisch,
|
||
Quentin Deslandes, Rahil Bhimjiani, Rene Hollander, Richard Huang,
|
||
Richard Phibel, Rudi Heitbaum, Sam James, Sarah Brofeldt,
|
||
Sean Anderson, Sebastian Scheibner, Shreenidhi Shedi,
|
||
Sonali Srivastava, Steve Ramage, Suraj Krishnan, Swapnil Devesh,
|
||
Takashi Sakamoto, Ted X. Toth, Temuri Doghonadze, Thomas Blume,
|
||
Thomas Haller, Thomas Hebb, Tomáš Hnyk, Tomasz Paweł Gajc,
|
||
Topi Miettinen, Ulrich Ölmann, undef, Uriel Corfa,
|
||
Victor Westerhuis, Vincent Dagonneau, Vishal Chillara Srinivas,
|
||
Vito Caputo, Weblate, Wenchao Hao, William Roberts, williamsumendap,
|
||
wineway, xiaoyang, Yuri Chornoivan, Yu Watanabe,
|
||
Zbigniew Jędrzejewski-Szmek, Zhaofeng Li, наб
|
||
|
||
– The Great Beyond, 2022-10-31 👻
|
||
|
||
CHANGES WITH 251:
|
||
|
||
Backwards-incompatible changes:
|
||
|
||
* The minimum kernel version required has been bumped from 3.13 to 4.15,
|
||
and CLOCK_BOOTTIME is now assumed to always exist.
|
||
|
||
* C11 with GNU extensions (aka "gnu11") is now used to build our
|
||
components. Public API headers are still restricted to ISO C89.
|
||
|
||
* In v250, a systemd-networkd feature that automatically configures
|
||
routes to addresses specified in AllowedIPs= was added and enabled by
|
||
default. However, this causes network connectivity issues in many
|
||
existing setups. Hence, it has been disabled by default since
|
||
systemd-stable 250.3. The feature can still be used by explicitly
|
||
configuring RouteTable= setting in .netdev files.
|
||
|
||
* Jobs started via StartUnitWithFlags() will no longer return 'skipped'
|
||
when a Condition*= check does not succeed, restoring the JobRemoved
|
||
signal to the behaviour it had before v250.
|
||
|
||
* The org.freedesktop.portable1 methods GetMetadataWithExtensions() and
|
||
GetImageMetadataWithExtensions() have been fixed to provide an extra
|
||
return parameter, containing the actual extension release metadata.
|
||
The current implementation was judged to be broken and unusable, and
|
||
thus the usual procedure of adding a new set of methods was skipped,
|
||
and backward compatibility broken instead on the assumption that
|
||
nobody can be affected given the current state of this interface.
|
||
|
||
* All kernels supported by systemd mix bytes returned by RDRAND (or
|
||
similar) into the entropy pool at early boot. This means that on
|
||
those systems, even if /dev/urandom is not yet initialized, it still
|
||
returns bytes that are of at least RDRAND quality. For that reason,
|
||
we no longer have reason to invoke RDRAND from systemd itself, which
|
||
has historically been a source of bugs. Furthermore, kernels ≥5.6
|
||
provide the getrandom(GRND_INSECURE) interface for returning random
|
||
bytes before the entropy pool is initialized without warning into
|
||
kmsg, which is what we attempt to use if available. systemd's direct
|
||
usage of RDRAND has been removed. x86 systems ≥Broadwell that are
|
||
running an older kernel may experience kmsg warnings that were not
|
||
seen with 250. For newer kernels, non-x86 systems, or older x86
|
||
systems, there should be no visible changes.
|
||
|
||
* sd-boot will now measure the kernel command line into TPM PCR 12
|
||
rather than PCR 8. This improves usefulness of the measurements on
|
||
systems where sd-boot is chainloaded from Grub. Grub measures all
|
||
commands its executes into PCR 8, which makes it very hard to use
|
||
reasonably, hence separate ourselves from that and use PCR 12
|
||
instead, which is what certain Ubuntu editions already do. To retain
|
||
compatibility with systems running older systemd systems a new meson
|
||
option 'efi-tpm-pcr-compat' has been added (which defaults to false).
|
||
If enabled, the measurement is done twice: into the new-style PCR 12
|
||
*and* the old-style PCR 8. It's strongly advised to migrate all users
|
||
to PCR 12 for this purpose in the long run, as we intend to remove
|
||
this compatibility feature in two years' time.
|
||
|
||
* busctl capture now writes output in the newer pcapng format instead
|
||
of pcap.
|
||
|
||
* A udev rule that imported hwdb matches for USB devices with lowercase
|
||
hexadecimal vendor/product ID digits was added in systemd 250. This
|
||
has been reverted, since uppercase hexadecimal digits are supposed to
|
||
be used, and we already had a rule with the appropriate match.
|
||
|
||
Users might need to adjust their local hwdb entries.
|
||
|
||
* arch_prctl(2) has been moved to the @default set in the syscall filters
|
||
(as exposed via the SystemCallFilter= setting in service unit files).
|
||
It is apparently used by the linker now.
|
||
|
||
* The tmpfiles entries that create the /run/systemd/netif directory and
|
||
its subdirectories were moved from tmpfiles.d/systemd.conf to
|
||
tmpfiles.d/systemd-network.conf.
|
||
|
||
Users might need to adjust their files that override tmpfiles.d/systemd.conf
|
||
to account for this change.
|
||
|
||
* The requirement for Portable Services images to contain a well-formed
|
||
os-release file (i.e.: contain at least an ID field) is now enforced.
|
||
This applies to base images and extensions, and also to systemd-sysext.
|
||
|
||
Changes in the Boot Loader Specification, kernel-install and sd-boot:
|
||
|
||
* kernel-install's and bootctl's Boot Loader Specification Type #1
|
||
entry generation logic has been reworked. The user may now pick
|
||
explicitly by which "token" string to name the installation's boot
|
||
entries, via the new /etc/kernel/entry-token file or the new
|
||
--entry-token= switch to bootctl. By default — as before — the
|
||
entries are named after the local machine ID. However, in "golden
|
||
image" environments, where the machine ID shall be initialized on
|
||
first boot (as opposed to at installation time before first boot) the
|
||
machine ID will not be available at build time. In this case the
|
||
--entry-token= switch to bootctl (or the /etc/kernel/entry-token
|
||
file) may be used to override the "token" for the entries, for
|
||
example the IMAGE_ID= or ID= fields from /etc/os-release. This will
|
||
make the OS images independent of any machine ID, and ensure that the
|
||
images will not carry any identifiable information before first boot,
|
||
but on the other hand means that multiple parallel installations of
|
||
the very same image on the same disk cannot be supported.
|
||
|
||
Summary: if you are building golden images that shall acquire
|
||
identity information exclusively on first boot, make sure to both
|
||
remove /etc/machine-id *and* to write /etc/kernel/entry-token to the
|
||
value of the IMAGE_ID= or ID= field of /etc/os-release or another
|
||
suitable identifier before deploying the image.
|
||
|
||
* The Boot Loader Specification has been extended with
|
||
/loader/entries.srel file located in the EFI System Partition (ESP)
|
||
that disambiguates the format of the entries in the /loader/entries/
|
||
directory (in order to discern them from incompatible uses of this
|
||
directory by other projects). For entries that follow the
|
||
Specification, the string "type1" is stored in this file.
|
||
|
||
bootctl will now write this file automatically when installing the
|
||
systemd-boot boot loader.
|
||
|
||
* kernel-install supports a new initrd_generator= setting in
|
||
/etc/kernel/install.conf, that is exported as
|
||
$KERNEL_INSTALL_INITRD_GENERATOR to kernel-install plugins. This
|
||
allows choosing different initrd generators.
|
||
|
||
* kernel-install will now create a "staging area" (an initially-empty
|
||
directory to gather files for a Boot Loader Specification Type #1
|
||
entry). The path to this directory is exported as
|
||
$KERNEL_INSTALL_STAGING_AREA to kernel-install plugins, which should
|
||
drop files there instead of writing them directly to the final
|
||
location. kernel-install will move them when all files have been
|
||
prepared successfully.
|
||
|
||
* New option sort-key= has been added to the Boot Loader Specification
|
||
to override the sorting order of the entries in the boot menu. It is
|
||
read by sd-boot and bootctl, and will be written by kernel-install,
|
||
with the default value of IMAGE_ID= or ID= fields from
|
||
os-release. Together, this means that on multiboot installations,
|
||
entries should be grouped and sorted in a predictable way.
|
||
|
||
* The sort order of boot entries has been updated: entries which have
|
||
the new field sort-key= are sorted by it first, and all entries
|
||
without it are ordered later. After that, entries are sorted by
|
||
version so that newest entries are towards the beginning of the list.
|
||
|
||
* The kernel-install tool gained a new 'inspect' verb which shows the
|
||
paths and other settings used.
|
||
|
||
* sd-boot can now optionally beep when the menu is shown and menu
|
||
entries are selected, which can be useful on machines without a
|
||
working display. (Controllable via a loader.conf setting.)
|
||
|
||
* The --make-machine-id-directory= switch to bootctl has been replaced
|
||
by --make-entry-directory=, given that the entry directory is not
|
||
necessarily named after the machine ID, but after some other suitable
|
||
ID as selected via --entry-token= described above. The old name of
|
||
the option is still understood to maximize compatibility.
|
||
|
||
* 'bootctl list' gained support for a new --json= switch to output boot
|
||
menu entries in JSON format.
|
||
|
||
* 'bootctl is-installed' now supports the --graceful, and various verbs
|
||
omit output with the new option --quiet.
|
||
|
||
Changes in systemd-homed:
|
||
|
||
* Starting with v250 systemd-homed uses UID/GID mapping on the mounts
|
||
of activated home directories it manages (if the kernel and selected
|
||
file systems support it). So far it mapped three UID ranges: the
|
||
range from 0…60000, the user's own UID, and the range 60514…65534,
|
||
leaving everything else unmapped (in other words, the 16-bit UID range
|
||
is mapped almost fully, with the exception of the UID subrange used
|
||
for systemd-homed users, with one exception: the user's own UID).
|
||
Unmapped UIDs may not be used for file ownership in the home
|
||
directory — any chown() attempts with them will fail. With this
|
||
release a fourth range is added to these mappings:
|
||
524288…1879048191. This range is the UID range intended for container
|
||
uses, see:
|
||
|
||
https://systemd.io/UIDS-GIDS
|
||
|
||
This range may be used for container managers that place container OS
|
||
trees in the home directory (which is a questionable approach, for
|
||
quota, permission, SUID handling and network file system
|
||
compatibility reasons, but nonetheless apparently commonplace). Note
|
||
that this mapping is mapped 1:1 in a pass-through fashion, i.e. the
|
||
UID assignments from the range are not managed or mapped by
|
||
`systemd-homed`, and must be managed with other mechanisms, in the
|
||
context of the local system.
|
||
|
||
Typically, a better approach to user namespacing in relevant
|
||
container managers would be to leave container OS trees on disk at
|
||
UID offset 0, but then map them to a dynamically allocated runtime
|
||
UID range via another UID mount map at container invocation
|
||
time. That way user namespace UID ranges become strictly a runtime
|
||
concept, and do not leak into persistent file systems, persistent
|
||
user databases or persistent configuration, thus greatly simplifying
|
||
handling, and improving compatibility with home directories intended
|
||
to be portable like the ones managed by systemd-homed.
|
||
|
||
Changes in shared libraries:
|
||
|
||
* A new libsystemd-core-<version>.so private shared library is
|
||
installed under /usr/lib/systemd/system, mirroring the existing
|
||
libsystemd-shared-<version>.so library. This allows the total
|
||
installation size to be reduced by binary code reuse.
|
||
|
||
* The <version> tag used in the name of libsystemd-shared.so and
|
||
libsystemd-core.so can be configured via the meson option
|
||
'shared-lib-tag'. Distributions may build subsequent versions of the
|
||
systemd package with unique tags (e.g. the full package version),
|
||
thus allowing multiple installations of those shared libraries to be
|
||
available at the same time. This is intended to fix an issue where
|
||
programs that link to those libraries would fail to execute because
|
||
they were installed earlier or later than the appropriate version of
|
||
the library.
|
||
|
||
* The sd-id128 API gained a new call sd_id128_to_uuid_string() that is
|
||
similar to sd_id128_to_string() but formats the ID in RFC 4122 UUID
|
||
format instead of as a simple series of hex characters.
|
||
|
||
* The sd-device API gained two new calls sd_device_new_from_devname()
|
||
and sd_device_new_from_path() which permit allocating an sd_device
|
||
object from a device node name or file system path.
|
||
|
||
* sd-device also gained a new call sd_device_open() which will open the
|
||
device node associated with a device for which an sd_device object
|
||
has been allocated. The call is supposed to address races around
|
||
device nodes being removed/recycled due to hotplug events, or media
|
||
change events: the call checks internally whether the major/minor of
|
||
the device node and the "diskseq" (in case of block devices) match
|
||
with the metadata loaded in the sd_device object, thus ensuring that
|
||
the device once opened really matches the provided sd_device object.
|
||
|
||
Changes in PID1, systemctl, and systemd-oomd:
|
||
|
||
* A new set of service monitor environment variables will be passed to
|
||
OnFailure=/OnSuccess= handlers, but only if exactly one unit lists the
|
||
handler unit as OnFailure=/OnSuccess=. The variables are:
|
||
$MONITOR_SERVICE_RESULT, $MONITOR_EXIT_CODE, $MONITOR_EXIT_STATUS,
|
||
$MONITOR_INVOCATION_ID and $MONITOR_UNIT. For cases when a single
|
||
handler needs to watch multiple units, use a templated handler.
|
||
|
||
* A new ExtensionDirectories= setting in service unit files allows
|
||
system extensions to be loaded from a directory. (It is similar to
|
||
ExtensionImages=, but takes paths to directories, instead of
|
||
disk image files.)
|
||
|
||
'portablectl attach --extension=' now also accepts directory paths.
|
||
|
||
* The user.delegate and user.invocation_id extended attributes on
|
||
cgroups are used in addition to trusted.delegate and
|
||
trusted.invocation_id. The latter pair requires privileges to set,
|
||
but the former doesn't and can be also set by the unprivileged user
|
||
manager.
|
||
|
||
(Only supported on kernels ≥5.6.)
|
||
|
||
* Units that were killed by systemd-oomd will now have a service result
|
||
of 'oom-kill'. The number of times a service was killed is tallied
|
||
in the 'user.oomd_ooms' extended attribute.
|
||
|
||
The OOMPolicy= unit file setting is now also honoured by
|
||
systemd-oomd.
|
||
|
||
* In unit files the new %y/%Y specifiers can be used to refer to
|
||
normalized unit file path, which is particularly useful for symlinked
|
||
unit files.
|
||
|
||
The new %q specifier resolves to the pretty hostname
|
||
(i.e. PRETTY_HOSTNAME= from /etc/machine-info).
|
||
|
||
The new %d specifier resolves to the credentials directory of a
|
||
service (same as $CREDENTIALS_DIRECTORY).
|
||
|
||
* The RootDirectory=, MountAPIVFS=, ExtensionDirectories=,
|
||
*Capabilities*=, ProtectHome=, *Directory=, TemporaryFileSystem=,
|
||
PrivateTmp=, PrivateDevices=, PrivateNetwork=, NetworkNamespacePath=,
|
||
PrivateIPC=, IPCNamespacePath=, PrivateUsers=, ProtectClock=,
|
||
ProtectKernelTunables=, ProtectKernelModules=, ProtectKernelLogs=,
|
||
MountFlags= service settings now also work in unprivileged user
|
||
services, i.e. those run by the user's --user service manager, as long
|
||
as user namespaces are enabled on the system.
|
||
|
||
* Services with Restart=always and a failing ExecCondition= will no
|
||
longer be restarted, to bring ExecCondition= behaviour in line with
|
||
Condition*= settings.
|
||
|
||
* LoadCredential= now accepts a directory as the argument; all files
|
||
from the directory will be loaded as credentials.
|
||
|
||
* A new D-Bus property ControlGroupId is now exposed on service units,
|
||
that encapsulates the service's numeric cgroup ID that newer kernels
|
||
assign to each cgroup.
|
||
|
||
* PID 1 gained support for configuring the "pre-timeout" of watchdog
|
||
devices and the associated governor, via the new
|
||
RuntimeWatchdogPreSec= and RuntimeWatchdogPreGovernor= configuration
|
||
options in /etc/systemd/system.conf.
|
||
|
||
* systemctl's --timestamp= option gained a new choice "unix", to show
|
||
timestamp as unix times, i.e. seconds since 1970, Jan 1st.
|
||
|
||
* A new "taint" flag named "old-kernel" is introduced which is set when
|
||
the kernel systemd runs on is older then the current baseline version
|
||
(see above). The flag is shown in "systemctl status" output.
|
||
|
||
* Two additional taint flags "short-uid-range" and "short-gid-range"
|
||
have been added as well, which are set when systemd notices it is run
|
||
within a userns namespace that does not define the full 0…65535 UID
|
||
range
|
||
|
||
* A new "unmerged-usr" taint flag has been added that is set whenever
|
||
running on systems where /bin/ + /sbin/ are *not* symlinks to their
|
||
counterparts in /usr/, i.e. on systems where the /usr/-merge has not
|
||
been completed.
|
||
|
||
* Generators invoked by PID 1 will now have a couple of useful
|
||
environment variables set describing the execution context a
|
||
bit. $SYSTEMD_SCOPE encodes whether the generator is called from the
|
||
system service manager, or from the per-user service
|
||
manager. $SYSTEMD_IN_INITRD encodes whether the generator is invoked
|
||
in initrd context or on the host. $SYSTEMD_FIRST_BOOT encodes whether
|
||
systemd considers the current boot to be a "first"
|
||
boot. $SYSTEMD_VIRTUALIZATION encode whether virtualization is
|
||
detected and which type of hypervisor/container
|
||
manager. $SYSTEMD_ARCHITECTURE indicates which architecture the
|
||
kernel is built for.
|
||
|
||
* PID 1 will now automatically pick up system credentials from qemu's
|
||
fw_cfg interface, thus allowing passing arbitrary data into VM
|
||
systems similar to how this is already supported for passing them
|
||
into `systemd-nspawn` containers. Credentials may now also be passed
|
||
in via the new kernel command line option `systemd.set_credential=`
|
||
(note that kernel command line options are world-readable during
|
||
runtime, and only useful for credentials that require no
|
||
confidentiality). The credentials that can be passed to unified
|
||
kernels that use the `systemd-stub` UEFI stub are now similarly
|
||
picked up automatically. Automatic importing of system credentials
|
||
this way can be turned off via the new
|
||
`systemd.import_credentials=no` kernel command line option.
|
||
|
||
* LoadCredential= will now automatically look for credentials in the
|
||
/etc/credstore/, /run/credstore/, /usr/lib/credstore/ directories if
|
||
the argument is not an absolute path. Similarly,
|
||
LoadCredentialEncrypted= will check the same directories plus
|
||
/etc/credstore.encrypted/, /run/credstore.encrypted/ and
|
||
/usr/lib/credstore.encrypted/. The idea is to use those directories
|
||
as the system-wide location for credentials that services should pick
|
||
up automatically.
|
||
|
||
* System and service credentials are described in great detail in a new
|
||
document:
|
||
|
||
https://systemd.io/CREDENTIALS
|
||
|
||
Changes in systemd-journald:
|
||
|
||
* The journal JSON export format has been added to listed of stable
|
||
interfaces (https://systemd.io/PORTABILITY_AND_STABILITY/).
|
||
|
||
* journalctl --list-boots now supports JSON output and the --reverse option.
|
||
|
||
* Under docs/: JOURNAL_EXPORT_FORMATS was imported from the wiki and
|
||
updated, BUILDING_IMAGES is new:
|
||
|
||
https://systemd.io/JOURNAL_EXPORT_FORMATS
|
||
https://systemd.io/BUILDING_IMAGES
|
||
|
||
Changes in udev:
|
||
|
||
* Two new hwdb files have been added. One lists "handhelds" (PDAs,
|
||
calculators, etc.), the other AV production devices (DJ tables,
|
||
keypads, etc.) that should accessible to the seat owner user by
|
||
default.
|
||
|
||
* udevadm trigger gained a new --prioritized-subsystem= option to
|
||
process certain subsystems (and all their parent devices) earlier.
|
||
|
||
systemd-udev-trigger.service now uses this new option to trigger
|
||
block and TPM devices first, hopefully making the boot a bit faster.
|
||
|
||
* udevadm trigger now implements --type=all, --initialized-match,
|
||
--initialized-nomatch to trigger both subsystems and devices, only
|
||
already-initialized devices, and only devices which haven't been
|
||
initialized yet, respectively.
|
||
|
||
* udevadm gained a new "wait" command for safely waiting for a specific
|
||
device to show up in the udev device database. This is useful in
|
||
scripts that asynchronously allocate a block device (e.g. through
|
||
repartitioning, or allocating a loopback device or similar) and need
|
||
to synchronize on the creation to complete.
|
||
|
||
* udevadm gained a new "lock" command for locking one or more block
|
||
devices while formatting it or writing a partition table to it. It is
|
||
an implementation of https://systemd.io/BLOCK_DEVICE_LOCKING and
|
||
usable in scripts dealing with block devices.
|
||
|
||
* udevadm info will show a couple of additional device fields in its
|
||
output, and will not apply a limited set of coloring to line types.
|
||
|
||
* udevadm info --tree will now show a tree of objects (i.e. devices and
|
||
suchlike) in the /sys/ hierarchy.
|
||
|
||
* Block devices will now get a new set of device symlinks in
|
||
/dev/disk/by-diskseq/<nr>, which may be used to reference block
|
||
device nodes via the kernel's "diskseq" value. Note that this does
|
||
not guarantee that opening a device by a symlink like this will
|
||
guarantee that the opened device actually matches the specified
|
||
diskseq value. To be safe against races, the actual diskseq value of
|
||
the opened device (BLKGETDISKSEQ ioctl()) must still be compred with
|
||
the one in the symlink path.
|
||
|
||
* .link files gained support for setting MDI/MID-X on a link.
|
||
|
||
* .link files gained support for [Match] Firmware= setting to match on
|
||
the device firmware description string. By mistake, it was previously
|
||
only supported in .network files.
|
||
|
||
* .link files gained support for [Link] SR-IOVVirtualFunctions= setting
|
||
and [SR-IOV] section to configure SR-IOV virtual functions.
|
||
|
||
Changes in systemd-networkd:
|
||
|
||
* The default scope for unicast routes configured through [Route]
|
||
section is changed to "link", to make the behavior consistent with
|
||
"ip route" command. The manual configuration of [Route] Scope= is
|
||
still honored.
|
||
|
||
* A new unit systemd-networkd-wait-online@<interface>.service has been
|
||
added that can be used to wait for a specific network interface to be
|
||
up.
|
||
|
||
* systemd-networkd gained a new [Bridge] Isolated=true|false setting
|
||
that configures the eponymous kernel attribute on the bridge.
|
||
|
||
* .netdev files now can be used to create virtual WLAN devices, and
|
||
configure various settings on them, via the [WLAN] section.
|
||
|
||
* .link/.network files gained support for [Match] Kind= setting to match
|
||
on device kind ("bond", "bridge", "gre", "tun", "veth", etc.)
|
||
|
||
This value is also shown by 'networkctl status'.
|
||
|
||
* The Local= setting in .netdev files for various virtual network
|
||
devices gained support for specifying, in addition to the network
|
||
address, the name of a local interface which must have the specified
|
||
address.
|
||
|
||
* systemd-networkd gained a new [Tunnel] External= setting in .netdev
|
||
files, to configure tunnels in external mode (a.k.a. collect metadata
|
||
mode).
|
||
|
||
* [Network] L2TP= setting was removed. Please use interface specifier in
|
||
Local= setting in .netdev files of corresponding L2TP interface.
|
||
|
||
* New [DHCPServer] BootServerName=, BootServerAddress=, and
|
||
BootFilename= settings can be used to configure the server address,
|
||
server name, and file name sent in the DHCP packet (e.g. to configure
|
||
PXE boot).
|
||
|
||
Changes in systemd-resolved:
|
||
|
||
* systemd-resolved is started earlier (in sysinit.target), so it
|
||
available earlier and will also be started in the initrd if installed
|
||
there.
|
||
|
||
Changes in disk encryption:
|
||
|
||
* systemd-cryptenroll can now control whether to require the user to
|
||
enter a PIN when using TPM-based unlocking of a volume via the new
|
||
--tpm2-with-pin= option.
|
||
|
||
Option tpm2-pin= can be used in /etc/crypttab.
|
||
|
||
* When unlocking devices via TPM, TPM2 parameter encryption is now
|
||
used, to ensure that communication between CPU and discrete TPM chips
|
||
cannot be eavesdropped to acquire disk encryption keys.
|
||
|
||
* A new switch --fido2-credential-algorithm= has been added to
|
||
systemd-cryptenroll allowing selection of the credential algorithm to
|
||
use when binding encryption to FIDO2 tokens.
|
||
|
||
Changes in systemd-hostnamed:
|
||
|
||
* HARDWARE_VENDOR= and HARDWARE_MODEL= can be set in /etc/machine-info
|
||
to override the values gleaned from the hwdb.
|
||
|
||
* A ID_CHASSIS property can be set in the hwdb (for the DMI device
|
||
/sys/class/dmi/id) to override the chassis that is reported by
|
||
hostnamed.
|
||
|
||
* hostnamed's D-Bus interface gained a new method GetHardwareSerial()
|
||
for reading the hardware serial number, as reportd by DMI. It also
|
||
exposes a new method D-Bus property FirmwareVersion that encode the
|
||
firmware version of the system.
|
||
|
||
Changes in other components:
|
||
|
||
* /etc/locale.conf is now populated through tmpfiles.d factory /etc/
|
||
handling with the values that were configured during systemd build
|
||
(if /etc/locale.conf has not been created through some other
|
||
mechanism). This means that /etc/locale.conf should always have
|
||
reasonable contents and we avoid a potential mismatch in defaults.
|
||
|
||
* The userdbctl tool will now show UID range information as part of the
|
||
list of known users.
|
||
|
||
* A new build-time configuration setting default-user-shell= can be
|
||
used to set the default shell for user records and nspawn shell
|
||
invocations (instead of the default /bin/bash).
|
||
|
||
* systemd-timesyncd now provides a D-Bus API for receiving NTP server
|
||
information dynamically at runtime via IPC.
|
||
|
||
* The systemd-creds tool gained a new "has-tpm2" verb, which reports
|
||
whether a functioning TPM2 infrastructure is available, i.e. if
|
||
firmware, kernel driver and systemd all have TPM2 support enabled and
|
||
a device found.
|
||
|
||
* The systemd-creds tool gained support for generating encrypted
|
||
credentials that are using an empty encryption key. While this
|
||
provides no integrity nor confidentiality it's useful to implement
|
||
codeflows that work the same on TPM-ful and TPM2-less systems. The
|
||
service manager will only accept credentials "encrypted" that way if
|
||
a TPM2 device cannot be detected, to ensure that credentials
|
||
"encrypted" like that cannot be used to trick TPM2 systems.
|
||
|
||
* When deciding whether to colorize output, all systemd programs now
|
||
also check $COLORTERM (in addition to $NO_COLOR, $SYSTEMD_COLORS, and
|
||
$TERM).
|
||
|
||
* Meson's new install_tag feature is now in use for several components,
|
||
allowing to build and install select binaries only: pam, nss, devel
|
||
(pkg-config files), systemd-boot, libsystemd, libudev. Example:
|
||
$ meson build systemd-boot
|
||
$ meson install --tags systemd-boot --no-rebuild
|
||
https://mesonbuild.com/Installing.html#installation-tags
|
||
|
||
* A new build configuration option has been added, to allow selecting the
|
||
default compression algorithm used by systemd-journald and systemd-coredump.
|
||
This allows to build-in support for decompressing all supported formats,
|
||
but choose a specific one for compression. E.g.:
|
||
$ meson -Ddefault-compression=xz
|
||
|
||
Experimental features:
|
||
|
||
* sd-boot gained a new *experimental* setting "reboot-for-bitlocker" in
|
||
loader.conf that implements booting Microsoft Windows from the
|
||
sd-boot in a way that first reboots the system, to reset the TPM
|
||
PCRs. This improves compatibility with BitLocker's TPM use, as the
|
||
PCRs will only record the Windows boot process, and not sd-boot
|
||
itself, thus retaining the PCR measurements not involving sd-boot.
|
||
Note that this feature is experimental for now, and is likely going
|
||
to be generalized and renamed in a future release, without retaining
|
||
compatibility with the current implementation.
|
||
|
||
* A new systemd-sysupdate component has been added that automatically
|
||
discovers, downloads, and installs A/B-style updates for the host
|
||
installation itself, or container images, portable service images,
|
||
and other assets. See the new systemd-sysupdate man page for updates.
|
||
|
||
Contributions from: 4piu, Adam Williamson, adrian5, Albert Brox,
|
||
AlexCatze, Alex Henrie, Alfonso Sánchez-Beato, Alice S,
|
||
Alvin Šipraga, amarjargal, Amarjargal, Andrea Pappacoda,
|
||
Andreas Rammhold, Andy Chi, Anita Zhang, Antonio Alvarez Feijoo,
|
||
Arfrever Frehtes Taifersar Arahesis, ash, Bastien Nocera, Be,
|
||
bearhoney, Ben Efros, Benjamin Berg, Benjamin Franzke,
|
||
Brett Holman, Christian Brauner, Clyde Byrd III, Curtis Klein,
|
||
Daan De Meyer, Daniele Medri, Daniel Mack, Danilo Krummrich,
|
||
David, David Bond, Davide Cavalca, David Tardon, davijosw,
|
||
dependabot[bot], Donald Chan, Dorian Clay, Eduard Tolosa,
|
||
Elias Probst, Eli Schwartz, Erik Sjölund, Evgeny Vereshchagin,
|
||
Federico Ceratto, Franck Bui, Frantisek Sumsal, Gaël PORTAY,
|
||
Georges Basile Stavracas Neto, Gibeom Gwon, Goffredo Baroncelli,
|
||
Grigori Goronzy, Hans de Goede, Heiko Becker, Hugo Carvalho,
|
||
Jakob Lell, James Hilliard, Jan Janssen, Jason A. Donenfeld,
|
||
Joan Bruguera, Joerie de Gram, Josh Triplett, Julia Kartseva,
|
||
Kazuo Moriwaka, Khem Raj, ksa678491784, Lance, Lan Tian,
|
||
Laura Barcziova, Lennart Poettering, Leviticoh, licunlong,
|
||
Lidong Zhong, lincoln auster, Lubomir Rintel, Luca Boccassi,
|
||
Luca BRUNO, lucagoc, Ludwig Nussel, Marcel Hellwig, march1993,
|
||
Marco Scardovi, Mario Limonciello, Mariusz Tkaczyk,
|
||
Markus Weippert, Martin, Martin Liska, Martin Wilck, Matija Skala,
|
||
Matthew Blythe, Matthias Lisin, Matthijs van Duin, Matt Walton,
|
||
Max Gautier, Michael Biebl, Michael Olbrich, Michal Koutný,
|
||
Michal Sekletár, Mike Gilbert, MkfsSion, Morten Linderud,
|
||
Nick Rosbrook, Nikolai Grigoriev, Nikolai Kostrigin,
|
||
Nishal Kulkarni, Noel Kuntze, Pablo Ceballos, Peter Hutterer,
|
||
Peter Morrow, Pigmy-penguin, Piotr Drąg, prumian, Richard Neill,
|
||
Rike-Benjamin Schuppner, rodin-ia, Romain Naour, Ruben Kerkhof,
|
||
Ryan Hendrickson, Santa Wiryaman, Sebastian Pucilowski, Seth Falco,
|
||
Simon Ellmann, Sonali Srivastava, Stefan Seering,
|
||
Stephen Hemminger, tawefogo, techtino, Temuri Doghonadze,
|
||
Thomas Batten, Thomas Haller, Thomas Weißschuh, Tobias Stoeckmann,
|
||
Tomasz Pala, Tyson Whitehead, Vishal Chillara Srinivas,
|
||
Vivien Didelot, w30023233, wangyuhang, Weblate, Xiaotian Wu,
|
||
yangmingtai, YmrDtnJu, Yonathan Randolph, Yutsuten, Yu Watanabe,
|
||
Zbigniew Jędrzejewski-Szmek, наб
|
||
|
||
— Edinburgh, 2022-05-21
|
||
|
||
CHANGES WITH 250:
|
||
|
||
* Support for encrypted and authenticated credentials has been added.
|
||
This extends the credential logic introduced with v247 to support
|
||
non-interactive symmetric encryption and authentication, based on a
|
||
key that is stored on the /var/ file system or in the TPM2 chip (if
|
||
available), or the combination of both (by default if a TPM2 chip
|
||
exists the combination is used, otherwise the /var/ key only). The
|
||
credentials are automatically decrypted at the moment a service is
|
||
started, and are made accessible to the service itself in unencrypted
|
||
form. A new tool 'systemd-creds' encrypts credentials for this
|
||
purpose, and two new service file settings LoadCredentialEncrypted=
|
||
and SetCredentialEncrypted= configure such credentials.
|
||
|
||
This feature is useful to store sensitive material such as SSL
|
||
certificates, passwords and similar securely at rest and only decrypt
|
||
them when needed, and in a way that is tied to the local OS
|
||
installation or hardware.
|
||
|
||
* systemd-gpt-auto-generator can now automatically set up discoverable
|
||
LUKS2 encrypted swap partitions.
|
||
|
||
* The GPT Discoverable Partitions Specification has been substantially
|
||
extended with support for root and /usr/ partitions for the majority
|
||
of architectures systemd supports. This includes platforms that do
|
||
not natively support UEFI, because even though GPT is specified under
|
||
UEFI umbrella, it is useful on other systems too. Specifically,
|
||
systemd-nspawn, systemd-sysext, systemd-gpt-auto-generator and
|
||
Portable Services use the concept without requiring UEFI.
|
||
|
||
* The GPT Discoverable Partitions Specifications has been extended with
|
||
a new set of partitions that may carry PKCS#7 signatures for Verity
|
||
partitions, encoded in a simple JSON format. This implements a simple
|
||
mechanism for building disk images that are fully authenticated and
|
||
can be tested against a set of cryptographic certificates. This is
|
||
now implemented for the various systemd tools that can operate with
|
||
disk images, such as systemd-nspawn, systemd-sysext, systemd-dissect,
|
||
Portable services/RootImage=, systemd-tmpfiles, and systemd-sysusers.
|
||
The PKCS#7 signatures are passed to the kernel (where they are
|
||
checked against certificates from the kernel keyring), or can be
|
||
verified against certificates provided in userspace (via a simple
|
||
drop-in file mechanism).
|
||
|
||
* systemd-dissect's inspection logic will now report for which uses a
|
||
disk image is intended. Specifically, it will display whether an
|
||
image is suitable for booting on UEFI or in a container (using
|
||
systemd-nspawn's --image= switch), whether it can be used as portable
|
||
service, or attached as system extension.
|
||
|
||
* The system-extension.d/ drop-in files now support a new field
|
||
SYSEXT_SCOPE= that may encode which purpose a system extension image
|
||
is for: one of "initrd", "system" or "portable". This is useful to
|
||
make images more self-descriptive, and to ensure system extensions
|
||
cannot be attached in the wrong contexts.
|
||
|
||
* The os-release file learnt a new PORTABLE_PREFIXES= field which may
|
||
be used in portable service images to indicate which unit prefixes
|
||
are supported.
|
||
|
||
* The GPT image dissection logic in systemd-nspawn/systemd-dissect/…
|
||
now is able to decode images for non-native architectures as well.
|
||
This allows systemd-nspawn to boot images of non-native architectures
|
||
if the corresponding user mode emulator is installed and
|
||
systemd-binfmtd is running.
|
||
|
||
* systemd-logind gained new settings HandlePowerKeyLongPress=,
|
||
HandleRebootKeyLongPress=, HandleSuspendKeyLongPress= and
|
||
HandleHibernateKeyLongPress= which may be used to configure actions
|
||
when the relevant keys are pressed for more than 5s. This is useful
|
||
on devices that only have hardware for a subset of these keys. By
|
||
default, if the reboot key is pressed long the poweroff operation is
|
||
now triggered, and when the suspend key is pressed long the hibernate
|
||
operation is triggered. Long pressing the other two keys currently
|
||
does not trigger any operation by default.
|
||
|
||
* When showing unit status updates on the console during boot and
|
||
shutdown, and a service is slow to start so that the cylon animation
|
||
is shown, the most recent sd_notify() STATUS= text is now shown as
|
||
well. Services may use this to make the boot/shutdown output easier
|
||
to understand, and to indicate what precisely a service that is slow
|
||
to start or stop is waiting for. In particular, the per-user service
|
||
manager instance now reports what it is doing and which service it is
|
||
waiting for this way to the system service manager.
|
||
|
||
* The service manager will now re-execute on reception of the
|
||
SIGRTMIN+25 signal. It previously already did that on SIGTERM — but
|
||
only when running as PID 1. There was no signal to request this when
|
||
running as per-user service manager, i.e. as any other PID than 1.
|
||
SIGRTMIN+25 works for both system and user managers.
|
||
|
||
* The hardware watchdog logic in PID 1 gained support for operating
|
||
with the default timeout configured in the hardware, instead of
|
||
insisting on re-configuring it. Set RuntimeWatchdogSec=default to
|
||
request this behavior.
|
||
|
||
* A new kernel command line option systemd.watchdog_sec= is now
|
||
understood which may be used to override the hardware watchdog
|
||
time-out for the boot.
|
||
|
||
* A new setting DefaultOOMScoreAdjust= is now supported in
|
||
/etc/systemd/system.conf and /etc/systemd/user.conf. It may be used
|
||
to set the default process OOM score adjustment value for processes
|
||
started by the service manager. For per-user service managers this
|
||
now defaults to 100, but for per-system service managers is left as
|
||
is. This means that by default now services forked off the user
|
||
service manager are more likely to be killed by the OOM killer than
|
||
system services or the managers themselves.
|
||
|
||
* A new per-service setting RestrictFileSystems= as been added that
|
||
restricts the file systems a service has access to by their type.
|
||
This is based on the new BPF LSM of the Linux kernel. It provides an
|
||
effective way to make certain API file systems unavailable to
|
||
services (and thus minimizing attack surface). A new command
|
||
"systemd-analyze filesystems" has been added that lists all known
|
||
file system types (and how they are grouped together under useful
|
||
group handles).
|
||
|
||
* Services now support a new setting RestrictNetworkInterfaces= for
|
||
restricting access to specific network interfaces.
|
||
|
||
* Service unit files gained new settings StartupAllowedCPUs= and
|
||
StartupAllowedMemoryNodes=. These are similar to their counterparts
|
||
without the "Startup" prefix and apply during the boot process
|
||
only. This is useful to improve boot-time behavior of the system and
|
||
assign resources differently during boot than during regular
|
||
runtime. This is similar to the preexisting StartupCPUWeight=
|
||
vs. CPUWeight.
|
||
|
||
* Related to this: the various StartupXYZ= settings
|
||
(i.e. StartupCPUWeight=, StartupAllowedCPUs=, …) are now also applied
|
||
during shutdown. The settings not prefixed with "Startup" hence apply
|
||
during regular runtime, and those that are prefixed like that apply
|
||
during boot and shutdown.
|
||
|
||
* A new per-unit set of conditions/asserts
|
||
[Condition|Assert][Memory|CPU|IO]Pressure= have been added to make a
|
||
unit skip/fail activation if the system's (or a slice's) memory/cpu/io
|
||
pressure is above the configured threshold, using the kernel PSI
|
||
feature. For more details see systemd.unit(5) and
|
||
https://docs.kernel.org/accounting/psi.html
|
||
|
||
* The combination of ProcSubset=pid and ProtectKernelTunables=yes and/or
|
||
ProtectKernelLogs=yes can now be used.
|
||
|
||
* The default maximum numbers of inodes have been raised from 64k to 1M
|
||
for /dev/, and from 400k to 1M for /tmp/.
|
||
|
||
* The per-user service manager learnt support for communicating with
|
||
systemd-oomd to acquire OOM kill information.
|
||
|
||
* A new service setting ExecSearchPath= has been added that allows
|
||
changing the search path for executables for services. It affects
|
||
where we look for the binaries specified in ExecStart= and similar,
|
||
and the specified directories are also added the $PATH environment
|
||
variable passed to invoked processes.
|
||
|
||
* A new setting RuntimeRandomizedExtraSec= has been added for service
|
||
and scope units that allows extending the runtime time-out as
|
||
configured by RuntimeMaxSec= with a randomized amount.
|
||
|
||
* The syntax of the service unit settings RuntimeDirectory=,
|
||
StateDirectory=, CacheDirectory=, LogsDirectory= has been extended:
|
||
if the specified value is now suffixed with a colon, followed by
|
||
another filename, the latter will be created as symbolic link to the
|
||
specified directory. This allows creating these service directories
|
||
together with alias symlinks to make them available under multiple
|
||
names.
|
||
|
||
* Service unit files gained two new settings TTYRows=/TTYColumns= for
|
||
configuring rows/columns of the TTY device passed to
|
||
stdin/stdout/stderr of the service. This is useful to propagate TTY
|
||
dimensions to a virtual machine.
|
||
|
||
* A new service unit file setting ExitType= has been added that
|
||
specifies when to assume a service has exited. By default systemd
|
||
only watches the main process of a service. By setting
|
||
ExitType=cgroup it can be told to wait for the last process in a
|
||
cgroup instead.
|
||
|
||
* Automount unit files gained a new setting ExtraOptions= that can be
|
||
used to configure additional mount options to pass to the kernel when
|
||
mounting the autofs instance.
|
||
|
||
* "Urlification" (generation of ESC sequences that generate clickable
|
||
hyperlinks in modern terminals) may now be turned off altogether
|
||
during build-time.
|
||
|
||
* Path units gained new TriggerLimitBurst= and TriggerLimitIntervalSec=
|
||
settings that default to 200 and 2 s respectively. The ratelimit
|
||
ensures that a path unit cannot cause PID1 to busy-loop when it is
|
||
trying to trigger a service that is skipped because of a Condition*=
|
||
not being satisfied. This matches the configuration and behaviour of
|
||
socket units.
|
||
|
||
* The TPM2/FIDO2/PKCS11 support in systemd-cryptsetup is now also built
|
||
as a plug-in for cryptsetup. This means the plain cryptsetup command
|
||
may now be used to unlock volumes set up this way.
|
||
|
||
* The TPM2 logic in cryptsetup will now automatically detect systems
|
||
where the TPM2 chip advertises SHA256 PCR banks but the firmware only
|
||
updates the SHA1 banks. In such a case PCR policies will be
|
||
automatically bound to the latter, not the former. This makes the PCR
|
||
policies reliable, but of course do not provide the same level of
|
||
trust as SHA256 banks.
|
||
|
||
* The TPM2 logic in systemd-cryptsetup/systemd-cryptsetup now supports
|
||
RSA primary keys in addition to ECC, improving compatibility with
|
||
TPM2 chips that do not support ECC. RSA keys are much slower to use
|
||
than ECC, and hence are only used if ECC is not available.
|
||
|
||
* /etc/crypttab gained support for a new token-timeout= setting for
|
||
encrypted volumes that allows configuration of the maximum time to
|
||
wait for PKCS#11/FIDO2 tokens to be plugged in. If the time elapses
|
||
the logic will query the user for a regular passphrase/recovery key
|
||
instead.
|
||
|
||
* Support for activating dm-integrity volumes at boot via a new file
|
||
/etc/integritytab and the tool systemd-integritysetup have been
|
||
added. This is similar to /etc/crypttab and /etc/veritytab, but deals
|
||
with dm-integrity instead of dm-crypt/dm-verity.
|
||
|
||
* The systemd-veritysetup-generator now understands a new usrhash=
|
||
kernel command line option for specifying the Verity root hash for
|
||
the partition backing the /usr/ file system. A matching set of
|
||
systemd.verity_usr_* kernel command line options has been added as
|
||
well. These all work similar to the corresponding options for the
|
||
root partition.
|
||
|
||
* The sd-device API gained a new API call sd_device_get_diskseq() to
|
||
return the DISKSEQ property of a device structure. The "disk
|
||
sequence" concept is a new feature recently introduced to the Linux
|
||
kernel that allows detecting reuse cycles of block devices, i.e. can
|
||
be used to recognize when loopback block devices are reused for a
|
||
different purpose or CD-ROM drives get their media changed.
|
||
|
||
* A new unit systemd-boot-update.service has been added. If enabled
|
||
(the default) and the sd-boot loader is detected to be installed, it
|
||
is automatically updated to the newest version when out of date. This
|
||
is useful to ensure the boot loader remains up-to-date, and updates
|
||
automatically propagate from the OS tree in /usr/.
|
||
|
||
* sd-boot will now build with SBAT by default in order to facilitate
|
||
working with recent versions of Shim that require it to be present.
|
||
|
||
* sd-boot can now parse Microsoft Windows' Boot Configuration Data.
|
||
This is used to robustly generate boot entry titles for Windows.
|
||
|
||
* A new generic target unit factory-reset.target has been added. It is
|
||
hooked into systemd-logind similar in fashion to
|
||
reboot/poweroff/suspend/hibernate, and is supposed to be used to
|
||
initiate a factory reset operation. What precisely this operation
|
||
entails is up for the implementer to decide, the primary goal of the
|
||
new unit is provide a framework where to plug in the implementation
|
||
and how to trigger it.
|
||
|
||
* A new meson build-time option 'clock-valid-range-usec-max' has been
|
||
added which takes a time in µs and defaults to 15 years. If the RTC
|
||
time is noticed to be more than the specified time ahead of the
|
||
built-in epoch of systemd (which by default is the release timestamp
|
||
of systemd) it is assumed that the RTC is not working correctly, and
|
||
the RTC is reset to the epoch. (It already is reset to the epoch when
|
||
noticed to be before it.) This should increase the chance that time
|
||
doesn't accidentally jump too far ahead due to faulty hardware or
|
||
batteries.
|
||
|
||
* A new setting SaveIntervalSec= has been added to systemd-timesyncd,
|
||
which may be used to automatically save the current system time to
|
||
disk in regular intervals. This is useful to maintain a roughly
|
||
monotonic clock even without RTC hardware and with some robustness
|
||
against abnormal system shutdown.
|
||
|
||
* systemd-analyze verify gained support for a pair of new --image= +
|
||
--root= switches for verifying units below a specific root
|
||
directory/image instead of on the host.
|
||
|
||
* systemd-analyze verify gained support for verifying unit files under
|
||
an explicitly specified unit name, independently of what the filename
|
||
actually is.
|
||
|
||
* systemd-analyze verify gained a new switch --recursive-errors= which
|
||
controls whether to only fail on errors found in the specified units
|
||
or recursively any dependent units.
|
||
|
||
* systemd-analyze security now supports a new --offline mode for
|
||
analyzing unit files stored on disk instead of loaded units. It may
|
||
be combined with --root=/--image to analyze unit files under a root
|
||
directory or disk image. It also learnt a new --threshold= parameter
|
||
for specifying an exposure level threshold: if the exposure level
|
||
exceeds the specified value the call will fail. It also gained a new
|
||
--security-policy= switch for configuring security policies to
|
||
enforce on the units. A policy is a JSON file that lists which tests
|
||
shall be weighted how much to determine the overall exposure
|
||
level. Altogether these new features are useful for fully automatic
|
||
analysis and enforcement of security policies on unit files.
|
||
|
||
* systemd-analyze security gain a new --json= switch for JSON output.
|
||
|
||
* systemd-analyze learnt a new --quiet switch for reducing
|
||
non-essential output. It's honored by the "dot", "syscall-filter",
|
||
"filesystems" commands.
|
||
|
||
* systemd-analyze security gained a --profile= option that can be used
|
||
to take into account a portable profile when analyzing portable
|
||
services, since a lot of the security-related settings are enabled
|
||
through them.
|
||
|
||
* systemd-analyze learnt a new inspect-elf verb that parses ELF core
|
||
files, binaries and executables and prints metadata information,
|
||
including the build-id and other info described on:
|
||
https://systemd.io/COREDUMP_PACKAGE_METADATA/
|
||
|
||
* .network files gained a new UplinkInterface= in the [IPv6SendRA]
|
||
section, for automatically propagating DNS settings from other
|
||
interfaces.
|
||
|
||
* The static lease DHCP server logic in systemd-networkd may now serve
|
||
IP addresses outside of the configured IP pool range for the server.
|
||
|
||
* CAN support in systemd-networkd gained four new settings Loopback=,
|
||
OneShot=, PresumeAck=, ClassicDataLengthCode= for tweaking CAN
|
||
control modes. It gained a number of further settings for tweaking
|
||
CAN timing quanta.
|
||
|
||
* The [CAN] section in .network file gained new TimeQuantaNSec=,
|
||
PropagationSegment=, PhaseBufferSegment1=, PhaseBufferSegment2=,
|
||
SyncJumpWidth=, DataTimeQuantaNSec=, DataPropagationSegment=,
|
||
DataPhaseBufferSegment1=, DataPhaseBufferSegment2=, and
|
||
DataSyncJumpWidth= settings to control bit-timing processed by the
|
||
CAN interface.
|
||
|
||
* DHCPv4 client support in systemd-networkd learnt a new Label= option
|
||
for configuring the address label to apply to configure IPv4
|
||
addresses.
|
||
|
||
* The [IPv6AcceptRA] section of .network files gained support for a new
|
||
UseMTU= setting that may be used to control whether to apply the
|
||
announced MTU settings to the local interface.
|
||
|
||
* The [DHCPv4] section in .network file gained a new Use6RD= boolean
|
||
setting to control whether the DHCPv4 client request and process the
|
||
DHCP 6RD option.
|
||
|
||
* The [DHCPv6PrefixDelegation] section in .network file is renamed to
|
||
[DHCPPrefixDelegation], as now the prefix delegation is also supported
|
||
with DHCPv4 protocol by enabling the Use6RD= setting.
|
||
|
||
* The [DHCPPrefixDelegation] section in .network file gained a new
|
||
setting UplinkInterface= to specify the upstream interface.
|
||
|
||
* The [DHCPv6] section in .network file gained a new setting
|
||
UseDelegatedPrefix= to control whether the delegated prefixes will be
|
||
propagated to the downstream interfaces.
|
||
|
||
* The [IPv6AcceptRA] section of .network files now understands two new
|
||
settings UseGateway=/UseRoutePrefix= for explicitly configuring
|
||
whether to use the relevant fields from the IPv6 Router Advertisement
|
||
records.
|
||
|
||
* The ForceDHCPv6PDOtherInformation= setting in the [DHCPv6] section
|
||
has been removed. Please use the WithoutRA= and UseDelegatedPrefix=
|
||
settings in the [DHCPv6] section and the DHCPv6Client= setting in the
|
||
[IPv6AcceptRA] section to control when the DHCPv6 client is started
|
||
and how the delegated prefixes are handled by the DHCPv6 client.
|
||
|
||
* The IPv6Token= section in the [Network] section is deprecated, and
|
||
the [IPv6AcceptRA] section gained the Token= setting for its
|
||
replacement. The [IPv6Prefix] section also gained the Token= setting.
|
||
The Token= setting gained 'eui64' mode to explicitly configure an
|
||
address with the EUI64 algorithm based on the interface MAC address.
|
||
The 'prefixstable' mode can now optionally take a secret key. The
|
||
Token= setting in the [DHCPPrefixDelegation] section now supports all
|
||
algorithms supported by the same settings in the other sections.
|
||
|
||
* The [RoutingPolicyRule] section of .network file gained a new
|
||
SuppressInterfaceGroup= setting.
|
||
|
||
* The IgnoreCarrierLoss= setting in the [Network] section of .network
|
||
files now allows a duration to be specified, controlling how long to
|
||
wait before reacting to carrier loss.
|
||
|
||
* The [DHCPServer] section of .network file gained a new Router=
|
||
setting to specify the router address.
|
||
|
||
* The [CAKE] section of .network files gained various new settings
|
||
AutoRateIngress=, CompensationMode=, FlowIsolationMode=, NAT=,
|
||
MPUBytes=, PriorityQueueingPreset=, FirewallMark=, Wash=, SplitGSO=,
|
||
and UseRawPacketSize= for configuring CAKE.
|
||
|
||
* systemd-networkd now ships with new default .network files:
|
||
80-container-vb.network which matches host-side network bridge device
|
||
created by systemd-nspawn's --network-bridge or --network-zone
|
||
switch, and 80-6rd-tunnel.network which matches automatically created
|
||
sit tunnel with 6rd prefix when the DHCP 6RD option is received.
|
||
|
||
* systemd-networkd's handling of Endpoint= resolution for WireGuard
|
||
interfaces has been improved.
|
||
|
||
* systemd-networkd will now automatically configure routes to addresses
|
||
specified in AllowedIPs=. This feature can be controlled via
|
||
RouteTable= and RouteMetric= settings in [WireGuard] or
|
||
[WireGuardPeer] sections.
|
||
|
||
* systemd-networkd will now once again automatically generate persistent
|
||
MAC addresses for batadv and bridge interfaces. Users can disable this
|
||
by using MACAddress=none in .netdev files.
|
||
|
||
* systemd-networkd and systemd-udevd now support IP over InfiniBand
|
||
interfaces. The Kind= setting in .netdev file accepts "ipoib". And
|
||
systemd.netdev files gained the [IPoIB] section.
|
||
|
||
* systemd-networkd and systemd-udevd now support net.ifname_policy=
|
||
option on the kernel command-line. This is implemented through the
|
||
systemd-network-generator service that automatically generates
|
||
appropriate .link, .network, and .netdev files.
|
||
|
||
* The various systemd-udevd "ethtool" buffer settings now understand
|
||
the special value "max" to configure the buffers to the maximum the
|
||
hardware supports.
|
||
|
||
* systemd-udevd's .link files may now configure a large variety of
|
||
NIC coalescing settings, plus more hardware offload settings.
|
||
|
||
* .link files gained a new WakeOnLanPassword= setting in the [Link]
|
||
section that allows to specify a WoL "SecureOn" password on hardware
|
||
that supports this.
|
||
|
||
* systemd-nspawn's --setenv= switch now supports an additional syntax:
|
||
if only a variable name is specified (i.e. without being suffixed by
|
||
a '=' character and a value) the current value of the environment
|
||
variable is propagated to the container. e.g. --setenv=FOO will
|
||
lookup the current value of $FOO in the environment, and pass it down
|
||
to the container. Similar behavior has been added to homectl's,
|
||
machinectl's and systemd-run's --setenv= switch.
|
||
|
||
* systemd-nspawn gained a new switch --suppress-sync= which may be used
|
||
to optionally suppress the effect of the sync()/fsync()/fdatasync()
|
||
system calls for the container payload. This is useful for build
|
||
system environments where safety against abnormal system shutdown is
|
||
not essential as all build artifacts can be regenerated any time, but
|
||
the performance win is beneficial.
|
||
|
||
* systemd-nspawn will now raise the RLIMIT_NOFILE hard limit to the
|
||
same value that PID 1 uses for most forked off processes.
|
||
|
||
* systemd-nspawn's --bind=/--bind-ro= switches now optionally take
|
||
uidmap/nouidmap options as last parameter. If "uidmap" is used the
|
||
bind mounts are created with UID mapping taking place that ensures
|
||
the host's file ownerships are mapped 1:1 to container file
|
||
ownerships, even if user namespacing is used. This way
|
||
files/directories bound into containers will no longer show up as
|
||
owned by the nobody user as they typically did if no special care was
|
||
taken to shift them manually.
|
||
|
||
* When discovering Windows installations sd-boot will now attempt to
|
||
show the Windows version.
|
||
|
||
* The color scheme to use in sd-boot may now be configured at
|
||
build-time.
|
||
|
||
* sd-boot gained the ability to change screen resolution during
|
||
boot-time, by hitting the "r" key. This will cycle through available
|
||
resolutions and save the last selection.
|
||
|
||
* sd-boot learnt a new hotkey "f". When pressed the system will enter
|
||
firmware setup. This is useful in environments where it is difficult
|
||
to hit the right keys early enough to enter the firmware, and works
|
||
on any firmware regardless which key it natively uses.
|
||
|
||
* sd-boot gained support for automatically booting into the menu item
|
||
selected on the last boot (using the "@saved" identifier for menu
|
||
items).
|
||
|
||
* sd-boot gained support for automatically loading all EFI drivers
|
||
placed in the /EFI/systemd/drivers/ subdirectory of the EFI System
|
||
Partition (ESP). These drivers are loaded before the menu entries are
|
||
loaded. This is useful e.g. to load additional file system drivers
|
||
for the XBOOTLDR partition.
|
||
|
||
* systemd-boot will now paint the input cursor on its own instead of
|
||
relying on the firmware to do so, increasing compatibility with broken
|
||
firmware that doesn't make the cursor reasonably visible.
|
||
|
||
* sd-boot now embeds a .osrel PE section like we expect from Boot
|
||
Loader Specification Type #2 Unified Kernels. This means sd-boot
|
||
itself may be used in place of a Type #2 Unified Kernel. This is
|
||
useful for debugging purposes as it allows chain-loading one a
|
||
(development) sd-boot instance from another.
|
||
|
||
* sd-boot now supports a new "devicetree" field in Boot Loader
|
||
Specification Type #1 entries: if configured the specified device
|
||
tree file is installed before the kernel is invoked. This is useful
|
||
for installing/applying new devicetree files without updating the
|
||
kernel image.
|
||
|
||
* Similarly, sd-stub now can read devicetree data from a PE section
|
||
".dtb" and apply it before invoking the kernel.
|
||
|
||
* sd-stub (the EFI stub that can be glued in front of a Linux kernel)
|
||
gained the ability to pick up credentials and sysext files, wrap them
|
||
in a cpio archive, and pass as an additional initrd to the invoked
|
||
Linux kernel, in effect placing those files in the /.extra/ directory
|
||
of the initrd environment. This is useful to implement trusted initrd
|
||
environments which are fully authenticated but still can be extended
|
||
(via sysexts) and parameterized (via encrypted/authenticated
|
||
credentials, see above).
|
||
|
||
Credentials can be located next to the kernel image file (credentials
|
||
specific to a single boot entry), or in one of the shared directories
|
||
(credentials applicable to multiple boot entries).
|
||
|
||
* sd-stub now comes with a full man page, that explains its feature set
|
||
and how to combine a kernel image, an initrd and the stub to build a
|
||
complete EFI unified kernel image, implementing Boot Loader
|
||
Specification Type #2.
|
||
|
||
* sd-stub may now provide the initrd to the executed kernel via the
|
||
LINUX_EFI_INITRD_MEDIA_GUID EFI protocol, adding compatibility for
|
||
non-x86 architectures.
|
||
|
||
* bootctl learnt new set-timeout and set-timeout-oneshot commands that
|
||
may be used to set the boot menu time-out of the boot loader (for all
|
||
or just the subsequent boot).
|
||
|
||
* bootctl and kernel-install will now read variables
|
||
KERNEL_INSTALL_LAYOUT= from /etc/machine-info and layout= from
|
||
/etc/kernel/install.conf. When set, it specifies the layout to use
|
||
for installation directories on the boot partition, so that tools
|
||
don't need to guess it based on the already-existing directories. The
|
||
only value that is defined natively is "bls", corresponding to the
|
||
layout specified in
|
||
https://systemd.io/BOOT_LOADER_SPECIFICATION/. Plugins for
|
||
kernel-install that implement a different layout can declare other
|
||
values for this variable.
|
||
|
||
'bootctl install' will now write KERNEL_INSTALL_LAYOUT=bls, on the
|
||
assumption that if the user installed sd-boot to the ESP, they intend
|
||
to use the entry layout understood by sd-boot. It'll also write
|
||
KERNEL_INSTALL_MACHINE_ID= if it creates any directories using the ID
|
||
(and it wasn't specified in the config file yet). Similarly,
|
||
kernel-install will now write KERNEL_INSTALL_MACHINE_ID= (if it
|
||
wasn't specified in the config file yet). Effectively, those changes
|
||
mean that the machine-id used for boot loader entry installation is
|
||
"frozen" upon first use and becomes independent of the actual
|
||
machine-id.
|
||
|
||
Configuring KERNEL_INSTALL_MACHINE_ID fixes the following problem:
|
||
images created for distribution ("golden images") are built with no
|
||
machine-id, so that a unique machine-id can be created on the first
|
||
boot. But those images may contain boot loader entries with the
|
||
machine-id used during build included in paths. Using a "frozen"
|
||
value allows unambiguously identifying entries that match the
|
||
specific installation, while still permitting parallel installations
|
||
without conflict.
|
||
|
||
Configuring KERNEL_INSTALL_LAYOUT obviates the need for
|
||
kernel-install to guess the installation layout. This fixes the
|
||
problem where a (possibly empty) directory in the boot partition is
|
||
created from a different layout causing kernel-install plugins to
|
||
assume the wrong layout. A particular example of how this may happen
|
||
is the grub2 package in Fedora which includes directories under /boot
|
||
directly in its file list. Various other packages pull in grub2 as a
|
||
dependency, so it may be installed even if unused, breaking
|
||
installations that use the bls layout.
|
||
|
||
* bootctl and systemd-bless-boot can now be linked statically.
|
||
|
||
* systemd-sysext now optionally doesn't insist on extension-release.d/
|
||
files being placed in the image under the image's file name. If the
|
||
file system xattr user.extension-release.strict is set on the
|
||
extension release file, it is accepted regardless of its name. This
|
||
relaxes security restrictions a bit, as system extension may be
|
||
attached under a wrong name this way.
|
||
|
||
* udevadm's test-builtin command learnt a new --action= switch for
|
||
testing the built-in with the specified action (in place of the
|
||
default 'add').
|
||
|
||
* udevadm info gained new switches --property=/--value for showing only
|
||
specific udev properties/values instead of all.
|
||
|
||
* A new hwdb database has been added that contains matches for various
|
||
types of signal analyzers (protocol analyzers, logic analyzers,
|
||
oscilloscopes, multimeters, bench power supplies, etc.) that should
|
||
be accessible to regular users.
|
||
|
||
* A new hwdb database entry has been added that carries information
|
||
about types of cameras (regular or infrared), and in which direction
|
||
they point (front or back).
|
||
|
||
* A new rule to allow console users access to rfkill by default has been
|
||
added to hwdb.
|
||
|
||
* Device nodes for the Software Guard eXtension enclaves (sgx_vepc) are
|
||
now also owned by the system group "sgx".
|
||
|
||
* A new build-time meson option "extra-net-naming-schemes=" has been
|
||
added to define additional naming schemes for udev's network
|
||
interface naming logic. This is useful for enterprise distributions
|
||
and similar which want to pin the schemes of certain distribution
|
||
releases under a specific name and previously had to patch the
|
||
sources to introduce new named schemes.
|
||
|
||
* The predictable naming logic for network interfaces has been extended
|
||
to generate stable names from Xen netfront device information.
|
||
|
||
* hostnamed's chassis property can now be sourced from chassis-type
|
||
field encoded in devicetree (in addition to the existing DMI
|
||
support).
|
||
|
||
* systemd-cgls now optionally displays cgroup IDs and extended
|
||
attributes for each cgroup. (Controllable via the new --xattr= +
|
||
--cgroup-id= switches.)
|
||
|
||
* coredumpctl gained a new --all switch for operating on all
|
||
Journal files instead of just the local ones.
|
||
|
||
* systemd-coredump will now use libdw/libelf via dlopen() rather than
|
||
directly linking, allowing users to easily opt-out of backtrace/metadata
|
||
analysis of core files, and reduce image sizes when this is not needed.
|
||
|
||
* systemd-coredump will now analyze core files with libdw/libelf in a
|
||
forked, sandboxed process.
|
||
|
||
* systemd-homed will now try to unmount an activate home area in
|
||
regular intervals once the user logged out fully. Previously this was
|
||
attempted exactly once but if the home directory was busy for some
|
||
reason it was not tried again.
|
||
|
||
* systemd-homed's LUKS2 home area backend will now create a BSD file
|
||
system lock on the image file while the home area is active
|
||
(i.e. mounted). If a home area is found to be locked, logins are
|
||
politely refused. This should improve behavior when using home areas
|
||
images that are accessible via the network from multiple clients, and
|
||
reduce the chance of accidental file system corruption in that case.
|
||
|
||
* Optionally, systemd-homed will now drop the kernel buffer cache once
|
||
a user has fully logged out, configurable via the new --drop-caches=
|
||
homectl switch.
|
||
|
||
* systemd-homed now makes use of UID mapped mounts for the home areas.
|
||
If the kernel and used file system support it, files are now
|
||
internally owned by the "nobody" user (i.e. the user typically used
|
||
for indicating "this ownership is not mapped"), and dynamically
|
||
mapped to the UID used locally on the system via the UID mapping
|
||
mount logic of recent kernels. This makes migrating home areas
|
||
between different systems cheaper because recursively chown()ing file
|
||
system trees is no longer necessary.
|
||
|
||
* systemd-homed's CIFS backend now optionally supports CIFS service
|
||
names with a directory suffix, in order to place home directories in
|
||
a subdirectory of a CIFS share, instead of the top-level directory.
|
||
|
||
* systemd-homed's CIFS backend gained support for specifying additional
|
||
mount options in the JSON user record (cifsExtraMountOptions field,
|
||
and --cifs-extra-mount-options= homectl switch). This is for example
|
||
useful for configuring mount options such as "noserverino" that some
|
||
SMB3 services require (use that to run a homed home directory from a
|
||
FritzBox SMB3 share this way).
|
||
|
||
* systemd-homed will now default to btrfs' zstd compression for home
|
||
areas. This is inspired by Fedora's recent decision to switch to zstd
|
||
by default.
|
||
|
||
* Additional mount options to use when mounting the file system of
|
||
LUKS2 volumes in systemd-homed has been added. Via the
|
||
$SYSTEMD_HOME_MOUNT_OPTIONS_BTRFS, $SYSTEMD_HOME_MOUNT_OPTIONS_EXT4,
|
||
$SYSTEMD_HOME_MOUNT_OPTIONS_XFS environment variables to
|
||
systemd-homed or via the luksExtraMountOptions user record JSON
|
||
property. (Exposed via homectl --luks-extra-mount-options)
|
||
|
||
* homectl's resize command now takes the special size specifications
|
||
"min" and "max" to shrink/grow the home area to the minimum/maximum
|
||
size possible, taking disk usage/space constraints and file system
|
||
limitations into account. Resizing is now generally graceful: the
|
||
logic will try to get as close to the specified size as possible, but
|
||
not consider it a failure if the request couldn't be fulfilled
|
||
precisely.
|
||
|
||
* systemd-homed gained the ability to automatically shrink home areas
|
||
on logout to their minimal size and grow them again on next
|
||
login. This ensures that while inactive, a home area only takes up
|
||
the minimal space necessary, but once activated, it provides
|
||
sufficient space for the user's needs. This behavior is only
|
||
supported if btrfs is used as file system inside the home area
|
||
(because only for btrfs online growing/shrinking is implemented in
|
||
the kernel). This behavior is now enabled by default, but may be
|
||
controlled via the new --auto-resize-mode= setting of homectl.
|
||
|
||
* systemd-homed gained support for automatically re-balancing free disk
|
||
space among active home areas, in case the LUKS2 backends are used,
|
||
and no explicit disk size was requested. This way disk space is
|
||
automatically managed and home areas resized in regular intervals and
|
||
manual resizing when disk space becomes scarce should not be
|
||
necessary anymore. This behavior is only supported if btrfs is used
|
||
within the home areas (as only then online shrinking and growing is
|
||
supported), and may be configured via the new rebalanceWeight JSON
|
||
user record field (as exposed via the new --rebalance-weight= homectl
|
||
setting). Re-balancing is mostly automatic, but can also be requested
|
||
explicitly via "homectl rebalance", which is synchronous, and thus
|
||
may be used to wait until the rebalance run is complete.
|
||
|
||
* userdbctl gained a --json= switch for configured the JSON formatting
|
||
to use when outputting user or group records.
|
||
|
||
* userdbctl gained a new --multiplexer= switch for explicitly
|
||
configuring whether to use the systemd-userdbd server side user
|
||
record resolution logic.
|
||
|
||
* userdbctl's ssh-authorized-keys command learnt a new --chain switch,
|
||
for chaining up another command to execute after completing the
|
||
look-up. Since the OpenSSH's AuthorizedKeysCommand only allows
|
||
configuration of a single command to invoke, this maybe used to
|
||
invoke multiple: first userdbctl's own implementation, and then any
|
||
other also configured in the command line.
|
||
|
||
* The sd-event API gained a new function sd_event_add_inotify_fd() that
|
||
is similar to sd_event_add_inotify() but accepts a file descriptor
|
||
instead of a path in the file system for referencing the inode to
|
||
watch.
|
||
|
||
* The sd-event API gained a new function
|
||
sd_event_source_set_ratelimit_expire_callback() that may be used to
|
||
define a callback function that is called whenever an event source
|
||
leaves the rate limiting phase.
|
||
|
||
* New documentation has been added explaining which steps are necessary
|
||
to port systemd to a new architecture:
|
||
|
||
https://systemd.io/PORTING_TO_NEW_ARCHITECTURES
|
||
|
||
* The x-systemd.makefs option in /etc/fstab now explicitly supports
|
||
ext2, ext3, and f2fs file systems.
|
||
|
||
* Mount units and units generated from /etc/fstab entries with 'noauto'
|
||
are now ordered the same as other units. Effectively, they will be
|
||
started earlier (if something actually pulled them in) and stopped
|
||
later, similarly to normal mount units that are part of
|
||
fs-local.target. This change should be invisible to users, but
|
||
should prevent those units from being stopped too early during
|
||
shutdown.
|
||
|
||
* The systemd-getty-generator now honors a new kernel command line
|
||
argument systemd.getty_auto= and a new environment variable
|
||
$SYSTEMD_GETTY_AUTO that allows turning it off at boot. This is for
|
||
example useful to turn off gettys inside of containers or similar
|
||
environments.
|
||
|
||
* systemd-resolved now listens on a second DNS stub address: 127.0.0.54
|
||
(in addition to 127.0.0.53, as before). If DNS requests are sent to
|
||
this address they are propagated in "bypass" mode only, i.e. are
|
||
almost not processed locally, but mostly forwarded as-is to the
|
||
current upstream DNS servers. This provides a stable DNS server
|
||
address that proxies all requests dynamically to the right upstream
|
||
DNS servers even if these dynamically change. This stub does not do
|
||
mDNS/LLMNR resolution. However, it will translate look-ups to
|
||
DNS-over-TLS if necessary. This new stub is particularly useful in
|
||
container/VM environments, or for tethering setups: use DNAT to
|
||
redirect traffic to any IP address to this stub.
|
||
|
||
* systemd-importd now honors new environment variables
|
||
$SYSTEMD_IMPORT_BTRFS_SUBVOL, $SYSTEMD_IMPORT_BTRFS_QUOTA,
|
||
$SYSTEMD_IMPORT_SYNC, which may be used disable btrfs subvolume
|
||
generation, btrfs quota setup and disk synchronization.
|
||
|
||
* systemd-importd and systemd-resolved can now be optionally built with
|
||
OpenSSL instead of libgcrypt.
|
||
|
||
* systemd-repart no longer requires OpenSSL.
|
||
|
||
* systemd-sysusers will no longer create the redundant 'nobody' group
|
||
by default, as the 'nobody' user is already created with an
|
||
appropriate primary group.
|
||
|
||
* If a unit uses RuntimeMaxSec, systemctl show will now display it.
|
||
|
||
* systemctl show-environment gained support for --output=json.
|
||
|
||
* pam_systemd will now first try to use the X11 abstract socket, and
|
||
fallback to the socket file in /tmp/.X11-unix/ only if that does not
|
||
work.
|
||
|
||
* systemd-journald will no longer go back to volatile storage
|
||
regardless of configuration when its unit is restarted.
|
||
|
||
* Initial support for the LoongArch architecture has been added (system
|
||
call lists, GPT partition table UUIDs, etc).
|
||
|
||
* systemd-journald's own logging messages are now also logged to the
|
||
journal itself when systemd-journald logs to /dev/kmsg.
|
||
|
||
* systemd-journald now re-enables COW for archived journal files on
|
||
filesystems that support COW. One benefit of this change is that
|
||
archived journal files will now get compressed on btrfs filesystems
|
||
that have compression enabled.
|
||
|
||
* systemd-journald now deduplicates fields in a single log message
|
||
before adding it to the journal. In archived journal files, it will
|
||
also punch holes for unused parts and truncate the file as
|
||
appropriate, leading to reductions in disk usage.
|
||
|
||
* journalctl --verify was extended with more informative error
|
||
messages.
|
||
|
||
* More of sd-journal's functions are now resistant against journal file
|
||
corruption.
|
||
|
||
* The shutdown command learnt a new option --show, to display the
|
||
scheduled shutdown.
|
||
|
||
* A LICENSES/ directory is now included in the git tree. It contains a
|
||
README.md file that explains the licenses used by source files in
|
||
this repository. It also contains the text of all applicable
|
||
licenses as they appear on spdx.org.
|
||
|
||
Contributions from: Aakash Singh, acsfer, Adolfo Jayme Barrientos,
|
||
Adrian Vovk, Albert Brox, Alberto Mardegan, Alexander Kanavin,
|
||
alexlzhu, Alfonso Sánchez-Beato, Alvin Šipraga, Alyssa Ross,
|
||
Amir Omidi, Anatol Pomozov, Andika Triwidada, Andreas Rammhold,
|
||
Andreas Valder, Andrej Lajovic, Andrew Soutar, Andrew Stone, Andy Chi,
|
||
Anita Zhang, Anssi Hannula, Antonio Alvarez Feijoo,
|
||
Antony Deepak Thomas, Arnaud Ferraris, Arvid E. Picciani,
|
||
Bastien Nocera, Benjamin Berg, Benjamin Herrenschmidt, Ben Stockett,
|
||
Bogdan Seniuc, Boqun Feng, Carl Lei, chlorophyll-zz, Chris Packham,
|
||
Christian Brauner, Christian Göttsche, Christian Wehrli,
|
||
Christoph Anton Mitterer, Cristian Rodríguez, Daan De Meyer,
|
||
Daniel Maixner, Dann Frazier, Dan Streetman, Davide Cavalca,
|
||
David Seifert, David Tardon, dependabot[bot], Dimitri John Ledkov,
|
||
Dimitri Papadopoulos, Dimitry Ishenko, Dmitry Khlebnikov,
|
||
Dominique Martinet, duament, Egor, Egor Ignatov, Emil Renner Berthing,
|
||
Emily Gonyer, Ettore Atalan, Evgeny Vereshchagin, Florian Klink,
|
||
Franck Bui, Frantisek Sumsal, Geass-LL, Gibeom Gwon, GnunuX,
|
||
Gogo Gogsi, gregzuro, Greg Zuro, Gustavo Costa, Hans de Goede,
|
||
Hela Basa, Henri Chain, hikigaya58, Hugo Carvalho,
|
||
Hugo Osvaldo Barrera, Iago Lopez Galeiras, Iago López Galeiras,
|
||
I-dont-need-name, igo95862, Jack Dähn, James Hilliard, Jan Janssen,
|
||
Jan Kuparinen, Jan Macku, Jan Palus, Jarkko Sakkinen, Jayce Fayne,
|
||
jiangchuangang, jlempen, John Lindgren, Jonas Dreßler, Jonas Jelten,
|
||
Jonas Witschel, Joris Hartog, José Expósito, Julia Kartseva,
|
||
Kai-Heng Feng, Kai Wohlfahrt, Kay Siver Bø, KennthStailey,
|
||
Kevin Kuehler, Kevin Orr, Khem Raj, Kristian Klausen, Kyle Laker,
|
||
lainahai, LaserEyess, Lennart Poettering, Lia Lenckowski, longpanda,
|
||
Luca Boccassi, Luca BRUNO, Ludwig Nussel, Lukas Senionis,
|
||
Maanya Goenka, Maciek Borzecki, Marcel Menzel, Marco Scardovi,
|
||
Marcus Harrison, Mark Boudreau, Matthijs van Duin, Mauricio Vásquez,
|
||
Maxime de Roucy, Max Resch, MertsA, Michael Biebl, Michael Catanzaro,
|
||
Michal Koutný, Michal Sekletár, Miika Karanki, Mike Gilbert,
|
||
Milo Turner, ml, monosans, Nacho Barrientos, nassir90, Nishal Kulkarni,
|
||
nl6720, Ondrej Kozina, Paulo Neves, Pavel Březina, pedro martelletto,
|
||
Peter Hutterer, Peter Morrow, Piotr Drąg, Rasmus Villemoes, ratijas,
|
||
Raul Tambre, rene, Riccardo Schirone, Robert-L-Turner, Robert Scheck,
|
||
Ross Jennings, saikat0511, Scott Lamb, Scott Worley,
|
||
Sergei Trofimovich, Sho Iizuka, Slava Bacherikov, Slimane Selyan Amiri,
|
||
StefanBruens, Steven Siloti, svonohr, Taiki Sugawara, Takashi Sakamoto,
|
||
Takuro Onoue, Thomas Blume, Thomas Haller, Thomas Mühlbacher,
|
||
Tianlu Shao, Toke Høiland-Jørgensen, Tom Yan, Tony Asleson,
|
||
Topi Miettinen, Ulrich Ölmann, Urs Ritzmann, Vincent Bernat,
|
||
Vito Caputo, Vladimir Panteleev, WANG Xuerui, Wind/owZ, Wu Xiaotian,
|
||
xdavidwu, Xiaotian Wu, xujing, yangmingtai, Yao Wei, Yao Wei (魏銘廷),
|
||
Yegor Alexeyev, Yu Watanabe, Zbigniew Jędrzejewski-Szmek,
|
||
Дамјан Георгиевски, наб
|
||
|
||
— Warsaw, 2021-12-23
|
||
|
||
CHANGES WITH 249:
|
||
|
||
* When operating on disk images via the --image= switch of various
|
||
tools (such as systemd-nspawn or systemd-dissect), or when udev finds
|
||
no 'root=' parameter on the kernel command line, and multiple
|
||
suitable root or /usr/ partitions exist in the image, then a simple
|
||
comparison inspired by strverscmp() is done on the GPT partition
|
||
label, and the newest partition is picked. This permits a simple and
|
||
generic whole-file-system A/B update logic where new operating system
|
||
versions are dropped into partitions whose label is then updated with
|
||
a matching version identifier.
|
||
|
||
* systemd-sysusers now supports querying the passwords to set for the
|
||
users it creates via the "credentials" logic introduced in v247: the
|
||
passwd.hashed-password.<user> and passwd.plaintext-password.<user>
|
||
credentials are consulted for the password to use (either in UNIX
|
||
hashed form, or literally). By default these credentials are inherited
|
||
down from PID1 (which in turn imports it from a container manager if
|
||
there is one). This permits easy configuration of user passwords
|
||
during first boot. Example:
|
||
|
||
# systemd-nspawn -i foo.raw --volatile=yes --set-credential=passwd.plaintext-password.root:foo
|
||
|
||
Note that systemd-sysusers operates in purely additive mode: it
|
||
executes no operation if the declared users already exist, and hence
|
||
doesn't set any passwords as effect of the command line above if the
|
||
specified root user exists already in the image. (Note that
|
||
--volatile=yes ensures it doesn't, though.)
|
||
|
||
* systemd-firstboot now also supports querying various system
|
||
parameters via the credential subsystems. Thus, as above this may be
|
||
used to initialize important system parameters on first boot of
|
||
previously unprovisioned images (i.e. images with a mostly empty
|
||
/etc/).
|
||
|
||
* PID 1 may now show both the unit name and the unit description
|
||
strings in its status output during boot. This may be configured with
|
||
StatusUnitFormat=combined in system.conf or
|
||
systemd.status-unit-format=combined on the kernel command line.
|
||
|
||
* The systemd-machine-id-setup tool now supports a --image= switch for
|
||
provisioning a machine ID file into an OS disk image, similar to how
|
||
--root= operates on an OS file tree. This matches the existing switch
|
||
of the same name for systemd-tmpfiles, systemd-firstboot, and
|
||
systemd-sysusers tools.
|
||
|
||
* Similarly, systemd-repart gained support for the --image= switch too.
|
||
In combination with the existing --size= option, this makes the tool
|
||
particularly useful for easily growing disk images in a single
|
||
invocation, following the declarative rules included in the image
|
||
itself.
|
||
|
||
* systemd-repart's partition configuration files gained support for a
|
||
new switch MakeDirectories= which may be used to create arbitrary
|
||
directories inside file systems that are created, before registering
|
||
them in the partition table. This is useful in particular for root
|
||
partitions to create mount point directories for other partitions
|
||
included in the image. For example, a disk image that contains a
|
||
root, /home/, and /var/ partitions, may set MakeDirectories=yes to
|
||
create /home/ and /var/ as empty directories in the root file system
|
||
on its creation, so that the resulting image can be mounted
|
||
immediately, even in read-only mode.
|
||
|
||
* systemd-repart's CopyBlocks= setting gained support for the special
|
||
value "auto". If used, a suitable matching partition on the booted OS
|
||
is found as source to copy blocks from. This is useful when
|
||
implementing replicating installers, that are booted from one medium
|
||
and then stream their own root partition onto the target medium.
|
||
|
||
* systemd-repart's partition configuration files gained support for a
|
||
Flags=, a ReadOnly= and a NoAuto= setting, allowing control of these
|
||
GPT partition flags for the created partitions: this is useful for
|
||
marking newly created partitions as read-only, or as not being
|
||
subject for automatic mounting from creation on.
|
||
|
||
* The /etc/os-release file has been extended with two new (optional)
|
||
variables IMAGE_VERSION= and IMAGE_ID=, carrying identity and version
|
||
information for OS images that are updated comprehensively and
|
||
atomically as one image. Two new specifiers %M, %A now resolve to
|
||
these two fields in the various configuration options that resolve
|
||
specifiers.
|
||
|
||
* portablectl gained a new switch --extension= for enabling portable
|
||
service images with extensions that follow the extension image
|
||
concept introduced with v248, and thus allows layering multiple
|
||
images when setting up the root filesystem of the service.
|
||
|
||
* systemd-coredump will now extract ELF build-id information from
|
||
processes dumping core and include it in the coredump report.
|
||
Moreover, it will look for ELF .note.package sections with
|
||
distribution packaging meta-information about the crashing process.
|
||
This is useful to directly embed the rpm or deb (or any other)
|
||
package name and version in ELF files, making it easy to match
|
||
coredump reports with the specific package for which the software was
|
||
compiled. This is particularly useful on environments with ELF files
|
||
from multiple vendors, different distributions and versions, as is
|
||
common today in our containerized and sand-boxed world. For further
|
||
information, see:
|
||
|
||
https://systemd.io/COREDUMP_PACKAGE_METADATA
|
||
|
||
* A new udev hardware database has been added for FireWire devices
|
||
(IEEE 1394).
|
||
|
||
* The "net_id" built-in of udev has been updated with three
|
||
backwards-incompatible changes:
|
||
|
||
- PCI hotplug slot names on s390 systems are now parsed as
|
||
hexadecimal numbers. They were incorrectly parsed as decimal
|
||
previously, or ignored if the name was not a valid decimal
|
||
number.
|
||
|
||
- PCI onboard indices up to 65535 are allowed. Previously, numbers
|
||
above 16383 were rejected. This primarily impacts s390 systems,
|
||
where values up to 65535 are used.
|
||
|
||
- Invalid characters in interface names are replaced with "_".
|
||
|
||
The new version of the net naming scheme is "v249". The previous
|
||
scheme can be selected via the "net.naming_scheme=v247" kernel
|
||
command line parameter.
|
||
|
||
* sd-bus' sd_bus_is_ready() and sd_bus_is_open() calls now accept a
|
||
NULL bus object, for which they will return false. Or in other words,
|
||
an unallocated bus connection is neither ready nor open.
|
||
|
||
* The sd-device API acquired a new API function
|
||
sd_device_get_usec_initialized() that returns the monotonic time when
|
||
the udev device first appeared in the database.
|
||
|
||
* sd-device gained a new APIs sd_device_trigger_with_uuid() and
|
||
sd_device_get_trigger_uuid(). The former is similar to
|
||
sd_device_trigger() but returns a randomly generated UUID that is
|
||
associated with the synthetic uevent generated by the call. This UUID
|
||
may be read from the sd_device object a monitor eventually receives,
|
||
via the sd_device_get_trigger_uuid(). This interface requires kernel
|
||
4.13 or above to work, and allows tracking a synthetic uevent through
|
||
the entire device management stack. The "udevadm trigger --settle"
|
||
logic has been updated to make use of this concept if available to
|
||
wait precisely for the uevents it generates. "udevadm trigger" also
|
||
gained a new parameter --uuid that prints the UUID for each generated
|
||
uevent.
|
||
|
||
* sd-device also gained new APIs sd_device_new_from_ifname() and
|
||
sd_device_new_from_ifindex() for allocating an sd-device object for
|
||
the specified network interface. The former accepts an interface name
|
||
(either a primary or an alternative name), the latter an interface
|
||
index.
|
||
|
||
* The native Journal protocol has been documented. Clients may talk
|
||
this as alternative to the classic BSD syslog protocol for locally
|
||
delivering log records to the Journal. The protocol has been stable
|
||
for a long time and in fact been implemented already in a variety
|
||
of alternative client libraries. This documentation makes the support
|
||
for that official:
|
||
|
||
https://systemd.io/JOURNAL_NATIVE_PROTOCOL
|
||
|
||
* A new BPFProgram= setting has been added to service files. It may be
|
||
set to a path to a loaded kernel BPF program, i.e. a path to a bpffs
|
||
file, or a bind mount or symlink to one. This may be used to upload
|
||
and manage BPF programs externally and then hook arbitrary systemd
|
||
services into them.
|
||
|
||
* The "home.arpa" domain that has been officially declared as the
|
||
choice for domain for local home networks per RFC 8375 has been added
|
||
to the default NTA list of resolved, since DNSSEC is generally not
|
||
available on private domains.
|
||
|
||
* The CPUAffinity= setting of unit files now resolves "%" specifiers.
|
||
|
||
* A new ManageForeignRoutingPolicyRules= setting has been added to
|
||
.network files which may be used to exclude foreign-created routing
|
||
policy rules from systemd-networkd management.
|
||
|
||
* systemd-network-wait-online gained two new switches -4 and -6 that
|
||
may be used to tweak whether to wait for only IPv4 or only IPv6
|
||
connectivity.
|
||
|
||
* .network files gained a new RequiredFamilyForOnline= setting to
|
||
fine-tune whether to require an IPv4 or IPv6 address in order to
|
||
consider an interface "online".
|
||
|
||
* networkctl will now show an over-all "online" state in the per-link
|
||
information.
|
||
|
||
* In .network files a new OutgoingInterface= setting has been added to
|
||
specify the output interface in bridge FDB setups.
|
||
|
||
* In .network files the Multipath group ID may now be configured for
|
||
[NextHop] entries, via the new Group= setting.
|
||
|
||
* The DHCP server logic configured in .network files gained a new
|
||
setting RelayTarget= that turns the server into a DHCP server relay.
|
||
The RelayAgentCircuitId= and RelayAgentRemoteId= settings may be used
|
||
to further tweak the DHCP relay behaviour.
|
||
|
||
* The DHCP server logic also gained a new ServerAddress= setting in
|
||
.network files that explicitly specifies the server IP address to
|
||
use. If not specified, the address is determined automatically, as
|
||
before.
|
||
|
||
* The DHCP server logic in systemd-networkd gained support for static
|
||
DHCP leases, configurable via the [DHCPServerStaticLease]
|
||
section. This allows explicitly mapping specific MAC addresses to
|
||
fixed IP addresses and vice versa.
|
||
|
||
* The RestrictAddressFamilies= setting in service files now supports a
|
||
new special value "none". If specified sockets of all address
|
||
families will be made unavailable to services configured that way.
|
||
|
||
* systemd-fstab-generator and systemd-repart have been updated to
|
||
support booting from disks that carry only a /usr/ partition but no
|
||
root partition yet, and where systemd-repart can add it in on the
|
||
first boot. This is useful for implementing systems that ship with a
|
||
single /usr/ file system, and whose root file system shall be set up
|
||
and formatted on a LUKS-encrypted volume whose key is generated
|
||
locally (and possibly enrolled in the TPM) during the first boot.
|
||
|
||
* The [Address] section of .network files now accepts a new
|
||
RouteMetric= setting that configures the routing metric to use for
|
||
the prefix route created as effect of the address configuration.
|
||
Similarly, the [DHCPv6PrefixDelegation] and [IPv6Prefix] sections
|
||
gained matching settings for their prefix routes. (The option of the
|
||
same name in the [DHCPv6] section is moved to [IPv6AcceptRA], since
|
||
it conceptually belongs there; the old option is still understood for
|
||
compatibility.)
|
||
|
||
* The DHCPv6 IAID and DUID are now explicitly configurable in .network
|
||
files.
|
||
|
||
* A new udev property ID_NET_DHCP_BROADCAST on network interface
|
||
devices is now honoured by systemd-networkd, controlling whether to
|
||
issue DHCP offers via broadcasting. This is used to ensure that s390
|
||
layer 3 network interfaces work out-of-the-box with systemd-networkd.
|
||
|
||
* nss-myhostname and systemd-resolved will now synthesize address
|
||
records for a new special hostname "_outbound". The name will always
|
||
resolve to the local IP addresses most likely used for outbound
|
||
connections towards the default routes. On multi-homed hosts this is
|
||
useful to have a stable handle referring to "the" local IP address
|
||
that matters most, to the point where this is defined.
|
||
|
||
* The Discoverable Partition Specification has been updated with a new
|
||
GPT partition flag "grow-file-system" defined for its partition
|
||
types. Whenever partitions with this flag set are automatically
|
||
mounted (i.e. via systemd-gpt-auto-generator or the --image= switch
|
||
of systemd-nspawn or other tools; and as opposed to explicit mounting
|
||
via /etc/fstab), the file system within the partition is
|
||
automatically grown to the full size of the partition. If the file
|
||
system size already matches the partition size this flag has no
|
||
effect. Previously, this functionality has been available via the
|
||
explicit x-systemd.growfs mount option, and this new flag extends
|
||
this to automatically discovered mounts. A new GrowFileSystem=
|
||
setting has been added to systemd-repart drop-in files that allows
|
||
configuring this partition flag. This new flag defaults to on for
|
||
partitions automatically created by systemd-repart, except if they
|
||
are marked read-only. See the specification for further details:
|
||
|
||
https://systemd.io/DISCOVERABLE_PARTITIONS
|
||
|
||
* .network files gained a new setting RoutesToNTP= in the [DHCPv4]
|
||
section. If enabled (which is the default), and an NTP server address
|
||
is acquired through a DHCP lease on this interface an explicit route
|
||
to this address is created on this interface to ensure that NTP
|
||
traffic to the NTP server acquired on an interface is also routed
|
||
through that interface. The pre-existing RoutesToDNS= setting that
|
||
implements the same for DNS servers is now enabled by default.
|
||
|
||
* A pair of service settings SocketBindAllow= + SocketBindDeny= have
|
||
been added that may be used to restrict the network interfaces
|
||
sockets created by the service may be bound to. This is implemented
|
||
via BPF.
|
||
|
||
* A new ConditionFirmware= setting has been added to unit files to
|
||
conditionalize on certain firmware features. At the moment it may
|
||
check whether running on a UEFI system, a device.tree system, or if
|
||
the system is compatible with some specified device-tree feature.
|
||
|
||
* A new ConditionOSRelease= setting has been added to unit files to
|
||
check os-release(5) fields. The "=", "!=", "<", "<=", ">=", ">"
|
||
operators may be used to check if some field has some specific value
|
||
or do an alphanumerical comparison. Equality comparisons are useful
|
||
for fields like ID, but relative comparisons for fields like
|
||
VERSION_ID or IMAGE_VERSION.
|
||
|
||
* hostnamed gained a new Describe() D-Bus method that returns a JSON
|
||
serialization of the host data it exposes. This is exposed via
|
||
"hostnamectl --json=" to acquire a host identity description in JSON.
|
||
It's our intention to add a similar features to most services and
|
||
objects systemd manages, in order to simplify integration with
|
||
program code that can consume JSON.
|
||
|
||
* Similarly, networkd gained a Describe() method on its Manager and
|
||
Link bus objects. This is exposed via "networkctl --json=".
|
||
|
||
* hostnamectl's various "get-xyz"/"set-xyz" verb pairs
|
||
(e.g. "hostnamectl get-hostname", "hostnamectl "set-hostname") have
|
||
been replaced by a single "xyz" verb (e.g. "hostnamectl hostname")
|
||
that is used both to get the value (when no argument is given), and
|
||
to set the value (when an argument is specified). The old names
|
||
continue to be supported for compatibility.
|
||
|
||
* systemd-detect-virt and ConditionVirtualization= are now able to
|
||
correctly identify Amazon EC2 environments.
|
||
|
||
* The LogLevelMax= setting of unit files now applies not only to log
|
||
messages generated *by* the service, but also to log messages
|
||
generated *about* the service by PID 1. To suppress logs concerning a
|
||
specific service comprehensively, set this option to a high log
|
||
level.
|
||
|
||
* bootctl gained support for a new --make-machine-id-directory= switch
|
||
that allows precise control on whether to create the top-level
|
||
per-machine directory in the boot partition that typically contains
|
||
Type 1 boot loader entries.
|
||
|
||
* During build SBAT data to include in the systemd-boot EFI PE binaries
|
||
may be specified now.
|
||
|
||
* /etc/crypttab learnt a new option "headless". If specified any
|
||
requests to query the user interactively for passwords or PINs will
|
||
be skipped. This is useful on systems that are headless, i.e. where
|
||
an interactive user is generally not present.
|
||
|
||
* /etc/crypttab also learnt a new option "password-echo=" that allows
|
||
configuring whether the encryption password prompt shall echo the
|
||
typed password and if so, do so literally or via asterisks. (The
|
||
default is the same behaviour as before: provide echo feedback via
|
||
asterisks.)
|
||
|
||
* FIDO2 support in systemd-cryptenroll/systemd-cryptsetup and
|
||
systemd-homed has been updated to allow explicit configuration of the
|
||
"user presence" and "user verification" checks, as well as whether a
|
||
PIN is required for authentication, via the new switches
|
||
--fido2-with-user-presence=, --fido2-with-user-verification=,
|
||
--fido2-with-client-pin= to systemd-cryptenroll and homectl. Which
|
||
features are available, and may be enabled or disabled depends on the
|
||
used FIDO2 token.
|
||
|
||
* systemd-nspawn's --private-user= switch now accepts the special value
|
||
"identity" which configures a user namespacing environment with an
|
||
identity mapping of 65535 UIDs. This means the container UID 0 is
|
||
mapped to the host UID 0, and the UID 1 to host UID 1. On first look
|
||
this doesn't appear to be useful, however it does reduce the attack
|
||
surface a bit, since the resulting container will possess process
|
||
capabilities only within its namespace and not on the host.
|
||
|
||
* systemd-nspawn's --private-user-chown switch has been replaced by a
|
||
more generic --private-user-ownership= switch that accepts one of
|
||
three values: "chown" is equivalent to the old --private-user-chown,
|
||
and "off" is equivalent to the absence of the old switch. The value
|
||
"map" uses the new UID mapping mounts of Linux 5.12 to map ownership
|
||
of files and directories of the underlying image to the chosen UID
|
||
range for the container. "auto" is equivalent to "map" if UID mapping
|
||
mount are supported, otherwise it is equivalent to "chown". The short
|
||
-U switch systemd-nspawn now implies --private-user-ownership=auto
|
||
instead of the old --private-user-chown. Effectively this means: if
|
||
the backing file system supports UID mapping mounts the feature is
|
||
now used by default if -U is used. Generally, it's a good idea to use
|
||
UID mapping mounts instead of recursive chown()ing, since it allows
|
||
running containers off immutable images (since no modifications of
|
||
the images need to take place), and share images between multiple
|
||
instances. Moreover, the recursive chown()ing operation is slow and
|
||
can be avoided. Conceptually it's also a good thing if transient UID
|
||
range uses do not leak into persistent file ownership anymore. TLDR:
|
||
finally, the last major drawback of user namespacing has been
|
||
removed, and -U should always be used (unless you use btrfs, where
|
||
UID mapped mounts do not exist; or your container actually needs
|
||
privileges on the host).
|
||
|
||
* nss-systemd now synthesizes user and group shadow records in addition
|
||
to the main user and group records. Thus, hashed passwords managed by
|
||
systemd-homed are now accessible via the shadow database.
|
||
|
||
* The userdb logic (and thus nss-systemd, and so on) now read
|
||
additional user/group definitions in JSON format from the drop-in
|
||
directories /etc/userdb/, /run/userdb/, /run/host/userdb/ and
|
||
/usr/lib/userdb/. This is a simple and powerful mechanism for making
|
||
additional users available to the system, with full integration into
|
||
NSS including the shadow databases. Since the full JSON user/group
|
||
record format is supported this may also be used to define users with
|
||
resource management settings and other runtime settings that
|
||
pam_systemd and systemd-logind enforce at login.
|
||
|
||
* The userdbctl tool gained two new switches --with-dropin= and
|
||
--with-varlink= which can be used to fine-tune the sources used for
|
||
user database lookups.
|
||
|
||
* systemd-nspawn gained a new switch --bind-user= for binding a host
|
||
user account into the container. This does three things: the user's
|
||
home directory is bind mounted from the host into the container,
|
||
below the /run/userdb/home/ hierarchy. A free UID is picked in the
|
||
container, and a user namespacing UID mapping to the host user's UID
|
||
installed. And finally, a minimal JSON user and group record (along
|
||
with its hashed password) is dropped into /run/host/userdb/. These
|
||
records are picked up automatically by the userdb drop-in logic
|
||
describe above, and allow the user to login with the same password as
|
||
on the host. Effectively this means: if host and container run new
|
||
enough systemd versions making a host user available to the container
|
||
is trivially simple.
|
||
|
||
* systemd-journal-gatewayd now supports the switches --user, --system,
|
||
--merge, --file= that are equivalent to the same switches of
|
||
journalctl, and permit exposing only the specified subset of the
|
||
Journal records.
|
||
|
||
* The OnFailure= dependency between units is now augmented with a
|
||
implicit reverse dependency OnFailureOf= (this new dependency cannot
|
||
be configured directly it's only created as effect of an OnFailure=
|
||
dependency in the reverse order — it's visible in "systemctl show"
|
||
however). Similar, Slice= now has an reverse dependency SliceOf=,
|
||
that is also not configurable directly, but useful to determine all
|
||
units that are members of a slice.
|
||
|
||
* A pair of new dependency types between units PropagatesStopTo= +
|
||
StopPropagatedFrom= has been added, that allows propagation of unit
|
||
stop events between two units. It operates similar to the existing
|
||
PropagatesReloadTo= + ReloadPropagatedFrom= dependencies.
|
||
|
||
* A new dependency type OnSuccess= has been added (plus the reverse
|
||
dependency OnSuccessOf=, which cannot be configured directly, but
|
||
exists only as effect of the reverse OnSuccess=). It is similar to
|
||
OnFailure=, but triggers in the opposite case: when a service exits
|
||
cleanly. This allows "chaining up" of services where one or more
|
||
services are started once another service has successfully completed.
|
||
|
||
* A new dependency type Upholds= has been added (plus the reverse
|
||
dependency UpheldBy=, which cannot be configured directly, but exists
|
||
only as effect of Upholds=). This dependency type is a stronger form
|
||
of Wants=: if a unit has an UpHolds= dependency on some other unit
|
||
and the former is active then the latter is started whenever it is
|
||
found inactive (and no job is queued for it). This is an alternative
|
||
to Restart= inside service units, but less configurable, and the
|
||
request to uphold a unit is not encoded in the unit itself but in
|
||
another unit that intends to uphold it.
|
||
|
||
* The systemd-ask-password tool now also supports reading passwords
|
||
from the credentials subsystem, via the new --credential= switch.
|
||
|
||
* The systemd-ask-password tool learnt a new switch --emoji= which may
|
||
be used to explicit control whether the lock and key emoji (🔐) is
|
||
shown in the password prompt on suitable TTYs.
|
||
|
||
* The --echo switch of systemd-ask-password now optionally takes a
|
||
parameter that controls character echo. It may either show asterisks
|
||
(default, as before), turn echo off entirely, or echo the typed
|
||
characters literally.
|
||
|
||
* The systemd-ask-password tool also gained a new -n switch for
|
||
suppressing output of a trailing newline character when writing the
|
||
acquired password to standard output, similar to /bin/echo's -n
|
||
switch.
|
||
|
||
* New documentation has been added that describes the organization of
|
||
the systemd source code tree:
|
||
|
||
https://systemd.io/ARCHITECTURE
|
||
|
||
* Units using ConditionNeedsUpdate= will no longer be activated in
|
||
the initrd.
|
||
|
||
* It is now possible to list a template unit in the WantedBy= or
|
||
RequiredBy= settings of the [Install] section of another template
|
||
unit, which will be instantiated using the same instance name.
|
||
|
||
* A new MemoryAvailable property is available for units. If the unit,
|
||
or the slices it is part of, have a memory limit set via MemoryMax=/
|
||
MemoryHigh=, MemoryAvailable will indicate how much more memory the
|
||
unit can claim before hitting the limits.
|
||
|
||
* systemd-coredump will now try to stay below the cgroup memory limit
|
||
placed on itself or one of the slices it runs under, if the storage
|
||
area for core files (/var/lib/systemd/coredump/) is placed on a tmpfs,
|
||
since files written on such filesystems count toward the cgroup memory
|
||
limit. If there is not enough available memory in such cases to store
|
||
the core file uncompressed, systemd-coredump will skip to compressed
|
||
storage directly (if enabled) and it will avoid analyzing the core file
|
||
to print backtrace and metadata in the journal.
|
||
|
||
* tmpfiles.d/ drop-ins gained a new '=' modifier to check if the type
|
||
of a path matches the configured expectations, and remove it if not.
|
||
|
||
* tmpfiles.d/'s 'Age' now accepts an 'age-by' argument, which allows to
|
||
specify which of the several available filesystem timestamps (access
|
||
time, birth time, change time, modification time) to look at when
|
||
deciding whether a path has aged enough to be cleaned.
|
||
|
||
* A new IPv6StableSecretAddress= setting has been added to .network
|
||
files, which takes an IPv6 address to use as secret for IPv6 address
|
||
generation.
|
||
|
||
* The [DHCPServer] logic in .network files gained support for a new
|
||
UplinkInterface= setting that permits configuration of the uplink
|
||
interface name to propagate DHCP lease information from.
|
||
|
||
* The WakeOnLan= setting in .link files now accepts a list of flags
|
||
instead of a single one, to configure multiple wake-on-LAN policies.
|
||
|
||
* User-space defined tracepoints (USDT) have been added to udev at
|
||
strategic locations. This is useful for tracing udev behaviour and
|
||
performance with bpftrace and similar tools.
|
||
|
||
* systemd-journald-upload gained a new NetworkTimeoutSec= option for
|
||
setting a network timeout time.
|
||
|
||
* If a system service is running in a new mount namespace (RootDirectory=
|
||
and friends), all file systems will be mounted with MS_NOSUID by
|
||
default, unless the system is running with SELinux enabled.
|
||
|
||
* When enumerating time zones the timedatectl tool will now consult the
|
||
'tzdata.zi' file shipped by the IANA time zone database package, in
|
||
addition to 'zone1970.tab', as before. This makes sure time zone
|
||
aliases are now correctly supported. Some distributions so far did
|
||
not install this additional file, most do however. If you
|
||
distribution does not install it yet, it might make sense to change
|
||
that.
|
||
|
||
* Intel HID rfkill event is no longer masked, since it's the only
|
||
source of rfkill event on newer HP laptops. To have both backward and
|
||
forward compatibility, userspace daemon needs to debounce duplicated
|
||
events in a short time window.
|
||
|
||
Contributions from: Aakash Singh, adrian5, Albert Brox,
|
||
Alexander Sverdlin, Alexander Tsoy, Alexey Rubtsov, alexlzhu,
|
||
Allen Webb, Alvin Šipraga, Alyssa Ross, Anders Wenhaug,
|
||
Andrea Pappacoda, Anita Zhang, asavah, Balint Reczey, Bertrand Jacquin,
|
||
borna-blazevic, caoxia2008cxx, Carlo Teubner, Christian Göttsche,
|
||
Christian Hesse, Daniel Schaefer, Dan Streetman,
|
||
David Santamaría Rogado, David Tardon, Deepak Rawat, dgcampea,
|
||
Dimitri John Ledkov, ei-ke, Emilio Herrera, Emil Renner Berthing,
|
||
Eric Cook, Flos Lonicerae, Franck Bui, Francois Gervais,
|
||
Frantisek Sumsal, Gibeom Gwon, gitm0, Hamish Moffatt, Hans de Goede,
|
||
Harsh Barsaiyan, Henri Chain, Hristo Venev, Icenowy Zheng, Igor Zhbanov,
|
||
imayoda, Jakub Warczarek, James Buren, Jan Janssen, Jan Macku,
|
||
Jan Synacek, Jason Francis, Jayanth Ananthapadmanaban, Jeremy Szu,
|
||
Jérôme Carretero, Jesse Stricker, jiangchuangang, Joerg Behrmann,
|
||
Jóhann B. Guðmundsson, Jörg Deckert, Jörg Thalheim, Juergen Hoetzel,
|
||
Julia Kartseva, Kai-Heng Feng, Khem Raj, KoyamaSohei, laineantti,
|
||
Lennart Poettering, LetzteInstanz, Luca Adrian L, Luca Boccassi,
|
||
Lucas Magasweran, Mantas Mikulėnas, Marco Antonio Mauro, Mark Wielaard,
|
||
Masahiro Matsuya, Matt Johnston, Michael Catanzaro, Michal Koutný,
|
||
Michal Sekletár, Mike Crowe, Mike Kazantsev, Milan, milaq,
|
||
Miroslav Suchý, Morten Linderud, nerdopolis, nl6720, Noah Meyerhans,
|
||
Oleg Popov, Olle Lundberg, Ondrej Kozina, Paweł Marciniak, Perry.Yuan,
|
||
Peter Hutterer, Peter Kjellerstedt, Peter Morrow, Phaedrus Leeds,
|
||
plattrap, qhill, Raul Tambre, Roman Beranek, Roshan Shariff,
|
||
Ryan Hendrickson, Samuel BF, scootergrisen, Sebastian Blunt,
|
||
Seong-ho Cho, Sergey Bugaev, Sevan Janiyan, Sibo Dong, simmon,
|
||
Simon Watts, Srinidhi Kaushik, Štěpán Němec, Steve Bonds, Susant Sahani,
|
||
sverdlin, syyhao1994, Takashi Sakamoto, Topi Miettinen, tramsay,
|
||
Trent Piepho, Uwe Kleine-König, Viktor Mihajlovski, Vincent Dechenaux,
|
||
Vito Caputo, William A. Kennington III, Yangyang Shen, Yegor Alexeyev,
|
||
Yi Gao, Yu Watanabe, Zbigniew Jędrzejewski-Szmek, zsien, наб
|
||
|
||
— Edinburgh, 2021-07-07
|
||
|
||
CHANGES WITH 248:
|
||
|
||
* A concept of system extension images is introduced. Such images may
|
||
be used to extend the /usr/ and /opt/ directory hierarchies at
|
||
runtime with additional files (even if the file system is read-only).
|
||
When a system extension image is activated, its /usr/ and /opt/
|
||
hierarchies and os-release information are combined via overlayfs
|
||
with the file system hierarchy of the host OS.
|
||
|
||
A new systemd-sysext tool can be used to merge, unmerge, list, and
|
||
refresh system extension hierarchies. See
|
||
https://www.freedesktop.org/software/systemd/man/systemd-sysext.html.
|
||
|
||
The systemd-sysext.service automatically merges installed system
|
||
extensions during boot (before basic.target, but not in very early
|
||
boot, since various file systems have to be mounted first).
|
||
|
||
The SYSEXT_LEVEL= field in os-release(5) may be used to specify the
|
||
supported system extension level.
|
||
|
||
* A new ExtensionImages= unit setting can be used to apply the same
|
||
system extension image concept from systemd-sysext to the namespaced
|
||
file hierarchy of specific services, following the same rules and
|
||
constraints.
|
||
|
||
* Support for a new special "root=tmpfs" kernel command-line option has
|
||
been added. When specified, a tmpfs is mounted on /, and mount.usr=
|
||
should be used to point to the operating system implementation.
|
||
|
||
* A new configuration file /etc/veritytab may be used to configure
|
||
dm-verity integrity protection for block devices. Each line is in the
|
||
format "volume-name data-device hash-device roothash options",
|
||
similar to /etc/crypttab.
|
||
|
||
* A new kernel command-line option systemd.verity.root_options= may be
|
||
used to configure dm-verity behaviour for the root device.
|
||
|
||
* The key file specified in /etc/crypttab (the third field) may now
|
||
refer to an AF_UNIX/SOCK_STREAM socket in the file system. The key is
|
||
acquired by connecting to that socket and reading from it. This
|
||
allows the implementation of a service to provide key information
|
||
dynamically, at the moment when it is needed.
|
||
|
||
* When the hostname is set explicitly to "localhost", systemd-hostnamed
|
||
will respect this. Previously such a setting would be mostly silently
|
||
ignored. The goal is to honour configuration as specified by the
|
||
user.
|
||
|
||
* The fallback hostname that will be used by the system manager and
|
||
systemd-hostnamed can now be configured in two new ways: by setting
|
||
DEFAULT_HOSTNAME= in os-release(5), or by setting
|
||
$SYSTEMD_DEFAULT_HOSTNAME in the environment block. As before, it can
|
||
also be configured during compilation. The environment variable is
|
||
intended for testing and local overrides, the os-release(5) field is
|
||
intended to allow customization by different variants of a
|
||
distribution that share the same compiled packages.
|
||
|
||
* The environment block of the manager itself may be configured through
|
||
a new ManagerEnvironment= setting in system.conf or user.conf. This
|
||
complements existing ways to set the environment block (the kernel
|
||
command line for the system manager, the inherited environment and
|
||
user@.service unit file settings for the user manager).
|
||
|
||
* systemd-hostnamed now exports the default hostname and the source of
|
||
the configured hostname ("static", "transient", or "default") as
|
||
D-Bus properties.
|
||
|
||
* systemd-hostnamed now exports the "HardwareVendor" and
|
||
"HardwareModel" D-Bus properties, which are supposed to contain a
|
||
pair of cleaned up, human readable strings describing the system's
|
||
vendor and model. It's typically sourced from the firmware's DMI
|
||
tables, but may be augmented from a new hwdb database. hostnamectl
|
||
shows this in the status output.
|
||
|
||
* Support has been added to systemd-cryptsetup for extracting the
|
||
PKCS#11 token URI and encrypted key from the LUKS2 JSON embedded
|
||
metadata header. This allows the information how to open the
|
||
encrypted device to be embedded directly in the device and obviates
|
||
the need for configuration in an external file.
|
||
|
||
* systemd-cryptsetup gained support for unlocking LUKS2 volumes using
|
||
TPM2 hardware, as well as FIDO2 security tokens (in addition to the
|
||
pre-existing support for PKCS#11 security tokens).
|
||
|
||
* systemd-repart may enroll encrypted partitions using TPM2
|
||
hardware. This may be useful for example to create an encrypted /var
|
||
partition bound to the machine on first boot.
|
||
|
||
* A new systemd-cryptenroll tool has been added to enroll TPM2, FIDO2
|
||
and PKCS#11 security tokens to LUKS volumes, list and destroy
|
||
them. See:
|
||
|
||
https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html
|
||
|
||
It also supports enrolling "recovery keys" and regular passphrases.
|
||
|
||
* The libfido2 dependency is now based on dlopen(), so that the library
|
||
is used at runtime when installed, but is not a hard runtime
|
||
dependency.
|
||
|
||
* systemd-cryptsetup gained support for two new options in
|
||
/etc/crypttab: "no-write-workqueue" and "no-read-workqueue" which
|
||
request synchronous processing of encryption/decryption IO.
|
||
|
||
* The manager may be configured at compile time to use the fexecve()
|
||
instead of the execve() system call when spawning processes. Using
|
||
fexecve() closes a window between checking the security context of an
|
||
executable and spawning it, but unfortunately the kernel displays
|
||
stale information in the process' "comm" field, which impacts ps
|
||
output and such.
|
||
|
||
* The configuration option -Dcompat-gateway-hostname has been dropped.
|
||
"_gateway" is now the only supported name.
|
||
|
||
* The ConditionSecurity=tpm2 unit file setting may be used to check if
|
||
the system has at least one TPM2 (tpmrm class) device.
|
||
|
||
* A new ConditionCPUFeature= has been added that may be used to
|
||
conditionalize units based on CPU features. For example,
|
||
ConditionCPUFeature=rdrand will condition a unit so that it is only
|
||
run when the system CPU supports the RDRAND opcode.
|
||
|
||
* The existing ConditionControlGroupController= setting has been
|
||
extended with two new values "v1" and "v2". "v2" means that the
|
||
unified v2 cgroup hierarchy is used, and "v1" means that legacy v1
|
||
hierarchy or the hybrid hierarchy are used.
|
||
|
||
* A new PrivateIPC= setting on a unit file allows executed processes to
|
||
be moved into a private IPC namespace, with separate System V IPC
|
||
identifiers and POSIX message queues.
|
||
|
||
A new IPCNamespacePath= allows the unit to be joined to an existing
|
||
IPC namespace.
|
||
|
||
* The tables of system calls in seccomp filters are now automatically
|
||
generated from kernel lists exported on
|
||
https://fedora.juszkiewicz.com.pl/syscalls.html.
|
||
|
||
The following architectures should now have complete lists:
|
||
alpha, arc, arm64, arm, i386, ia64, m68k, mips64n32, mips64, mipso32,
|
||
powerpc, powerpc64, s390, s390x, tilegx, sparc, x86_64, x32.
|
||
|
||
* The MountAPIVFS= service file setting now additionally mounts a tmpfs
|
||
on /run/ if it is not already a mount point. A writable /run/ has
|
||
always been a requirement for a functioning system, but this was not
|
||
guaranteed when using a read-only image.
|
||
|
||
Users can always specify BindPaths= or InaccessiblePaths= as
|
||
overrides, and they will take precedence. If the host's root mount
|
||
point is used, there is no change in behaviour.
|
||
|
||
* New bind mounts and file system image mounts may be injected into the
|
||
mount namespace of a service (without restarting it). This is exposed
|
||
respectively as 'systemctl bind <unit> <path>…' and
|
||
'systemctl mount-image <unit> <image>…'.
|
||
|
||
* The StandardOutput= and StandardError= settings can now specify files
|
||
to be truncated for output (as "truncate:<path>").
|
||
|
||
* The ExecPaths= and NoExecPaths= settings may be used to specify
|
||
noexec for parts of the file system.
|
||
|
||
* sd-bus has a new function sd_bus_open_user_machine() to open a
|
||
connection to the session bus of a specific user in a local container
|
||
or on the local host. This is exposed in the existing -M switch to
|
||
systemctl and similar tools:
|
||
|
||
systemctl --user -M lennart@foobar start foo
|
||
|
||
This will connect to the user bus of a user "lennart" in container
|
||
"foobar". If no container name is specified, the specified user on
|
||
the host itself is connected to
|
||
|
||
systemctl --user -M lennart@ start quux
|
||
|
||
* sd-bus also gained a convenience function sd_bus_message_send() to
|
||
simplify invocations of sd_bus_send(), taking only a single
|
||
parameter: the message to send.
|
||
|
||
* sd-event allows rate limits to be set on event sources, for dealing
|
||
with high-priority event sources that might starve out others. See
|
||
the new man page sd_event_source_set_ratelimit(3) for details.
|
||
|
||
* systemd.link files gained a [Link] Promiscuous= switch, which allows
|
||
the device to be raised in promiscuous mode.
|
||
|
||
New [Link] TransmitQueues= and ReceiveQueues= settings allow the
|
||
number of TX and RX queues to be configured.
|
||
|
||
New [Link] TransmitQueueLength= setting allows the size of the TX
|
||
queue to be configured.
|
||
|
||
New [Link] GenericSegmentOffloadMaxBytes= and
|
||
GenericSegmentOffloadMaxSegments= allow capping the packet size and
|
||
the number of segments accepted in Generic Segment Offload.
|
||
|
||
* systemd-networkd gained support for the "B.A.T.M.A.N. advanced"
|
||
wireless routing protocol that operates on ISO/OSI Layer 2 only and
|
||
uses ethernet frames to route/bridge packets. This encompasses a new
|
||
"batadv" netdev Type=, a new [BatmanAdvanced] section with a bunch of
|
||
new settings in .netdev files, and a new BatmanAdvanced= setting in
|
||
.network files.
|
||
|
||
* systemd.network files gained a [Network] RouteTable= configuration
|
||
switch to select the routing policy table.
|
||
|
||
systemd.network files gained a [RoutingPolicyRule] Type=
|
||
configuration switch (one of "blackhole, "unreachable", "prohibit").
|
||
|
||
systemd.network files gained a [IPv6AcceptRA] RouteDenyList= and
|
||
RouteAllowList= settings to ignore/accept route advertisements from
|
||
routers matching specified prefixes. The DenyList= setting has been
|
||
renamed to PrefixDenyList= and a new PrefixAllowList= option has been
|
||
added.
|
||
|
||
systemd.network files gained a [DHCPv6] UseAddress= setting to
|
||
optionally ignore the address provided in the lease.
|
||
|
||
systemd.network files gained a [DHCPv6PrefixDelegation]
|
||
ManageTemporaryAddress= switch.
|
||
|
||
systemd.network files gained a new ActivationPolicy= setting which
|
||
allows configuring how the UP state of an interface shall be managed,
|
||
i.e. whether the interface is always upped, always downed, or may be
|
||
upped/downed by the user using "ip link set dev".
|
||
|
||
* The default for the Broadcast= setting in .network files has slightly
|
||
changed: the broadcast address will not be configured for wireguard
|
||
devices.
|
||
|
||
* systemd.netdev files gained a [VLAN] Protocol=, IngressQOSMaps=,
|
||
EgressQOSMaps=, and [MACVLAN] BroadcastMulticastQueueLength=
|
||
configuration options for VLAN packet handling.
|
||
|
||
* udev rules may now set log_level= option. This allows debug logs to
|
||
be enabled for select events, e.g. just for a specific subsystem or
|
||
even a single device.
|
||
|
||
* udev now exports the VOLUME_ID, LOGICAL_VOLUME_ID, VOLUME_SET_ID, and
|
||
DATA_PREPARED_ID properties for block devices with ISO9660 file
|
||
systems.
|
||
|
||
* udev now exports decoded DMI information about installed memory slots
|
||
as device properties under the /sys/class/dmi/id/ pseudo device.
|
||
|
||
* /dev/ is not mounted noexec anymore. This didn't provide any
|
||
significant security benefits and would conflict with the executable
|
||
mappings used with /dev/sgx device nodes. The previous behaviour can
|
||
be restored for individual services with NoExecPaths=/dev (or by allow-
|
||
listing and excluding /dev from ExecPaths=).
|
||
|
||
* Permissions for /dev/vsock are now set to 0o666, and /dev/vhost-vsock
|
||
and /dev/vhost-net are owned by the kvm group.
|
||
|
||
* The hardware database has been extended with a list of fingerprint
|
||
readers that correctly support USB auto-suspend using data from
|
||
libfprint.
|
||
|
||
* systemd-resolved can now answer DNSSEC questions through the stub
|
||
resolver interface in a way that allows local clients to do DNSSEC
|
||
validation themselves. For a question with DO+CD set, it'll proxy the
|
||
DNS query and respond with a mostly unmodified packet received from
|
||
the upstream server.
|
||
|
||
* systemd-resolved learnt a new boolean option CacheFromLocalhost= in
|
||
resolved.conf. If true the service will provide caching even for DNS
|
||
lookups made to an upstream DNS server on the 127.0.0.1/::1
|
||
addresses. By default (and when the option is false) systemd-resolved
|
||
will not cache such lookups, in order to avoid duplicate local
|
||
caching, under the assumption the local upstream server caches
|
||
anyway.
|
||
|
||
* systemd-resolved now implements RFC5001 NSID in its local DNS
|
||
stub. This may be used by local clients to determine whether they are
|
||
talking to the DNS resolver stub or a different DNS server.
|
||
|
||
* When resolving host names and other records resolvectl will now
|
||
report where the data was acquired from (i.e. the local cache, the
|
||
network, locally synthesized, …) and whether the network traffic it
|
||
effected was encrypted or not. Moreover the tool acquired a number of
|
||
new options --cache=, --synthesize=, --network=, --zone=,
|
||
--trust-anchor=, --validate= that take booleans and may be used to
|
||
tweak a lookup, i.e. whether it may be answered from cached
|
||
information, locally synthesized information, information acquired
|
||
through the network, the local mDNS/LLMNR zone, the DNSSEC trust
|
||
anchor, and whether DNSSEC validation shall be executed for the
|
||
lookup.
|
||
|
||
* systemd-nspawn gained a new --ambient-capability= setting
|
||
(AmbientCapability= in .nspawn files) to configure ambient
|
||
capabilities passed to the container payload.
|
||
|
||
* systemd-nspawn gained the ability to configure the firewall using the
|
||
nftables subsystem (in addition to the existing iptables
|
||
support). Similarly, systemd-networkd's IPMasquerade= option now
|
||
supports nftables as back-end, too. In both cases NAT on IPv6 is now
|
||
supported too, in addition to IPv4 (the iptables back-end still is
|
||
IPv4-only).
|
||
|
||
"IPMasquerade=yes", which was the same as "IPMasquerade=ipv4" before,
|
||
retains its meaning, but has been deprecated. Please switch to either
|
||
"ivp4" or "both" (if covering IPv6 is desired).
|
||
|
||
* systemd-importd will now download .verity and .roothash.p7s files
|
||
along with the machine image (as exposed via machinectl pull-raw).
|
||
|
||
* systemd-oomd now gained a new DefaultMemoryPressureDurationSec=
|
||
setting to configure the time a unit's cgroup needs to exceed memory
|
||
pressure limits before action will be taken, and a new
|
||
ManagedOOMPreference=none|avoid|omit setting to avoid killing certain
|
||
units.
|
||
|
||
systemd-oomd is now considered fully supported (the usual
|
||
backwards-compatibility promises apply). Swap is not required for
|
||
operation, but it is still recommended.
|
||
|
||
* systemd-timesyncd gained a new ConnectionRetrySec= setting which
|
||
configures the retry delay when trying to contact servers.
|
||
|
||
* systemd-stdio-bridge gained --system/--user options to connect to the
|
||
system bus (previous default) or the user session bus.
|
||
|
||
* systemd-localed may now call locale-gen to generate missing locales
|
||
on-demand (UTF-8-only). This improves integration with Debian-based
|
||
distributions (Debian/Ubuntu/PureOS/Tanglu/...) and Arch Linux.
|
||
|
||
* systemctl --check-inhibitors=true may now be used to obey inhibitors
|
||
even when invoked non-interactively. The old --ignore-inhibitors
|
||
switch is now deprecated and replaced by --check-inhibitors=false.
|
||
|
||
* systemctl import-environment will now emit a warning when called
|
||
without any arguments (i.e. to import the full environment block of
|
||
the called program). This command will usually be invoked from a
|
||
shell, which means that it'll inherit a bunch of variables which are
|
||
specific to that shell, and usually to the TTY the shell is connected
|
||
to, and don't have any meaning in the global context of the system or
|
||
user service manager. Instead, only specific variables should be
|
||
imported into the manager environment block.
|
||
|
||
Similarly, programs which update the manager environment block by
|
||
directly calling the D-Bus API of the manager, should also push
|
||
specific variables, and not the full inherited environment.
|
||
|
||
* systemctl's status output now shows unit state with a more careful
|
||
choice of Unicode characters: units in maintenance show a "○" symbol
|
||
instead of the usual "●", failed units show "×", and services being
|
||
reloaded "↻".
|
||
|
||
* coredumpctl gained a --debugger-arguments= switch to pass arguments
|
||
to the debugger. It also gained support for showing coredump info in
|
||
a simple JSON format.
|
||
|
||
* systemctl/loginctl/machinectl's --signal= option now accept a special
|
||
value "list", which may be used to show a brief table with known
|
||
process signals and their numbers.
|
||
|
||
* networkctl now shows the link activation policy in status.
|
||
|
||
* Various tools gained --pager/--no-pager/--json= switches to
|
||
enable/disable the pager and provide JSON output.
|
||
|
||
* Various tools now accept two new values for the SYSTEMD_COLORS
|
||
environment variable: "16" and "256", to configure how many terminal
|
||
colors are used in output.
|
||
|
||
* less 568 or newer is now required for the auto-paging logic of the
|
||
various tools. Hyperlink ANSI sequences in terminal output are now
|
||
used even if a pager is used, and older versions of less are not able
|
||
to display these sequences correctly. SYSTEMD_URLIFY=0 may be used to
|
||
disable this output again.
|
||
|
||
* Builds with support for separate / and /usr/ hierarchies ("split-usr"
|
||
builds, non-merged-usr builds) are now officially deprecated. A
|
||
warning is emitted during build. Support is slated to be removed in
|
||
about a year (when the Debian Bookworm release development starts).
|
||
|
||
* Systems with the legacy cgroup v1 hierarchy are now marked as
|
||
"tainted", to make it clearer that using the legacy hierarchy is not
|
||
recommended.
|
||
|
||
* systemd-localed will now refuse to configure a keymap which is not
|
||
installed in the file system. This is intended as a bug fix, but
|
||
could break cases where systemd-localed was used to configure the
|
||
keymap in advanced of it being installed. It is necessary to install
|
||
the keymap file first.
|
||
|
||
* The main git development branch has been renamed to 'main'.
|
||
|
||
* mmcblk[0-9]boot[0-9] devices will no longer be probed automatically
|
||
for partitions, as in the vast majority of cases they contain none
|
||
and are used internally by the bootloader (eg: uboot).
|
||
|
||
* systemd will now set the $SYSTEMD_EXEC_PID environment variable for
|
||
spawned processes to the PID of the process itself. This may be used
|
||
by programs for detecting whether they were forked off by the service
|
||
manager itself or are a process forked off further down the tree.
|
||
|
||
* The sd-device API gained four new calls: sd_device_get_action() to
|
||
determine the uevent add/remove/change/… action the device object has
|
||
been seen for, sd_device_get_seqno() to determine the uevent sequence
|
||
number, sd_device_new_from_stat_rdev() to allocate a new sd_device
|
||
object from stat(2) data of a device node, and sd_device_trigger() to
|
||
write to the 'uevent' attribute of a device.
|
||
|
||
* For most tools the --no-legend= switch has been replaced by
|
||
--legend=no and --legend=yes, to force whether tables are shown with
|
||
headers/legends.
|
||
|
||
* Units acquired a new property "Markers" that takes a list of zero,
|
||
one or two of the following strings: "needs-reload" and
|
||
"needs-restart". These markers may be set via "systemctl
|
||
set-property". Once a marker is set, "systemctl reload-or-restart
|
||
--marked" may be invoked to execute the operation the units are
|
||
marked for. This is useful for package managers that want to mark
|
||
units for restart/reload while updating, but effect the actual
|
||
operations at a later step at once.
|
||
|
||
* The sd_bus_message_read_strv() API call of sd-bus may now also be
|
||
used to parse arrays of D-Bus signatures and D-Bus paths, in addition
|
||
to regular strings.
|
||
|
||
* bootctl will now report whether the UEFI firmware used a TPM2 device
|
||
and measured the boot process into it.
|
||
|
||
* systemd-tmpfiles learnt support for a new environment variable
|
||
$SYSTEMD_TMPFILES_FORCE_SUBVOL which takes a boolean value. If true
|
||
the v/q/Q lines in tmpfiles.d/ snippets will create btrfs subvolumes
|
||
even if the root fs of the system is not itself a btrfs volume.
|
||
|
||
* systemd-detect-virt/ConditionVirtualization= will now explicitly
|
||
detect Docker/Podman environments where possible. Moreover, they
|
||
should be able to generically detect any container manager as long as
|
||
it assigns the container a cgroup.
|
||
|
||
* portablectl gained a new "reattach" verb for detaching/reattaching a
|
||
portable service image, useful for updating images on-the-fly.
|
||
|
||
* Intel SGX enclave device nodes (which expose a security feature of
|
||
newer Intel CPUs) will now be owned by a new system group "sgx".
|
||
|
||
Contributions from: Adam Nielsen, Adrian Vovk, AJ Jordan, Alan Perry,
|
||
Alastair Pharo, Alexander Batischev, Ali Abdallah, Andrew Balmos,
|
||
Anita Zhang, Annika Wickert, Ansgar Burchardt, Antonio Terceiro,
|
||
Antonius Frie, Ardy, Arian van Putten, Ariel Fermani, Arnaud T,
|
||
A S Alam, Bastien Nocera, Benjamin Berg, Benjamin Robin, Björn Daase,
|
||
caoxia, Carlo Wood, Charles Lee, ChopperRob, chri2, Christian Ehrhardt,
|
||
Christian Hesse, Christopher Obbard, clayton craft, corvusnix, cprn,
|
||
Daan De Meyer, Daniele Medri, Daniel Rusek, Dan Sanders, Dan Streetman,
|
||
Darren Ng, David Edmundson, David Tardon, Deepak Rawat, Devon Pringle,
|
||
Dmitry Borodaenko, dropsignal, Einsler Lee, Endre Szabo,
|
||
Evgeny Vereshchagin, Fabian Affolter, Fangrui Song, Felipe Borges,
|
||
feliperodriguesfr, Felix Stupp, Florian Hülsmann, Florian Klink,
|
||
Florian Westphal, Franck Bui, Frantisek Sumsal, Gablegritule,
|
||
Gaël PORTAY, Gaurav, Giedrius Statkevičius, Greg Depoire-Ferrer,
|
||
Gustavo Costa, Hans de Goede, Hela Basa, heretoenhance, hide,
|
||
Iago López Galeiras, igo95862, Ilya Dmitrichenko, Jameer Pathan,
|
||
Jan Tojnar, Jiehong, Jinyuan Si, Joerg Behrmann, John Slade,
|
||
Jonathan G. Underwood, Jonathan McDowell, Josh Triplett, Joshua Watt,
|
||
Julia Cartwright, Julien Humbert, Kairui Song, Karel Zak,
|
||
Kevin Backhouse, Kevin P. Fleming, Khem Raj, Konomi, krissgjeng,
|
||
l4gfcm, Lajos Veres, Lennart Poettering, Lincoln Ramsay, Luca Boccassi,
|
||
Luca BRUNO, Lucas Werkmeister, Luka Kudra, Luna Jernberg,
|
||
Marc-André Lureau, Martin Wilck, Matthias Klumpp, Matt Turner,
|
||
Michael Gisbers, Michael Marley, Michael Trapp, Michal Fabik,
|
||
Michał Kopeć, Michal Koutný, Michal Sekletár, Michele Guerini Rocco,
|
||
Mike Gilbert, milovlad, moson-mo, Nick, nihilix-melix, Oğuz Ersen,
|
||
Ondrej Mosnacek, pali, Pavel Hrdina, Pavel Sapezhko, Perry Yuan,
|
||
Peter Hutterer, Pierre Dubouilh, Piotr Drąg, Pjotr Vertaalt,
|
||
Richard Laager, RussianNeuroMancer, Sam Lunt, Sebastiaan van Stijn,
|
||
Sergey Bugaev, shenyangyang4, simmon, Simonas Kazlauskas,
|
||
Slimane Selyan Amiri, Stefan Agner, Steve Ramage, Susant Sahani,
|
||
Sven Mueller, Tad Fisher, Takashi Iwai, Thomas Haller, Tom Shield,
|
||
Topi Miettinen, Torsten Hilbrich, tpgxyz, Tyler Hicks, ulf-f,
|
||
Ulrich Ölmann, Vincent Pelletier, Vinnie Magro, Vito Caputo, Vlad,
|
||
walbit-de, Whired Planck, wouter bolsterlee, Xℹ Ruoyao, Yangyang Shen,
|
||
Yuri Chornoivan, Yu Watanabe, Zach Smith, Zbigniew Jędrzejewski-Szmek,
|
||
Zmicer Turok, Дамјан Георгиевски
|
||
|
||
— Berlin, 2021-03-30
|
||
|
||
CHANGES WITH 247:
|
||
|
||
* KERNEL API INCOMPATIBILITY: Linux 4.14 introduced two new uevents
|
||
"bind" and "unbind" to the Linux device model. When this kernel
|
||
change was made, systemd-udevd was only minimally updated to handle
|
||
and propagate these new event types. The introduction of these new
|
||
uevents (which are typically generated for USB devices and devices
|
||
needing a firmware upload before being functional) resulted in a
|
||
number of issues which we so far didn't address. We hoped the kernel
|
||
maintainers would themselves address these issues in some form, but
|
||
that did not happen. To handle them properly, many (if not most) udev
|
||
rules files shipped in various packages need updating, and so do many
|
||
programs that monitor or enumerate devices with libudev or sd-device,
|
||
or otherwise process uevents. Please note that this incompatibility
|
||
is not fault of systemd or udev, but caused by an incompatible kernel
|
||
change that happened back in Linux 4.14, but is becoming more and
|
||
more visible as the new uevents are generated by more kernel drivers.
|
||
|
||
To minimize issues resulting from this kernel change (but not avoid
|
||
them entirely) starting with systemd-udevd 247 the udev "tags"
|
||
concept (which is a concept for marking and filtering devices during
|
||
enumeration and monitoring) has been reworked: udev tags are now
|
||
"sticky", meaning that once a tag is assigned to a device it will not
|
||
be removed from the device again until the device itself is removed
|
||
(i.e. unplugged). This makes sure that any application monitoring
|
||
devices that match a specific tag is guaranteed to both see uevents
|
||
where the device starts being relevant, and those where it stops
|
||
being relevant (the latter now regularly happening due to the new
|
||
"unbind" uevent type). The udev tags concept is hence now a concept
|
||
tied to a *device* instead of a device *event* — unlike for example
|
||
udev properties whose lifecycle (as before) is generally tied to a
|
||
device event, meaning that the previously determined properties are
|
||
forgotten whenever a new uevent is processed.
|
||
|
||
With the newly redefined udev tags concept, sometimes it's necessary
|
||
to determine which tags are the ones applied by the most recent
|
||
uevent/database update, in order to discern them from those
|
||
originating from earlier uevents/database updates of the same
|
||
device. To accommodate for this a new automatic property CURRENT_TAGS
|
||
has been added that works similar to the existing TAGS property but
|
||
only lists tags set by the most recent uevent/database
|
||
update. Similarly, the libudev/sd-device API has been updated with
|
||
new functions to enumerate these 'current' tags, in addition to the
|
||
existing APIs that now enumerate the 'sticky' ones.
|
||
|
||
To properly handle "bind"/"unbind" on Linux 4.14 and newer it is
|
||
essential that all udev rules files and applications are updated to
|
||
handle the new events. Specifically:
|
||
|
||
• All rule files that currently use a header guard similar to
|
||
ACTION!="add|change",GOTO="xyz_end" should be updated to use
|
||
ACTION=="remove",GOTO="xyz_end" instead, so that the
|
||
properties/tags they add are also applied whenever "bind" (or
|
||
"unbind") is seen. (This is most important for all physical device
|
||
types — those for which "bind" and "unbind" are currently
|
||
generated, for all other device types this change is still
|
||
recommended but not as important — but certainly prepares for
|
||
future kernel uevent type additions).
|
||
|
||
• Similarly, all code monitoring devices that contains an 'if' branch
|
||
discerning the "add" + "change" uevent actions from all other
|
||
uevents actions (i.e. considering devices only relevant after "add"
|
||
or "change", and irrelevant on all other events) should be reworked
|
||
to instead negatively check for "remove" only (i.e. considering
|
||
devices relevant after all event types, except for "remove", which
|
||
invalidates the device). Note that this also means that devices
|
||
should be considered relevant on "unbind", even though conceptually
|
||
this — in some form — invalidates the device. Since the precise
|
||
effect of "unbind" is not generically defined, devices should be
|
||
considered relevant even after "unbind", however I/O errors
|
||
accessing the device should then be handled gracefully.
|
||
|
||
• Any code that uses device tags for deciding whether a device is
|
||
relevant or not most likely needs to be updated to use the new
|
||
udev_device_has_current_tag() API (or sd_device_has_current_tag()
|
||
in case sd-device is used), to check whether the tag is set at the
|
||
moment an uevent is seen (as opposed to the existing
|
||
udev_device_has_tag() API which checks if the tag ever existed on
|
||
the device, following the API concept redefinition explained
|
||
above).
|
||
|
||
We are very sorry for this breakage and the requirement to update
|
||
packages using these interfaces. We'd again like to underline that
|
||
this is not caused by systemd/udev changes, but result of a kernel
|
||
behaviour change.
|
||
|
||
* UPCOMING INCOMPATIBILITY: So far most downstream distribution
|
||
packages have not retriggered devices once the udev package (or any
|
||
auxiliary package installing additional udev rules) is updated. We
|
||
intend to work with major distributions to change this, so that
|
||
"udevadm trigger -c change" is issued on such upgrades, ensuring that
|
||
the updated ruleset is applied to the devices already discovered, so
|
||
that (asynchronously) after the upgrade completed the udev database
|
||
is consistent with the updated rule set. This means udev rules must
|
||
be ready to be retriggered with a "change" action any time, and
|
||
result in correct and complete udev database entries. While the
|
||
majority of udev rule files known to us currently get this right,
|
||
some don't. Specifically, there are udev rules files included in
|
||
various packages that only set udev properties on the "add" action,
|
||
but do not handle the "change" action. If a device matching those
|
||
rules is retriggered with the "change" action (as is intended here)
|
||
it would suddenly lose the relevant properties. This always has been
|
||
problematic, but as soon as all udev devices are triggered on relevant
|
||
package upgrades this will become particularly so. It is strongly
|
||
recommended to fix offending rules so that they can handle a "change"
|
||
action at any time, and acquire all necessary udev properties even
|
||
then. Or in other words: the header guard mentioned above
|
||
(ACTION=="remove",GOTO="xyz_end") is the correct approach to handle
|
||
this, as it makes sure rules are rerun on "change" correctly, and
|
||
accumulate the correct and complete set of udev properties. udev rule
|
||
definitions that cannot handle "change" events being triggered at
|
||
arbitrary times should be considered buggy.
|
||
|
||
* The MountAPIVFS= service file setting now defaults to on if
|
||
RootImage= and RootDirectory= are used, which means that with those
|
||
two settings /proc/, /sys/ and /dev/ are automatically properly set
|
||
up for services. Previous behaviour may be restored by explicitly
|
||
setting MountAPIVFS=off.
|
||
|
||
* Since PAM 1.2.0 (2015) configuration snippets may be placed in
|
||
/usr/lib/pam.d/ in addition to /etc/pam.d/. If a file exists in the
|
||
latter it takes precedence over the former, similar to how most of
|
||
systemd's own configuration is handled. Given that PAM stack
|
||
definitions are primarily put together by OS vendors/distributions
|
||
(though possibly overridden by users), this systemd release moves its
|
||
own PAM stack configuration for the "systemd-user" PAM service (i.e.
|
||
for the PAM session invoked by the per-user user@.service instance)
|
||
from /etc/pam.d/ to /usr/lib/pam.d/. We recommend moving all
|
||
packages' vendor versions of their PAM stack definitions from
|
||
/etc/pam.d/ to /usr/lib/pam.d/, but if such OS-wide migration is not
|
||
desired the location to which systemd installs its PAM stack
|
||
configuration may be changed via the -Dpamconfdir Meson option.
|
||
|
||
* The runtime dependencies on libqrencode, libpcre2, libidn/libidn2,
|
||
libpwquality and libcryptsetup have been changed to be based on
|
||
dlopen(): instead of regular dynamic library dependencies declared in
|
||
the binary ELF headers, these libraries are now loaded on demand
|
||
only, if they are available. If the libraries cannot be found the
|
||
relevant operations will fail gracefully, or a suitable fallback
|
||
logic is chosen. This is supposed to be useful for general purpose
|
||
distributions, as it allows minimizing the list of dependencies the
|
||
systemd packages pull in, permitting building of more minimal OS
|
||
images, while still making use of these "weak" dependencies should
|
||
they be installed. Since many package managers automatically
|
||
synthesize package dependencies from ELF shared library dependencies,
|
||
some additional manual packaging work has to be done now to replace
|
||
those (slightly downgraded from "required" to "recommended" or
|
||
whatever is conceptually suitable for the package manager). Note that
|
||
this change does not alter build-time behaviour: as before the
|
||
build-time dependencies have to be installed during build, even if
|
||
they now are optional during runtime.
|
||
|
||
* sd-event.h gained a new call sd_event_add_time_relative() for
|
||
installing timers relative to the current time. This is mostly a
|
||
convenience wrapper around the pre-existing sd_event_add_time() call
|
||
which installs absolute timers.
|
||
|
||
* sd-event event sources may now be placed in a new "exit-on-failure"
|
||
mode, which may be controlled via the new
|
||
sd_event_source_get_exit_on_failure() and
|
||
sd_event_source_set_exit_on_failure() functions. If enabled, any
|
||
failure returned by the event source handler functions will result in
|
||
exiting the event loop (unlike the default behaviour of just
|
||
disabling the event source but continuing with the event loop). This
|
||
feature is useful to set for all event sources that define "primary"
|
||
program behaviour (where failure should be fatal) in contrast to
|
||
"auxiliary" behaviour (where failure should remain local).
|
||
|
||
* Most event source types sd-event supports now accept a NULL handler
|
||
function, in which case the event loop is exited once the event
|
||
source is to be dispatched, using the userdata pointer — converted to
|
||
a signed integer — as exit code of the event loop. Previously this
|
||
was supported for IO and signal event sources already. Exit event
|
||
sources still do not support this (simply because it makes little
|
||
sense there, as the event loop is already exiting when they are
|
||
dispatched).
|
||
|
||
* A new per-unit setting RootImageOptions= has been added which allows
|
||
tweaking the mount options for any file system mounted as effect of
|
||
the RootImage= setting.
|
||
|
||
* Another new per-unit setting MountImages= has been added, that allows
|
||
mounting additional disk images into the file system tree accessible
|
||
to the service.
|
||
|
||
* Timer units gained a new FixedRandomDelay= boolean setting. If
|
||
enabled, the random delay configured with RandomizedDelaySec= is
|
||
selected in a way that is stable on a given system (though still
|
||
different for different units).
|
||
|
||
* Socket units gained a new setting Timestamping= that takes "us", "ns"
|
||
or "off". This controls the SO_TIMESTAMP/SO_TIMESTAMPNS socket
|
||
options.
|
||
|
||
* systemd-repart now generates JSON output when requested with the new
|
||
--json= switch.
|
||
|
||
* systemd-machined's OpenMachineShell() bus call will now pass
|
||
additional policy metadata data fields to the PolicyKit
|
||
authentication request.
|
||
|
||
* systemd-tmpfiles gained a new -E switch, which is equivalent to
|
||
--exclude-prefix=/dev --exclude-prefix=/proc --exclude=/run
|
||
--exclude=/sys. It's particularly useful in combination with --root=,
|
||
when operating on OS trees that do not have any of these four runtime
|
||
directories mounted, as this means no files below these subtrees are
|
||
created or modified, since those mount points should probably remain
|
||
empty.
|
||
|
||
* systemd-tmpfiles gained a new --image= switch which is like --root=,
|
||
but takes a disk image instead of a directory as argument. The
|
||
specified disk image is mounted inside a temporary mount namespace
|
||
and the tmpfiles.d/ drop-ins stored in the image are executed and
|
||
applied to the image. systemd-sysusers similarly gained a new
|
||
--image= switch, that allows the sysusers.d/ drop-ins stored in the
|
||
image to be applied onto the image.
|
||
|
||
* Similarly, the journalctl command also gained an --image= switch,
|
||
which is a quick one-step solution to look at the log data included
|
||
in OS disk images.
|
||
|
||
* journalctl's --output=cat option (which outputs the log content
|
||
without any metadata, just the pure text messages) will now make use
|
||
of terminal colors when run on a suitable terminal, similarly to the
|
||
other output modes.
|
||
|
||
* JSON group records now support a "description" string that may be
|
||
used to add a human-readable textual description to such groups. This
|
||
is supposed to match the user's GECOS field which traditionally
|
||
didn't have a counterpart for group records.
|
||
|
||
* The "systemd-dissect" tool that may be used to inspect OS disk images
|
||
and that was previously installed to /usr/lib/systemd/ has now been
|
||
moved to /usr/bin/, reflecting its updated status of an officially
|
||
supported tool with a stable interface. It gained support for a new
|
||
--mkdir switch which when combined with --mount has the effect of
|
||
creating the directory to mount the image to if it is missing
|
||
first. It also gained two new commands --copy-from and --copy-to for
|
||
copying files and directories in and out of an OS image without the
|
||
need to manually mount it. It also acquired support for a new option
|
||
--json= to generate JSON output when inspecting an OS image.
|
||
|
||
* The cgroup2 file system is now mounted with the
|
||
"memory_recursiveprot" mount option, supported since kernel 5.7. This
|
||
means that the MemoryLow= and MemoryMin= unit file settings now apply
|
||
recursively to whole subtrees.
|
||
|
||
* systemd-homed now defaults to using the btrfs file system — if
|
||
available — when creating home directories in LUKS volumes. This may
|
||
be changed with the DefaultFileSystemType= setting in homed.conf.
|
||
It's now the default file system in various major distributions and
|
||
has the major benefit for homed that it can be grown and shrunk while
|
||
mounted, unlike the other contenders ext4 and xfs, which can both be
|
||
grown online, but not shrunk (in fact xfs is the technically most
|
||
limited option here, as it cannot be shrunk at all).
|
||
|
||
* JSON user records managed by systemd-homed gained support for
|
||
"recovery keys". These are basically secondary passphrases that can
|
||
unlock user accounts/home directories. They are computer-generated
|
||
rather than user-chosen, and typically have greater entropy.
|
||
homectl's --recovery-key= option may be used to add a recovery key to
|
||
a user account. The generated recovery key is displayed as a QR code,
|
||
so that it can be scanned to be kept in a safe place. This feature is
|
||
particularly useful in combination with systemd-homed's support for
|
||
FIDO2 or PKCS#11 authentication, as a secure fallback in case the
|
||
security tokens are lost. Recovery keys may be entered wherever the
|
||
system asks for a password.
|
||
|
||
* systemd-homed now maintains a "dirty" flag for each LUKS encrypted
|
||
home directory which indicates that a home directory has not been
|
||
deactivated cleanly when offline. This flag is useful to identify
|
||
home directories for which the offline discard logic did not run when
|
||
offlining, and where it would be a good idea to log in again to catch
|
||
up.
|
||
|
||
* systemctl gained a new parameter --timestamp= which may be used to
|
||
change the style in which timestamps are output, i.e. whether to show
|
||
them in local timezone or UTC, or whether to show µs granularity.
|
||
|
||
* Alibaba's "pouch" container manager is now detected by
|
||
systemd-detect-virt, ConditionVirtualization= and similar
|
||
constructs. Similar, they now also recognize IBM PowerVM machine
|
||
virtualization.
|
||
|
||
* systemd-nspawn has been reworked to use the /run/host/incoming/ as
|
||
place to use for propagating external mounts into the
|
||
container. Similarly /run/host/notify is now used as the socket path
|
||
for container payloads to communicate with the container manager
|
||
using sd_notify(). The container manager now uses the
|
||
/run/host/inaccessible/ directory to place "inaccessible" file nodes
|
||
of all relevant types which may be used by the container payload as
|
||
bind mount source to over-mount inodes to make them inaccessible.
|
||
/run/host/container-manager will now be initialized with the same
|
||
string as the $container environment variable passed to the
|
||
container's PID 1. /run/host/container-uuid will be initialized with
|
||
the same string as $container_uuid. This means the /run/host/
|
||
hierarchy is now the primary way to make host resources available to
|
||
the container. The Container Interface documents these new files and
|
||
directories:
|
||
|
||
https://systemd.io/CONTAINER_INTERFACE
|
||
|
||
* Support for the "ConditionNull=" unit file condition has been
|
||
deprecated and undocumented for 6 years. systemd started to warn
|
||
about its use 1.5 years ago. It has now been removed entirely.
|
||
|
||
* sd-bus.h gained a new API call sd_bus_error_has_names(), which takes
|
||
a sd_bus_error struct and a list of error names, and checks if the
|
||
error matches one of these names. It's a convenience wrapper that is
|
||
useful in cases where multiple errors shall be handled the same way.
|
||
|
||
* A new system call filter list "@known" has been added, that contains
|
||
all system calls known at the time systemd was built.
|
||
|
||
* Behaviour of system call filter allow lists has changed slightly:
|
||
system calls that are contained in @known will result in EPERM by
|
||
default, while those not contained in it result in ENOSYS. This
|
||
should improve compatibility because known system calls will thus be
|
||
communicated as prohibited, while unknown (and thus newer ones) will
|
||
be communicated as not implemented, which hopefully has the greatest
|
||
chance of triggering the right fallback code paths in client
|
||
applications.
|
||
|
||
* "systemd-analyze syscall-filter" will now show two separate sections
|
||
at the bottom of the output: system calls known during systemd build
|
||
time but not included in any of the filter groups shown above, and
|
||
system calls defined on the local kernel but known during systemd
|
||
build time.
|
||
|
||
* If the $SYSTEMD_LOG_SECCOMP=1 environment variable is set for
|
||
systemd-nspawn all system call filter violations will be logged by
|
||
the kernel (audit). This is useful for tracking down system calls
|
||
invoked by container payloads that are prohibited by the container's
|
||
system call filter policy.
|
||
|
||
* If the $SYSTEMD_SECCOMP=0 environment variable is set for
|
||
systemd-nspawn (and other programs that use seccomp) all seccomp
|
||
filtering is turned off.
|
||
|
||
* Two new unit file settings ProtectProc= and ProcSubset= have been
|
||
added that expose the hidepid= and subset= mount options of procfs.
|
||
All processes of the unit will only see processes in /proc that are
|
||
are owned by the unit's user. This is an important new sandboxing
|
||
option that is recommended to be set on all system services. All
|
||
long-running system services that are included in systemd itself set
|
||
this option now. This option is only supported on kernel 5.8 and
|
||
above, since the hidepid= option supported on older kernels was not a
|
||
per-mount option but actually applied to the whole PID namespace.
|
||
|
||
* Socket units gained a new boolean setting FlushPending=. If enabled
|
||
all pending socket data/connections are flushed whenever the socket
|
||
unit enters the "listening" state, i.e. after the associated service
|
||
exited.
|
||
|
||
* The unit file setting NUMAMask= gained a new "all" value: when used,
|
||
all existing NUMA nodes are added to the NUMA mask.
|
||
|
||
* A new "credentials" logic has been added to system services. This is
|
||
a simple mechanism to pass privileged data to services in a safe and
|
||
secure way. It's supposed to be used to pass per-service secret data
|
||
such as passwords or cryptographic keys but also associated less
|
||
private information such as user names, certificates, and similar to
|
||
system services. Each credential is identified by a short user-chosen
|
||
name and may contain arbitrary binary data. Two new unit file
|
||
settings have been added: SetCredential= and LoadCredential=. The
|
||
former allows setting a credential to a literal string, the latter
|
||
sets a credential to the contents of a file (or data read from a
|
||
user-chosen AF_UNIX stream socket). Credentials are passed to the
|
||
service via a special credentials directory, one file for each
|
||
credential. The path to the credentials directory is passed in a new
|
||
$CREDENTIALS_DIRECTORY environment variable. Since the credentials
|
||
are passed in the file system they may be easily referenced in
|
||
ExecStart= command lines too, thus no explicit support for the
|
||
credentials logic in daemons is required (though ideally daemons
|
||
would look for the bits they need in $CREDENTIALS_DIRECTORY
|
||
themselves automatically, if set). The $CREDENTIALS_DIRECTORY is
|
||
backed by unswappable memory if privileges allow it, immutable if
|
||
privileges allow it, is accessible only to the service's UID, and is
|
||
automatically destroyed when the service stops.
|
||
|
||
* systemd-nspawn supports the same credentials logic. It can both
|
||
consume credentials passed to it via the aforementioned
|
||
$CREDENTIALS_DIRECTORY protocol as well as pass these credentials on
|
||
to its payload. The service manager/PID 1 has been updated to match
|
||
this: it can also accept credentials from the container manager that
|
||
invokes it (in fact: any process that invokes it), and passes them on
|
||
to its services. Thus, credentials can be propagated recursively down
|
||
the tree: from a system's service manager to a systemd-nspawn
|
||
service, to the service manager that runs as container payload and to
|
||
the service it runs below. Credentials may also be added on the
|
||
systemd-nspawn command line, using new --set-credential= and
|
||
--load-credential= command line switches that match the
|
||
aforementioned service settings.
|
||
|
||
* systemd-repart gained new settings Format=, Encrypt=, CopyFiles= in
|
||
the partition drop-ins which may be used to format/LUKS
|
||
encrypt/populate any created partitions. The partitions are
|
||
encrypted/formatted/populated before they are registered in the
|
||
partition table, so that they appear atomically: either the
|
||
partitions do not exist yet or they exist fully encrypted, formatted,
|
||
and populated — there is no time window where they are
|
||
"half-initialized". Thus the system is robust to abrupt shutdown: if
|
||
the tool is terminated half-way during its operations on next boot it
|
||
will start from the beginning.
|
||
|
||
* systemd-repart's --size= operation gained a new "auto" value. If
|
||
specified, and operating on a loopback file it is automatically sized
|
||
to the minimal size the size constraints permit. This is useful to
|
||
use "systemd-repart" as an image builder for minimally sized images.
|
||
|
||
* systemd-resolved now gained a third IPC interface for requesting name
|
||
resolution: besides D-Bus and local DNS to 127.0.0.53 a Varlink
|
||
interface is now supported. The nss-resolve NSS module has been
|
||
modified to use this new interface instead of D-Bus. Using Varlink
|
||
has a major benefit over D-Bus: it works without a broker service,
|
||
and thus already during earliest boot, before the dbus daemon has
|
||
been started. This means name resolution via systemd-resolved now
|
||
works at the same time systemd-networkd operates: from earliest boot
|
||
on, including in the initrd.
|
||
|
||
* systemd-resolved gained support for a new DNSStubListenerExtra=
|
||
configuration file setting which may be used to specify additional IP
|
||
addresses the built-in DNS stub shall listen on, in addition to the
|
||
main one on 127.0.0.53:53.
|
||
|
||
* Name lookups issued via systemd-resolved's D-Bus and Varlink
|
||
interfaces (and thus also via glibc NSS if nss-resolve is used) will
|
||
now honour a trailing dot in the hostname: if specified the search
|
||
path logic is turned off. Thus "resolvectl query foo." is now
|
||
equivalent to "resolvectl query --search=off foo.".
|
||
|
||
* systemd-resolved gained a new D-Bus property "ResolvConfMode" that
|
||
exposes how /etc/resolv.conf is currently managed: by resolved (and
|
||
in which mode if so) or another subsystem. "resolvctl" will display
|
||
this property in its status output.
|
||
|
||
* The resolv.conf snippets systemd-resolved provides will now set "."
|
||
as the search domain if no other search domain is known. This turns
|
||
off the derivation of an implicit search domain by nss-dns for the
|
||
hostname, when the hostname is set to an FQDN. This change is done to
|
||
make nss-dns using resolv.conf provided by systemd-resolved behave
|
||
more similarly to nss-resolve.
|
||
|
||
* systemd-tmpfiles' file "aging" logic (i.e. the automatic clean-up of
|
||
/tmp/ and /var/tmp/ based on file timestamps) now looks at the
|
||
"birth" time (btime) of a file in addition to the atime, mtime, and
|
||
ctime.
|
||
|
||
* systemd-analyze gained a new verb "capability" that lists all known
|
||
capabilities by the systemd build and by the kernel.
|
||
|
||
* If a file /usr/lib/clock-epoch exists, PID 1 will read its mtime and
|
||
advance the system clock to it at boot if it is noticed to be before
|
||
that time. Previously, PID 1 would only advance the time to an epoch
|
||
time that is set during build-time. With this new file OS builders
|
||
can change this epoch timestamp on individual OS images without
|
||
having to rebuild systemd.
|
||
|
||
* systemd-logind will now listen to the KEY_RESTART key from the Linux
|
||
input layer and reboot the system if it is pressed, similarly to how
|
||
it already handles KEY_POWER, KEY_SUSPEND or KEY_SLEEP. KEY_RESTART
|
||
was originally defined in the Multimedia context (to restart playback
|
||
of a song or film), but is now primarily used in various embedded
|
||
devices for "Reboot" buttons. Accordingly, systemd-logind will now
|
||
honour it as such. This may configured in more detail via the new
|
||
HandleRebootKey= and RebootKeyIgnoreInhibited=.
|
||
|
||
* systemd-nspawn/systemd-machined will now reconstruct hardlinks when
|
||
copying OS trees, for example in "systemd-nspawn --ephemeral",
|
||
"systemd-nspawn --template=", "machinectl clone" and similar. This is
|
||
useful when operating with OSTree images, which use hardlinks heavily
|
||
throughout, and where such copies previously resulting in "exploding"
|
||
hardlinks.
|
||
|
||
* systemd-nspawn's --console= setting gained support for a new
|
||
"autopipe" value, which is identical to "interactive" when invoked on
|
||
a TTY, and "pipe" otherwise.
|
||
|
||
* systemd-networkd's .network files gained support for explicitly
|
||
configuring the multicast membership entries of bridge devices in the
|
||
[BridgeMDB] section. It also gained support for the PIE queuing
|
||
discipline in the [FlowQueuePIE] sections.
|
||
|
||
* systemd-networkd's .netdev files may now be used to create "BareUDP"
|
||
tunnels, configured in the new [BareUDP] setting.
|
||
|
||
* systemd-networkd's Gateway= setting in .network files now accepts the
|
||
special values "_dhcp4" and "_ipv6ra" to configure additional,
|
||
locally defined, explicit routes to the gateway acquired via DHCP or
|
||
IPv6 Router Advertisements. The old setting "_dhcp" is deprecated,
|
||
but still accepted for backwards compatibility.
|
||
|
||
* systemd-networkd's [IPv6PrefixDelegation] section and
|
||
IPv6PrefixDelegation= options have been renamed as [IPv6SendRA] and
|
||
IPv6SendRA= (the old names are still accepted for backwards
|
||
compatibility).
|
||
|
||
* systemd-networkd's .network files gained the DHCPv6PrefixDelegation=
|
||
boolean setting in [Network] section. If enabled, the delegated prefix
|
||
gained by another link will be configured, and an address within the
|
||
prefix will be assigned.
|
||
|
||
* systemd-networkd's .network files gained the Announce= boolean setting
|
||
in [DHCPv6PrefixDelegation] section. When enabled, the delegated
|
||
prefix will be announced through IPv6 router advertisement (IPv6 RA).
|
||
The setting is enabled by default.
|
||
|
||
* VXLAN tunnels may now be marked as independent of any underlying
|
||
network interface via the new Independent= boolean setting.
|
||
|
||
* systemctl gained support for two new verbs: "service-log-level" and
|
||
"service-log-target" may be used on services that implement the
|
||
generic org.freedesktop.LogControl1 D-Bus interface to dynamically
|
||
adjust the log level and target. All of systemd's long-running
|
||
services support this now, but ideally all system services would
|
||
implement this interface to make the system more uniformly
|
||
debuggable.
|
||
|
||
* The SystemCallErrorNumber= unit file setting now accepts the new
|
||
"kill" and "log" actions, in addition to arbitrary error number
|
||
specifications as before. If "kill" the processes are killed on the
|
||
event, if "log" the offending system call is audit logged.
|
||
|
||
* A new SystemCallLog= unit file setting has been added that accepts a
|
||
list of system calls that shall be logged about (audit).
|
||
|
||
* The OS image dissection logic (as used by RootImage= in unit files or
|
||
systemd-nspawn's --image= switch) has gained support for identifying
|
||
and mounting explicit /usr/ partitions, which are now defined in the
|
||
discoverable partition specification. This should be useful for
|
||
environments where the root file system is
|
||
generated/formatted/populated dynamically on first boot and combined
|
||
with an immutable /usr/ tree that is supplied by the vendor.
|
||
|
||
* In the final phase of shutdown, within the systemd-shutdown binary
|
||
we'll now try to detach MD devices (i.e software RAID) in addition to
|
||
loopback block devices and DM devices as before. This is supposed to
|
||
be a safety net only, in order to increase robustness if things go
|
||
wrong. Storage subsystems are expected to properly detach their
|
||
storage volumes during regular shutdown already (or in case of
|
||
storage backing the root file system: in the initrd hook we return to
|
||
later).
|
||
|
||
* If the SYSTEMD_LOG_TID environment variable is set all systemd tools
|
||
will now log the thread ID in their log output. This is useful when
|
||
working with heavily threaded programs.
|
||
|
||
* If the SYSTEMD_RDRAND environment variable is set to "0", systemd will
|
||
not use the RDRAND CPU instruction. This is useful in environments
|
||
such as replay debuggers where non-deterministic behaviour is not
|
||
desirable.
|
||
|
||
* The autopaging logic in systemd's various tools (such as systemctl)
|
||
has been updated to turn on "secure" mode in "less"
|
||
(i.e. $LESSECURE=1) if execution in a "sudo" environment is
|
||
detected. This disables invoking external programs from the pager,
|
||
via the pipe logic. This behaviour may be overridden via the new
|
||
$SYSTEMD_PAGERSECURE environment variable.
|
||
|
||
* Units which have resource limits (.service, .mount, .swap, .slice,
|
||
.socket, and .slice) gained new configuration settings
|
||
ManagedOOMSwap=, ManagedOOMMemoryPressure=, and
|
||
ManagedOOMMemoryPressureLimitPercent= that specify resource pressure
|
||
limits and optional action taken by systemd-oomd.
|
||
|
||
* A new service systemd-oomd has been added. It monitors resource
|
||
contention for selected parts of the unit hierarchy using the PSI
|
||
information reported by the kernel, and kills processes when memory
|
||
or swap pressure is above configured limits. This service is only
|
||
enabled by default in developer mode (see below) and should be
|
||
considered a preview in this release. Behaviour details and option
|
||
names are subject to change without the usual backwards-compatibility
|
||
promises.
|
||
|
||
* A new helper oomctl has been added to introspect systemd-oomd state.
|
||
It is only enabled by default in developer mode and should be
|
||
considered a preview without the usual backwards-compatibility
|
||
promises.
|
||
|
||
* New meson option -Dcompat-mutable-uid-boundaries= has been added. If
|
||
enabled, systemd reads the system UID boundaries from /etc/login.defs
|
||
at runtime, instead of using the built-in values selected during
|
||
build. This is an option to improve compatibility for upgrades from
|
||
old systems. It's strongly recommended not to make use of this
|
||
functionality on new systems (or even enable it during build), as it
|
||
makes something runtime-configurable that is mostly an implementation
|
||
detail of the OS, and permits avoidable differences in deployments
|
||
that create all kinds of problems in the long run.
|
||
|
||
* New meson option '-Dmode=developer|release' has been added. When
|
||
'developer', additional checks and features are enabled that are
|
||
relevant during upstream development, e.g. verification that
|
||
semi-automatically-generated documentation has been properly updated
|
||
following API changes. Those checks are considered hints for
|
||
developers and are not actionable in downstream builds. In addition,
|
||
extra features that are not ready for general consumption may be
|
||
enabled in developer mode. It is thus recommended to set
|
||
'-Dmode=release' in end-user and distro builds.
|
||
|
||
* systemd-cryptsetup gained support for processing detached LUKS
|
||
headers specified on the kernel command line via the header=
|
||
parameter of the luks.options= kernel command line option. The same
|
||
device/path syntax as for key files is supported for header files
|
||
like this.
|
||
|
||
* The "net_id" built-in of udev has been updated to ignore ACPI _SUN
|
||
slot index data for devices that are connected through a PCI bridge
|
||
where the _SUN index is associated with the bridge instead of the
|
||
network device itself. Previously this would create ambiguous device
|
||
naming if multiple network interfaces were connected to the same PCI
|
||
bridge. Since this is a naming scheme incompatibility on systems that
|
||
possess hardware like this it has been introduced as new naming
|
||
scheme "v247". The previous scheme can be selected via the
|
||
"net.naming_scheme=v245" kernel command line parameter.
|
||
|
||
* ConditionFirstBoot= semantics have been modified to be safe towards
|
||
abnormal system power-off during first boot. Specifically, the
|
||
"systemd-machine-id-commit.service" service now acts as boot
|
||
milestone indicating when the first boot process is sufficiently
|
||
complete in order to not consider the next following boot also a
|
||
first boot. If the system is reset before this unit is reached the
|
||
first time, the next boot will still be considered a first boot; once
|
||
it has been reached, no further boots will be considered a first
|
||
boot. The "first-boot-complete.target" unit now acts as official hook
|
||
point to order against this. If a service shall be run on every boot
|
||
until the first boot fully succeeds it may thus be ordered before
|
||
this target unit (and pull it in) and carry ConditionFirstBoot=
|
||
appropriately.
|
||
|
||
* bootctl's set-default and set-oneshot commands now accept the three
|
||
special strings "@default", "@oneshot", "@current" in place of a boot
|
||
entry id. These strings are resolved to the current default and
|
||
oneshot boot loader entry, as well as the currently booted one. Thus
|
||
a command "bootctl set-default @current" may be used to make the
|
||
currently boot menu item the new default for all subsequent boots.
|
||
|
||
* "systemctl edit" has been updated to show the original effective unit
|
||
contents in commented form in the text editor.
|
||
|
||
* Units in user mode are now segregated into three new slices:
|
||
session.slice (units that form the core of graphical session),
|
||
app.slice ("normal" user applications), and background.slice
|
||
(low-priority tasks). Unless otherwise configured, user units are
|
||
placed in app.slice. The plan is to add resource limits and
|
||
protections for the different slices in the future.
|
||
|
||
* New GPT partition types for RISCV32/64 for the root and /usr
|
||
partitions, and their associated Verity partitions have been defined,
|
||
and are now understood by systemd-gpt-auto-generator, and the OS
|
||
image dissection logic.
|
||
|
||
Contributions from: Adolfo Jayme Barrientos, afg, Alec Moskvin, Alyssa
|
||
Ross, Amitanand Chikorde, Andrew Hangsleben, Anita Zhang, Ansgar
|
||
Burchardt, Arian van Putten, Aurelien Jarno, Axel Rasmussen, bauen1,
|
||
Beniamino Galvani, Benjamin Berg, Bjørn Mork, brainrom, Chandradeep
|
||
Dey, Charles Lee, Chris Down, Christian Göttsche, Christof Efkemann,
|
||
Christoph Ruegge, Clemens Gruber, Daan De Meyer, Daniele Medri, Daniel
|
||
Mack, Daniel Rusek, Dan Streetman, David Tardon, Dimitri John Ledkov,
|
||
Dmitry Borodaenko, Elias Probst, Elisei Roca, ErrantSpore, Etienne
|
||
Doms, Fabrice Fontaine, fangxiuning, Felix Riemann, Florian Klink,
|
||
Franck Bui, Frantisek Sumsal, fwSmit, George Rawlinson, germanztz,
|
||
Gibeom Gwon, Glen Whitney, Gogo Gogsi, Göran Uddeborg, Grant Mathews,
|
||
Hans de Goede, Hans Ulrich Niedermann, Haochen Tong, Harald Seiler,
|
||
huangyong, Hubert Kario, igo95862, Ikey Doherty, Insun Pyo, Jan Chren,
|
||
Jan Schlüter, Jérémy Nouhaud, Jian-Hong Pan, Joerg Behrmann, Jonathan
|
||
Lebon, Jörg Thalheim, Josh Brobst, Juergen Hoetzel, Julien Humbert,
|
||
Kai-Chuan Hsieh, Kairui Song, Kamil Dudka, Kir Kolyshkin, Kristijan
|
||
Gjoshev, Kyle Huey, Kyle Russell, Lee Whalen, Lennart Poettering,
|
||
lichangze, Luca Boccassi, Lucas Werkmeister, Luca Weiss, Marc
|
||
Kleine-Budde, Marco Wang, Martin Wilck, Marti Raudsepp, masmullin2000,
|
||
Máté Pozsgay, Matt Fenwick, Michael Biebl, Michael Scherer, Michal
|
||
Koutný, Michal Sekletár, Michal Suchanek, Mikael Szreder, Milo
|
||
Casagrande, mirabilos, Mitsuha_QuQ, mog422, Muhammet Kara, Nazar
|
||
Vinnichuk, Nicholas Narsing, Nicolas Fella, Njibhu, nl6720, Oğuz Ersen,
|
||
Olivier Le Moal, Ondrej Kozina, onlybugreports, Pass Automated Testing
|
||
Suite, Pat Coulthard, Pavel Sapezhko, Pedro Ruiz, perry_yuan, Peter
|
||
Hutterer, Phaedrus Leeds, PhoenixDiscord, Piotr Drąg, Plan C,
|
||
Purushottam choudhary, Rasmus Villemoes, Renaud Métrich, Robert Marko,
|
||
Roman Beranek, Ronan Pigott, Roy Chen (陳彥廷), RussianNeuroMancer,
|
||
Samanta Navarro, Samuel BF, scootergrisen, Sorin Ionescu, Steve Dodd,
|
||
Susant Sahani, Timo Rothenpieler, Tobias Hunger, Tobias Kaufmann, Topi
|
||
Miettinen, vanou, Vito Caputo, Weblate, Wen Yang, Whired Planck,
|
||
williamvds, Yu, Li-Yu, Yuri Chornoivan, Yu Watanabe, Zbigniew
|
||
Jędrzejewski-Szmek, Zmicer Turok, Дамјан Георгиевски
|
||
|
||
– Warsaw, 2020-11-26
|
||
|
||
CHANGES WITH 246:
|
||
|
||
* The service manager gained basic support for cgroup v2 freezer. Units
|
||
can now be suspended or resumed either using new systemctl verbs,
|
||
freeze and thaw respectively, or via D-Bus.
|
||
|
||
* PID 1 may now automatically load pre-compiled AppArmor policies from
|
||
/etc/apparmor/earlypolicy during early boot.
|
||
|
||
* The CPUAffinity= setting in service unit files now supports a new
|
||
special value "numa" that causes the CPU affinity masked to be set
|
||
based on the NUMA mask.
|
||
|
||
* systemd will now log about all left-over processes remaining in a
|
||
unit when the unit is stopped. It will now warn about services using
|
||
KillMode=none, as this is generally an unsafe thing to make use of.
|
||
|
||
* Two new unit file settings
|
||
ConditionPathIsEncrypted=/AssertPathIsEncrypted= have been
|
||
added. They may be used to check whether a specific file system path
|
||
resides on a block device that is encrypted on the block level
|
||
(i.e. using dm-crypt/LUKS).
|
||
|
||
* Another pair of new settings ConditionEnvironment=/AssertEnvironment=
|
||
has been added that may be used for simple environment checks. This
|
||
is particularly useful when passing in environment variables from a
|
||
container manager (or from PAM in case of the systemd --user
|
||
instance).
|
||
|
||
* .service unit files now accept a new setting CoredumpFilter= which
|
||
allows configuration of the memory sections coredumps of the
|
||
service's processes shall include.
|
||
|
||
* .mount units gained a new ReadWriteOnly= boolean option. If set
|
||
it will not be attempted to mount a file system read-only if mounting
|
||
in read-write mode doesn't succeed. An option x-systemd.rw-only is
|
||
available in /etc/fstab to control the same.
|
||
|
||
* .socket units gained a new boolean setting PassPacketInfo=. If
|
||
enabled, the kernel will attach additional per-packet metadata to all
|
||
packets read from the socket, as an ancillary message. This controls
|
||
the IP_PKTINFO, IPV6_RECVPKTINFO, NETLINK_PKTINFO socket options,
|
||
depending on socket type.
|
||
|
||
* .service units gained a new setting RootHash= which may be used to
|
||
specify the root hash for verity enabled disk images which are
|
||
specified in RootImage=. RootVerity= may be used to specify a path to
|
||
the Verity data matching a RootImage= file system. (The latter is
|
||
only useful for images that do not contain the Verity data embedded
|
||
into the same image that carries a GPT partition table following the
|
||
Discoverable Partition Specification). Similarly, systemd-nspawn
|
||
gained a new switch --verity-data= that takes a path to a file with
|
||
the verity data of the disk image supplied in --image=, if the image
|
||
doesn't contain the verity data itself.
|
||
|
||
* .service units gained a new setting RootHashSignature= which takes
|
||
either a base64 encoded PKCS#7 signature of the root hash specified
|
||
with RootHash=, or a path to a file to read the signature from. This
|
||
allows validation of the root hash against public keys available in
|
||
the kernel keyring, and is only supported on recent kernels
|
||
(>= 5.4)/libcryptsetup (>= 2.30). A similar switch has been added to
|
||
systemd-nspawn and systemd-dissect (--root-hash-sig=). Support for
|
||
this mechanism has also been added to systemd-veritysetup.
|
||
|
||
* .service unit files gained two new options
|
||
TimeoutStartFailureMode=/TimeoutStopFailureMode= that may be used to
|
||
tune behaviour if a start or stop timeout is hit, i.e. whether to
|
||
terminate the service with SIGTERM, SIGABRT or SIGKILL.
|
||
|
||
* Most options in systemd that accept hexadecimal values prefixed with
|
||
0x in additional to the usual decimal notation now also support octal
|
||
notation when the 0o prefix is used and binary notation if the 0b
|
||
prefix is used.
|
||
|
||
* Various command line parameters and configuration file settings that
|
||
configure key or certificate files now optionally take paths to
|
||
AF_UNIX sockets in the file system. If configured that way a stream
|
||
connection is made to the socket and the required data read from
|
||
it. This is a simple and natural extension to the existing regular
|
||
file logic, and permits other software to provide keys or
|
||
certificates via simple IPC services, for example when unencrypted
|
||
storage on disk is not desired. Specifically, systemd-networkd's
|
||
Wireguard and MACSEC key file settings as well as
|
||
systemd-journal-gatewayd's and systemd-journal-remote's PEM
|
||
key/certificate parameters support this now.
|
||
|
||
* Unit files, tmpfiles.d/ snippets, sysusers.d/ snippets and other
|
||
configuration files that support specifier expansion learnt six new
|
||
specifiers: %a resolves to the current architecture, %o/%w/%B/%W
|
||
resolve to the various ID fields from /etc/os-release, %l resolves to
|
||
the "short" hostname of the system, i.e. the hostname configured in
|
||
the kernel truncated at the first dot.
|
||
|
||
* Support for the .include syntax in unit files has been removed. The
|
||
concept has been obsolete for 6 years and we started warning about
|
||
its pending removal 2 years ago (also see NEWS file below). It's
|
||
finally gone now.
|
||
|
||
* StandardError= and StandardOutput= in unit files no longer support
|
||
the "syslog" and "syslog-console" switches. They were long removed
|
||
from the documentation, but will now result in warnings when used,
|
||
and be converted to "journal" and "journal+console" automatically.
|
||
|
||
* If the service setting User= is set to the "nobody" user, a warning
|
||
message is now written to the logs (but the value is nonetheless
|
||
accepted). Setting User=nobody is unsafe, since the primary purpose
|
||
of the "nobody" user is to own all files whose owner cannot be mapped
|
||
locally. It's in particular used by the NFS subsystem and in user
|
||
namespacing. By running a service under this user's UID it might get
|
||
read and even write access to all these otherwise unmappable files,
|
||
which is quite likely a major security problem.
|
||
|
||
* tmpfs mounts automatically created by systemd (/tmp, /run, /dev/shm,
|
||
and others) now have a size and inode limits applied (50% of RAM for
|
||
/tmp and /dev/shm, 10% of RAM for other mounts, etc.). Please note
|
||
that the implicit kernel default is 50% too, so there is no change
|
||
in the size limit for /tmp and /dev/shm.
|
||
|
||
* nss-mymachines lost support for resolution of users and groups, and
|
||
now only does resolution of hostnames. This functionality is now
|
||
provided by nss-systemd. Thus, the 'mymachines' entry should be
|
||
removed from the 'passwd:' and 'group:' lines in /etc/nsswitch.conf
|
||
(and 'systemd' added if it is not already there).
|
||
|
||
* A new kernel command line option systemd.hostname= has been added
|
||
that allows controlling the hostname that is initialized early during
|
||
boot.
|
||
|
||
* A kernel command line option "udev.blockdev_read_only" has been
|
||
added. If specified all hardware block devices that show up are
|
||
immediately marked as read-only by udev. This option is useful for
|
||
making sure that a specific boot under no circumstances modifies data
|
||
on disk. Use "blockdev --setrw" to undo the effect of this, per
|
||
device.
|
||
|
||
* A new boolean kernel command line option systemd.swap= has been
|
||
added, which may be used to turn off automatic activation of swap
|
||
devices listed in /etc/fstab.
|
||
|
||
* New kernel command line options systemd.condition_needs_update= and
|
||
systemd.condition_first_boot= have been added, which override the
|
||
result of the ConditionNeedsUpdate= and ConditionFirstBoot=
|
||
conditions.
|
||
|
||
* A new kernel command line option systemd.clock_usec= has been added
|
||
that allows setting the system clock to the specified time in µs
|
||
since Jan 1st, 1970 early during boot. This is in particular useful
|
||
in order to make test cases more reliable.
|
||
|
||
* The fs.suid_dumpable sysctl is set to 2 / "suidsafe". This allows
|
||
systemd-coredump to save core files for suid processes. When saving
|
||
the core file, systemd-coredump will use the effective uid and gid of
|
||
the process that faulted.
|
||
|
||
* The /sys/module/kernel/parameters/crash_kexec_post_notifiers file is
|
||
now automatically set to "Y" at boot, in order to enable pstore
|
||
generation for collection with systemd-pstore.
|
||
|
||
* We provide a set of udev rules to enable auto-suspend on PCI and USB
|
||
devices that were tested to correctly support it. Previously, this
|
||
was distributed as a set of udev rules, but has now been replaced by
|
||
by a set of hwdb entries (and a much shorter udev rule to take action
|
||
if the device modalias matches one of the new hwdb entries).
|
||
|
||
As before, entries are periodically imported from the database
|
||
maintained by the ChromiumOS project. If you have a device that
|
||
supports auto-suspend correctly and where it should be enabled by
|
||
default, please submit a patch that adds it to the database (see
|
||
/usr/lib/udev/hwdb.d/60-autosuspend.hwdb).
|
||
|
||
* systemd-udevd gained the new configuration option timeout_signal= as well
|
||
as a corresponding kernel command line option udev.timeout_signal=.
|
||
The option can be used to configure the UNIX signal that the main
|
||
daemon sends to the worker processes on timeout. Setting the signal
|
||
to SIGABRT is useful for debugging.
|
||
|
||
* .link files managed by systemd-udevd gained options RxFlowControl=,
|
||
TxFlowControl=, AutoNegotiationFlowControl= in the [Link] section, in
|
||
order to configure various flow control parameters. They also gained
|
||
RxMiniBufferSize= and RxJumboBufferSize= in order to configure jumbo
|
||
frame ring buffer sizes.
|
||
|
||
* networkd.conf gained a new boolean setting ManageForeignRoutes=. If
|
||
enabled systemd-networkd manages all routes configured by other tools.
|
||
|
||
* .network files managed by systemd-networkd gained a new section
|
||
[SR-IOV], in order to configure SR-IOV capable network devices.
|
||
|
||
* systemd-networkd's [IPv6Prefix] section in .network files gained a
|
||
new boolean setting Assign=. If enabled an address from the prefix is
|
||
automatically assigned to the interface.
|
||
|
||
* systemd-networkd gained a new section [DHCPv6PrefixDelegation] which
|
||
controls delegated prefixes assigned by DHCPv6 client. The section
|
||
has three settings: SubnetID=, Assign=, and Token=. The setting
|
||
SubnetID= allows explicit configuration of the preferred subnet that
|
||
systemd-networkd's Prefix Delegation logic assigns to interfaces. If
|
||
Assign= is enabled (which is the default) an address from any acquired
|
||
delegated prefix is automatically chosen and assigned to the
|
||
interface. The setting Token= specifies an optional address generation
|
||
mode for Assign=.
|
||
|
||
* systemd-networkd's [Network] section gained a new setting
|
||
IPv4AcceptLocal=. If enabled the interface accepts packets with local
|
||
source addresses.
|
||
|
||
* systemd-networkd gained support for configuring the HTB queuing
|
||
discipline in the [HierarchyTokenBucket] and
|
||
[HierarchyTokenBucketClass] sections. Similar the "pfifo" qdisc may
|
||
be configured in the [PFIFO] section, "GRED" in
|
||
[GenericRandomEarlyDetection], "SFB" in [StochasticFairBlue], "cake"
|
||
in [CAKE], "PIE" in [PIE], "DRR" in [DeficitRoundRobinScheduler] and
|
||
[DeficitRoundRobinSchedulerClass], "BFIFO" in [BFIFO],
|
||
"PFIFOHeadDrop" in [PFIFOHeadDrop], "PFIFOFast" in [PFIFOFast], "HHF"
|
||
in [HeavyHitterFilter], "ETS" in [EnhancedTransmissionSelection] and
|
||
"QFQ" in [QuickFairQueueing] and [QuickFairQueueingClass].
|
||
|
||
* systemd-networkd gained support for a new Termination= setting in the
|
||
[CAN] section for configuring the termination resistor. It also
|
||
gained a new ListenOnly= setting for controlling whether to only
|
||
listen on CAN interfaces, without interfering with traffic otherwise
|
||
(which is useful for debugging/monitoring CAN network
|
||
traffic). DataBitRate=, DataSamplePoint=, FDMode=, FDNonISO= have
|
||
been added to configure various CAN-FD aspects.
|
||
|
||
* systemd-networkd's [DHCPv6] section gained a new option WithoutRA=.
|
||
When enabled, DHCPv6 will be attempted right-away without requiring an
|
||
Router Advertisement packet suggesting it first (i.e. without the 'M'
|
||
or 'O' flags set). The [IPv6AcceptRA] section gained a boolean option
|
||
DHCPv6Client= that may be used to turn off the DHCPv6 client even if
|
||
the RA packets suggest it.
|
||
|
||
* systemd-networkd's [DHCPv4] section gained a new setting UseGateway=
|
||
which may be used to turn off use of the gateway information provided
|
||
by the DHCP lease. A new FallbackLeaseLifetimeSec= setting may be
|
||
used to configure how to process leases that lack a lifetime option.
|
||
|
||
* systemd-networkd's [DHCPv4] and [DHCPServer] sections gained a new
|
||
setting SendVendorOption= allowing configuration of additional vendor
|
||
options to send in the DHCP requests/responses. The [DHCPv6] section
|
||
gained a new SendOption= setting for sending arbitrary DHCP
|
||
options. RequestOptions= has been added to request arbitrary options
|
||
from the server. UserClass= has been added to set the DHCP user class
|
||
field.
|
||
|
||
* systemd-networkd's [DHCPServer] section gained a new set of options
|
||
EmitPOP3=/POP3=, EmitSMTP=/SMTP=, EmitLPR=/LPR= for including server
|
||
information about these three protocols in the DHCP lease. It also
|
||
gained support for including "MUD" URLs ("Manufacturer Usage
|
||
Description"). Support for "MUD" URLs was also added to the LLDP
|
||
stack, configurable in the [LLDP] section in .network files.
|
||
|
||
* The Mode= settings in [MACVLAN] and [MACVTAP] now support 'source'
|
||
mode. Also, the sections now support a new setting SourceMACAddress=.
|
||
|
||
* systemd-networkd's .netdev files now support a new setting
|
||
VLANProtocol= in the [Bridge] section that allows configuration of
|
||
the VLAN protocol to use.
|
||
|
||
* systemd-networkd supports a new Group= setting in the [Link] section
|
||
of the .network files, to control the link group.
|
||
|
||
* systemd-networkd's [Network] section gained a new
|
||
IPv6LinkLocalAddressGenerationMode= setting, which specifies how IPv6
|
||
link local address is generated.
|
||
|
||
* A new default .network file is now shipped that matches TUN/TAP
|
||
devices that begin with "vt-" in their name. Such interfaces will
|
||
have IP routing onto the host links set up automatically. This is
|
||
supposed to be used by VM managers to trivially acquire a network
|
||
interface which is fully set up for host communication, simply by
|
||
carefully picking an interface name to use.
|
||
|
||
* systemd-networkd's [DHCPv6] section gained a new setting RouteMetric=
|
||
which sets the route priority for routes specified by the DHCP server.
|
||
|
||
* systemd-networkd's [DHCPv6] section gained a new setting VendorClass=
|
||
which configures the vendor class information sent to DHCP server.
|
||
|
||
* The BlackList= settings in .network files' [DHCPv4] and
|
||
[IPv6AcceptRA] sections have been renamed DenyList=. The old names
|
||
are still understood to provide compatibility.
|
||
|
||
* networkctl gained the new "forcerenew" command for forcing all DHCP
|
||
server clients to renew their lease. The interface "status" output
|
||
will now show numerous additional fields of information about an
|
||
interface. There are new "up" and "down" commands to bring specific
|
||
interfaces up or down.
|
||
|
||
* systemd-resolved's DNS= configuration option now optionally accepts a
|
||
port number (after ":") and a host name (after "#"). When the host
|
||
name is specified, the DNS-over-TLS certificate is validated to match
|
||
the specified hostname. Additionally, in case of IPv6 addresses, an
|
||
interface may be specified (after "%").
|
||
|
||
* systemd-resolved may be configured to forward single-label DNS names.
|
||
This is not standard-conformant, but may make sense in setups where
|
||
public DNS servers are not used.
|
||
|
||
* systemd-resolved's DNS-over-TLS support gained SNI validation.
|
||
|
||
* systemd-nspawn's --resolv-conf= switch gained a number of new
|
||
supported values. Specifically, options starting with "replace-" are
|
||
like those prefixed "copy-" but replace any existing resolv.conf
|
||
file. And options ending in "-uplink" and "-stub" can now be used to
|
||
propagate other flavours of resolv.conf into the container (as
|
||
defined by systemd-resolved).
|
||
|
||
* The various programs included in systemd can now optionally output
|
||
their log messages on stderr prefixed with a timestamp, controlled by
|
||
the $SYSTEMD_LOG_TIME environment variable.
|
||
|
||
* systemctl gained a new "-P" switch that is a shortcut for "--value
|
||
--property=…".
|
||
|
||
* "systemctl list-units" and "systemctl list-machines" no longer hide
|
||
their first output column with --no-legend. To hide the first column,
|
||
use --plain.
|
||
|
||
* "systemctl reboot" takes the option "--reboot-argument=".
|
||
The optional positional argument to "systemctl reboot" is now
|
||
being deprecated in favor of this option.
|
||
|
||
* systemd-run gained a new switch --slice-inherit. If specified the
|
||
unit it generates is placed in the same slice as the systemd-run
|
||
process itself.
|
||
|
||
* systemd-journald gained support for zstd compression of large fields
|
||
in journal files. The hash tables in journal files have been hardened
|
||
against hash collisions. This is an incompatible change and means
|
||
that journal files created with new systemd versions are not readable
|
||
with old versions. If the $SYSTEMD_JOURNAL_KEYED_HASH boolean
|
||
environment variable for systemd-journald.service is set to 0 this
|
||
new hardening functionality may be turned off, so that generated
|
||
journal files remain compatible with older journalctl
|
||
implementations.
|
||
|
||
* journalctl will now include a clickable link in the default output for
|
||
each log message for which a URL with further documentation is
|
||
known. This is only supported on terminal emulators that support
|
||
clickable hyperlinks, and is turned off if a pager is used (since
|
||
"less" still doesn't support hyperlinks,
|
||
unfortunately). Documentation URLs may be included in log messages
|
||
either by including a DOCUMENTATION= journal field in it, or by
|
||
associating a journal message catalog entry with the log message's
|
||
MESSAGE_ID, which then carries a "Documentation:" tag.
|
||
|
||
* journald.conf gained a new boolean setting Audit= that may be used to
|
||
control whether systemd-journald will enable audit during
|
||
initialization.
|
||
|
||
* when systemd-journald's log stream is broken up into multiple lines
|
||
because the PID of the sender changed this is indicated in the
|
||
generated log records via the _LINE_BREAK=pid-change field.
|
||
|
||
* journalctl's "-o cat" output mode will now show one or more journal
|
||
fields specified with --output-fields= instead of unconditionally
|
||
MESSAGE=. This is useful to retrieve a very specific set of fields
|
||
without any decoration.
|
||
|
||
* The sd-journal.h API gained two new functions:
|
||
sd_journal_enumerate_available_unique() and
|
||
sd_journal_enumerate_available_data() that operate like their
|
||
counterparts that lack the _available_ in the name, but skip items
|
||
that cannot be read and processed by the local implementation
|
||
(i.e. are compressed in an unsupported format or such),
|
||
|
||
* coredumpctl gained a new --file= switch, matching the same one in
|
||
journalctl: a specific journal file may be specified to read the
|
||
coredump data from.
|
||
|
||
* coredumps collected by systemd-coredump may now be compressed using
|
||
the zstd algorithm.
|
||
|
||
* systemd-binfmt gained a new switch --unregister for unregistering all
|
||
registered entries at once. This is now invoked automatically at
|
||
shutdown, so that binary formats registered with the "F" flag will
|
||
not block clean file system unmounting.
|
||
|
||
* systemd-notify's --pid= switch gained new values: "parent", "self",
|
||
"auto" for controlling which PID to send to the service manager: the
|
||
systemd-notify process' PID, or the one of the process invoking it.
|
||
|
||
* systemd-logind's Session bus object learnt a new method call
|
||
SetType() for temporarily updating the session type of an already
|
||
allocated session. This is useful for upgrading tty sessions to
|
||
graphical ones once a compositor is invoked.
|
||
|
||
* systemd-socket-proxy gained a new switch --exit-idle-time= for
|
||
configuring an exit-on-idle time.
|
||
|
||
* systemd-repart's --empty= setting gained a new value "create". If
|
||
specified a new empty regular disk image file is created under the
|
||
specified name. Its size may be specified with the new --size=
|
||
option. The latter is also supported without the "create" mode, in
|
||
order to grow existing disk image files to the specified size. These
|
||
two new options are useful when creating or manipulating disk images
|
||
instead of operating on actual block devices.
|
||
|
||
* systemd-repart drop-ins now support a new UUID= setting to control
|
||
the UUID to assign to a newly created partition.
|
||
|
||
* systemd-repart's SizeMin= per-partition parameter now defaults to 10M
|
||
instead of 0.
|
||
|
||
* systemd-repart's Label= setting now support the usual, simple
|
||
specifier expansion.
|
||
|
||
* systemd-homed's LUKS backend gained the ability to discard empty file
|
||
system blocks automatically when the user logs out. This is enabled
|
||
by default to ensure that home directories take minimal space when
|
||
logged out but get full size guarantees when logged in. This may be
|
||
controlled with the new --luks-offline-discard= switch to homectl.
|
||
|
||
* If systemd-homed detects that /home/ is encrypted as a whole it will
|
||
now default to the directory or subvolume backends instead of the
|
||
LUKS backend, in order to avoid double encryption. The default
|
||
storage and file system may now be configured explicitly, too, via
|
||
the new /etc/systemd/homed.conf configuration file.
|
||
|
||
* systemd-homed now supports unlocking home directories with FIDO2
|
||
security tokens that support the 'hmac-secret' extension, in addition
|
||
to the existing support for PKCS#11 security token unlocking
|
||
support. Note that many recent hardware security tokens support both
|
||
interfaces. The FIDO2 support is accessible via homectl's
|
||
--fido2-device= option.
|
||
|
||
* homectl's --pkcs11-uri= setting now accepts two special parameters:
|
||
if "auto" is specified and only one suitable PKCS#11 security token
|
||
is plugged in, its URL is automatically determined and enrolled for
|
||
unlocking the home directory. If "list" is specified a brief table of
|
||
suitable PKCS#11 security tokens is shown. Similar, the new
|
||
--fido2-device= option also supports these two special values, for
|
||
automatically selecting and listing suitable FIDO2 devices.
|
||
|
||
* The /etc/crypttab tmp option now optionally takes an argument
|
||
selecting the file system to use. Moreover, the default is now
|
||
changed from ext2 to ext4.
|
||
|
||
* There's a new /etc/crypttab option "keyfile-erase". If specified the
|
||
key file listed in the same line is removed after use, regardless if
|
||
volume activation was successful or not. This is useful if the key
|
||
file is only acquired transiently at runtime and shall be erased
|
||
before the system continues to boot.
|
||
|
||
* There's also a new /etc/crypttab option "try-empty-password". If
|
||
specified, before asking the user for a password it is attempted to
|
||
unlock the volume with an empty password. This is useful for
|
||
installing encrypted images whose password shall be set on first boot
|
||
instead of at installation time.
|
||
|
||
* systemd-cryptsetup will now attempt to load the keys to unlock
|
||
volumes with automatically from files in
|
||
/etc/cryptsetup-keys.d/<volume>.key and
|
||
/run/cryptsetup-keys.d/<volume>.key, if any of these files exist.
|
||
|
||
* systemd-cryptsetup may now activate Microsoft BitLocker volumes via
|
||
/etc/crypttab, during boot.
|
||
|
||
* logind.conf gained a new RuntimeDirectoryInodesMax= setting to
|
||
control the inode limit for the per-user $XDG_RUNTIME_DIR tmpfs
|
||
instance.
|
||
|
||
* A new generator systemd-xdg-autostart-generator has been added. It
|
||
generates systemd unit files from XDG autostart .desktop files, and
|
||
may be used to let the systemd user instance manage services that are
|
||
started automatically as part of the desktop session.
|
||
|
||
* "bootctl" gained a new verb "reboot-to-firmware" that may be used
|
||
to query and change the firmware's 'Reboot Into Firmware Interface'
|
||
setup flag.
|
||
|
||
* systemd-firstboot gained a new switch --kernel-command-line= that may
|
||
be used to initialize the /etc/kernel/cmdline file of the image. It
|
||
also gained a new switch --root-password-hashed= which is like
|
||
--root-password= but accepts a pre-hashed UNIX password as
|
||
argument. The new option --delete-root-password may be used to unset
|
||
any password for the root user (dangerous!). The --root-shell= switch
|
||
may be used to control the shell to use for the root account. A new
|
||
--force option may be used to override any already set settings with
|
||
the parameters specified on the command line (by default, the tool
|
||
will not override what has already been set before, i.e. is purely
|
||
incremental).
|
||
|
||
* systemd-firstboot gained support for a new --image= switch, which is
|
||
similar to --root= but accepts the path to a disk image file, on
|
||
which it then operates.
|
||
|
||
* A new sd-path.h API has been added to libsystemd. It provides a
|
||
simple API for retrieving various search paths and primary
|
||
directories for various resources.
|
||
|
||
* A new call sd_notify_barrier() has been added to the sd-daemon.h
|
||
API. The call will block until all previously sent sd_notify()
|
||
messages have been processed by the service manager. This is useful
|
||
to remove races caused by a process already having disappeared at the
|
||
time a notification message is processed by the service manager,
|
||
making correct attribution impossible. The systemd-notify tool will
|
||
now make use of this call implicitly, but this can be turned off again
|
||
via the new --no-block switch.
|
||
|
||
* When sending a file descriptor (fd) to the service manager to keep
|
||
track of, using the sd_notify() mechanism, a new parameter FDPOLL=0
|
||
may be specified. If passed the service manager will refrain from
|
||
poll()ing on the file descriptor. Traditionally (and when the
|
||
parameter is not specified), the service manager will poll it for
|
||
POLLHUP or POLLERR events, and immediately close the fds in that
|
||
case.
|
||
|
||
* The service manager (PID1) gained a new D-Bus method call
|
||
SetShowStatus() which may be used to control whether it shall show
|
||
boot-time status output on the console. This method has a similar
|
||
effect to sending SIGRTMIN+20/SIGRTMIN+21 to PID 1.
|
||
|
||
* The sd-bus API gained a number of convenience functions that take
|
||
va_list arguments rather than "...". For example, there's now
|
||
sd_bus_call_methodv() to match sd_bus_call_method(). Those calls make
|
||
it easier to build wrappers that accept variadic arguments and want
|
||
to pass a ready va_list structure to sd-bus.
|
||
|
||
* sd-bus vtable entries can have a new SD_BUS_VTABLE_ABSOLUTE_OFFSET
|
||
flag which alters how the userdata pointer to pass to the callbacks
|
||
is determined. When the flag is set, the offset field is converted
|
||
as-is into a pointer, without adding it to the object pointer the
|
||
vtable is associated with.
|
||
|
||
* sd-bus now exposes four new functions:
|
||
sd_bus_interface_name_is_valid() + sd_bus_service_name_is_valid() +
|
||
sd_bus_member_name_is_valid() + sd_bus_object_path_is_valid() will
|
||
validate strings to check if they qualify as various D-Bus concepts.
|
||
|
||
* The sd-bus API gained the SD_BUS_METHOD_WITH_ARGS(),
|
||
SD_BUS_METHOD_WITH_ARGS_OFFSET() and SD_BUS_SIGNAL_WITH_ARGS() macros
|
||
that simplify adding argument names to D-Bus methods and signals.
|
||
|
||
* The man pages for the sd-bus and sd-hwdb APIs have been completed.
|
||
|
||
* Various D-Bus APIs of systemd daemons now have man pages that
|
||
document the methods, signals and properties.
|
||
|
||
* The expectations on user/group name syntax are now documented in
|
||
detail; documentation on how classic home directories may be
|
||
converted into home directories managed by homed has been added;
|
||
documentation regarding integration of homed/userdb functionality in
|
||
desktops has been added:
|
||
|
||
https://systemd.io/USER_NAMES
|
||
https://systemd.io/CONVERTING_TO_HOMED
|
||
https://systemd.io/USERDB_AND_DESKTOPS
|
||
|
||
* Documentation for the on-disk Journal file format has been updated
|
||
and has now moved to:
|
||
|
||
https://systemd.io/JOURNAL_FILE_FORMAT
|
||
|
||
* The interface for containers (https://systemd.io/CONTAINER_INTERFACE)
|
||
has been extended by a set of environment variables that expose
|
||
select fields from the host's os-release file to the container
|
||
payload. Similarly, host's os-release files can be mounted into the
|
||
container underneath /run/host. Together, those mechanisms provide a
|
||
standardized way to expose information about the host to the
|
||
container payload. Both interfaces are implemented in systemd-nspawn.
|
||
|
||
* All D-Bus services shipped in systemd now implement the generic
|
||
LogControl1 D-Bus API which allows clients to change log level +
|
||
target of the service during runtime.
|
||
|
||
* Only relevant for developers: the mkosi.default symlink has been
|
||
dropped from version control. Please create a symlink to one of the
|
||
distribution-specific defaults in .mkosi/ based on your preference.
|
||
|
||
Contributions from: 24bisquitz, Adam Nielsen, Alan Perry, Alexander
|
||
Malafeev, Amitanand.Chikorde, Alin Popa, Alvin Šipraga, Amos Bird,
|
||
Andreas Rammhold, AndreRH, Andrew Doran, Anita Zhang, Ankit Jain,
|
||
antznin, Arnaud Ferraris, Arthur Moraes do Lago, Arusekk, Balaji
|
||
Punnuru, Balint Reczey, Bastien Nocera, bemarek, Benjamin Berg,
|
||
Benjamin Dahlhoff, Benjamin Robin, Chris Down, Chris Kerr, Christian
|
||
Göttsche, Christian Hesse, Christian Oder, Ciprian Hacman, Clinton Roy,
|
||
codicodi, Corey Hinshaw, Daan De Meyer, Dana Olson, Dan Callaghan,
|
||
Daniel Fullmer, Daniel Rusek, Dan Streetman, Dave Reisner, David
|
||
Edmundson, David Wood, Denis Pronin, Diego Escalante Urrelo, Dimitri
|
||
John Ledkov, dolphrundgren, duguxy, Einsler Lee, Elisei Roca, Emmanuel
|
||
Garette, Eric Anderson, Eric DeVolder, Evgeny Vereshchagin,
|
||
ExtinctFire, fangxiuning, Ferran Pallarès Roca, Filipe Brandenburger,
|
||
Filippo Falezza, Finn, Florian Klink, Florian Mayer, Franck Bui,
|
||
Frantisek Sumsal, gaurav, Georg Müller, Gergely Polonkai, Giedrius
|
||
Statkevičius, Gigadoc2, gogogogi, Gaurav Singh, gzjsgdsb, Hans de
|
||
Goede, Haochen Tong, ianhi, ignapk, Jakov Smolic, James T. Lee, Jan
|
||
Janssen, Jan Klötzke, Jan Palus, Jay Burger, Jeremy Cline, Jérémy
|
||
Rosen, Jian-Hong Pan, Jiri Slaby, Joel Shapiro, Joerg Behrmann, Jörg
|
||
Thalheim, Jouke Witteveen, Kai-Heng Feng, Kenny Levinsen, Kevin
|
||
Kuehler, Kumar Kartikeya Dwivedi, layderv, laydervus, Lénaïc Huard,
|
||
Lennart Poettering, Lidong Zhong, Luca Boccassi, Luca BRUNO, Lucas
|
||
Werkmeister, Lukas Klingsbo, Lukáš Nykrýn, Łukasz Stelmach, Maciej
|
||
S. Szmigiero, MadMcCrow, Marc-André Lureau, Marcel Holtmann, Marc
|
||
Kleine-Budde, Martin Hundebøll, Matthew Leeds, Matt Ranostay, Maxim
|
||
Fomin, MaxVerevkin, Michael Biebl, Michael Chapman, Michael Gubbels,
|
||
Michael Marley, Michał Bartoszkiewicz, Michal Koutný, Michal Sekletár,
|
||
Mike Gilbert, Mike Kazantsev, Mikhail Novosyolov, ml, Motiejus Jakštys,
|
||
nabijaczleweli, nerdopolis, Niccolò Maggioni, Niklas Hambüchen, Norbert
|
||
Lange, Paul Cercueil, pelzvieh, Peter Hutterer, Piero La Terza, Pieter
|
||
Lexis, Piotr Drąg, Rafael Fontenelle, Richard Petri, Ronan Pigott, Ross
|
||
Lagerwall, Rubens Figueiredo, satmandu, Sean-StarLabs, Sebastian
|
||
Jennen, sterlinghughes, Surhud More, Susant Sahani, szb512, Thomas
|
||
Haller, Tobias Hunger, Tom, Tomáš Pospíšek, Tomer Shechner, Tom Hughes,
|
||
Topi Miettinen, Tudor Roman, Uwe Kleine-König, Valery0xff, Vito Caputo,
|
||
Vladimir Panteleev, Vladyslav Tronko, Wen Yang, Yegor Vialov, Yigal
|
||
Korman, Yi Gao, YmrDtnJu, Yuri Chornoivan, Yu Watanabe, Zbigniew
|
||
Jędrzejewski-Szmek, Zhu Li, Дамјан Георгиевски, наб
|
||
|
||
– Warsaw, 2020-07-30
|
||
|
||
CHANGES WITH 245:
|
||
|
||
* A new tool "systemd-repart" has been added, that operates as an
|
||
idempotent declarative repartitioner for GPT partition tables.
|
||
Specifically, a set of partitions that must or may exist can be
|
||
configured via drop-in files, and during every boot the partition
|
||
table on disk is compared with these files, creating missing
|
||
partitions or growing existing ones based on configurable relative
|
||
and absolute size constraints. The tool is strictly incremental,
|
||
i.e. does not delete, shrink or move partitions, but only adds and
|
||
grows them. The primary use-case is OS images that ship in minimized
|
||
form, that on first boot are grown to the size of the underlying
|
||
block device or augmented with additional partitions. For example,
|
||
the root partition could be extended to cover the whole disk, or a
|
||
swap or /home partitions could be added on first boot. It can also be
|
||
used for systems that use an A/B update scheme but ship images with
|
||
just the A partition, with B added on first boot. The tool is
|
||
primarily intended to be run in the initrd, shortly before
|
||
transitioning into the host OS, but can also be run after the
|
||
transition took place. It automatically discovers the disk backing
|
||
the root file system, and should hence not require any additional
|
||
configuration besides the partition definition drop-ins. If no
|
||
configuration drop-ins are present, no action is taken.
|
||
|
||
* A new component "userdb" has been added, along with a small daemon
|
||
"systemd-userdbd.service" and a client tool "userdbctl". The framework
|
||
allows defining rich user and group records in a JSON format,
|
||
extending on the classic "struct passwd" and "struct group"
|
||
structures. Various components in systemd have been updated to
|
||
process records in this format, including systemd-logind and
|
||
pam-systemd. The user records are intended to be extensible, and
|
||
allow setting various resource management, security and runtime
|
||
parameters that shall be applied to processes and sessions of the
|
||
user as they log in. This facility is intended to allow associating
|
||
such metadata directly with user/group records so that they can be
|
||
produced, extended and consumed in unified form. We hope that
|
||
eventually frameworks such as sssd will generate records this way, so
|
||
that for the first time resource management and various other
|
||
per-user settings can be configured in LDAP directories and then
|
||
provided to systemd (specifically to systemd-logind and pam-system)
|
||
to apply on login. For further details see:
|
||
|
||
https://systemd.io/USER_RECORD
|
||
https://systemd.io/GROUP_RECORD
|
||
https://systemd.io/USER_GROUP_API
|
||
|
||
* A small new service systemd-homed.service has been added, that may be
|
||
used to securely manage home directories with built-in encryption.
|
||
The complete user record data is unified with the home directory,
|
||
thus making home directories naturally migratable. Its primary
|
||
back-end is based on LUKS volumes, but fscrypt, plain directories,
|
||
and other storage schemes are also supported. This solves a couple of
|
||
problems we saw with traditional ways to manage home directories, in
|
||
particular when it comes to encryption. For further discussion of
|
||
this, see the video of Lennart's talk at AllSystemsGo! 2019:
|
||
|
||
https://media.ccc.de/v/ASG2019-164-reinventing-home-directories
|
||
|
||
For further details about the format and expectations on home
|
||
directories this new daemon makes, see:
|
||
|
||
https://systemd.io/HOME_DIRECTORY
|
||
|
||
* systemd-journald is now multi-instantiable. In addition to the main
|
||
instance systemd-journald.service there's now a template unit
|
||
systemd-journald@.service, with each instance defining a new named
|
||
log 'namespace' (whose name is specified via the instance part of the
|
||
unit name). A new unit file setting LogNamespace= has been added,
|
||
taking such a namespace name, that assigns services to the specified
|
||
log namespaces. As each log namespace is serviced by its own
|
||
independent journal daemon, this functionality may be used to improve
|
||
performance and increase isolation of applications, at the price of
|
||
losing global message ordering. Each instance of journald has a
|
||
separate set of configuration files, with possibly different disk
|
||
usage limitations and other settings.
|
||
|
||
journalctl now takes a new option --namespace= to show logs from a
|
||
specific log namespace. The sd-journal.h API gained
|
||
sd_journal_open_namespace() for opening the log stream of a specific
|
||
log namespace. systemd-journald also gained the ability to exit on
|
||
idle, which is useful in the context of log namespaces, as this means
|
||
log daemons for log namespaces can be activated automatically on
|
||
demand and will stop automatically when no longer used, minimizing
|
||
resource usage.
|
||
|
||
* When systemd-tmpfiles copies a file tree using the 'C' line type it
|
||
will now label every copied file according to the SELinux database.
|
||
|
||
* When systemd/PID 1 detects it is used in the initrd it will now boot
|
||
into initrd.target rather than default.target by default. This should
|
||
make it simpler to build initrds with systemd as for many cases the
|
||
only difference between a host OS image and an initrd image now is
|
||
the presence of the /etc/initrd-release file.
|
||
|
||
* A new kernel command line option systemd.cpu_affinity= is now
|
||
understood. It's equivalent to the CPUAffinity= option in
|
||
/etc/systemd/system.conf and allows setting the CPU mask for PID 1
|
||
itself and the default for all other processes.
|
||
|
||
* When systemd/PID 1 is reloaded (with systemctl daemon-reload or
|
||
equivalent), the SELinux database is now reloaded, ensuring that
|
||
sockets and other file system objects are generated taking the new
|
||
database into account.
|
||
|
||
* systemd/PID 1 accepts a new "systemd.show-status=error" setting, and
|
||
"quiet" has been changed to imply that instead of
|
||
"systemd.show-status=auto". In this mode, only messages about errors
|
||
and significant delays in boot are shown on the console.
|
||
|
||
* The sd-event.h API gained native support for the new Linux "pidfd"
|
||
concept. This permits watching processes using file descriptors
|
||
instead of PID numbers, which fixes a number of races and makes
|
||
process supervision more robust and efficient. All of systemd's
|
||
components will now use pidfds if the kernel supports it for process
|
||
watching, with the exception of PID 1 itself, unfortunately. We hope
|
||
to move PID 1 to exclusively using pidfds too eventually, but this
|
||
requires some more kernel work first. (Background: PID 1 watches
|
||
processes using waitid() with the P_ALL flag, and that does not play
|
||
together nicely with pidfds yet.)
|
||
|
||
* Closely related to this, the sd-event.h API gained two new calls
|
||
sd_event_source_send_child_signal() (for sending a signal to a
|
||
watched process) and sd_event_source_get_child_process_own() (for
|
||
marking a process so that it is killed automatically whenever the
|
||
event source watching it is freed).
|
||
|
||
* systemd-networkd gained support for configuring Token Bucket Filter
|
||
(TBF) parameters in its qdisc configuration support. Similarly,
|
||
support for Stochastic Fairness Queuing (SFQ), Controlled-Delay
|
||
Active Queue Management (CoDel), and Fair Queue (FQ) has been added.
|
||
|
||
* systemd-networkd gained support for Intermediate Functional Block
|
||
(IFB) network devices.
|
||
|
||
* systemd-networkd gained support for configuring multi-path IP routes,
|
||
using the new MultiPathRoute= setting in the [Route] section.
|
||
|
||
* systemd-networkd's DHCPv4 client has been updated to support a new
|
||
SendDecline= option. If enabled, duplicate address detection is done
|
||
after a DHCP offer is received from the server. If a conflict is
|
||
detected, the address is declined. The DHCPv4 client also gained
|
||
support for a new RouteMTUBytes= setting that allows to configure the
|
||
MTU size to be used for routes generated from DHCPv4 leases.
|
||
|
||
* The PrefixRoute= setting in systemd-networkd's [Address] section of
|
||
.network files has been deprecated, and replaced by AddPrefixRoute=,
|
||
with its sense inverted.
|
||
|
||
* The Gateway= setting of [Route] sections of .network files gained
|
||
support for a special new value "_dhcp". If set, the configured
|
||
static route uses the gateway host configured via DHCP.
|
||
|
||
* New User= and SuppressPrefixLength= settings have been implemented
|
||
for the [RoutingPolicyRule] section of .network files to configure
|
||
source routing based on UID ranges and prefix length, respectively.
|
||
|
||
* The Type= match property of .link files has been generalized to
|
||
always match the device type shown by 'networkctl status', even for
|
||
devices where udev does not set DEVTYPE=. This allows e.g. Type=ether
|
||
to be used.
|
||
|
||
* sd-bus gained a new API call sd_bus_message_sensitive() that marks a
|
||
D-Bus message object as "sensitive". Those objects are erased from
|
||
memory when they are freed. This concept is intended to be used for
|
||
messages that contain security sensitive data. A new flag
|
||
SD_BUS_VTABLE_SENSITIVE has been introduced as well to mark methods
|
||
in sd-bus vtables, causing any incoming and outgoing messages of
|
||
those methods to be implicitly marked as "sensitive".
|
||
|
||
* sd-bus gained a new API call sd_bus_message_dump() for dumping the
|
||
contents of a message (or parts thereof) to standard output for
|
||
debugging purposes.
|
||
|
||
* systemd-sysusers gained support for creating users with the primary
|
||
group named differently than the user.
|
||
|
||
* systemd-growfs (i.e. the x-systemd.growfs mount option in /etc/fstab)
|
||
gained support for growing XFS partitions. Previously it supported
|
||
only ext4 and btrfs partitions.
|
||
|
||
* The support for /etc/crypttab gained a new x-initrd.attach option. If
|
||
set, the specified encrypted volume is unlocked already in the
|
||
initrd. This concept corresponds to the x-initrd.mount option in
|
||
/etc/fstab.
|
||
|
||
* systemd-cryptsetup gained native support for unlocking encrypted
|
||
volumes utilizing PKCS#11 smartcards, i.e. for example to bind
|
||
encryption of volumes to YubiKeys. This is exposed in the new
|
||
pkcs11-uri= option in /etc/crypttab.
|
||
|
||
* The /etc/fstab support in systemd now supports two new mount options
|
||
x-systemd.{required,wanted}-by=, for explicitly configuring the units
|
||
that the specified mount shall be pulled in by, in place of
|
||
the usual local-fs.target/remote-fs.target.
|
||
|
||
* The https://systemd.io/ web site has been relaunched, directly
|
||
populated with most of the documentation included in the systemd
|
||
repository. systemd also acquired a new logo, thanks to Tobias
|
||
Bernard.
|
||
|
||
* systemd-udevd gained support for managing "alternative" network
|
||
interface names, as supported by new Linux kernels. For the first
|
||
time this permits assigning multiple (and longer!) names to a network
|
||
interface. systemd-udevd will now by default assign the names
|
||
generated via all supported naming schemes to each interface. This
|
||
may be further tweaked with .link files and the AlternativeName= and
|
||
AlternativeNamesPolicy= settings. Other components of systemd have
|
||
been updated to support the new alternative names wherever
|
||
appropriate. For example, systemd-nspawn will now generate
|
||
alternative interface names for the host-facing side of container
|
||
veth links based on the full container name without truncation.
|
||
|
||
* systemd-nspawn interface naming logic has been updated in another way
|
||
too: if the main interface name (i.e. as opposed to new-style
|
||
"alternative" names) based on the container name is truncated, a
|
||
simple hashing scheme is used to give different interface names to
|
||
multiple containers whose names all begin with the same prefix. Since
|
||
this changes the primary interface names pointing to containers if
|
||
truncation happens, the old scheme may still be requested by
|
||
selecting an older naming scheme, via the net.naming_scheme= kernel
|
||
command line option.
|
||
|
||
* PrivateUsers= in service files now works in services run by the
|
||
systemd --user per-user instance of the service manager.
|
||
|
||
* A new per-service sandboxing option ProtectClock= has been added that
|
||
locks down write access to the system clock. It takes away device
|
||
node access to /dev/rtc as well as the system calls that set the
|
||
system clock and the CAP_SYS_TIME and CAP_WAKE_ALARM capabilities.
|
||
Note that this option does not affect access to auxiliary services
|
||
that allow changing the clock, for example access to
|
||
systemd-timedated.
|
||
|
||
* The systemd-id128 tool gained a new "show" verb for listing or
|
||
resolving a number of well-known UUIDs/128-bit IDs, currently mostly
|
||
GPT partition table types.
|
||
|
||
* The Discoverable Partitions Specification has been updated to support
|
||
/var and /var/tmp partition discovery. Support for this has been
|
||
added to systemd-gpt-auto-generator. For details see:
|
||
|
||
https://systemd.io/DISCOVERABLE_PARTITIONS
|
||
|
||
* "systemctl list-unit-files" has been updated to show a new column
|
||
with the suggested enablement state based on the vendor preset files
|
||
for the respective units.
|
||
|
||
* "systemctl" gained a new option "--with-dependencies". If specified
|
||
commands such as "systemctl status" or "systemctl cat" will now show
|
||
all specified units along with all units they depend on.
|
||
|
||
* networkctl gained support for showing per-interface logs in its
|
||
"status" output.
|
||
|
||
* systemd-networkd-wait-online gained support for specifying the maximum
|
||
operational state to wait for, and to wait for interfaces to
|
||
disappear.
|
||
|
||
* The [Match] section of .link and .network files now supports a new
|
||
option PermanentMACAddress= which may be used to check against the
|
||
permanent MAC address of a network device even if a randomized MAC
|
||
address is used.
|
||
|
||
* The [TrafficControlQueueingDiscipline] section in .network files has
|
||
been renamed to [NetworkEmulator] with the "NetworkEmulator" prefix
|
||
dropped from the individual setting names.
|
||
|
||
* Any .link and .network files that have an empty [Match] section (this
|
||
also includes empty and commented-out files) will now be
|
||
rejected. systemd-udev and systemd-networkd started warning about
|
||
such files in version 243.
|
||
|
||
* systemd-logind will now validate access to the operation of changing
|
||
the virtual terminal via a polkit action. By default, only users
|
||
with at least one session on a local VT are granted permission.
|
||
|
||
* When systemd sets up PAM sessions that invoked service processes
|
||
shall run in, the pam_setcred() API is now invoked, thus permitting
|
||
PAM modules to set additional credentials for the processes.
|
||
|
||
* portablectl attach/detach verbs now accept --now and --enable options
|
||
to combine attachment with enablement and invocation, or detachment
|
||
with stopping and disablement.
|
||
|
||
* UPGRADE ISSUE: a bug where some jobs were trimmed as redundant was
|
||
fixed, which in turn exposed bugs in unit configuration of services
|
||
which have Type=oneshot and should only run once, but do not have
|
||
RemainAfterExit=yes set. Without RemainAfterExit=yes, a one-shot
|
||
service may be started again after exiting successfully, for example
|
||
as a dependency in another transaction. Affected services included
|
||
some internal systemd services (most notably
|
||
systemd-vconsole-setup.service, which was updated to have
|
||
RemainAfterExit=yes), and plymouth-start.service. Please ensure that
|
||
plymouth has been suitably updated or patched before upgrading to
|
||
this systemd release. See
|
||
https://bugzilla.redhat.com/show_bug.cgi?id=1807771 for some
|
||
additional discussion.
|
||
|
||
Contributions from: AJ Bagwell, Alin Popa, Andreas Rammhold, Anita
|
||
Zhang, Ansgar Burchardt, Antonio Russo, Arian van Putten, Ashley Davis,
|
||
Balint Reczey, Bart Willems, Bastien Nocera, Benjamin Dahlhoff, Charles
|
||
(Chas) Williams, cheese1, Chris Down, Chris Murphy, Christian Ehrhardt,
|
||
Christian Göttsche, cvoinf, Daan De Meyer, Daniele Medri, Daniel Rusek,
|
||
Daniel Shahaf, Dann Frazier, Dan Streetman, Dariusz Gadomski, David
|
||
Michael, Dimitri John Ledkov, Emmanuel Bourg, Evgeny Vereshchagin,
|
||
ezst036, Felipe Sateler, Filipe Brandenburger, Florian Klink, Franck
|
||
Bui, Fran Dieguez, Frantisek Sumsal, Greg "GothAck" Miell, Guilhem
|
||
Lettron, Guillaume Douézan-Grard, Hans de Goede, HATAYAMA Daisuke, Iain
|
||
Lane, James Buren, Jan Alexander Steffens (heftig), Jérémy Rosen, Jin
|
||
Park, Jun'ichi Nomura, Kai Krakow, Kevin Kuehler, Kevin P. Fleming,
|
||
Lennart Poettering, Leonid Bloch, Leonid Evdokimov, lothrond, Luca
|
||
Boccassi, Lukas K, Lynn Kirby, Mario Limonciello, Mark Deneen, Matthew
|
||
Leeds, Michael Biebl, Michal Koutný, Michal Sekletár, Mike Auty, Mike
|
||
Gilbert, mtron, nabijaczleweli, Naïm Favier, Nate Jones, Norbert Lange,
|
||
Oliver Giles, Paul Davey, Paul Menzel, Peter Hutterer, Piotr Drąg, Rafa
|
||
Couto, Raphael, rhn, Robert Scheck, Rocka, Romain Naour, Ryan Attard,
|
||
Sascha Dewald, Shengjing Zhu, Slava Kardakov, Spencer Michaels, Sylvain
|
||
Plantefeve, Stanislav Angelovič, Susant Sahani, Thomas Haller, Thomas
|
||
Schmitt, Timo Schlüßler, Timo Wilken, Tobias Bernard, Tobias Klauser,
|
||
Tobias Stoeckmann, Topi Miettinen, tsia, WataruMatsuoka, Wieland
|
||
Hoffmann, Wilhelm Schuster, Will Fleming, xduugu, Yong Cong Sin, Yuri
|
||
Chornoivan, Yu Watanabe, Zach Smith, Zbigniew Jędrzejewski-Szmek, Zeyu
|
||
DONG
|
||
|
||
– Warsaw, 2020-03-06
|
||
|
||
CHANGES WITH 244:
|
||
|
||
* Support for the cpuset cgroups v2 controller has been added.
|
||
Processes may be restricted to specific CPUs using the new
|
||
AllowedCPUs= setting, and to specific memory NUMA nodes using the new
|
||
AllowedMemoryNodes= setting.
|
||
|
||
* The signal used in restart jobs (as opposed to e.g. stop jobs) may
|
||
now be configured using a new RestartKillSignal= setting. This
|
||
allows units which signals to request termination to implement
|
||
different behaviour when stopping in preparation for a restart.
|
||
|
||
* "systemctl clean" may now be used also for socket, mount, and swap
|
||
units.
|
||
|
||
* systemd will also read configuration options from the EFI variable
|
||
SystemdOptions. This may be used to configure systemd behaviour when
|
||
modifying the kernel command line is inconvenient, but configuration
|
||
on disk is read too late, for example for the options related to
|
||
cgroup hierarchy setup. 'bootctl systemd-efi-options' may be used to
|
||
set the EFI variable.
|
||
|
||
* systemd will now disable printk ratelimits in early boot. This should
|
||
allow us to capture more logs from the early boot phase where normal
|
||
storage is not available and the kernel ring buffer is used for
|
||
logging. Configuration on the kernel command line has higher priority
|
||
and overrides the systemd setting.
|
||
|
||
systemd programs which log to /dev/kmsg directly use internal
|
||
ratelimits to prevent runaway logging. (Normally this is only used
|
||
during early boot, so in practice this change has very little
|
||
effect.)
|
||
|
||
* Unit files now support top level dropin directories of the form
|
||
<unit_type>.d/ (e.g. service.d/) that may be used to add configuration
|
||
that affects all corresponding unit files.
|
||
|
||
* systemctl gained support for 'stop --job-mode=triggering' which will
|
||
stop the specified unit and any units which could trigger it.
|
||
|
||
* Unit status display now includes units triggering and triggered by
|
||
the unit being shown.
|
||
|
||
* The RuntimeMaxSec= setting is now supported by scopes, not just
|
||
.service units. This is particularly useful for PAM sessions which
|
||
create a scope unit for the user login. systemd.runtime_max_sec=
|
||
setting may used with the pam_systemd module to limit the duration
|
||
of the PAM session, for example for time-limited logins.
|
||
|
||
* A new @pkey system call group is now defined to make it easier to
|
||
allow-list memory protection syscalls for containers and services
|
||
which need to use them.
|
||
|
||
* systemd-udevd: removed the 30s timeout for killing stale workers on
|
||
exit. systemd-udevd now waits for workers to finish. The hard-coded
|
||
exit timeout of 30s was too short for some large installations, where
|
||
driver initialization could be prematurely interrupted during initrd
|
||
processing if the root file system had been mounted and init was
|
||
preparing to switch root. If udevd is run without systemd and workers
|
||
are hanging while udevd receives an exit signal, udevd will now exit
|
||
when udev.event_timeout is reached for the last hanging worker. With
|
||
systemd, the exit timeout can additionally be configured using
|
||
TimeoutStopSec= in systemd-udevd.service.
|
||
|
||
* udev now provides a program (fido_id) that identifies FIDO CTAP1
|
||
("U2F")/CTAP2 security tokens based on the usage declared in their
|
||
report and descriptor and outputs suitable environment variables.
|
||
This replaces the externally maintained allow lists of all known
|
||
security tokens that were used previously.
|
||
|
||
* Automatically generated autosuspend udev rules for allow-listed
|
||
devices have been imported from the Chromium OS project. This should
|
||
improve power saving with many more devices.
|
||
|
||
* udev gained a new "CONST{key}=value" setting that allows matching
|
||
against system-wide constants without forking a helper binary.
|
||
Currently "arch" and "virt" keys are supported.
|
||
|
||
* udev now opens CDROMs in non-exclusive mode when querying their
|
||
capabilities. This should fix issues where other programs trying to
|
||
use the CDROM cannot gain access to it, but carries a risk of
|
||
interfering with programs writing to the disk, if they did not open
|
||
the device in exclusive mode as they should.
|
||
|
||
* systemd-networkd does not create a default route for IPv4 link local
|
||
addressing anymore. The creation of the route was unexpected and was
|
||
breaking routing in various cases, but people who rely on it being
|
||
created implicitly will need to adjust. Such a route may be requested
|
||
with DefaultRouteOnDevice=yes.
|
||
|
||
Similarly, systemd-networkd will not assign a link-local IPv6 address
|
||
when IPv6 link-local routing is not enabled.
|
||
|
||
* Receive and transmit buffers may now be configured on links with
|
||
the new RxBufferSize= and TxBufferSize= settings.
|
||
|
||
* systemd-networkd may now advertise additional IPv6 routes. A new
|
||
[IPv6RoutePrefix] section with Route= and LifetimeSec= options is
|
||
now supported.
|
||
|
||
* systemd-networkd may now configure "next hop" routes using the
|
||
[NextHop] section and Gateway= and Id= settings.
|
||
|
||
* systemd-networkd will now retain DHCP config on restarts by default
|
||
(but this may be overridden using the KeepConfiguration= setting).
|
||
The default for SendRelease= has been changed to true.
|
||
|
||
* The DHCPv4 client now uses the OPTION_INFORMATION_REFRESH_TIME option
|
||
received from the server.
|
||
|
||
The client will use the received SIP server list if UseSIP=yes is
|
||
set.
|
||
|
||
The client may be configured to request specific options from the
|
||
server using a new RequestOptions= setting.
|
||
|
||
The client may be configured to send arbitrary options to the server
|
||
using a new SendOption= setting.
|
||
|
||
A new IPServiceType= setting has been added to configure the "IP
|
||
service type" value used by the client.
|
||
|
||
* The DHCPv6 client learnt a new PrefixDelegationHint= option to
|
||
request prefix hints in the DHCPv6 solicitation.
|
||
|
||
* The DHCPv4 server may be configured to send arbitrary options using
|
||
a new SendOption= setting.
|
||
|
||
* The DHCPv4 server may now be configured to emit SIP server list using
|
||
the new EmitSIP= and SIP= settings.
|
||
|
||
* systemd-networkd and networkctl may now renew DHCP leases on demand.
|
||
networkctl has a new 'networkctl renew' verb.
|
||
|
||
* systemd-networkd may now reconfigure links on demand. networkctl
|
||
gained two new verbs: "reload" will reload the configuration, and
|
||
"reconfigure DEVICE…" will reconfigure one or more devices.
|
||
|
||
* .network files may now match on SSID and BSSID of a wireless network,
|
||
i.e. the access point name and hardware address using the new SSID=
|
||
and BSSID= options. networkctl will display the current SSID and
|
||
BSSID for wireless links.
|
||
|
||
.network files may also match on the wireless network type using the
|
||
new WLANInterfaceType= option.
|
||
|
||
* systemd-networkd now includes default configuration that enables
|
||
link-local addressing when connected to an ad-hoc wireless network.
|
||
|
||
* systemd-networkd may configure the Traffic Control queueing
|
||
disciplines in the kernel using the new
|
||
[TrafficControlQueueingDiscipline] section and Parent=,
|
||
NetworkEmulatorDelaySec=, NetworkEmulatorDelayJitterSec=,
|
||
NetworkEmulatorPacketLimit=, NetworkEmulatorLossRate=,
|
||
NetworkEmulatorDuplicateRate= settings.
|
||
|
||
* systemd-tmpfiles gained a new w+ setting to append to files.
|
||
|
||
* systemd-analyze dump will now report when the memory configuration in
|
||
the kernel does not match what systemd has configured (usually,
|
||
because some external program has modified the kernel configuration
|
||
on its own).
|
||
|
||
* systemd-analyze gained a new --base-time= switch instructs the
|
||
'calendar' verb to resolve times relative to that timestamp instead
|
||
of the present time.
|
||
|
||
* journalctl --update-catalog now produces deterministic output (making
|
||
reproducible image builds easier).
|
||
|
||
* A new devicetree-overlay setting is now documented in the Boot Loader
|
||
Specification.
|
||
|
||
* The default value of the WatchdogSec= setting used in systemd
|
||
services (the ones bundled with the project itself) may be set at
|
||
configuration time using the -Dservice-watchdog= setting. If set to
|
||
empty, the watchdogs will be disabled.
|
||
|
||
* systemd-resolved validates IP addresses in certificates now when GnuTLS
|
||
is being used.
|
||
|
||
* libcryptsetup >= 2.0.1 is now required.
|
||
|
||
* A configuration option -Duser-path= may be used to override the $PATH
|
||
used by the user service manager. The default is again to use the same
|
||
path as the system manager.
|
||
|
||
* The systemd-id128 tool gained a new switch "-u" (or "--uuid") for
|
||
outputting the 128-bit IDs in UUID format (i.e. in the "canonical
|
||
representation").
|
||
|
||
* Service units gained a new sandboxing option ProtectKernelLogs= which
|
||
makes sure the program cannot get direct access to the kernel log
|
||
buffer anymore, i.e. the syslog() system call (not to be confused
|
||
with the API of the same name in libc, which is not affected), the
|
||
/proc/kmsg and /dev/kmsg nodes and the CAP_SYSLOG capability are made
|
||
inaccessible to the service. It's recommended to enable this setting
|
||
for all services that should not be able to read from or write to the
|
||
kernel log buffer, which are probably almost all.
|
||
|
||
Contributions from: Aaron Plattner, Alcaro, Anita Zhang, Balint Reczey,
|
||
Bastien Nocera, Baybal Ni, Benjamin Bouvier, Benjamin Gilbert, Carlo
|
||
Teubner, cbzxt, Chen Qi, Chris Down, Christian Rebischke, Claudio
|
||
Zumbo, ClydeByrdIII, crashfistfight, Cyprien Laplace, Daniel Edgecumbe,
|
||
Daniel Gorbea, Daniel Rusek, Daniel Stuart, Dan Streetman, David
|
||
Pedersen, David Tardon, Dimitri John Ledkov, Dominique Martinet, Donald
|
||
A. Cupp Jr, Evgeny Vereshchagin, Fabian Henneke, Filipe Brandenburger,
|
||
Franck Bui, Frantisek Sumsal, Georg Müller, Hans de Goede, Haochen
|
||
Tong, HATAYAMA Daisuke, Iwan Timmer, Jan Janssen, Jan Kundrát, Jan
|
||
Synacek, Jan Tojnar, Jay Strict, Jérémy Rosen, Jóhann B. Guðmundsson,
|
||
Jonas Jelten, Jonas Thelemann, Justin Trudell, J. Xing, Kai-Heng Feng,
|
||
Kenneth D'souza, Kevin Becker, Kevin Kuehler, Lennart Poettering,
|
||
Léonard Gérard, Lorenz Bauer, Luca Boccassi, Maciej Stanczew, Mario
|
||
Limonciello, Marko Myllynen, Mark Stosberg, Martin Wilck, matthiasroos,
|
||
Michael Biebl, Michael Olbrich, Michael Tretter, Michal Sekletar,
|
||
Michal Sekletár, Michal Suchanek, Mike Gilbert, Mike Kazantsev, Nicolas
|
||
Douma, nikolas, Norbert Lange, pan93412, Pascal de Bruijn, Paul Menzel,
|
||
Pavel Hrdina, Peter Wu, Philip Withnall, Piotr Drąg, Rafael Fontenelle,
|
||
Renaud Métrich, Riccardo Schirone, RoadrunnerWMC, Ronan Pigott, Ryan
|
||
Attard, Sebastian Wick, Serge, Siddharth Chandrasekara, Steve Ramage,
|
||
Steve Traylen, Susant Sahani, Thibault Nélis, Tim Teichmann, Tom
|
||
Fitzhenry, Tommy J, Torsten Hilbrich, Vito Caputo, ypf791, Yu Watanabe,
|
||
Zach Smith, Zbigniew Jędrzejewski-Szmek
|
||
|
||
– Warsaw, 2019-11-29
|
||
|
||
CHANGES WITH 243:
|
||
|
||
* This release enables unprivileged programs (i.e. requiring neither
|
||
setuid nor file capabilities) to send ICMP Echo (i.e. ping) requests
|
||
by turning on the "net.ipv4.ping_group_range" sysctl of the Linux
|
||
kernel for the whole UNIX group range, i.e. all processes. This
|
||
change should be reasonably safe, as the kernel support for it was
|
||
specifically implemented to allow safe access to ICMP Echo for
|
||
processes lacking any privileges. If this is not desirable, it can be
|
||
disabled again by setting the parameter to "1 0".
|
||
|
||
* Previously, filters defined with SystemCallFilter= would have the
|
||
effect that any calling of an offending system call would terminate
|
||
the calling thread. This behaviour never made much sense, since
|
||
killing individual threads of unsuspecting processes is likely to
|
||
create more problems than it solves. With this release the default
|
||
action changed from killing the thread to killing the whole
|
||
process. For this to work correctly both a kernel version (>= 4.14)
|
||
and a libseccomp version (>= 2.4.0) supporting this new seccomp
|
||
action is required. If an older kernel or libseccomp is used the old
|
||
behaviour continues to be used. This change does not affect any
|
||
services that have no system call filters defined, or that use
|
||
SystemCallErrorNumber= (and thus see EPERM or another error instead
|
||
of being killed when calling an offending system call). Note that
|
||
systemd documentation always claimed that the whole process is
|
||
killed. With this change behaviour is thus adjusted to match the
|
||
documentation.
|
||
|
||
* On 64 bit systems, the "kernel.pid_max" sysctl is now bumped to
|
||
4194304 by default, i.e. the full 22bit range the kernel allows, up
|
||
from the old 16-bit range. This should improve security and
|
||
robustness, as PID collisions are made less likely (though certainly
|
||
still possible). There are rumours this might create compatibility
|
||
problems, though at this moment no practical ones are known to
|
||
us. Downstream distributions are hence advised to undo this change in
|
||
their builds if they are concerned about maximum compatibility, but
|
||
for everybody else we recommend leaving the value bumped. Besides
|
||
improving security and robustness this should also simplify things as
|
||
the maximum number of allowed concurrent tasks was previously bounded
|
||
by both "kernel.pid_max" and "kernel.threads-max" and now effectively
|
||
only a single knob is left ("kernel.threads-max"). There have been
|
||
concerns that usability is affected by this change because larger PID
|
||
numbers are harder to type, but we believe the change from 5 digits
|
||
to 7 digits doesn't hamper usability.
|
||
|
||
* MemoryLow= and MemoryMin= gained hierarchy-aware counterparts,
|
||
DefaultMemoryLow= and DefaultMemoryMin=, which can be used to
|
||
hierarchically set default memory protection values for a particular
|
||
subtree of the unit hierarchy.
|
||
|
||
* Memory protection directives can now take a value of zero, allowing
|
||
explicit opting out of a default value propagated by an ancestor.
|
||
|
||
* systemd now defaults to the "unified" cgroup hierarchy setup during
|
||
build-time, i.e. -Ddefault-hierarchy=unified is now the build-time
|
||
default. Previously, -Ddefault-hierarchy=hybrid was the default. This
|
||
change reflects the fact that cgroupsv2 support has matured
|
||
substantially in both systemd and in the kernel, and is clearly the
|
||
way forward. Downstream production distributions might want to
|
||
continue to use -Ddefault-hierarchy=hybrid (or even =legacy) for
|
||
their builds as unfortunately the popular container managers have not
|
||
caught up with the kernel API changes.
|
||
|
||
* Man pages are not built by default anymore (html pages were already
|
||
disabled by default), to make development builds quicker. When
|
||
building systemd for a full installation with documentation, meson
|
||
should be called with -Dman=true and/or -Dhtml=true as appropriate.
|
||
The default was changed based on the assumption that quick one-off or
|
||
repeated development builds are much more common than full optimized
|
||
builds for installation, and people need to pass various other
|
||
options to when doing "proper" builds anyway, so the gain from making
|
||
development builds quicker is bigger than the one time disruption for
|
||
packagers.
|
||
|
||
Two scripts are created in the *build* directory to generate and
|
||
preview man and html pages on demand, e.g.:
|
||
|
||
build/man/man systemctl
|
||
build/man/html systemd.index
|
||
|
||
* libidn2 is used by default if both libidn2 and libidn are installed.
|
||
Please use -Dlibidn=true if libidn is preferred.
|
||
|
||
* The D-Bus "wire format" of the CPUAffinity= attribute is changed on
|
||
big-endian machines. Before, bytes were written and read in native
|
||
machine order as exposed by the native libc __cpu_mask interface.
|
||
Now, little-endian order is always used (CPUs 0–7 are described by
|
||
bits 0–7 in byte 0, CPUs 8–15 are described by byte 1, and so on).
|
||
This change fixes D-Bus calls that cross endianness boundary.
|
||
|
||
The presentation format used for CPUAffinity= by "systemctl show" and
|
||
"systemd-analyze dump" is changed to present CPU indices instead of
|
||
the raw __cpu_mask bitmask. For example, CPUAffinity=0-1 would be
|
||
shown as CPUAffinity=03000000000000000000000000000… (on
|
||
little-endian) or CPUAffinity=00000000000000300000000000000… (on
|
||
64-bit big-endian), and is now shown as CPUAffinity=0-1, matching the
|
||
input format. The maximum integer that will be printed in the new
|
||
format is 8191 (four digits), while the old format always used a very
|
||
long number (with the length varying by architecture), so they can be
|
||
unambiguously distinguished.
|
||
|
||
* /usr/sbin/halt.local is no longer supported. Implementation in
|
||
distributions was inconsistent and it seems this functionality was
|
||
very rarely used.
|
||
|
||
To replace this functionality, users should:
|
||
- either define a new unit and make it a dependency of final.target
|
||
(systemctl add-wants final.target my-halt-local.service)
|
||
- or move the shutdown script to /usr/lib/systemd/system-shutdown/
|
||
and ensure that it accepts "halt", "poweroff", "reboot", and
|
||
"kexec" as an argument, see the description in systemd-shutdown(8).
|
||
|
||
* When a [Match] section in .link or .network file is empty (contains
|
||
no match patterns), a warning will be emitted. Please add any "match
|
||
all" pattern instead, e.g. OriginalName=* or Name=* in case all
|
||
interfaces should really be matched.
|
||
|
||
* A new setting NUMAPolicy= may be used to set process memory
|
||
allocation policy. This setting can be specified in
|
||
/etc/systemd/system.conf and hence will set the default policy for
|
||
PID1. The default policy can be overridden on a per-service
|
||
basis. The related setting NUMAMask= is used to specify NUMA node
|
||
mask that should be associated with the selected policy.
|
||
|
||
* PID 1 will now listen to Out-Of-Memory (OOM) events the kernel
|
||
generates when processes it manages are reaching their memory limits,
|
||
and will place their units in a special state, and optionally kill or
|
||
stop the whole unit.
|
||
|
||
* The service manager will now expose bus properties for the IO
|
||
resources used by units. This information is also shown in "systemctl
|
||
status" now (for services that have IOAccounting=yes set). Moreover,
|
||
the IO accounting data is included in the resource log message
|
||
generated whenever a unit stops.
|
||
|
||
* Units may now configure an explicit timeout to wait for when killed
|
||
with SIGABRT, for example when a service watchdog is hit. Previously,
|
||
the regular TimeoutStopSec= timeout was applied in this case too —
|
||
now a separate timeout may be set using TimeoutAbortSec=.
|
||
|
||
* Services may now send a special WATCHDOG=trigger message with
|
||
sd_notify() to trigger an immediate "watchdog missed" event, and thus
|
||
trigger service termination. This is useful both for testing watchdog
|
||
handling, but also for defining error paths in services, that shall
|
||
be handled the same way as watchdog events.
|
||
|
||
* There are two new per-unit settings IPIngressFilterPath= and
|
||
IPEgressFilterPath= which allow configuration of a BPF program
|
||
(usually by specifying a path to a program uploaded to /sys/fs/bpf/)
|
||
to apply to the IP packet ingress/egress path of all processes of a
|
||
unit. This is useful to allow running systemd services with BPF
|
||
programs set up externally.
|
||
|
||
* systemctl gained a new "clean" verb for removing the state, cache,
|
||
runtime or logs directories of a service while it is terminated. The
|
||
new verb may also be used to remove the state maintained on disk for
|
||
timer units that have Persistent= configured.
|
||
|
||
* During the last phase of shutdown systemd will now automatically
|
||
increase the log level configured in the "kernel.printk" sysctl so
|
||
that any relevant loggable events happening during late shutdown are
|
||
made visible. Previously, loggable events happening so late during
|
||
shutdown were generally lost if the "kernel.printk" sysctl was set to
|
||
high thresholds, as regular logging daemons are terminated at that
|
||
time and thus nothing is written to disk.
|
||
|
||
* If processes terminated during the last phase of shutdown do not exit
|
||
quickly systemd will now show their names after a short time, to make
|
||
debugging easier. After a longer timeout they are forcibly killed,
|
||
as before.
|
||
|
||
* journalctl (and the other tools that display logs) will now highlight
|
||
warnings in yellow (previously, both LOG_NOTICE and LOG_WARNING where
|
||
shown in bright bold, now only LOG_NOTICE is). Moreover, audit logs
|
||
are now shown in blue color, to separate them visually from regular
|
||
logs. References to configuration files are now turned into clickable
|
||
links on terminals that support that.
|
||
|
||
* systemd-journald will now stop logging to /var/log/journal during
|
||
shutdown when /var/ is on a separate mount, so that it can be
|
||
unmounted safely during shutdown.
|
||
|
||
* systemd-resolved gained support for a new 'strict' DNS-over-TLS mode.
|
||
|
||
* systemd-resolved "Cache=" configuration option in resolved.conf has
|
||
been extended to also accept the 'no-negative' value. Previously,
|
||
only a boolean option was allowed (yes/no), having yes as the
|
||
default. If this option is set to 'no-negative', negative answers are
|
||
not cached while the old cache heuristics are used positive answers.
|
||
The default remains unchanged.
|
||
|
||
* The predictable naming scheme for network devices now supports
|
||
generating predictable names for "netdevsim" devices.
|
||
|
||
Moreover, the "en" prefix was dropped from the ID_NET_NAME_ONBOARD
|
||
udev property.
|
||
|
||
Those two changes form a new net.naming_scheme= entry. Distributions
|
||
which want to preserve naming stability may want to set the
|
||
-Ddefault-net-naming-scheme= configuration option.
|
||
|
||
* systemd-networkd now supports MACsec, nlmon, IPVTAP and Xfrm
|
||
interfaces natively.
|
||
|
||
* systemd-networkd's bridge FDB support now allows configuration of a
|
||
destination address for each entry (Destination=), as well as the
|
||
VXLAN VNI (VNI=), as well as an option to declare what an entry is
|
||
associated with (AssociatedWith=).
|
||
|
||
* systemd-networkd's DHCPv4 support now understands a new MaxAttempts=
|
||
option for configuring the maximum number of DHCP lease requests. It
|
||
also learnt a new BlackList= option for deny-listing DHCP servers (a
|
||
similar setting has also been added to the IPv6 RA client), as well
|
||
as a SendRelease= option for configuring whether to send a DHCP
|
||
RELEASE message when terminating.
|
||
|
||
* systemd-networkd's DHCPv4 and DHCPv6 stacks can now be configured
|
||
separately in the [DHCPv4] and [DHCPv6] sections.
|
||
|
||
* systemd-networkd's DHCP support will now optionally create an
|
||
implicit host route to the DNS server specified in the DHCP lease, in
|
||
addition to the routes listed explicitly in the lease. This should
|
||
ensure that in multi-homed systems DNS traffic leaves the systems on
|
||
the interface that acquired the DNS server information even if other
|
||
routes such as default routes exist. This behaviour may be turned on
|
||
with the new RoutesToDNS= option.
|
||
|
||
* systemd-networkd's VXLAN support gained a new option
|
||
GenericProtocolExtension= for enabling VXLAN Generic Protocol
|
||
Extension support, as well as IPDoNotFragment= for setting the IP
|
||
"Don't fragment" bit on outgoing packets. A similar option has been
|
||
added to the GENEVE support.
|
||
|
||
* In systemd-networkd's [Route] section you may now configure
|
||
FastOpenNoCookie= for configuring per-route TCP fast-open support, as
|
||
well as TTLPropagate= for configuring Label Switched Path (LSP) TTL
|
||
propagation. The Type= setting now supports local, broadcast,
|
||
anycast, multicast, any, xresolve routes, too.
|
||
|
||
* systemd-networkd's [Network] section learnt a new option
|
||
DefaultRouteOnDevice= for automatically configuring a default route
|
||
onto the network device.
|
||
|
||
* systemd-networkd's bridging support gained two new options ProxyARP=
|
||
and ProxyARPWifi= for configuring proxy ARP behaviour as well as
|
||
MulticastRouter= for configuring multicast routing behaviour. A new
|
||
option MulticastIGMPVersion= may be used to change bridge's multicast
|
||
Internet Group Management Protocol (IGMP) version.
|
||
|
||
* systemd-networkd's FooOverUDP support gained the ability to configure
|
||
local and peer IP addresses via Local= and Peer=. A new option
|
||
PeerPort= may be used to configure the peer's IP port.
|
||
|
||
* systemd-networkd's TUN support gained a new setting VnetHeader= for
|
||
tweaking Generic Segment Offload support.
|
||
|
||
* The address family for policy rules may be specified using the new
|
||
Family= option in the [RoutingPolicyRule] section.
|
||
|
||
* networkctl gained a new "delete" command for removing virtual network
|
||
devices, as well as a new "--stats" switch for showing device
|
||
statistics.
|
||
|
||
* networkd.conf gained a new setting SpeedMeter= and
|
||
SpeedMeterIntervalSec=, to measure bitrate of network interfaces. The
|
||
measured speed may be shown by 'networkctl status'.
|
||
|
||
* "networkctl status" now displays MTU and queue lengths, and more
|
||
detailed information about VXLAN and bridge devices.
|
||
|
||
* systemd-networkd's .network and .link files gained a new Property=
|
||
setting in the [Match] section, to match against devices with
|
||
specific udev properties.
|
||
|
||
* systemd-networkd's tunnel support gained a new option
|
||
AssignToLoopback= for selecting whether to use the loopback device
|
||
"lo" as underlying device.
|
||
|
||
* systemd-networkd's MACAddress= setting in the [Neighbor] section has
|
||
been renamed to LinkLayerAddress=, and it now allows configuration of
|
||
IP addresses, too.
|
||
|
||
* systemd-networkd's handling of the kernel's disable_ipv6 sysctl is
|
||
simplified: systemd-networkd will disable the sysctl (enable IPv6) if
|
||
IPv6 configuration (static or DHCPv6) was found for a given
|
||
interface. It will not touch the sysctl otherwise.
|
||
|
||
* The order of entries is $PATH used by the user manager instance was
|
||
changed to put bin/ entries before the corresponding sbin/ entries.
|
||
It is recommended to not rely on this order, and only ever have one
|
||
binary with a given name in the system paths under /usr.
|
||
|
||
* A new tool systemd-network-generator has been added that may generate
|
||
.network, .netdev and .link files from IP configuration specified on
|
||
the kernel command line in the format used by Dracut.
|
||
|
||
* The CriticalConnection= setting in .network files is now deprecated,
|
||
and replaced by a new KeepConfiguration= setting which allows more
|
||
detailed configuration of the IP configuration to keep in place.
|
||
|
||
* systemd-analyze gained a few new verbs:
|
||
|
||
- "systemd-analyze timestamp" parses and converts timestamps. This is
|
||
similar to the existing "systemd-analyze calendar" command which
|
||
does the same for recurring calendar events.
|
||
|
||
- "systemd-analyze timespan" parses and converts timespans (i.e.
|
||
durations as opposed to points in time).
|
||
|
||
- "systemd-analyze condition" will parse and test ConditionXYZ=
|
||
expressions.
|
||
|
||
- "systemd-analyze exit-status" will parse and convert exit status
|
||
codes to their names and back.
|
||
|
||
- "systemd-analyze unit-files" will print a list of all unit
|
||
file paths and unit aliases.
|
||
|
||
* SuccessExitStatus=, RestartPreventExitStatus=, and
|
||
RestartForceExitStatus= now accept exit status names (e.g. "DATAERR"
|
||
is equivalent to "65"). Those exit status name mappings may be
|
||
displayed with the systemd-analyze exit-status verb describe above.
|
||
|
||
* systemd-logind now exposes a per-session SetBrightness() bus call,
|
||
which may be used to securely change the brightness of a kernel
|
||
brightness device, if it belongs to the session's seat. By using this
|
||
call unprivileged clients can make changes to "backlight" and "leds"
|
||
devices securely with strict requirements on session membership.
|
||
Desktop environments may use this to generically make brightness
|
||
changes to such devices without shipping private SUID binaries or
|
||
udev rules for that purpose.
|
||
|
||
* "udevadm info" gained a --wait-for-initialization switch to wait for
|
||
a device to be initialized.
|
||
|
||
* systemd-hibernate-resume-generator will now look for resumeflags= on
|
||
the kernel command line, which is similar to rootflags= and may be
|
||
used to configure device timeout for the hibernation device.
|
||
|
||
* sd-event learnt a new API call sd_event_source_disable_unref() for
|
||
disabling and unref'ing an event source in a single function. A
|
||
related call sd_event_source_disable_unrefp() has been added for use
|
||
with gcc's cleanup extension.
|
||
|
||
* The sd-id128.h public API gained a new definition
|
||
SD_ID128_UUID_FORMAT_STR for formatting a 128-bit ID in UUID format
|
||
with printf().
|
||
|
||
* "busctl introspect" gained a new switch --xml-interface for dumping
|
||
XML introspection data unmodified.
|
||
|
||
* PID 1 may now show the unit name instead of the unit description
|
||
string in its status output during boot. This may be configured in
|
||
the StatusUnitFormat= setting in /etc/systemd/system.conf or the
|
||
kernel command line option systemd.status_unit_format=.
|
||
|
||
* PID 1 now understands a new option KExecWatchdogSec= in
|
||
/etc/systemd/system.conf to set a watchdog timeout for kexec reboots.
|
||
Previously watchdog functionality was only available for regular
|
||
reboots. The new setting defaults to off, because we don't know in
|
||
the general case if the watchdog will be reset after kexec (some
|
||
drivers do reset it, but not all), and the new userspace might not be
|
||
configured to handle the watchdog.
|
||
|
||
Moreover, the old ShutdownWatchdogSec= setting has been renamed to
|
||
RebootWatchdogSec= to more clearly communicate what it is about. The
|
||
old name is still accepted for compatibility.
|
||
|
||
* The systemd.debug_shell kernel command line option now optionally
|
||
takes a tty name to spawn the debug shell on, which allows a
|
||
different tty to be selected than the built-in default.
|
||
|
||
* Service units gained a new ExecCondition= setting which will run
|
||
before ExecStartPre= and either continue execution of the unit (for
|
||
clean exit codes), stop execution without marking the unit failed
|
||
(for exit codes 1 through 254), or stop execution and fail the unit
|
||
(for exit code 255 or abnormal termination).
|
||
|
||
* A new service systemd-pstore.service has been added that pulls data
|
||
from /sys/fs/pstore/ and saves it to /var/lib/pstore for later
|
||
review.
|
||
|
||
* timedatectl gained new verbs for configuring per-interface NTP
|
||
service configuration for systemd-timesyncd.
|
||
|
||
* "localectl list-locales" won't list non-UTF-8 locales anymore. It's
|
||
2019. (You can set non-UTF-8 locales though, if you know their name.)
|
||
|
||
* If variable assignments in sysctl.d/ files are prefixed with "-" any
|
||
failures to apply them are now ignored.
|
||
|
||
* systemd-random-seed.service now optionally credits entropy when
|
||
applying the seed to the system. Set $SYSTEMD_RANDOM_SEED_CREDIT to
|
||
true for the service to enable this behaviour, but please consult the
|
||
documentation first, since this comes with a couple of caveats.
|
||
|
||
* systemd-random-seed.service is now a synchronization point for full
|
||
initialization of the kernel's entropy pool. Services that require
|
||
/dev/urandom to be correctly initialized should be ordered after this
|
||
service.
|
||
|
||
* The systemd-boot boot loader has been updated to optionally maintain
|
||
a random seed file in the EFI System Partition (ESP). During the boot
|
||
phase, this random seed is read and updated with a new seed
|
||
cryptographically derived from it. Another derived seed is passed to
|
||
the OS. The latter seed is then credited to the kernel's entropy pool
|
||
very early during userspace initialization (from PID 1). This allows
|
||
systems to boot up with a fully initialized kernel entropy pool from
|
||
earliest boot on, and thus entirely removes all entropy pool
|
||
initialization delays from systems using systemd-boot. Special care
|
||
is taken to ensure different seeds are derived on system images
|
||
replicated to multiple systems. "bootctl status" will show whether
|
||
a seed was received from the boot loader.
|
||
|
||
* bootctl gained two new verbs:
|
||
|
||
- "bootctl random-seed" will generate the file in ESP and an EFI
|
||
variable to allow a random seed to be passed to the OS as described
|
||
above.
|
||
|
||
- "bootctl is-installed" checks whether systemd-boot is currently
|
||
installed.
|
||
|
||
* bootctl will warn if it detects that boot entries are misconfigured
|
||
(for example if the kernel image was removed without purging the
|
||
bootloader entry).
|
||
|
||
* A new document has been added describing systemd's use and support
|
||
for the kernel's entropy pool subsystem:
|
||
|
||
https://systemd.io/RANDOM_SEEDS
|
||
|
||
* When the system is hibernated the swap device to write the
|
||
hibernation image to is now automatically picked from all available
|
||
swap devices, preferring the swap device with the highest configured
|
||
priority over all others, and picking the device with the most free
|
||
space if there are multiple devices with the highest priority.
|
||
|
||
* /etc/crypttab support has learnt a new keyfile-timeout= per-device
|
||
option that permits selecting the timeout how long to wait for a
|
||
device with an encryption key before asking for the password.
|
||
|
||
* IOWeight= has learnt to properly set the IO weight when using the
|
||
BFQ scheduler officially found in kernels 5.0+.
|
||
|
||
* A new mailing list has been created for reporting of security issues:
|
||
systemd-security@redhat.com. For mode details, see
|
||
https://systemd.io/CONTRIBUTING#security-vulnerability-reports.
|
||
|
||
Contributions from: Aaron Barany, Adrian Bunk, Alan Jenkins, Albrecht
|
||
Lohofener, Andrej Valek, Anita Zhang, Arian van Putten, Balint Reczey,
|
||
Bastien Nocera, Ben Boeckel, Benjamin Robin, camoz, Chen Qi, Chris
|
||
Chiu, Chris Down, Christian Göttsche, Christian Kellner, Clinton Roy,
|
||
Connor Reeder, Daniel Black, Daniel Lublin, Daniele Medri, Dan
|
||
Streetman, Dave Reisner, Dave Ross, David Art, David Tardon, Debarshi
|
||
Ray, Dimitri John Ledkov, Dominick Grift, Donald Buczek, Douglas
|
||
Christman, Eric DeVolder, EtherGraf, Evgeny Vereshchagin, Feldwor,
|
||
Felix Riemann, Florian Dollinger, Francesco Pennica, Franck Bui,
|
||
Frantisek Sumsal, Franz Pletz, frederik, Hans de Goede, Iago López
|
||
Galeiras, Insun Pyo, Ivan Shapovalov, Iwan Timmer, Jack, Jakob
|
||
Unterwurzacher, Jan Chren, Jan Klötzke, Jan Losinski, Jan Pokorný, Jan
|
||
Synacek, Jan-Michael Brummer, Jeka Pats, Jeremy Soller, Jérémy Rosen,
|
||
Jiri Pirko, Joe Lin, Joerg Behrmann, Joe Richey, Jóhann B. Guðmundsson,
|
||
Johannes Christ, Johannes Schmitz, Jonathan Rouleau, Jorge Niedbalski,
|
||
Jörg Thalheim, Kai Krakow, Kai Lüke, Karel Zak, Kashyap Chamarthy,
|
||
Krayushkin Konstantin, Lennart Poettering, Lubomir Rintel, Luca
|
||
Boccassi, Luís Ferreira, Marc-André Lureau, Markus Felten, Martin Pitt,
|
||
Matthew Leeds, Mattias Jernberg, Michael Biebl, Michael Olbrich,
|
||
Michael Prokop, Michael Stapelberg, Michael Zhivich, Michal Koutný,
|
||
Michal Sekletar, Mike Gilbert, Milan Broz, Miroslav Lichvar, mpe85,
|
||
Mr-Foo, Network Silence, Oliver Harley, pan93412, Paul Menzel, pEJipE,
|
||
Peter A. Bigot, Philip Withnall, Piotr Drąg, Rafael Fontenelle, Robert
|
||
Scheck, Roberto Santalla, Ronan Pigott, root, RussianNeuroMancer,
|
||
Sebastian Jennen, shinygold, Shreyas Behera, Simon Schricker, Susant
|
||
Sahani, Thadeu Lima de Souza Cascardo, Theo Ouzhinski, Thiebaud
|
||
Weksteen, Thomas Haller, Thomas Weißschuh, Tomas Mraz, Tommi Rantala,
|
||
Topi Miettinen, VD-Lycos, ven, Vladimir Yerilov, Wieland Hoffmann,
|
||
William A. Kennington III, William Wold, Xi Ruoyao, Yuri Chornoivan,
|
||
Yu Watanabe, Zach Smith, Zbigniew Jędrzejewski-Szmek, Zhang Xianwei
|
||
|
||
– Camerino, 2019-09-03
|
||
|
||
CHANGES WITH 242:
|
||
|
||
* In .link files, MACAddressPolicy=persistent (the default) is changed
|
||
to cover more devices. For devices like bridges, tun, tap, bond, and
|
||
similar interfaces that do not have other identifying information,
|
||
the interface name is used as the basis for persistent seed for MAC
|
||
and IPv4LL addresses. The way that devices that were handled
|
||
previously is not changed, and this change is about covering more
|
||
devices then previously by the "persistent" policy.
|
||
|
||
MACAddressPolicy=random may be used to force randomized MACs and
|
||
IPv4LL addresses for a device if desired.
|
||
|
||
Hint: the log output from udev (at debug level) was enhanced to
|
||
clarify what policy is followed and which attributes are used.
|
||
`SYSTEMD_LOG_LEVEL=debug udevadm test-builtin net_setup_link /sys/class/net/<name>`
|
||
may be used to view this.
|
||
|
||
Hint: if a bridge interface is created without any slaves, and gains
|
||
a slave later, then now the bridge does not inherit slave's MAC.
|
||
To inherit slave's MAC, for example, create the following file:
|
||
```
|
||
# /etc/systemd/network/98-bridge-inherit-mac.link
|
||
[Match]
|
||
Type=bridge
|
||
|
||
[Link]
|
||
MACAddressPolicy=none
|
||
```
|
||
|
||
* The .device units generated by systemd-fstab-generator and other
|
||
generators do not automatically pull in the corresponding .mount unit
|
||
as a Wants= dependency. This means that simply plugging in the device
|
||
will not cause the mount unit to be started automatically. But please
|
||
note that the mount unit may be started for other reasons, in
|
||
particular if it is part of local-fs.target, and any unit which
|
||
(transitively) depends on local-fs.target is started.
|
||
|
||
* networkctl list/status/lldp now accept globbing wildcards for network
|
||
interface names to match against all existing interfaces.
|
||
|
||
* The $PIDFILE environment variable is set to point the absolute path
|
||
configured with PIDFile= for processes of that service.
|
||
|
||
* The fallback DNS server list was augmented with Cloudflare public DNS
|
||
servers. Use `-Ddns-servers=` to set a different fallback.
|
||
|
||
* A new special target usb-gadget.target will be started automatically
|
||
when a USB Device Controller is detected (which means that the system
|
||
is a USB peripheral).
|
||
|
||
* A new unit setting CPUQuotaPeriodSec= assigns the time period
|
||
relatively to which the CPU time quota specified by CPUQuota= is
|
||
measured.
|
||
|
||
* A new unit setting ProtectHostname= may be used to prevent services
|
||
from modifying hostname information (even if they otherwise would
|
||
have privileges to do so).
|
||
|
||
* A new unit setting NetworkNamespacePath= may be used to specify a
|
||
namespace for service or socket units through a path referring to a
|
||
Linux network namespace pseudo-file.
|
||
|
||
* The PrivateNetwork= setting and JoinsNamespaceOf= dependencies now
|
||
have an effect on .socket units: when used the listening socket is
|
||
created within the configured network namespace instead of the host
|
||
namespace.
|
||
|
||
* ExecStart= command lines in unit files may now be prefixed with ':'
|
||
in which case environment variable substitution is
|
||
disabled. (Supported for the other ExecXYZ= settings, too.)
|
||
|
||
* .timer units gained two new boolean settings OnClockChange= and
|
||
OnTimezoneChange= which may be used to also trigger a unit when the
|
||
system clock is changed or the local timezone is
|
||
modified. systemd-run has been updated to make these options easily
|
||
accessible from the command line for transient timers.
|
||
|
||
* Two new conditions for units have been added: ConditionMemory= may be
|
||
used to conditionalize a unit based on installed system
|
||
RAM. ConditionCPUs= may be used to conditionalize a unit based on
|
||
installed CPU cores.
|
||
|
||
* The @default system call filter group understood by SystemCallFilter=
|
||
has been updated to include the new rseq() system call introduced in
|
||
kernel 4.15.
|
||
|
||
* A new time-set.target has been added that indicates that the system
|
||
time has been set from a local source (possibly imprecise). The
|
||
existing time-sync.target is stronger and indicates that the time has
|
||
been synchronized with a precise external source. Services where
|
||
approximate time is sufficient should use the new target.
|
||
|
||
* "systemctl start" (and related commands) learnt a new
|
||
--show-transaction option. If specified brief information about all
|
||
jobs queued because of the requested operation is shown.
|
||
|
||
* systemd-networkd recognizes a new operation state 'enslaved', used
|
||
(instead of 'degraded' or 'carrier') for interfaces which form a
|
||
bridge, bond, or similar, and an new 'degraded-carrier' operational
|
||
state used for the bond or bridge master interface when one of the
|
||
enslaved devices is not operational.
|
||
|
||
* .network files learnt the new IgnoreCarrierLoss= option for leaving
|
||
networks configured even if the carrier is lost.
|
||
|
||
* The RequiredForOnline= setting in .network files may now specify a
|
||
minimum operational state required for the interface to be considered
|
||
"online" by systemd-networkd-wait-online. Related to this
|
||
systemd-networkd-wait-online gained a new option --operational-state=
|
||
to configure the same, and its --interface= option was updated to
|
||
optionally also take an operational state specific for an interface.
|
||
|
||
* systemd-networkd-wait-online gained a new setting --any for waiting
|
||
for only one of the requested interfaces instead of all of them.
|
||
|
||
* systemd-networkd now implements L2TP tunnels.
|
||
|
||
* Two new .network settings UseAutonomousPrefix= and UseOnLinkPrefix=
|
||
may be used to cause autonomous and onlink prefixes received in IPv6
|
||
Router Advertisements to be ignored.
|
||
|
||
* New MulticastFlood=, NeighborSuppression=, and Learning= .network
|
||
file settings may be used to tweak bridge behaviour.
|
||
|
||
* The new TripleSampling= option in .network files may be used to
|
||
configure CAN triple sampling.
|
||
|
||
* A new .netdev settings PrivateKeyFile= and PresharedKeyFile= may be
|
||
used to point to private or preshared key for a WireGuard interface.
|
||
|
||
* /etc/crypttab now supports the same-cpu-crypt and
|
||
submit-from-crypt-cpus options to tweak encryption work scheduling
|
||
details.
|
||
|
||
* systemd-tmpfiles will now take a BSD file lock before operating on a
|
||
contents of directory. This may be used to temporarily exclude
|
||
directories from aging by taking the same lock (useful for example
|
||
when extracting a tarball into /tmp or /var/tmp as a privileged user,
|
||
which might create files with really old timestamps, which
|
||
nevertheless should not be deleted). For further details, see:
|
||
|
||
https://systemd.io/TEMPORARY_DIRECTORIES
|
||
|
||
* systemd-tmpfiles' h line type gained support for the
|
||
FS_PROJINHERIT_FL ('P') file attribute (introduced in kernel 4.5),
|
||
controlling project quota inheritance.
|
||
|
||
* sd-boot and bootctl now implement support for an Extended Boot Loader
|
||
(XBOOTLDR) partition, that is intended to be mounted to /boot, in
|
||
addition to the ESP partition mounted to /efi or /boot/efi.
|
||
Configuration file fragments, kernels, initrds and other EFI images
|
||
to boot will be loaded from both the ESP and XBOOTLDR partitions.
|
||
The XBOOTLDR partition was previously described by the Boot Loader
|
||
Specification, but implementation was missing in sd-boot. Support for
|
||
this concept allows using the sd-boot boot loader in more
|
||
conservative scenarios where the boot loader itself is placed in the
|
||
ESP but the kernels to boot (and their metadata) in a separate
|
||
partition.
|
||
|
||
* A system may now be booted with systemd.volatile=overlay on the
|
||
kernel command line, which causes the root file system to be set up
|
||
an overlayfs mount combining the root-only root directory with a
|
||
writable tmpfs. In this setup, the underlying root device is not
|
||
modified, and any changes are lost at reboot.
|
||
|
||
* Similar, systemd-nspawn can now boot containers with a volatile
|
||
overlayfs root with the new --volatile=overlay switch.
|
||
|
||
* systemd-nspawn can now consume OCI runtime bundles using a new
|
||
--oci-bundle= option. This implementation is fully usable, with most
|
||
features in the specification implemented, but since this a lot of
|
||
new code and functionality, this feature should most likely not
|
||
be used in production yet.
|
||
|
||
* systemd-nspawn now supports various options described by the OCI
|
||
runtime specification on the command-line and in .nspawn files:
|
||
--inaccessible=/Inaccessible= may be used to mask parts of the file
|
||
system tree, --console=/--pipe may be used to configure how standard
|
||
input, output, and error are set up.
|
||
|
||
* busctl learned the `emit` verb to generate D-Bus signals.
|
||
|
||
* systemd-analyze cat-config may be used to gather and display
|
||
configuration spread over multiple files, for example system and user
|
||
presets, tmpfiles.d, sysusers.d, udev rules, etc.
|
||
|
||
* systemd-analyze calendar now takes an optional new parameter
|
||
--iterations= which may be used to show a maximum number of iterations
|
||
the specified expression will elapse next.
|
||
|
||
* The sd-bus C API gained support for naming method parameters in the
|
||
introspection data.
|
||
|
||
* systemd-logind gained D-Bus APIs to specify the "reboot parameter"
|
||
the reboot() system call expects.
|
||
|
||
* journalctl learnt a new --cursor-file= option that points to a file
|
||
from which a cursor should be loaded in the beginning and to which
|
||
the updated cursor should be stored at the end.
|
||
|
||
* ACRN hypervisor and Windows Subsystem for Linux (WSL) are now
|
||
detected by systemd-detect-virt (and may also be used in
|
||
ConditionVirtualization=).
|
||
|
||
* The behaviour of systemd-logind may now be modified with environment
|
||
variables $SYSTEMD_REBOOT_TO_FIRMWARE_SETUP,
|
||
$SYSTEMD_REBOOT_TO_BOOT_LOADER_MENU, and
|
||
$SYSTEMD_REBOOT_TO_BOOT_LOADER_ENTRY. They cause logind to either
|
||
skip the relevant operation completely (when set to false), or to
|
||
create a flag file in /run/systemd (when set to true), instead of
|
||
actually commencing the real operation when requested. The presence
|
||
of /run/systemd/reboot-to-firmware-setup,
|
||
/run/systemd/reboot-to-boot-loader-menu, and
|
||
/run/systemd/reboot-to-boot-loader-entry, may be used by alternative
|
||
boot loader implementations to replace some steps logind performs
|
||
during reboot with their own operations.
|
||
|
||
* systemctl can be used to request a reboot into the boot loader menu
|
||
or a specific boot loader entry with the new --boot-load-menu= and
|
||
--boot-loader-entry= options to a reboot command. (This requires a
|
||
boot loader that supports this, for example sd-boot.)
|
||
|
||
* kernel-install will no longer unconditionally create the output
|
||
directory (e.g. /efi/<machine-id>/<kernel-version>) for boot loader
|
||
snippets, but will do only if the machine-specific parent directory
|
||
(i.e. /efi/<machine-id>/) already exists. bootctl has been modified
|
||
to create this parent directory during sd-boot installation.
|
||
|
||
This makes it easier to use kernel-install with plugins which support
|
||
a different layout of the bootloader partitions (for example grub2).
|
||
|
||
* During package installation (with `ninja install`), we would create
|
||
symlinks for getty@tty1.service, systemd-networkd.service,
|
||
systemd-networkd.socket, systemd-resolved.service,
|
||
remote-cryptsetup.target, remote-fs.target,
|
||
systemd-networkd-wait-online.service, and systemd-timesyncd.service
|
||
in /etc, as if `systemctl enable` was called for those units, to make
|
||
the system usable immediately after installation. Now this is not
|
||
done anymore, and instead calling `systemctl preset-all` is
|
||
recommended after the first installation of systemd.
|
||
|
||
* A new boolean sandboxing option RestrictSUIDSGID= has been added that
|
||
is built on seccomp. When turned on creation of SUID/SGID files is
|
||
prohibited.
|
||
|
||
* The NoNewPrivileges= and the new RestrictSUIDSGID= options are now
|
||
implied if DynamicUser= is turned on for a service. This hardens
|
||
these services, so that they neither can benefit from nor create
|
||
SUID/SGID executables. This is a minor compatibility breakage, given
|
||
that when DynamicUser= was first introduced SUID/SGID behaviour was
|
||
unaffected. However, the security benefit of these two options is
|
||
substantial, and the setting is still relatively new, hence we opted
|
||
to make it mandatory for services with dynamic users.
|
||
|
||
Contributions from: Adam Jackson, Alexander Tsoy, Andrey Yashkin,
|
||
Andrzej Pietrasiewicz, Anita Zhang, Balint Reczey, Beniamino Galvani,
|
||
Ben Iofel, Benjamin Berg, Benjamin Dahlhoff, Chris, Chris Morin,
|
||
Christopher Wong, Claudius Ellsel, Clemens Gruber, dana, Daniel Black,
|
||
Davide Cavalca, David Michael, David Rheinsberg, emersion, Evgeny
|
||
Vereshchagin, Filipe Brandenburger, Franck Bui, Frantisek Sumsal,
|
||
Giacinto Cifelli, Hans de Goede, Hugo Kindel, Ignat Korchagin, Insun
|
||
Pyo, Jan Engelhardt, Jonas Dorel, Jonathan Lebon, Jonathon Kowalski,
|
||
Jörg Sommer, Jörg Thalheim, Jussi Pakkanen, Kai-Heng Feng, Lennart
|
||
Poettering, Lubomir Rintel, Luís Ferreira, Martin Pitt, Matthias
|
||
Klumpp, Michael Biebl, Michael Niewöhner, Michael Olbrich, Michal
|
||
Sekletar, Mike Lothian, Paul Menzel, Piotr Drąg, Riccardo Schirone,
|
||
Robin Elvedi, Roman Kulikov, Ronald Tschalär, Ross Burton, Ryan
|
||
Gonzalez, Sebastian Krzyszkowiak, Stephane Chazelas, StKob, Susant
|
||
Sahani, Sylvain Plantefève, Szabolcs Fruhwald, Taro Yamada, Theo
|
||
Ouzhinski, Thomas Haller, Tobias Jungel, Tom Yan, Tony Asleson, Topi
|
||
Miettinen, unixsysadmin, Van Laser, Vesa Jääskeläinen, Yu, Li-Yu,
|
||
Yu Watanabe, Zbigniew Jędrzejewski-Szmek
|
||
|
||
— Warsaw, 2019-04-11
|
||
|
||
CHANGES WITH 241:
|
||
|
||
* The default locale can now be configured at compile time. Otherwise,
|
||
a suitable default will be selected automatically (one of C.UTF-8,
|
||
en_US.UTF-8, and C).
|
||
|
||
* The version string shown by systemd and other tools now includes the
|
||
git commit hash when built from git. An override may be specified
|
||
during compilation, which is intended to be used by distributions to
|
||
include the package release information.
|
||
|
||
* systemd-cat can now filter standard input and standard error streams
|
||
for different syslog priorities using the new --stderr-priority=
|
||
option.
|
||
|
||
* systemd-journald and systemd-journal-remote reject entries which
|
||
contain too many fields (CVE-2018-16865) and set limits on the
|
||
process' command line length (CVE-2018-16864).
|
||
|
||
* $DBUS_SESSION_BUS_ADDRESS environment variable is set by pam_systemd
|
||
again.
|
||
|
||
* A new network device NamePolicy "keep" is implemented for link files,
|
||
and used by default in 99-default.link (the fallback configuration
|
||
provided by systemd). With this policy, if the network device name
|
||
was already set by userspace, the device will not be renamed again.
|
||
This matches the naming scheme that was implemented before
|
||
systemd-240. If naming-scheme < 240 is specified, the "keep" policy
|
||
is also enabled by default, even if not specified. Effectively, this
|
||
means that if naming-scheme >= 240 is specified, network devices will
|
||
be renamed according to the configuration, even if they have been
|
||
renamed already, if "keep" is not specified as the naming policy in
|
||
the .link file. The 99-default.link file provided by systemd includes
|
||
"keep" for backwards compatibility, but it is recommended for user
|
||
installed .link files to *not* include it.
|
||
|
||
The "kernel" policy, which keeps kernel names declared to be
|
||
"persistent", now works again as documented.
|
||
|
||
* kernel-install script now optionally takes the paths to one or more
|
||
initrd files, and passes them to all plugins.
|
||
|
||
* The mincore() system call has been dropped from the @system-service
|
||
system call filter group, as it is pretty exotic and may potentially
|
||
used for side-channel attacks.
|
||
|
||
* -fPIE is dropped from compiler and linker options. Please specify
|
||
-Db_pie=true option to meson to build position-independent
|
||
executables. Note that the meson option is supported since meson-0.49.
|
||
|
||
* The fs.protected_regular and fs.protected_fifos sysctls, which were
|
||
added in Linux 4.19 to make some data spoofing attacks harder, are
|
||
now enabled by default. While this will hopefully improve the
|
||
security of most installations, it is technically a backwards
|
||
incompatible change; to disable these sysctls again, place the
|
||
following lines in /etc/sysctl.d/60-protected.conf or a similar file:
|
||
|
||
fs.protected_regular = 0
|
||
fs.protected_fifos = 0
|
||
|
||
Note that the similar hardlink and symlink protection has been
|
||
enabled since v199, and may be disabled likewise.
|
||
|
||
* The files read from the EnvironmentFile= setting in unit files now
|
||
parse backslashes inside quotes literally, matching the behaviour of
|
||
POSIX shells.
|
||
|
||
* udevadm trigger, udevadm control, udevadm settle and udevadm monitor
|
||
now automatically become NOPs when run in a chroot() environment.
|
||
|
||
* The tmpfiles.d/ "C" line type will now copy directory trees not only
|
||
when the destination is so far missing, but also if it already exists
|
||
as a directory and is empty. This is useful to cater for systems
|
||
where directory trees are put together from multiple separate mount
|
||
points but otherwise empty.
|
||
|
||
* A new function sd_bus_close_unref() (and the associated
|
||
sd_bus_close_unrefp()) has been added to libsystemd, that combines
|
||
sd_bus_close() and sd_bus_unref() in one.
|
||
|
||
* udevadm control learnt a new option for --ping for testing whether a
|
||
systemd-udevd instance is running and reacting.
|
||
|
||
* udevadm trigger learnt a new option for --wait-daemon for waiting
|
||
systemd-udevd daemon to be initialized.
|
||
|
||
Contributions from: Aaron Plattner, Alberts Muktupāvels, Alex Mayer,
|
||
Ayman Bagabas, Beniamino Galvani, Burt P, Chris Down, Chris Lamb, Chris
|
||
Morin, Christian Hesse, Claudius Ellsel, dana, Daniel Axtens, Daniele
|
||
Medri, Dave Reisner, David Santamaría Rogado, Diego Canuhe, Dimitri
|
||
John Ledkov, Evgeny Vereshchagin, Fabrice Fontaine, Filipe
|
||
Brandenburger, Franck Bui, Frantisek Sumsal, govwin, Hans de Goede,
|
||
James Hilliard, Jan Engelhardt, Jani Uusitalo, Jan Janssen, Jan
|
||
Synacek, Jonathan McDowell, Jonathan Roemer, Jonathon Kowalski, Joost
|
||
Heitbrink, Jörg Thalheim, Lance, Lennart Poettering, Louis Taylor,
|
||
Lucas Werkmeister, Mantas Mikulėnas, Marc-Antoine Perennou,
|
||
marvelousblack, Michael Biebl, Michael Sloan, Michal Sekletar, Mike
|
||
Auty, Mike Gilbert, Mikhail Kasimov, Neil Brown, Niklas Hambüchen,
|
||
Patrick Williams, Paul Seyfert, Peter Hutterer, Philip Withnall, Roger
|
||
James, Ronnie P. Thomas, Ryan Gonzalez, Sam Morris, Stephan Edel,
|
||
Stephan Gerhold, Susant Sahani, Taro Yamada, Thomas Haller, Topi
|
||
Miettinen, YiFei Zhu, YmrDtnJu, YunQiang Su, Yu Watanabe, Zbigniew
|
||
Jędrzejewski-Szmek, zsergeant77, Дамјан Георгиевски
|
||
|
||
— Berlin, 2019-02-14
|
||
|
||
CHANGES WITH 240:
|
||
|
||
* NoNewPrivileges=yes has been set for all long-running services
|
||
implemented by systemd. Previously, this was problematic due to
|
||
SELinux (as this would also prohibit the transition from PID1's label
|
||
to the service's label). This restriction has since been lifted, but
|
||
an SELinux policy update is required.
|
||
(See e.g. https://github.com/fedora-selinux/selinux-policy/pull/234.)
|
||
|
||
* DynamicUser=yes is dropped from systemd-networkd.service,
|
||
systemd-resolved.service and systemd-timesyncd.service, which was
|
||
enabled in v239 for systemd-networkd.service and systemd-resolved.service,
|
||
and since v236 for systemd-timesyncd.service. The users and groups
|
||
systemd-network, systemd-resolve and systemd-timesync are created
|
||
by systemd-sysusers again. Distributors or system administrators
|
||
may need to create these users and groups if they not exist (or need
|
||
to re-enable DynamicUser= for those units) while upgrading systemd.
|
||
Also, the clock file for systemd-timesyncd may need to move from
|
||
/var/lib/private/systemd/timesync/clock to /var/lib/systemd/timesync/clock.
|
||
|
||
* When unit files are loaded from disk, previously systemd would
|
||
sometimes (depending on the unit loading order) load units from the
|
||
target path of symlinks in .wants/ or .requires/ directories of other
|
||
units. This meant that unit could be loaded from different paths
|
||
depending on whether the unit was requested explicitly or as a
|
||
dependency of another unit, not honouring the priority of directories
|
||
in search path. It also meant that it was possible to successfully
|
||
load and start units which are not found in the unit search path, as
|
||
long as they were requested as a dependency and linked to from
|
||
.wants/ or .requires/. The target paths of those symlinks are not
|
||
used for loading units anymore and the unit file must be found in
|
||
the search path.
|
||
|
||
* A new service type has been added: Type=exec. It's very similar to
|
||
Type=simple but ensures the service manager will wait for both fork()
|
||
and execve() of the main service binary to complete before proceeding
|
||
with follow-up units. This is primarily useful so that the manager
|
||
propagates any errors in the preparation phase of service execution
|
||
back to the job that requested the unit to be started. For example,
|
||
consider a service that has ExecStart= set to a file system binary
|
||
that doesn't exist. With Type=simple starting the unit would be
|
||
considered instantly successful, as only fork() has to complete
|
||
successfully and the manager does not wait for execve(), and hence
|
||
its failure is seen "too late". With the new Type=exec service type
|
||
starting the unit will fail, as the manager will wait for the
|
||
execve() and notice its failure, which is then propagated back to the
|
||
start job.
|
||
|
||
NOTE: with the next release 241 of systemd we intend to change the
|
||
systemd-run tool to default to Type=exec for transient services
|
||
started by it. This should be mostly safe, but in specific corner
|
||
cases might result in problems, as the systemd-run tool will then
|
||
block on NSS calls (such as user name look-ups due to User=) done
|
||
between the fork() and execve(), which under specific circumstances
|
||
might cause problems. It is recommended to specify "-p Type=simple"
|
||
explicitly in the few cases where this applies. For regular,
|
||
non-transient services (i.e. those defined with unit files on disk)
|
||
we will continue to default to Type=simple.
|
||
|
||
* The Linux kernel's current default RLIMIT_NOFILE resource limit for
|
||
userspace processes is set to 1024 (soft) and 4096
|
||
(hard). Previously, systemd passed this on unmodified to all
|
||
processes it forked off. With this systemd release the hard limit
|
||
systemd passes on is increased to 512K, overriding the kernel's
|
||
defaults and substantially increasing the number of simultaneous file
|
||
descriptors unprivileged userspace processes can allocate. Note that
|
||
the soft limit remains at 1024 for compatibility reasons: the
|
||
traditional UNIX select() call cannot deal with file descriptors >=
|
||
1024 and increasing the soft limit globally might thus result in
|
||
programs unexpectedly allocating a high file descriptor and thus
|
||
failing abnormally when attempting to use it with select() (of
|
||
course, programs shouldn't use select() anymore, and prefer
|
||
poll()/epoll, but the call unfortunately remains undeservedly popular
|
||
at this time). This change reflects the fact that file descriptor
|
||
handling in the Linux kernel has been optimized in more recent
|
||
kernels and allocating large numbers of them should be much cheaper
|
||
both in memory and in performance than it used to be. Programs that
|
||
want to take benefit of the increased limit have to "opt-in" into
|
||
high file descriptors explicitly by raising their soft limit. Of
|
||
course, when they do that they must acknowledge that they cannot use
|
||
select() anymore (and neither can any shared library they use — or
|
||
any shared library used by any shared library they use and so on).
|
||
Which default hard limit is most appropriate is of course hard to
|
||
decide. However, given reports that ~300K file descriptors are used
|
||
in real-life applications we believe 512K is sufficiently high as new
|
||
default for now. Note that there are also reports that using very
|
||
high hard limits (e.g. 1G) is problematic: some software allocates
|
||
large arrays with one element for each potential file descriptor
|
||
(Java, …) — a high hard limit thus triggers excessively large memory
|
||
allocations in these applications. Hopefully, the new default of 512K
|
||
is a good middle ground: higher than what real-life applications
|
||
currently need, and low enough for avoid triggering excessively large
|
||
allocations in problematic software. (And yes, somebody should fix
|
||
Java.)
|
||
|
||
* The fs.nr_open and fs.file-max sysctls are now automatically bumped
|
||
to the highest possible values, as separate accounting of file
|
||
descriptors is no longer necessary, as memcg tracks them correctly as
|
||
part of the memory accounting anyway. Thus, from the four limits on
|
||
file descriptors currently enforced (fs.file-max, fs.nr_open,
|
||
RLIMIT_NOFILE hard, RLIMIT_NOFILE soft) we turn off the first two,
|
||
and keep only the latter two. A set of build-time options
|
||
(-Dbump-proc-sys-fs-file-max=false and -Dbump-proc-sys-fs-nr-open=false)
|
||
has been added to revert this change in behaviour, which might be
|
||
an option for systems that turn off memcg in the kernel.
|
||
|
||
* When no /etc/locale.conf file exists (and hence no locale settings
|
||
are in place), systemd will now use the "C.UTF-8" locale by default,
|
||
and set LANG= to it. This locale is supported by various
|
||
distributions including Fedora, with clear indications that upstream
|
||
glibc is going to make it available too. This locale enables UTF-8
|
||
mode by default, which appears appropriate for 2018.
|
||
|
||
* The "net.ipv4.conf.all.rp_filter" sysctl will now be set to 2 by
|
||
default. This effectively switches the RFC3704 Reverse Path filtering
|
||
from Strict mode to Loose mode. This is more appropriate for hosts
|
||
that have multiple links with routes to the same networks (e.g.
|
||
a client with a Wi-Fi and Ethernet both connected to the internet).
|
||
|
||
Consult the kernel documentation for details on this sysctl:
|
||
https://docs.kernel.org/networking/ip-sysctl.html
|
||
|
||
* The v239 change to turn on "net.ipv4.tcp_ecn" by default has been
|
||
reverted.
|
||
|
||
* CPUAccounting=yes no longer enables the CPU controller when using
|
||
kernel 4.15+ and the unified cgroup hierarchy, as required accounting
|
||
statistics are now provided independently from the CPU controller.
|
||
|
||
* Support for disabling a particular cgroup controller within a sub-tree
|
||
has been added through the DisableControllers= directive.
|
||
|
||
* cgroup_no_v1=all on the kernel command line now also implies
|
||
using the unified cgroup hierarchy, unless one explicitly passes
|
||
systemd.unified_cgroup_hierarchy=0 on the kernel command line.
|
||
|
||
* The new "MemoryMin=" unit file property may now be used to set the
|
||
memory usage protection limit of processes invoked by the unit. This
|
||
controls the cgroup v2 memory.min attribute. Similarly, the new
|
||
"IODeviceLatencyTargetSec=" property has been added, wrapping the new
|
||
cgroup v2 io.latency cgroup property for configuring per-service I/O
|
||
latency.
|
||
|
||
* systemd now supports the cgroup v2 devices BPF logic, as counterpart
|
||
to the cgroup v1 "devices" cgroup controller.
|
||
|
||
* systemd-escape now is able to combine --unescape with --template. It
|
||
also learnt a new option --instance for extracting and unescaping the
|
||
instance part of a unit name.
|
||
|
||
* sd-bus now provides the sd_bus_message_readv() which is similar to
|
||
sd_bus_message_read() but takes a va_list object. The pair
|
||
sd_bus_set_method_call_timeout() and sd_bus_get_method_call_timeout()
|
||
has been added for configuring the default method call timeout to
|
||
use. sd_bus_error_move() may be used to efficiently move the contents
|
||
from one sd_bus_error structure to another, invalidating the
|
||
source. sd_bus_set_close_on_exit() and sd_bus_get_close_on_exit() may
|
||
be used to control whether a bus connection object is automatically
|
||
flushed when an sd-event loop is exited.
|
||
|
||
* When processing classic BSD syslog log messages, journald will now
|
||
save the original time-stamp string supplied in the new
|
||
SYSLOG_TIMESTAMP= journal field. This permits consumers to
|
||
reconstruct the original BSD syslog message more correctly.
|
||
|
||
* StandardOutput=/StandardError= in service files gained support for
|
||
new "append:…" parameters, for connecting STDOUT/STDERR of a service
|
||
to a file, and appending to it.
|
||
|
||
* The signal to use as last step of killing of unit processes is now
|
||
configurable. Previously it was hard-coded to SIGKILL, which may now
|
||
be overridden with the new KillSignal= setting. Note that this is the
|
||
signal used when regular termination (i.e. SIGTERM) does not suffice.
|
||
Similarly, the signal used when aborting a program in case of a
|
||
watchdog timeout may now be configured too (WatchdogSignal=).
|
||
|
||
* The XDG_SESSION_DESKTOP environment variable may now be configured in
|
||
the pam_systemd argument line, using the new desktop= switch. This is
|
||
useful to initialize it properly from a display manager without
|
||
having to touch C code.
|
||
|
||
* Most configuration options that previously accepted percentage values
|
||
now also accept permille values with the '‰' suffix (instead of '%').
|
||
|
||
* systemd-resolved may now optionally use OpenSSL instead of GnuTLS for
|
||
DNS-over-TLS.
|
||
|
||
* systemd-resolved's configuration file resolved.conf gained a new
|
||
option ReadEtcHosts= which may be used to turn off processing and
|
||
honoring /etc/hosts entries.
|
||
|
||
* The "--wait" switch may now be passed to "systemctl
|
||
is-system-running", in which case the tool will synchronously wait
|
||
until the system finished start-up.
|
||
|
||
* hostnamed gained a new bus call to determine the DMI product UUID.
|
||
|
||
* On x86-64 systemd will now prefer using the RDRAND processor
|
||
instruction over /dev/urandom whenever it requires randomness that
|
||
neither has to be crypto-grade nor should be reproducible. This
|
||
should substantially reduce the amount of entropy systemd requests
|
||
from the kernel during initialization on such systems, though not
|
||
reduce it to zero. (Why not zero? systemd still needs to allocate
|
||
UUIDs and such uniquely, which require high-quality randomness.)
|
||
|
||
* networkd gained support for Foo-Over-UDP, ERSPAN and ISATAP
|
||
tunnels. It also gained a new option ForceDHCPv6PDOtherInformation=
|
||
for forcing the "Other Information" bit in IPv6 RA messages. The
|
||
bonding logic gained four new options AdActorSystemPriority=,
|
||
AdUserPortKey=, AdActorSystem= for configuring various 802.3ad
|
||
aspects, and DynamicTransmitLoadBalancing= for enabling dynamic
|
||
shuffling of flows. The tunnel logic gained a new
|
||
IPv6RapidDeploymentPrefix= option for configuring IPv6 Rapid
|
||
Deployment. The policy rule logic gained four new options IPProtocol=,
|
||
SourcePort= and DestinationPort=, InvertRule=. The bridge logic gained
|
||
support for the MulticastToUnicast= option. networkd also gained
|
||
support for configuring static IPv4 ARP or IPv6 neighbor entries.
|
||
|
||
* .preset files (as read by 'systemctl preset') may now be used to
|
||
instantiate services.
|
||
|
||
* /etc/crypttab now understands the sector-size= option to configure
|
||
the sector size for an encrypted partition.
|
||
|
||
* Key material for encrypted disks may now be placed on a formatted
|
||
medium, and referenced from /etc/crypttab by the UUID of the file
|
||
system, followed by "=" suffixed by the path to the key file.
|
||
|
||
* The "collect" udev component has been removed without replacement, as
|
||
it is neither used nor maintained.
|
||
|
||
* When the RuntimeDirectory=, StateDirectory=, CacheDirectory=,
|
||
LogsDirectory=, ConfigurationDirectory= settings are used in a
|
||
service the executed processes will now receive a set of environment
|
||
variables containing the full paths of these directories.
|
||
Specifically, RUNTIME_DIRECTORY=, STATE_DIRECTORY, CACHE_DIRECTORY,
|
||
LOGS_DIRECTORY, CONFIGURATION_DIRECTORY are now set if these options
|
||
are used. Note that these options may be used multiple times per
|
||
service in which case the resulting paths will be concatenated and
|
||
separated by colons.
|
||
|
||
* Predictable interface naming has been extended to cover InfiniBand
|
||
NICs. They will be exposed with an "ib" prefix.
|
||
|
||
* tmpfiles.d/ line types may now be suffixed with a '-' character, in
|
||
which case the respective line failing is ignored.
|
||
|
||
* .link files may now be used to configure the equivalent to the
|
||
"ethtool advertise" commands.
|
||
|
||
* The sd-device.h and sd-hwdb.h APIs are now exported, as an
|
||
alternative to libudev.h. Previously, the latter was just an internal
|
||
wrapper around the former, but now these two APIs are exposed
|
||
directly.
|
||
|
||
* sd-id128.h gained a new function sd_id128_get_boot_app_specific()
|
||
which calculates an app-specific boot ID similar to how
|
||
sd_id128_get_machine_app_specific() generates an app-specific machine
|
||
ID.
|
||
|
||
* A new tool systemd-id128 has been added that can be used to determine
|
||
and generate various 128-bit IDs.
|
||
|
||
* /etc/os-release gained two new standardized fields DOCUMENTATION_URL=
|
||
and LOGO=.
|
||
|
||
* systemd-hibernate-resume-generator will now honor the "noresume"
|
||
kernel command line option, in which case it will bypass resuming
|
||
from any hibernated image.
|
||
|
||
* The systemd-sleep.conf configuration file gained new options
|
||
AllowSuspend=, AllowHibernation=, AllowSuspendThenHibernate=,
|
||
AllowHybridSleep= for prohibiting specific sleep modes even if the
|
||
kernel exports them.
|
||
|
||
* portablectl is now officially supported and has thus moved to
|
||
/usr/bin/.
|
||
|
||
* bootctl learnt the two new commands "set-default" and "set-oneshot"
|
||
for setting the default boot loader item to boot to (either
|
||
persistently or only for the next boot). This is currently only
|
||
compatible with sd-boot, but may be implemented on other boot loaders
|
||
too, that follow the boot loader interface. The updated interface is
|
||
now documented here:
|
||
|
||
https://systemd.io/BOOT_LOADER_INTERFACE
|
||
|
||
* A new kernel command line option systemd.early_core_pattern= is now
|
||
understood which may be used to influence the core_pattern PID 1
|
||
installs during early boot.
|
||
|
||
* busctl learnt two new options -j and --json= for outputting method
|
||
call replies, properties and monitoring output in JSON.
|
||
|
||
* journalctl's JSON output now supports simple ANSI coloring as well as
|
||
a new "json-seq" mode for generating RFC7464 output.
|
||
|
||
* Unit files now support the %g/%G specifiers that resolve to the UNIX
|
||
group/GID of the service manager runs as, similar to the existing
|
||
%u/%U specifiers that resolve to the UNIX user/UID.
|
||
|
||
* systemd-logind learnt a new global configuration option
|
||
UserStopDelaySec= that may be set in logind.conf. It specifies how
|
||
long the systemd --user instance shall remain started after a user
|
||
logs out. This is useful to speed up repetitive re-connections of the
|
||
same user, as it means the user's service manager doesn't have to be
|
||
stopped/restarted on each iteration, but can be reused between
|
||
subsequent options. This setting defaults to 10s. systemd-logind also
|
||
exports two new properties on its Manager D-Bus objects indicating
|
||
whether the system's lid is currently closed, and whether the system
|
||
is on AC power.
|
||
|
||
* systemd gained support for a generic boot counting logic, which
|
||
generically permits automatic reverting to older boot loader entries
|
||
if newer updated ones don't work. The boot loader side is implemented
|
||
in sd-boot, but is kept open for other boot loaders too. For details
|
||
see:
|
||
|
||
https://systemd.io/AUTOMATIC_BOOT_ASSESSMENT
|
||
|
||
* The SuccessAction=/FailureAction= unit file settings now learnt two
|
||
new parameters: "exit" and "exit-force", which result in immediate
|
||
exiting of the service manager, and are only useful in systemd --user
|
||
and container environments.
|
||
|
||
* Unit files gained support for a pair of options
|
||
FailureActionExitStatus=/SuccessActionExitStatus= for configuring the
|
||
exit status to use as service manager exit status when
|
||
SuccessAction=/FailureAction= is set to exit or exit-force.
|
||
|
||
* A pair of LogRateLimitIntervalSec=/LogRateLimitBurst= per-service
|
||
options may now be used to configure the log rate limiting applied by
|
||
journald per-service.
|
||
|
||
* systemd-analyze gained a new verb "timespan" for parsing and
|
||
normalizing time span values (i.e. strings like "5min 7s 8us").
|
||
|
||
* systemd-analyze also gained a new verb "security" for analyzing the
|
||
security and sand-boxing settings of services in order to determine an
|
||
"exposure level" for them, indicating whether a service would benefit
|
||
from more sand-boxing options turned on for them.
|
||
|
||
* "systemd-analyze syscall-filter" will now also show system calls
|
||
supported by the local kernel but not included in any of the defined
|
||
groups.
|
||
|
||
* .nspawn files now understand the Ephemeral= setting, matching the
|
||
--ephemeral command line switch.
|
||
|
||
* sd-event gained the new APIs sd_event_source_get_floating() and
|
||
sd_event_source_set_floating() for controlling whether a specific
|
||
event source is "floating", i.e. destroyed along with the even loop
|
||
object itself.
|
||
|
||
* Unit objects on D-Bus gained a new "Refs" property that lists all
|
||
clients that currently have a reference on the unit (to ensure it is
|
||
not unloaded).
|
||
|
||
* The JoinControllers= option in system.conf is no longer supported, as
|
||
it didn't work correctly, is hard to support properly, is legacy (as
|
||
the concept only exists on cgroup v1) and apparently wasn't used.
|
||
|
||
* Journal messages that are generated whenever a unit enters the failed
|
||
state are now tagged with a unique MESSAGE_ID. Similarly, messages
|
||
generated whenever a service process exits are now made recognizable,
|
||
too. A tagged message is also emitted whenever a unit enters the
|
||
"dead" state on success.
|
||
|
||
* systemd-run gained a new switch --working-directory= for configuring
|
||
the working directory of the service to start. A shortcut -d is
|
||
equivalent, setting the working directory of the service to the
|
||
current working directory of the invoking program. The new --shell
|
||
(or just -S) option has been added for invoking the $SHELL of the
|
||
caller as a service, and implies --pty --same-dir --wait --collect
|
||
--service-type=exec. Or in other words, "systemd-run -S" is now the
|
||
quickest way to quickly get an interactive in a fully clean and
|
||
well-defined system service context.
|
||
|
||
* machinectl gained a new verb "import-fs" for importing an OS tree
|
||
from a directory. Moreover, when a directory or tarball is imported
|
||
and single top-level directory found with the OS itself below the OS
|
||
tree is automatically mangled and moved one level up.
|
||
|
||
* systemd-importd will no longer set up an implicit btrfs loop-back
|
||
file system on /var/lib/machines. If one is already set up, it will
|
||
continue to be used.
|
||
|
||
* A new generator "systemd-run-generator" has been added. It will
|
||
synthesize a unit from one or more program command lines included in
|
||
the kernel command line. This is very useful in container managers
|
||
for example:
|
||
|
||
# systemd-nspawn -i someimage.raw -b systemd.run='"some command line"'
|
||
|
||
This will run "systemd-nspawn" on an image, invoke the specified
|
||
command line and immediately shut down the container again, returning
|
||
the command line's exit code.
|
||
|
||
* The block device locking logic is now documented:
|
||
|
||
https://systemd.io/BLOCK_DEVICE_LOCKING
|
||
|
||
* loginctl and machinectl now optionally output the various tables in
|
||
JSON using the --output= switch. It is our intention to add similar
|
||
support to systemctl and all other commands.
|
||
|
||
* udevadm's query and trigger verb now optionally take a .device unit
|
||
name as argument.
|
||
|
||
* systemd-udevd's network naming logic now understands a new
|
||
net.naming_scheme= kernel command line switch, which may be used to
|
||
pick a specific version of the naming scheme. This helps stabilizing
|
||
interface names even as systemd/udev are updated and the naming logic
|
||
is improved.
|
||
|
||
* sd-id128.h learnt two new auxiliary helpers: sd_id128_is_allf() and
|
||
SD_ID128_ALLF to test if a 128-bit ID is set to all 0xFF bytes, and to
|
||
initialize one to all 0xFF.
|
||
|
||
* After loading the SELinux policy systemd will now recursively relabel
|
||
all files and directories listed in
|
||
/run/systemd/relabel-extra.d/*.relabel (which should be simple
|
||
newline separated lists of paths) in addition to the ones it already
|
||
implicitly relabels in /run, /dev and /sys. After the relabelling is
|
||
completed the *.relabel files (and /run/systemd/relabel-extra.d/) are
|
||
removed. This is useful to permit initrds (i.e. code running before
|
||
the SELinux policy is in effect) to generate files in the host
|
||
filesystem safely and ensure that the correct label is applied during
|
||
the transition to the host OS.
|
||
|
||
* KERNEL API BREAKAGE: Linux kernel 4.18 changed behaviour regarding
|
||
mknod() handling in user namespaces. Previously mknod() would always
|
||
fail with EPERM in user namespaces. Since 4.18 mknod() will succeed
|
||
but device nodes generated that way cannot be opened, and attempts to
|
||
open them result in EPERM. This breaks the "graceful fallback" logic
|
||
in systemd's PrivateDevices= sand-boxing option. This option is
|
||
implemented defensively, so that when systemd detects it runs in a
|
||
restricted environment (such as a user namespace, or an environment
|
||
where mknod() is blocked through seccomp or absence of CAP_SYS_MKNOD)
|
||
where device nodes cannot be created the effect of PrivateDevices= is
|
||
bypassed (following the logic that 2nd-level sand-boxing is not
|
||
essential if the system systemd runs in is itself already sand-boxed
|
||
as a whole). This logic breaks with 4.18 in container managers where
|
||
user namespacing is used: suddenly PrivateDevices= succeeds setting
|
||
up a private /dev/ file system containing devices nodes — but when
|
||
these are opened they don't work.
|
||
|
||
At this point it is recommended that container managers utilizing
|
||
user namespaces that intend to run systemd in the payload explicitly
|
||
block mknod() with seccomp or similar, so that the graceful fallback
|
||
logic works again.
|
||
|
||
We are very sorry for the breakage and the requirement to change
|
||
container configurations for newer kernels. It's purely caused by an
|
||
incompatible kernel change. The relevant kernel developers have been
|
||
notified about this userspace breakage quickly, but they chose to
|
||
ignore it.
|
||
|
||
* PermissionsStartOnly= setting is deprecated (but is still supported
|
||
for backwards compatibility). The same functionality is provided by
|
||
the more flexible "+", "!", and "!!" prefixes to ExecStart= and other
|
||
commands.
|
||
|
||
* $DBUS_SESSION_BUS_ADDRESS environment variable is not set by
|
||
pam_systemd anymore.
|
||
|
||
* The naming scheme for network devices was changed to always rename
|
||
devices, even if they were already renamed by userspace. The "kernel"
|
||
policy was changed to only apply as a fallback, if no other naming
|
||
policy took effect.
|
||
|
||
* The requirements to build systemd is bumped to meson-0.46 and
|
||
python-3.5.
|
||
|
||
Contributions from: afg, Alan Jenkins, Aleksei Timofeyev, Alexander
|
||
Filippov, Alexander Kurtz, Alexey Bogdanenko, Andreas Henriksson,
|
||
Andrew Jorgensen, Anita Zhang, apnix-uk, Arkan49, Arseny Maslennikov,
|
||
asavah, Asbjørn Apeland, aszlig, Bastien Nocera, Ben Boeckel, Benedikt
|
||
Morbach, Benjamin Berg, Bruce Zhang, Carlo Caione, Cedric Viou, Chen
|
||
Qi, Chris Chiu, Chris Down, Chris Morin, Christian Rebischke, Claudius
|
||
Ellsel, Colin Guthrie, dana, Daniel, Daniele Medri, Daniel Kahn
|
||
Gillmor, Daniel Rusek, Daniel van Vugt, Dariusz Gadomski, Dave Reisner,
|
||
David Anderson, Davide Cavalca, David Leeds, David Malcolm, David
|
||
Strauss, David Tardon, Dimitri John Ledkov, Dmitry Torokhov, dj-kaktus,
|
||
Dongsu Park, Elias Probst, Emil Soleyman, Erik Kooistra, Ervin Peters,
|
||
Evgeni Golov, Evgeny Vereshchagin, Fabrice Fontaine, Faheel Ahmad,
|
||
Faizal Luthfi, Felix Yan, Filipe Brandenburger, Franck Bui, Frank
|
||
Schaefer, Frantisek Sumsal, Gautier Husson, Gianluca Boiano, Giuseppe
|
||
Scrivano, glitsj16, Hans de Goede, Harald Hoyer, Harry Mallon, Harshit
|
||
Jain, Helmut Grohne, Henry Tung, Hui Yiqun, imayoda, Insun Pyo, Iwan
|
||
Timmer, Jan Janssen, Jan Pokorný, Jan Synacek, Jason A. Donenfeld,
|
||
javitoom, Jérémy Nouhaud, Jeremy Su, Jiuyang Liu, João Paulo Rechi
|
||
Vita, Joe Hershberger, Joe Rayhawk, Joerg Behrmann, Joerg Steffens,
|
||
Jonas Dorel, Jon Ringle, Josh Soref, Julian Andres Klode, Jun Bo Bi,
|
||
Jürg Billeter, Keith Busch, Khem Raj, Kirill Marinushkin, Larry
|
||
Bernstone, Lennart Poettering, Lion Yang, Li Song, Lorenz
|
||
Hübschle-Schneider, Lubomir Rintel, Lucas Werkmeister, Ludwin Janvier,
|
||
Lukáš Nykrýn, Luke Shumaker, mal, Marc-Antoine Perennou, Marcin
|
||
Skarbek, Marco Trevisan (Treviño), Marian Cepok, Mario Hros, Marko
|
||
Myllynen, Markus Grimm, Martin Pitt, Martin Sobotka, Martin Wilck,
|
||
Mathieu Trudel-Lapierre, Matthew Leeds, Michael Biebl, Michael Olbrich,
|
||
Michael 'pbone' Pobega, Michael Scherer, Michal Koutný, Michal
|
||
Sekletar, Michal Soltys, Mike Gilbert, Mike Palmer, Muhammet Kara, Neal
|
||
Gompa, Neil Brown, Network Silence, Niklas Tibbling, Nikolas Nyby,
|
||
Nogisaka Sadata, Oliver Smith, Patrik Flykt, Pavel Hrdina, Paweł
|
||
Szewczyk, Peter Hutterer, Piotr Drąg, Ray Strode, Reinhold Mueller,
|
||
Renaud Métrich, Roman Gushchin, Ronny Chevalier, Rubén Suárez Alvarez,
|
||
Ruixin Bao, RussianNeuroMancer, Ryutaroh Matsumoto, Saleem Rashid, Sam
|
||
Morris, Samuel Morris, Sandy Carter, scootergrisen, Sébastien Bacher,
|
||
Sergey Ptashnick, Shawn Landden, Shengyao Xue, Shih-Yuan Lee
|
||
(FourDollars), Silvio Knizek, Sjoerd Simons, Stasiek Michalski, Stephen
|
||
Gallagher, Steven Allen, Steve Ramage, Susant Sahani, Sven Joachim,
|
||
Sylvain Plantefève, Tanu Kaskinen, Tejun Heo, Thiago Macieira, Thomas
|
||
Blume, Thomas Haller, Thomas H. P. Andersen, Tim Ruffing, TJ, Tobias
|
||
Jungel, Todd Walton, Tommi Rantala, Tomsod M, Tony Novak, Tore
|
||
Anderson, Trevonn, Victor Laskurain, Victor Tapia, Violet Halo, Vojtech
|
||
Trefny, welaq, William A. Kennington III, William Douglas, Wyatt Ward,
|
||
Xiang Fan, Xi Ruoyao, Xuanwo, Yann E. Morin, YmrDtnJu, Yu Watanabe,
|
||
Zbigniew Jędrzejewski-Szmek, Zhang Xianwei, Zsolt Dollenstein
|
||
|
||
— Warsaw, 2018-12-21
|
||
|
||
CHANGES WITH 239:
|
||
|
||
* NETWORK INTERFACE DEVICE NAMING CHANGES: systemd-udevd's "net_id"
|
||
builtin will name network interfaces differently than in previous
|
||
versions for virtual network interfaces created with SR-IOV and NPAR
|
||
and for devices where the PCI network controller device does not have
|
||
a slot number associated.
|
||
|
||
SR-IOV virtual devices are now named based on the name of the parent
|
||
interface, with a suffix of "v<N>", where <N> is the virtual device
|
||
number. Previously those virtual devices were named as if completely
|
||
independent.
|
||
|
||
The ninth and later NPAR virtual devices will be named following the
|
||
scheme used for the first eight NPAR partitions. Previously those
|
||
devices were not renamed and the kernel default (eth<n>) was used.
|
||
|
||
"net_id" will also generate names for PCI devices where the PCI
|
||
network controller device does not have an associated slot number
|
||
itself, but one of its parents does. Previously those devices were
|
||
not renamed and the kernel default (eth<n>) was used.
|
||
|
||
* AF_INET and AF_INET6 are dropped from RestrictAddressFamilies= in
|
||
systemd-logind.service. Since v235, IPAddressDeny=any has been set to
|
||
the unit. So, it is expected that the default behavior of
|
||
systemd-logind is not changed. However, if distribution packagers or
|
||
administrators disabled or modified IPAddressDeny= setting by a
|
||
drop-in config file, then it may be necessary to update the file to
|
||
re-enable AF_INET and AF_INET6 to support network user name services,
|
||
e.g. NIS.
|
||
|
||
* When the RestrictNamespaces= unit property is specified multiple
|
||
times, then the specified types are merged now. Previously, only the
|
||
last assignment was used. So, if distribution packagers or
|
||
administrators modified the setting by a drop-in config file, then it
|
||
may be necessary to update the file.
|
||
|
||
* When OnFailure= is used in combination with Restart= on a service
|
||
unit, then the specified units will no longer be triggered on
|
||
failures that result in restarting. Previously, the specified units
|
||
would be activated each time the unit failed, even when the unit was
|
||
going to be restarted automatically. This behaviour contradicted the
|
||
documentation. With this release the code is adjusted to match the
|
||
documentation.
|
||
|
||
* systemd-tmpfiles will now print a notice whenever it encounters
|
||
tmpfiles.d/ lines referencing the /var/run/ directory. It will
|
||
recommend reworking them to use the /run/ directory instead (for
|
||
which /var/run/ is simply a symlinked compatibility alias). This way
|
||
systemd-tmpfiles can properly detect line conflicts and merge lines
|
||
referencing the same file by two paths, without having to access
|
||
them.
|
||
|
||
* systemctl disable/unmask/preset/preset-all cannot be used with
|
||
--runtime. Previously this was allowed, but resulted in unintuitive
|
||
behaviour that wasn't useful. systemctl disable/unmask will now undo
|
||
both runtime and persistent enablement/masking, i.e. it will remove
|
||
any relevant symlinks both in /run and /etc.
|
||
|
||
* Note that all long-running system services shipped with systemd will
|
||
now default to a system call allow list (rather than a deny list, as
|
||
before). In particular, systemd-udevd will now enforce one too. For
|
||
most cases this should be safe, however downstream distributions
|
||
which disabled sandboxing of systemd-udevd (specifically the
|
||
MountFlags= setting), might want to disable this security feature
|
||
too, as the default allow-listing will prohibit all mount, swap,
|
||
reboot and clock changing operations from udev rules.
|
||
|
||
* sd-boot acquired new loader configuration settings to optionally turn
|
||
off Windows and MacOS boot partition discovery as well as
|
||
reboot-into-firmware menu items. It is also able to pick a better
|
||
screen resolution for HiDPI systems, and now provides loader
|
||
configuration settings to change the resolution explicitly.
|
||
|
||
* systemd-resolved now supports DNS-over-TLS. It's still
|
||
turned off by default, use DNSOverTLS=opportunistic to turn it on in
|
||
resolved.conf. We intend to make this the default as soon as couple
|
||
of additional techniques for optimizing the initial latency caused by
|
||
establishing a TLS/TCP connection are implemented.
|
||
|
||
* systemd-resolved.service and systemd-networkd.service now set
|
||
DynamicUser=yes. The users systemd-resolve and systemd-network are
|
||
not created by systemd-sysusers anymore.
|
||
|
||
NOTE: This has a chance of breaking nss-ldap and similar NSS modules
|
||
that embed a network facing module into any process using getpwuid()
|
||
or related call: the dynamic allocation of the user ID for
|
||
systemd-resolved.service means the service manager has to check NSS
|
||
if the user name is already taken when forking off the service. Since
|
||
the user in the common case won't be defined in /etc/passwd the
|
||
lookup is likely to trigger nss-ldap which in turn might use NSS to
|
||
ask systemd-resolved for hostname lookups. This will hence result in
|
||
a deadlock: a user name lookup in order to start
|
||
systemd-resolved.service will result in a hostname lookup for which
|
||
systemd-resolved.service needs to be started already. There are
|
||
multiple ways to work around this problem: pre-allocate the
|
||
"systemd-resolve" user on such systems, so that nss-ldap won't be
|
||
triggered; or use a different NSS package that doesn't do networking
|
||
in-process but provides a local asynchronous name cache; or configure
|
||
the NSS package to avoid lookups for UIDs in the range `pkg-config
|
||
systemd --variable=dynamicuidmin` … `pkg-config systemd
|
||
--variable=dynamicuidmax`, so that it does not consider itself
|
||
authoritative for the same UID range systemd allocates dynamic users
|
||
from.
|
||
|
||
* The systemd-resolve tool has been renamed to resolvectl (it also
|
||
remains available under the old name, for compatibility), and its
|
||
interface is now verb-based, similar in style to the other <xyz>ctl
|
||
tools, such as systemctl or loginctl.
|
||
|
||
* The resolvectl/systemd-resolve tool also provides 'resolvconf'
|
||
compatibility. It may be symlinked under the 'resolvconf' name, in
|
||
which case it will take arguments and input compatible with the
|
||
Debian and FreeBSD resolvconf tool.
|
||
|
||
* Support for suspend-then-hibernate has been added, i.e. a sleep mode
|
||
where the system initially suspends, and after a timeout resumes and
|
||
hibernates again.
|
||
|
||
* networkd's ClientIdentifier= now accepts a new option "duid-only". If
|
||
set the client will only send a DUID as client identifier. (EDIT: the
|
||
option was broken, and was dropped in v255.)
|
||
|
||
* The nss-systemd glibc NSS module will now enumerate dynamic users and
|
||
groups in effect. Previously, it could resolve UIDs/GIDs to user
|
||
names/groups and vice versa, but did not support enumeration.
|
||
|
||
* journald's Compress= configuration setting now optionally accepts a
|
||
byte threshold value. All journal objects larger than this threshold
|
||
will be compressed, smaller ones will not. Previously this threshold
|
||
was not configurable and set to 512.
|
||
|
||
* A new system.conf setting NoNewPrivileges= is now available which may
|
||
be used to turn off acquisition of new privileges system-wide
|
||
(i.e. set Linux' PR_SET_NO_NEW_PRIVS for PID 1 itself, and thus also
|
||
for all its children). Note that turning this option on means setuid
|
||
binaries and file system capabilities lose their special powers.
|
||
While turning on this option is a big step towards a more secure
|
||
system, doing so is likely to break numerous pre-existing UNIX tools,
|
||
in particular su and sudo.
|
||
|
||
* A new service systemd-time-sync-wait.service has been added. If
|
||
enabled it will delay the time-sync.target unit at boot until time
|
||
synchronization has been received from the network. This
|
||
functionality is useful on systems lacking a local RTC or where it is
|
||
acceptable that the boot process shall be delayed by external network
|
||
services.
|
||
|
||
* When hibernating, systemd will now inform the kernel of the image
|
||
write offset, on kernels new enough to support this. This means swap
|
||
files should work for hibernation now.
|
||
|
||
* When loading unit files, systemd will now look for drop-in unit files
|
||
extensions in additional places. Previously, for a unit file name
|
||
"foo-bar-baz.service" it would look for dropin files in
|
||
"foo-bar-baz.service.d/*.conf". Now, it will also look in
|
||
"foo-bar-.service.d/*.conf" and "foo-.service.d/", i.e. at the
|
||
service name truncated after all inner dashes. This scheme allows
|
||
writing drop-ins easily that apply to a whole set of unit files at
|
||
once. It's particularly useful for mount and slice units (as their
|
||
naming is prefix based), but is also useful for service and other
|
||
units, for packages that install multiple unit files at once,
|
||
following a strict naming regime of beginning the unit file name with
|
||
the package's name. Two new specifiers are now supported in unit
|
||
files to match this: %j and %J are replaced by the part of the unit
|
||
name following the last dash.
|
||
|
||
* Unit files and other configuration files that support specifier
|
||
expansion now understand another three new specifiers: %T and %V will
|
||
resolve to /tmp and /var/tmp respectively, or whatever temporary
|
||
directory has been set for the calling user. %E will expand to either
|
||
/etc (for system units) or $XDG_CONFIG_HOME (for user units).
|
||
|
||
* The ExecStart= lines of unit files are no longer required to
|
||
reference absolute paths. If non-absolute paths are specified the
|
||
specified binary name is searched within the service manager's
|
||
built-in $PATH, which may be queried with 'systemd-path
|
||
search-binaries-default'. It's generally recommended to continue to
|
||
use absolute paths for all binaries specified in unit files.
|
||
|
||
* Units gained a new load state "bad-setting", which is used when a
|
||
unit file was loaded, but contained fatal errors which prevent it
|
||
from being started (for example, a service unit has been defined
|
||
lacking both ExecStart= and ExecStop= lines).
|
||
|
||
* coredumpctl's "gdb" verb has been renamed to "debug", in order to
|
||
support alternative debuggers, for example lldb. The old name
|
||
continues to be available however, for compatibility reasons. Use the
|
||
new --debugger= switch or the $SYSTEMD_DEBUGGER environment variable
|
||
to pick an alternative debugger instead of the default gdb.
|
||
|
||
* systemctl and the other tools will now output escape sequences that
|
||
generate proper clickable hyperlinks in various terminal emulators
|
||
where useful (for example, in the "systemctl status" output you can
|
||
now click on the unit file name to quickly open it in the
|
||
editor/viewer of your choice). Note that not all terminal emulators
|
||
support this functionality yet, but many do. Unfortunately, the
|
||
"less" pager doesn't support this yet, hence this functionality is
|
||
currently automatically turned off when a pager is started (which
|
||
happens quite often due to auto-paging). We hope to remove this
|
||
limitation as soon as "less" learns these escape sequences. This new
|
||
behaviour may also be turned off explicitly with the $SYSTEMD_URLIFY
|
||
environment variable. For details on these escape sequences see:
|
||
https://gist.github.com/egmontkob/eb114294efbcd5adb1944c9f3cb5feda
|
||
|
||
* networkd's .network files now support a new IPv6MTUBytes= option for
|
||
setting the MTU used by IPv6 explicitly as well as a new MTUBytes=
|
||
option in the [Route] section to configure the MTU to use for
|
||
specific routes. It also gained support for configuration of the DHCP
|
||
"UserClass" option through the new UserClass= setting. It gained
|
||
three new options in the new [CAN] section for configuring CAN
|
||
networks. The MULTICAST and ALLMULTI interface flags may now be
|
||
controlled explicitly with the new Multicast= and AllMulticast=
|
||
settings.
|
||
|
||
* networkd will now automatically make use of the kernel's route
|
||
expiration feature, if it is available.
|
||
|
||
* udevd's .link files now support setting the number of receive and
|
||
transmit channels, using the RxChannels=, TxChannels=,
|
||
OtherChannels=, CombinedChannels= settings.
|
||
|
||
* Support for UDPSegmentationOffload= has been removed, given its
|
||
limited support in hardware, and waning software support.
|
||
|
||
* networkd's .netdev files now support creating "netdevsim" interfaces.
|
||
|
||
* PID 1 learnt a new bus call GetUnitByControlGroup() which may be used
|
||
to query the unit belonging to a specific kernel control group.
|
||
|
||
* systemd-analyze gained a new verb "cat-config", which may be used to
|
||
dump the contents of any configuration file, with all its matching
|
||
drop-in files added in, and honouring the usual search and masking
|
||
logic applied to systemd configuration files. For example use
|
||
"systemd-analyze cat-config systemd/system.conf" to get the complete
|
||
system configuration file of systemd how it would be loaded by PID 1
|
||
itself. Similar to this, various tools such as systemd-tmpfiles or
|
||
systemd-sysusers, gained a new option "--cat-config", which does the
|
||
corresponding operation for their own configuration settings. For
|
||
example, "systemd-tmpfiles --cat-config" will now output the full
|
||
list of tmpfiles.d/ lines in place.
|
||
|
||
* timedatectl gained three new verbs: "show" shows bus properties of
|
||
systemd-timedated, "timesync-status" shows the current NTP
|
||
synchronization state of systemd-timesyncd, and "show-timesync"
|
||
shows bus properties of systemd-timesyncd.
|
||
|
||
* systemd-timesyncd gained a bus interface on which it exposes details
|
||
about its state.
|
||
|
||
* A new environment variable $SYSTEMD_TIMEDATED_NTP_SERVICES is now
|
||
understood by systemd-timedated. It takes a colon-separated list of
|
||
unit names of NTP client services. The list is used by
|
||
"timedatectl set-ntp".
|
||
|
||
* systemd-nspawn gained a new --rlimit= switch for setting initial
|
||
resource limits for the container payload. There's a new switch
|
||
--hostname= to explicitly override the container's hostname. A new
|
||
--no-new-privileges= switch may be used to control the
|
||
PR_SET_NO_NEW_PRIVS flag for the container payload. A new
|
||
--oom-score-adjust= switch controls the OOM scoring adjustment value
|
||
for the payload. The new --cpu-affinity= switch controls the CPU
|
||
affinity of the container payload. The new --resolv-conf= switch
|
||
allows more detailed control of /etc/resolv.conf handling of the
|
||
container. Similarly, the new --timezone= switch allows more detailed
|
||
control of /etc/localtime handling of the container.
|
||
|
||
* systemd-detect-virt gained a new --list switch, which will print a
|
||
list of all currently known VM and container environments.
|
||
|
||
* Support for "Portable Services" has been added, see
|
||
doc/PORTABLE_SERVICES.md for details. Currently, the support is still
|
||
experimental, but this is expected to change soon. Reflecting this
|
||
experimental state, the "portablectl" binary is not installed into
|
||
/usr/bin yet. The binary has to be called with the full path
|
||
/usr/lib/systemd/portablectl instead.
|
||
|
||
* journalctl's and systemctl's -o switch now knows a new log output
|
||
mode "with-unit". The output it generates is very similar to the
|
||
regular "short" mode, but displays the unit name instead of the
|
||
syslog tag for each log line. Also, the date is shown with timezone
|
||
information. This mode is probably more useful than the classic
|
||
"short" output mode for most purposes, except where pixel-perfect
|
||
compatibility with classic /var/log/messages formatting is required.
|
||
|
||
* A new --dump-bus-properties switch has been added to the systemd
|
||
binary, which may be used to dump all supported D-Bus properties.
|
||
(Options which are still supported, but are deprecated, are *not*
|
||
shown.)
|
||
|
||
* sd-bus gained a set of new calls:
|
||
sd_bus_slot_set_floating()/sd_bus_slot_get_floating() may be used to
|
||
enable/disable the "floating" state of a bus slot object,
|
||
i.e. whether the slot object pins the bus it is allocated for into
|
||
memory or if the bus slot object gets disconnected when the bus goes
|
||
away. sd_bus_open_with_description(),
|
||
sd_bus_open_user_with_description(),
|
||
sd_bus_open_system_with_description() may be used to allocate bus
|
||
objects and set their description string already during allocation.
|
||
|
||
* sd-event gained support for watching inotify events from the event
|
||
loop, in an efficient way, sharing inotify handles between multiple
|
||
users. For this a new function sd_event_add_inotify() has been added.
|
||
|
||
* sd-event and sd-bus gained support for calling special user-supplied
|
||
destructor functions for userdata pointers associated with
|
||
sd_event_source, sd_bus_slot, and sd_bus_track objects. For this new
|
||
functions sd_bus_slot_set_destroy_callback,
|
||
sd_bus_slot_get_destroy_callback, sd_bus_track_set_destroy_callback,
|
||
sd_bus_track_get_destroy_callback,
|
||
sd_event_source_set_destroy_callback,
|
||
sd_event_source_get_destroy_callback have been added.
|
||
|
||
* The "net.ipv4.tcp_ecn" sysctl will now be turned on by default.
|
||
|
||
* PID 1 will now automatically reschedule .timer units whenever the
|
||
local timezone changes. (They previously got rescheduled
|
||
automatically when the system clock changed.)
|
||
|
||
* New documentation has been added to document cgroups delegation,
|
||
portable services and the various code quality tools we have set up:
|
||
|
||
https://github.com/systemd/systemd/blob/master/docs/CGROUP_DELEGATION.md
|
||
https://github.com/systemd/systemd/blob/master/docs/PORTABLE_SERVICES.md
|
||
https://github.com/systemd/systemd/blob/master/docs/CODE_QUALITY.md
|
||
|
||
* The Boot Loader Specification has been added to the source tree.
|
||
|
||
https://github.com/systemd/systemd/blob/master/docs/BOOT_LOADER_SPECIFICATION.md
|
||
|
||
While moving it into our source tree we have updated it and further
|
||
changes are now accepted through the usual github PR workflow.
|
||
|
||
* pam_systemd will now look for PAM userdata fields systemd.memory_max,
|
||
systemd.tasks_max, systemd.cpu_weight, systemd.io_weight set by
|
||
earlier PAM modules. The data in these fields is used to initialize
|
||
the session scope's resource properties. Thus external PAM modules
|
||
may now configure per-session limits, for example sourced from
|
||
external user databases.
|
||
|
||
* socket units with Accept=yes will now maintain a "refused" counter in
|
||
addition to the existing "accepted" counter, counting connections
|
||
refused due to the enforced limits.
|
||
|
||
* The "systemd-path search-binaries-default" command may now be use to
|
||
query the default, built-in $PATH PID 1 will pass to the services it
|
||
manages.
|
||
|
||
* A new unit file setting PrivateMounts= has been added. It's a boolean
|
||
option. If enabled the unit's processes are invoked in their own file
|
||
system namespace. Note that this behaviour is also implied if any
|
||
other file system namespacing options (such as PrivateTmp=,
|
||
PrivateDevices=, ProtectSystem=, …) are used. This option is hence
|
||
primarily useful for services that do not use any of the other file
|
||
system namespacing options. One such service is systemd-udevd.service
|
||
where this is now used by default.
|
||
|
||
* ConditionSecurity= gained a new value "uefi-secureboot" that is true
|
||
when the system is booted in UEFI "secure mode".
|
||
|
||
* A new unit "system-update-pre.target" is added, which defines an
|
||
optional synchronization point for offline system updates, as
|
||
implemented by the pre-existing "system-update.target" unit. It
|
||
allows ordering services before the service that executes the actual
|
||
update process in a generic way.
|
||
|
||
* Systemd now emits warnings whenever .include syntax is used.
|
||
|
||
Contributions from: Adam Duskett, Alan Jenkins, Alessandro Casale,
|
||
Alexander Kurtz, Alex Gartrell, Anssi Hannula, Arnaud Rebillout, Brian
|
||
J. Murrell, Bruno Vernay, Chris Lamb, Chris Lesiak, Christian Brauner,
|
||
Christian Hesse, Christian Rebischke, Colin Guthrie, Daniel Dao, Daniel
|
||
Lin, Danylo Korostil, Davide Cavalca, David Tardon, Dimitri John
|
||
Ledkov, Dmitriy Geels, Douglas Christman, Elia Geretto, emelenas, Emil
|
||
Velikov, Evgeny Vereshchagin, Felipe Sateler, Feng Sun, Filipe
|
||
Brandenburger, Franck Bui, futpib, Giuseppe Scrivano, Guillem Jover,
|
||
guixxx, Hannes Reinecke, Hans de Goede, Harald Hoyer, Henrique Dante de
|
||
Almeida, Hiram van Paassen, Ian Miell, Igor Gnatenko, Ivan Shapovalov,
|
||
Iwan Timmer, James Cowgill, Jan Janssen, Jan Synacek, Jared Kazimir,
|
||
Jérémy Rosen, João Paulo Rechi Vita, Joost Heitbrink, Jui-Chi Ricky
|
||
Liang, Jürg Billeter, Kai-Heng Feng, Karol Augustin, Kay Sievers,
|
||
Krzysztof Nowicki, Lauri Tirkkonen, Lennart Poettering, Leonard König,
|
||
Long Li, Luca Boccassi, Lucas Werkmeister, Marcel Hoppe, Marc
|
||
Kleine-Budde, Mario Limonciello, Martin Jansa, Martin Wilck, Mathieu
|
||
Malaterre, Matteo F. Vescovi, Matthew McGinn, Matthias-Christian Ott,
|
||
Michael Biebl, Michael Olbrich, Michael Prokop, Michal Koutný, Michal
|
||
Sekletar, Mike Gilbert, Mikhail Kasimov, Milan Broz, Milan Pässler,
|
||
Mladen Pejaković, Muhammet Kara, Nicolas Boichat, Omer Katz, Paride
|
||
Legovini, Paul Menzel, Paul Milliken, Pavel Hrdina, Peter A. Bigot,
|
||
Peter D'Hoye, Peter Hutterer, Peter Jones, Philip Sequeira, Philip
|
||
Withnall, Piotr Drąg, Radostin Stoyanov, Ricardo Salveti de Araujo,
|
||
Ronny Chevalier, Rosen Penev, Rubén Suárez Alvarez, Ryan Gonzalez,
|
||
Salvo Tomaselli, Sebastian Reichel, Sergey Ptashnick, Sergio Lindo
|
||
Mansilla, Stefan Schweter, Stephen Hemminger, Stuart Hayes, Susant
|
||
Sahani, Sylvain Plantefève, Thomas H. P. Andersen, Tobias Jungel,
|
||
Tomasz Torcz, Vito Caputo, Will Dietz, Will Thompson, Wim van Mourik,
|
||
Yu Watanabe, Zbigniew Jędrzejewski-Szmek
|
||
|
||
— Berlin, 2018-06-22
|
||
|
||
CHANGES WITH 238:
|
||
|
||
* The MemoryAccounting= unit property now defaults to on. After
|
||
discussions with the upstream control group maintainers we learnt
|
||
that the negative impact of cgroup memory accounting on current
|
||
kernels is finally relatively minimal, so that it should be safe to
|
||
enable this by default without affecting system performance. Besides
|
||
memory accounting only task accounting is turned on by default, all
|
||
other forms of resource accounting (CPU, IO, IP) remain off for now,
|
||
because it's not clear yet that their impact is small enough to move
|
||
from opt-in to opt-out. We recommend downstreams to leave memory
|
||
accounting on by default if kernel 4.14 or higher is primarily
|
||
used. On very resource constrained systems or when support for old
|
||
kernels is a necessity, -Dmemory-accounting-default=false can be used
|
||
to revert this change.
|
||
|
||
* rpm scriptlets to update the udev hwdb and rules (%udev_hwdb_update,
|
||
%udev_rules_update) and the journal catalog (%journal_catalog_update)
|
||
from the upgrade scriptlets of individual packages now do nothing.
|
||
Transfiletriggers have been added which will perform those updates
|
||
once at the end of the transaction.
|
||
|
||
Similar transfiletriggers have been added to execute any sysctl.d
|
||
and binfmt.d rules. Thus, it should be unnecessary to provide any
|
||
scriptlets to execute this configuration from package installation
|
||
scripts.
|
||
|
||
* systemd-sysusers gained a mode where the configuration to execute is
|
||
specified on the command line, but this configuration is not executed
|
||
directly, but instead it is merged with the configuration on disk,
|
||
and the result is executed. This is useful for package installation
|
||
scripts which want to create the user before installing any files on
|
||
disk (in case some of those files are owned by that user), while
|
||
still allowing local admin overrides.
|
||
|
||
This functionality is exposed to rpm scriptlets through a new
|
||
%sysusers_create_package macro. Old %sysusers_create and
|
||
%sysusers_create_inline macros are deprecated.
|
||
|
||
A transfiletrigger for sysusers.d configuration is now installed,
|
||
which means that it should be unnecessary to call systemd-sysusers from
|
||
package installation scripts, unless the package installs any files
|
||
owned by those newly-created users, in which case
|
||
%sysusers_create_package should be used.
|
||
|
||
* Analogous change has been done for systemd-tmpfiles: it gained a mode
|
||
where the command-line configuration is merged with the configuration
|
||
on disk. This is exposed as the new %tmpfiles_create_package macro,
|
||
and %tmpfiles_create is deprecated. A transfiletrigger is installed
|
||
for tmpfiles.d, hence it should be unnecessary to call systemd-tmpfiles
|
||
from package installation scripts.
|
||
|
||
* sysusers.d configuration for a user may now also specify the group
|
||
number, in addition to the user number ("u username 123:456"), or
|
||
without the user number ("u username -:456").
|
||
|
||
* Configution items for systemd-sysusers can now be specified as
|
||
positional arguments when the new --inline switch is used.
|
||
|
||
* The login shell of users created through sysusers.d may now be
|
||
specified (previously, it was always /bin/sh for root and
|
||
/sbin/nologin for other users).
|
||
|
||
* systemd-analyze gained a new --global switch to look at global user
|
||
configuration. It also gained a unit-paths verb to list the unit load
|
||
paths that are compiled into systemd (which can be used with
|
||
--systemd, --user, or --global).
|
||
|
||
* udevadm trigger gained a new --settle/-w option to wait for any
|
||
triggered events to finish (but just those, and not any other events
|
||
which are triggered meanwhile).
|
||
|
||
* The action that systemd-logind takes when the lid is closed and the
|
||
machine is connected to external power can now be configured using
|
||
HandleLidSwitchExternalPower= in logind.conf. Previously, this action
|
||
was determined by HandleLidSwitch=, and, for backwards compatibility,
|
||
is still is, if HandleLidSwitchExternalPower= is not explicitly set.
|
||
|
||
* journalctl will periodically call sd_journal_process() to make it
|
||
resilient against inotify queue overruns when journal files are
|
||
rotated very quickly.
|
||
|
||
* Two new functions in libsystemd — sd_bus_get_n_queued_read and
|
||
sd_bus_get_n_queued_write — may be used to check the number of
|
||
pending bus messages.
|
||
|
||
* systemd gained a new
|
||
org.freedesktop.systemd1.Manager.AttachProcessesToUnit dbus call
|
||
which can be used to migrate foreign processes to scope and service
|
||
units. The primary user for this new API is systemd itself: the
|
||
systemd --user instance uses this call of the systemd --system
|
||
instance to migrate processes if it itself gets the request to
|
||
migrate processes and the kernel refuses this due to access
|
||
restrictions. Thanks to this "systemd-run --scope --user …" works
|
||
again in pure cgroup v2 environments when invoked from the user
|
||
session scope.
|
||
|
||
* A new TemporaryFileSystem= setting can be used to mask out part of
|
||
the real file system tree with tmpfs mounts. This may be combined
|
||
with BindPaths= and BindReadOnlyPaths= to hide files or directories
|
||
not relevant to the unit, while still allowing some paths lower in
|
||
the tree to be accessed.
|
||
|
||
ProtectHome=tmpfs may now be used to hide user home and runtime
|
||
directories from units, in a way that is mostly equivalent to
|
||
"TemporaryFileSystem=/home /run/user /root".
|
||
|
||
* Non-service units are now started with KeyringMode=shared by default.
|
||
This means that mount and swapon and other mount tools have access
|
||
to keys in the main keyring.
|
||
|
||
* /sys/fs/bpf is now mounted automatically.
|
||
|
||
* QNX virtualization is now detected by systemd-detect-virt and may
|
||
be used in ConditionVirtualization=.
|
||
|
||
* IPAccounting= may now be enabled also for slice units.
|
||
|
||
* A new -Dsplit-bin= build configuration switch may be used to specify
|
||
whether bin and sbin directories are merged, or if they should be
|
||
included separately in $PATH and various listings of executable
|
||
directories. The build configuration scripts will try to autodetect
|
||
the proper values of -Dsplit-usr= and -Dsplit-bin= based on build
|
||
system, but distributions are encouraged to configure this
|
||
explicitly.
|
||
|
||
* A new -Dok-color= build configuration switch may be used to change
|
||
the colour of "OK" status messages.
|
||
|
||
* UPGRADE ISSUE: serialization of units using JoinsNamespaceOf= with
|
||
PrivateNetwork=yes was buggy in previous versions of systemd. This
|
||
means that after the upgrade and daemon-reexec, any such units must
|
||
be restarted.
|
||
|
||
* INCOMPATIBILITY: as announced in the NEWS for 237, systemd-tmpfiles
|
||
will not exclude read-only files owned by root from cleanup.
|
||
|
||
Contributions from: Alan Jenkins, Alexander F Rødseth, Alexis Jeandet,
|
||
Andika Triwidada, Andrei Gherzan, Ansgar Burchardt, antizealot1337,
|
||
Batuhan Osman Taşkaya, Beniamino Galvani, Bill Yodlowsky, Caio Marcelo
|
||
de Oliveira Filho, CuBiC, Daniele Medri, Daniel Mouritzen, Daniel
|
||
Rusek, Davide Cavalca, Dimitri John Ledkov, Douglas Christman, Evgeny
|
||
Vereshchagin, Faalagorn, Filipe Brandenburger, Franck Bui, futpib,
|
||
Giacomo Longo, Gunnar Hjalmarsson, Hans de Goede, Hermann Gausterer,
|
||
Iago López Galeiras, Jakub Filak, Jan Synacek, Jason A. Donenfeld,
|
||
Javier Martinez Canillas, Jérémy Rosen, Lennart Poettering, Lucas
|
||
Werkmeister, Mao Huang, Marco Gulino, Michael Biebl, Michael Vogt,
|
||
MilhouseVH, Neal Gompa (ニール・ゴンパ), Oleander Reis, Olof Mogren,
|
||
Patrick Uiterwijk, Peter Hutterer, Peter Portante, Piotr Drąg, Robert
|
||
Antoni Buj Gelonch, Sergey Ptashnick, Shawn Landden, Shuang Liu, Simon
|
||
Fowler, SjonHortensius, snorreflorre, Susant Sahani, Sylvain
|
||
Plantefève, Thomas Blume, Thomas Haller, Vito Caputo, Yu Watanabe,
|
||
Zbigniew Jędrzejewski-Szmek, Марко М. Костић (Marko M. Kostić)
|
||
|
||
— Warsaw, 2018-03-05
|
||
|
||
CHANGES WITH 237:
|
||
|
||
* Some keyboards come with a zoom see-saw or rocker which until now got
|
||
mapped to the Linux "zoomin/out" keys in hwdb. However, these
|
||
keycodes are not recognized by any major desktop. They now produce
|
||
Up/Down key events so that they can be used for scrolling.
|
||
|
||
* INCOMPATIBILITY: systemd-tmpfiles' "f" lines changed behaviour
|
||
slightly: previously, if an argument was specified for lines of this
|
||
type (i.e. the right-most column was set) this string was appended to
|
||
existing files each time systemd-tmpfiles was run. This behaviour was
|
||
different from what the documentation said, and not particularly
|
||
useful, as repeated systemd-tmpfiles invocations would not be
|
||
idempotent and grow such files without bounds. With this release
|
||
behaviour has been altered to match what the documentation says:
|
||
lines of this type only have an effect if the indicated files don't
|
||
exist yet, and only then the argument string is written to the file.
|
||
|
||
* FUTURE INCOMPATIBILITY: In systemd v238 we intend to slightly change
|
||
systemd-tmpfiles behaviour: previously, read-only files owned by root
|
||
were always excluded from the file "aging" algorithm (i.e. the
|
||
automatic clean-up of directories like /tmp based on
|
||
atime/mtime/ctime). We intend to drop this restriction, and age files
|
||
by default even when owned by root and read-only. This behaviour was
|
||
inherited from older tools, but there have been requests to remove
|
||
it, and it's not obvious why this restriction was made in the first
|
||
place. Please speak up now, if you are aware of software that requires
|
||
this behaviour, otherwise we'll remove the restriction in v238.
|
||
|
||
* A new environment variable $SYSTEMD_OFFLINE is now understood by
|
||
systemctl. It takes a boolean argument. If on, systemctl assumes it
|
||
operates on an "offline" OS tree, and will not attempt to talk to the
|
||
service manager. Previously, this mode was implicitly enabled if a
|
||
chroot() environment was detected, and this new environment variable
|
||
now provides explicit control.
|
||
|
||
* .path and .socket units may now be created transiently, too.
|
||
Previously only service, mount, automount and timer units were
|
||
supported as transient units. The systemd-run tool has been updated
|
||
to expose this new functionality, you may hence use it now to bind
|
||
arbitrary commands to path or socket activation on-the-fly from the
|
||
command line. Moreover, almost all properties are now exposed for the
|
||
unit types that already supported transient operation.
|
||
|
||
* The systemd-mount command gained support for a new --owner= parameter
|
||
which takes a user name, which is then resolved and included in uid=
|
||
and gid= mount options string of the file system to mount.
|
||
|
||
* A new unit condition ConditionControlGroupController= has been added
|
||
that checks whether a specific cgroup controller is available.
|
||
|
||
* Unit files, udev's .link files, and systemd-networkd's .netdev and
|
||
.network files all gained support for a new condition
|
||
ConditionKernelVersion= for checking against specific kernel
|
||
versions.
|
||
|
||
* In systemd-networkd, the [IPVLAN] section in .netdev files gained
|
||
support for configuring device flags in the Flags= setting. In the
|
||
same files, the [Tunnel] section gained support for configuring
|
||
AllowLocalRemote=. The [Route] section in .network files gained
|
||
support for configuring InitialCongestionWindow=,
|
||
InitialAdvertisedReceiveWindow= and QuickAck=. The [DHCP] section now
|
||
understands RapidCommit=.
|
||
|
||
* systemd-networkd's DHCPv6 support gained support for Prefix
|
||
Delegation.
|
||
|
||
* sd-bus gained support for a new "watch-bind" feature. When this
|
||
feature is enabled, an sd_bus connection may be set up to connect to
|
||
an AF_UNIX socket in the file system as soon as it is created. This
|
||
functionality is useful for writing early-boot services that
|
||
automatically connect to the system bus as soon as it is started,
|
||
without ugly time-based polling. systemd-networkd and
|
||
systemd-resolved have been updated to make use of this
|
||
functionality. busctl exposes this functionality in a new
|
||
--watch-bind= command line switch.
|
||
|
||
* sd-bus will now optionally synthesize a local "Connected" signal as
|
||
soon as a D-Bus connection is set up fully. This message mirrors the
|
||
already existing "Disconnected" signal which is synthesized when the
|
||
connection is terminated. This signal is generally useful but
|
||
particularly handy in combination with the "watch-bind" feature
|
||
described above. Synthesizing of this message has to be requested
|
||
explicitly through the new API call sd_bus_set_connected_signal(). In
|
||
addition a new call sd_bus_is_ready() has been added that checks
|
||
whether a connection is fully set up (i.e. between the "Connected" and
|
||
"Disconnected" signals).
|
||
|
||
* sd-bus gained two new calls sd_bus_request_name_async() and
|
||
sd_bus_release_name_async() for asynchronously registering bus
|
||
names. Similar, there is now sd_bus_add_match_async() for installing
|
||
a signal match asynchronously. All of systemd's own services have
|
||
been updated to make use of these calls. Doing these operations
|
||
asynchronously has two benefits: it reduces the risk of deadlocks in
|
||
case of cyclic dependencies between bus services, and it speeds up
|
||
service initialization since synchronization points for bus
|
||
round-trips are removed.
|
||
|
||
* sd-bus gained two new calls sd_bus_match_signal() and
|
||
sd_bus_match_signal_async(), which are similar to sd_bus_add_match()
|
||
and sd_bus_add_match_async() but instead of taking a D-Bus match
|
||
string take match fields as normal function parameters.
|
||
|
||
* sd-bus gained two new calls sd_bus_set_sender() and
|
||
sd_bus_message_set_sender() for setting the sender name of outgoing
|
||
messages (either for all outgoing messages or for just one specific
|
||
one). These calls are only useful in direct connections as on
|
||
brokered connections the broker fills in the sender anyway,
|
||
overwriting whatever the client filled in.
|
||
|
||
* sd-event gained a new pseudo-handle that may be specified on all API
|
||
calls where an "sd_event*" object is expected: SD_EVENT_DEFAULT. When
|
||
used this refers to the default event loop object of the calling
|
||
thread. Note however that this does not implicitly allocate one —
|
||
which has to be done prior by using sd_event_default(). Similarly
|
||
sd-bus gained three new pseudo-handles SD_BUS_DEFAULT,
|
||
SD_BUS_DEFAULT_USER, SD_BUS_DEFAULT_SYSTEM that may be used to refer
|
||
to the default bus of the specified type of the calling thread. Here
|
||
too this does not implicitly allocate bus connection objects, this
|
||
has to be done prior with sd_bus_default() and friends.
|
||
|
||
* sd-event gained a new call pair
|
||
sd_event_source_{get|set}_io_fd_own(). This may be used to request
|
||
automatic closure of the file descriptor an IO event source watches
|
||
when the event source is destroyed.
|
||
|
||
* systemd-networkd gained support for natively configuring WireGuard
|
||
connections.
|
||
|
||
* In previous versions systemd synthesized user records both for the
|
||
"nobody" (UID 65534) and "root" (UID 0) users in nss-systemd and
|
||
internally. In order to simplify distribution-wide renames of the
|
||
"nobody" user (like it is planned in Fedora: nfsnobody → nobody), a
|
||
new transitional flag file has been added: if
|
||
/etc/systemd/dont-synthesize-nobody exists synthesizing of the 65534
|
||
user and group record within the systemd codebase is disabled.
|
||
|
||
* systemd-notify gained a new --uid= option for selecting the source
|
||
user/UID to use for notification messages sent to the service
|
||
manager.
|
||
|
||
* journalctl gained a new --grep= option to list only entries in which
|
||
the message matches a certain pattern. By default matching is case
|
||
insensitive if the pattern is lowercase, and case sensitive
|
||
otherwise. Option --case-sensitive=yes|no can be used to override
|
||
this an specify case sensitivity or case insensitivity.
|
||
|
||
* There's now a "systemd-analyze service-watchdogs" command for printing
|
||
the current state of the service runtime watchdog, and optionally
|
||
enabling or disabling the per-service watchdogs system-wide if given a
|
||
boolean argument (i.e. the concept you configure in WatchdogSec=), for
|
||
debugging purposes. There's also a kernel command line option
|
||
systemd.service_watchdogs= for controlling the same.
|
||
|
||
* Two new "log-level" and "log-target" options for systemd-analyze were
|
||
added that merge the now deprecated get-log-level, set-log-level and
|
||
get-log-target, set-log-target pairs. The deprecated options are still
|
||
understood for backwards compatibility. The two new options print the
|
||
current value when no arguments are given, and set them when a
|
||
level/target is given as an argument.
|
||
|
||
* sysusers.d's "u" lines now optionally accept both a UID and a GID
|
||
specification, separated by a ":" character, in order to create users
|
||
where UID and GID do not match.
|
||
|
||
Contributions from: Adam Duskett, Alan Jenkins, Alexander Kuleshov,
|
||
Alexis Deruelle, Andrew Jeddeloh, Armin Widegreen, Batuhan Osman
|
||
Taşkaya, Björn Esser, bleep_blop, Bruce A. Johnson, Chris Down, Clinton
|
||
Roy, Colin Walters, Daniel Rusek, Dimitri John Ledkov, Dmitry Rozhkov,
|
||
Evgeny Vereshchagin, Ewout van Mansom, Felipe Sateler, Franck Bui,
|
||
Frantisek Sumsal, George Gaydarov, Gianluca Boiano, Hans-Christian
|
||
Noren Egtvedt, Hans de Goede, Henrik Grindal Bakken, Jan Alexander
|
||
Steffens, Jan Klötzke, Jason A. Donenfeld, jdkbx, Jérémy Rosen,
|
||
Jerónimo Borque, John Lin, John Paul Herold, Jonathan Rudenberg, Jörg
|
||
Thalheim, Ken (Bitsko) MacLeod, Larry Bernstone, Lennart Poettering,
|
||
Lucas Werkmeister, Maciej S. Szmigiero, Marek Čermák, Martin Pitt,
|
||
Mathieu Malaterre, Matthew Thode, Matthias-Christian Ott, Max Harmathy,
|
||
Michael Biebl, Michael Vogt, Michal Koutný, Michal Sekletar, Michał
|
||
Szczepański, Mike Gilbert, Nathaniel McCallum, Nicolas Chauvet, Olaf
|
||
Hering, Olivier Schwander, Patrik Flykt, Paul Cercueil, Peter Hutterer,
|
||
Piotr Drąg, Raphael Vogelgsang, Reverend Homer, Robert Kolchmeyer,
|
||
Samuel Dionne-Riel, Sergey Ptashnick, Shawn Landden, Susant Sahani,
|
||
Sylvain Plantefève, Thomas H. P. Andersen, Thomas Huth, Tomasz
|
||
Bachorski, Vladislav Vishnyakov, Wieland Hoffmann, Yu Watanabe, Zachary
|
||
Winnerman, Zbigniew Jędrzejewski-Szmek, Дамјан Георгиевски, Дилян
|
||
Палаузов
|
||
|
||
— Brno, 2018-01-28
|
||
|
||
CHANGES WITH 236:
|
||
|
||
* The modprobe.d/ drop-in for the bonding.ko kernel module introduced
|
||
in v235 has been extended to also set the dummy.ko module option
|
||
numdummies=0, preventing the kernel from automatically creating
|
||
dummy0. All dummy interfaces must now be explicitly created.
|
||
|
||
* Unknown '%' specifiers in configuration files are now rejected. This
|
||
applies to units and tmpfiles.d configuration. Any percent characters
|
||
that are followed by a letter or digit that are not supposed to be
|
||
interpreted as the beginning of a specifier should be escaped by
|
||
doubling ("%%"). (So "size=5%" is still accepted, as well as
|
||
"size=5%,foo=bar", but not "LABEL=x%y%z" since %y and %z are not
|
||
valid specifiers today.)
|
||
|
||
* systemd-resolved now maintains a new dynamic
|
||
/run/systemd/resolve/stub-resolv.conf compatibility file. It is
|
||
recommended to make /etc/resolv.conf a symlink to it. This file
|
||
points at the systemd-resolved stub DNS 127.0.0.53 resolver and
|
||
includes dynamically acquired search domains, achieving more correct
|
||
DNS resolution by software that bypasses local DNS APIs such as NSS.
|
||
|
||
* The "uaccess" udev tag has been dropped from /dev/kvm and
|
||
/dev/dri/renderD*. These devices now have the 0666 permissions by
|
||
default (but this may be changed at build-time). /dev/dri/renderD*
|
||
will now be owned by the "render" group along with /dev/kfd.
|
||
|
||
* "DynamicUser=yes" has been enabled for systemd-timesyncd.service,
|
||
systemd-journal-gatewayd.service and
|
||
systemd-journal-upload.service. This means "nss-systemd" must be
|
||
enabled in /etc/nsswitch.conf to ensure the UIDs assigned to these
|
||
services are resolved properly.
|
||
|
||
* In /etc/fstab two new mount options are now understood:
|
||
x-systemd.makefs and x-systemd.growfs. The former has the effect that
|
||
the configured file system is formatted before it is mounted, the
|
||
latter that the file system is resized to the full block device size
|
||
after it is mounted (i.e. if the file system is smaller than the
|
||
partition it resides on, it's grown). This is similar to the fsck
|
||
logic in /etc/fstab, and pulls in systemd-makefs@.service and
|
||
systemd-growfs@.service as necessary, similar to
|
||
systemd-fsck@.service. Resizing is currently only supported on ext4
|
||
and btrfs.
|
||
|
||
* In systemd-networkd, the IPv6 RA logic now optionally may announce
|
||
DNS server and domain information.
|
||
|
||
* Support for the LUKS2 on-disk format for encrypted partitions has
|
||
been added. This requires libcryptsetup2 during compilation and
|
||
runtime.
|
||
|
||
* The systemd --user instance will now signal "readiness" when its
|
||
basic.target unit has been reached, instead of when the run queue ran
|
||
empty for the first time.
|
||
|
||
* Tmpfiles.d with user configuration are now also supported.
|
||
systemd-tmpfiles gained a new --user switch, and snippets placed in
|
||
~/.config/user-tmpfiles.d/ and corresponding directories will be
|
||
executed by systemd-tmpfiles --user running in the new
|
||
systemd-tmpfiles-setup.service and systemd-tmpfiles-clean.service
|
||
running in the user session.
|
||
|
||
* Unit files and tmpfiles.d snippets learnt three new % specifiers:
|
||
%S resolves to the top-level state directory (/var/lib for the system
|
||
instance, $XDG_CONFIG_HOME for the user instance), %C resolves to the
|
||
top-level cache directory (/var/cache for the system instance,
|
||
$XDG_CACHE_HOME for the user instance), %L resolves to the top-level
|
||
logs directory (/var/log for the system instance,
|
||
$XDG_CONFIG_HOME/log/ for the user instance). This matches the
|
||
existing %t specifier, that resolves to the top-level runtime
|
||
directory (/run for the system instance, and $XDG_RUNTIME_DIR for the
|
||
user instance).
|
||
|
||
* journalctl learnt a new parameter --output-fields= for limiting the
|
||
set of journal fields to output in verbose and JSON output modes.
|
||
|
||
* systemd-timesyncd's configuration file gained a new option
|
||
RootDistanceMaxSec= for setting the maximum root distance of servers
|
||
it'll use, as well as the new options PollIntervalMinSec= and
|
||
PollIntervalMaxSec= to tweak the minimum and maximum poll interval.
|
||
|
||
* bootctl gained a new command "list" for listing all available boot
|
||
menu items on systems that follow the boot loader specification.
|
||
|
||
* systemctl gained a new --dry-run switch that shows what would be done
|
||
instead of doing it, and is currently supported by the shutdown and
|
||
sleep verbs.
|
||
|
||
* ConditionSecurity= can now detect the TOMOYO security module.
|
||
|
||
* Unit file [Install] sections are now also respected in unit drop-in
|
||
files. This is intended to be used by drop-ins under /usr/lib/.
|
||
|
||
* systemd-firstboot may now also set the initial keyboard mapping.
|
||
|
||
* Udev "changed" events for devices which are exposed as systemd
|
||
.device units are now propagated to units specified in
|
||
ReloadPropagatedFrom= as reload requests.
|
||
|
||
* If a udev device has a SYSTEMD_WANTS= property containing a systemd
|
||
unit template name (i.e. a name in the form of 'foobar@.service',
|
||
without the instance component between the '@' and - the '.'), then
|
||
the escaped sysfs path of the device is automatically used as the
|
||
instance.
|
||
|
||
* SystemCallFilter= in unit files has been extended so that an "errno"
|
||
can be specified individually for each system call. Example:
|
||
SystemCallFilter=~uname:EILSEQ.
|
||
|
||
* The cgroup delegation logic has been substantially updated. Delegate=
|
||
now optionally takes a list of controllers (instead of a boolean, as
|
||
before), which lists the controllers to delegate at least.
|
||
|
||
* The networkd DHCPv6 client now implements the FQDN option (RFC 4704).
|
||
|
||
* A new LogLevelMax= setting configures the maximum log level any
|
||
process of the service may log at (i.e. anything with a lesser
|
||
priority than what is specified is automatically dropped). A new
|
||
LogExtraFields= setting allows configuration of additional journal
|
||
fields to attach to all log records generated by any of the unit's
|
||
processes.
|
||
|
||
* New StandardInputData= and StandardInputText= settings along with the
|
||
new option StandardInput=data may be used to configure textual or
|
||
binary data that shall be passed to the executed service process via
|
||
standard input, encoded in-line in the unit file.
|
||
|
||
* StandardInput=, StandardOutput= and StandardError= may now be used to
|
||
connect stdin/stdout/stderr of executed processes directly with a
|
||
file or AF_UNIX socket in the file system, using the new "file:" option.
|
||
|
||
* A new unit file option CollectMode= has been added, that allows
|
||
tweaking the garbage collection logic for units. It may be used to
|
||
tell systemd to garbage collect units that have failed automatically
|
||
(normally it only GCs units that exited successfully). systemd-run
|
||
and systemd-mount expose this new functionality with a new -G option.
|
||
|
||
* "machinectl bind" may now be used to bind mount non-directories
|
||
(i.e. regularfiles, devices, fifos, sockets).
|
||
|
||
* systemd-analyze gained a new verb "calendar" for validating and
|
||
testing calendar time specifications to use for OnCalendar= in timer
|
||
units. Besides validating the expression it will calculate the next
|
||
time the specified expression would elapse.
|
||
|
||
* In addition to the pre-existing FailureAction= unit file setting
|
||
there's now SuccessAction=, for configuring a shutdown action to
|
||
execute when a unit completes successfully. This is useful in
|
||
particular inside containers that shall terminate after some workload
|
||
has been completed. Also, both options are now supported for all unit
|
||
types, not just services.
|
||
|
||
* networkds's IP rule support gained two new options
|
||
IncomingInterface= and OutgoingInterface= for configuring the incoming
|
||
and outgoing interfaces of configured rules. systemd-networkd also
|
||
gained support for "vxcan" network devices.
|
||
|
||
* networkd gained a new setting RequiredForOnline=, taking a
|
||
boolean. If set, systemd-wait-online will take it into consideration
|
||
when determining that the system is up, otherwise it will ignore the
|
||
interface for this purpose.
|
||
|
||
* The sd_notify() protocol gained support for a new operation: with
|
||
FDSTOREREMOVE=1 file descriptors may be removed from the per-service
|
||
store again, ahead of POLLHUP or POLLERR when they are removed
|
||
anyway.
|
||
|
||
* A new document doc/UIDS-GIDS.md has been added to the source tree,
|
||
that documents the UID/GID range and assignment assumptions and
|
||
requirements of systemd.
|
||
|
||
* The watchdog device PID 1 will ping may now be configured through the
|
||
WatchdogDevice= configuration file setting, or by setting the
|
||
systemd.watchdog_service= kernel command line option.
|
||
|
||
* systemd-resolved's gained support for registering DNS-SD services on
|
||
the local network using MulticastDNS. Services may either be
|
||
registered by dropping in a .dnssd file in /etc/systemd/dnssd/ (or
|
||
the same dir below /run, /usr/lib), or through its D-Bus API.
|
||
|
||
* The sd_notify() protocol can now with EXTEND_TIMEOUT_USEC=microsecond
|
||
extend the effective start, runtime, and stop time. The service must
|
||
continue to send EXTEND_TIMEOUT_USEC within the period specified to
|
||
prevent the service manager from making the service as timedout.
|
||
|
||
* systemd-resolved's DNSSEC support gained support for RFC 8080
|
||
(Ed25519 keys and signatures).
|
||
|
||
* The systemd-resolve command line tool gained a new set of options
|
||
--set-dns=, --set-domain=, --set-llmnr=, --set-mdns=, --set-dnssec=,
|
||
--set-nta= and --revert to configure per-interface DNS configuration
|
||
dynamically during runtime. It's useful for pushing DNS information
|
||
into systemd-resolved from DNS hook scripts that various interface
|
||
managing software supports (such as pppd).
|
||
|
||
* systemd-nspawn gained a new --network-namespace-path= command line
|
||
option, which may be used to make a container join an existing
|
||
network namespace, by specifying a path to a "netns" file.
|
||
|
||
Contributions from: Alan Jenkins, Alan Robertson, Alessandro Ghedini,
|
||
Andrew Jeddeloh, Antonio Rojas, Ari, asavah, bleep_blop, Carsten
|
||
Strotmann, Christian Brauner, Christian Hesse, Clinton Roy, Collin
|
||
Eggert, Cong Wang, Daniel Black, Daniel Lockyer, Daniel Rusek, Dimitri
|
||
John Ledkov, Dmitry Rozhkov, Dongsu Park, Edward A. James, Evgeny
|
||
Vereshchagin, Florian Klink, Franck Bui, Gwendal Grignou, Hans de
|
||
Goede, Harald Hoyer, Hristo Venev, Iago López Galeiras, Ikey Doherty,
|
||
Jakub Wilk, Jérémy Rosen, Jiahui Xie, John Lin, José Bollo, Josef
|
||
Andersson, juga0, Krzysztof Nowicki, Kyle Walker, Lars Karlitski, Lars
|
||
Kellogg-Stedman, Lauri Tirkkonen, Lennart Poettering, Lubomir Rintel,
|
||
Luca Bruno, Lucas Werkmeister, Lukáš Nykrýn, Lukáš Říha, Lukasz
|
||
Rubaszewski, Maciej S. Szmigiero, Mantas Mikulėnas, Marcus Folkesson,
|
||
Martin Steuer, Mathieu Trudel-Lapierre, Matija Skala,
|
||
Matthias-Christian Ott, Max Resch, Michael Biebl, Michael Vogt, Michal
|
||
Koutný, Michal Sekletar, Mike Gilbert, Muhammet Kara, Neil Brown, Olaf
|
||
Hering, Ondrej Kozina, Patrik Flykt, Patryk Kocielnik, Peter Hutterer,
|
||
Piotr Drąg, Razvan Cojocaru, Robin McCorkell, Roland Hieber, Saran
|
||
Tunyasuvunakool, Sergey Ptashnick, Shawn Landden, Shuang Liu, Simon
|
||
Arlott, Simon Peeters, Stanislav Angelovič, Stefan Agner, Susant
|
||
Sahani, Sylvain Plantefève, Thomas Blume, Thomas Haller, Tiago Salem
|
||
Herrmann, Tinu Weber, Tom Stellard, Topi Miettinen, Torsten Hilbrich,
|
||
Vito Caputo, Vladislav Vishnyakov, WaLyong Cho, Yu Watanabe, Zbigniew
|
||
Jędrzejewski-Szmek, Zeal Jagannatha
|
||
|
||
— Berlin, 2017-12-14
|
||
|
||
CHANGES WITH 235:
|
||
|
||
* INCOMPATIBILITY: systemd-logind.service and other long-running
|
||
services now run inside an IPv4/IPv6 sandbox, prohibiting them any IP
|
||
communication with the outside. This generally improves security of
|
||
the system, and is in almost all cases a safe and good choice, as
|
||
these services do not and should not provide any network-facing
|
||
functionality. However, systemd-logind uses the glibc NSS API to
|
||
query the user database. This creates problems on systems where NSS
|
||
is set up to directly consult network services for user database
|
||
lookups. In particular, this creates incompatibilities with the
|
||
"nss-nis" module, which attempts to directly contact the NIS/YP
|
||
network servers it is configured for, and will now consistently
|
||
fail. In such cases, it is possible to turn off IP sandboxing for
|
||
systemd-logind.service (set IPAddressDeny= in its [Service] section
|
||
to the empty string, via a .d/ unit file drop-in). Downstream
|
||
distributions might want to update their nss-nis packaging to include
|
||
such a drop-in snippet, accordingly, to hide this incompatibility
|
||
from the user. Another option is to make use of glibc's nscd service
|
||
to proxy such network requests through a privilege-separated, minimal
|
||
local caching daemon, or to switch to more modern technologies such
|
||
sssd, whose NSS hook-ups generally do not involve direct network
|
||
access. In general, we think it's definitely time to question the
|
||
implementation choices of nss-nis, i.e. whether it's a good idea
|
||
today to embed a network-facing loadable module into all local
|
||
processes that need to query the user database, including the most
|
||
trivial and benign ones, such as "ls". For more details about
|
||
IPAddressDeny= see below.
|
||
|
||
* A new modprobe.d drop-in is now shipped by default that sets the
|
||
bonding module option max_bonds=0. This overrides the kernel default,
|
||
to avoid conflicts and ambiguity as to whether or not bond0 should be
|
||
managed by systemd-networkd or not. This resolves multiple issues
|
||
with bond0 properties not being applied, when bond0 is configured
|
||
with systemd-networkd. Distributors may choose to not package this,
|
||
however in that case users will be prevented from correctly managing
|
||
bond0 interface using systemd-networkd.
|
||
|
||
* systemd-analyze gained new verbs "get-log-level" and "get-log-target"
|
||
which print the logging level and target of the system manager. They
|
||
complement the existing "set-log-level" and "set-log-target" verbs
|
||
used to change those values.
|
||
|
||
* journald.conf gained a new boolean setting ReadKMsg= which defaults
|
||
to on. If turned off kernel log messages will not be read by
|
||
systemd-journald or included in the logs. It also gained a new
|
||
setting LineMax= for configuring the maximum line length in
|
||
STDOUT/STDERR log streams. The new default for this value is 48K, up
|
||
from the previous hardcoded 2048.
|
||
|
||
* A new unit setting RuntimeDirectoryPreserve= has been added, which
|
||
allows more detailed control of what to do with a runtime directory
|
||
configured with RuntimeDirectory= (i.e. a directory below /run or
|
||
$XDG_RUNTIME_DIR) after a unit is stopped.
|
||
|
||
* The RuntimeDirectory= setting for units gained support for creating
|
||
deeper subdirectories below /run or $XDG_RUNTIME_DIR, instead of just
|
||
one top-level directory.
|
||
|
||
* Units gained new options StateDirectory=, CacheDirectory=,
|
||
LogsDirectory= and ConfigurationDirectory= which are closely related
|
||
to RuntimeDirectory= but manage per-service directories below
|
||
/var/lib, /var/cache, /var/log and /etc. By making use of them it is
|
||
possible to write unit files which when activated automatically gain
|
||
properly owned service specific directories in these locations, thus
|
||
making unit files self-contained and increasing compatibility with
|
||
stateless systems and factory reset where /etc or /var are
|
||
unpopulated at boot. Matching these new settings there's also
|
||
StateDirectoryMode=, CacheDirectoryMode=, LogsDirectoryMode=,
|
||
ConfigurationDirectoryMode= for configuring the access mode of these
|
||
directories. These settings are particularly useful in combination
|
||
with DynamicUser=yes as they provide secure, properly-owned,
|
||
writable, and stateful locations for storage, excluded from the
|
||
sandbox that such services live in otherwise.
|
||
|
||
* Automake support has been removed from this release. systemd is now
|
||
Meson-only.
|
||
|
||
* systemd-journald will now aggressively cache client metadata during
|
||
runtime, speeding up log write performance under pressure. This comes
|
||
at a small price though: as much of the metadata is read
|
||
asynchronously from /proc/ (and isn't implicitly attached to log
|
||
datagrams by the kernel, like UID/GID/PID/SELinux are) this means the
|
||
metadata stored alongside a log entry might be slightly
|
||
out-of-date. Previously it could only be slightly newer than the log
|
||
message. The time window is small however, and given that the kernel
|
||
is unlikely to be improved anytime soon in this regard, this appears
|
||
acceptable to us.
|
||
|
||
* nss-myhostname/systemd-resolved will now by default synthesize an
|
||
A/AAAA resource record for the "_gateway" hostname, pointing to the
|
||
current default IP gateway. Previously it did that for the "gateway"
|
||
name, hampering adoption, as some distributions wanted to leave that
|
||
hostname open for local use. The old behaviour may still be
|
||
requested at build time.
|
||
|
||
* systemd-networkd's [Address] section in .network files gained a new
|
||
Scope= setting for configuring the IP address scope. The [Network]
|
||
section gained a new boolean setting ConfigureWithoutCarrier= that
|
||
tells systemd-networkd to ignore link sensing when configuring the
|
||
device. The [DHCP] section gained a new Anonymize= boolean option for
|
||
turning on a number of options suggested in RFC 7844. A new
|
||
[RoutingPolicyRule] section has been added for configuring the IP
|
||
routing policy. The [Route] section has gained support for a new
|
||
Type= setting which permits configuring
|
||
blackhole/unreachable/prohibit routes.
|
||
|
||
* The [VRF] section in .netdev files gained a new Table= setting for
|
||
configuring the routing table to use. The [Tunnel] section gained a
|
||
new Independent= boolean field for configuring tunnels independent of
|
||
an underlying network interface. The [Bridge] section gained a new
|
||
GroupForwardMask= option for configuration of propagation of link
|
||
local frames between bridge ports.
|
||
|
||
* The WakeOnLan= setting in .link files gained support for a number of
|
||
new modes. A new TCP6SegmentationOffload= setting has been added for
|
||
configuring TCP/IPv6 hardware segmentation offload.
|
||
|
||
* The IPv6 RA sender implementation may now optionally send out RDNSS
|
||
and RDNSSL records to supply DNS configuration to peers.
|
||
|
||
* systemd-nspawn gained support for a new --system-call-filter= command
|
||
line option for adding and removing entries in the default system
|
||
call filter it applies. Moreover systemd-nspawn has been changed to
|
||
implement a system call allow list instead of a deny list.
|
||
|
||
* systemd-run gained support for a new --pipe command line option. If
|
||
used the STDIN/STDOUT/STDERR file descriptors passed to systemd-run
|
||
are directly passed on to the activated transient service
|
||
executable. This allows invoking arbitrary processes as systemd
|
||
services (for example to take benefit of dependency management,
|
||
accounting management, resource management or log management that is
|
||
done automatically for services) — while still allowing them to be
|
||
integrated in a classic UNIX shell pipeline.
|
||
|
||
* When a service sends RELOAD=1 via sd_notify() and reload propagation
|
||
using ReloadPropagationTo= is configured, a reload is now propagated
|
||
to configured units. (Previously this was only done on explicitly
|
||
requested reloads, using "systemctl reload" or an equivalent
|
||
command.)
|
||
|
||
* For each service unit a restart counter is now kept: it is increased
|
||
each time the service is restarted due to Restart=, and may be
|
||
queried using "systemctl show -p NRestarts …".
|
||
|
||
* New system call filter groups @aio, @sync, @chown, @setuid, @memlock,
|
||
@signal and @timer have been added, for usage with SystemCallFilter=
|
||
in unit files and the new --system-call-filter= command line option
|
||
of systemd-nspawn (see above).
|
||
|
||
* ExecStart= lines in unit files gained two new modifiers: when a
|
||
command line is prefixed with "!" the command will be executed as
|
||
configured, except for the credentials applied by
|
||
setuid()/setgid()/setgroups(). It is very similar to the pre-existing
|
||
"+", but does still apply namespacing options unlike "+". There's
|
||
also "!!" now, which is mostly identical, but becomes a NOP on
|
||
systems that support ambient capabilities. This is useful to write
|
||
unit files that work with ambient capabilities where possible but
|
||
automatically fall back to traditional privilege dropping mechanisms
|
||
on systems where this is not supported.
|
||
|
||
* ListenNetlink= settings in socket units now support RDMA netlink
|
||
sockets.
|
||
|
||
* A new unit file setting LockPersonality= has been added which permits
|
||
locking down the chosen execution domain ("personality") of a service
|
||
during runtime.
|
||
|
||
* A new special target "getty-pre.target" has been added, which is
|
||
ordered before all text logins, and may be used to order services
|
||
before textual logins acquire access to the console.
|
||
|
||
* systemd will now attempt to load the virtio-rng.ko kernel module very
|
||
early on if a VM environment supporting this is detected. This should
|
||
improve entropy during early boot in virtualized environments.
|
||
|
||
* A _netdev option is now supported in /etc/crypttab that operates in a
|
||
similar way as the same option in /etc/fstab: it permits configuring
|
||
encrypted devices that need to be ordered after the network is up.
|
||
Following this logic, two new special targets
|
||
remote-cryptsetup-pre.target and remote-cryptsetup.target have been
|
||
added that are to cryptsetup.target what remote-fs.target and
|
||
remote-fs-pre.target are to local-fs.target.
|
||
|
||
* Service units gained a new UnsetEnvironment= setting which permits
|
||
unsetting specific environment variables for services that are
|
||
normally passed to it (for example in order to mask out locale
|
||
settings for specific services that can't deal with it).
|
||
|
||
* Units acquired a new boolean option IPAccounting=. When turned on, IP
|
||
traffic accounting (packet count as well as byte count) is done for
|
||
the service, and shown as part of "systemctl status" or "systemd-run
|
||
--wait".
|
||
|
||
* Service units acquired two new options IPAddressAllow= and
|
||
IPAddressDeny=, taking a list of IPv4 or IPv6 addresses and masks,
|
||
for configuring a simple IP access control list for all sockets of
|
||
the unit. These options are available also on .slice and .socket
|
||
units, permitting flexible access list configuration for individual
|
||
services as well as groups of services (as defined by a slice unit),
|
||
including system-wide. Note that IP ACLs configured this way are
|
||
enforced on every single IPv4 and IPv6 socket created by any process
|
||
of the service unit, and apply to ingress as well as egress traffic.
|
||
|
||
* If CPUAccounting= or IPAccounting= is turned on for a unit a new
|
||
structured log message is generated each time the unit is stopped,
|
||
containing information about the consumed resources of this
|
||
invocation.
|
||
|
||
* A new setting KeyringMode= has been added to unit files, which may be
|
||
used to control how the kernel keyring is set up for executed
|
||
processes.
|
||
|
||
* "systemctl poweroff", "systemctl reboot", "systemctl halt",
|
||
"systemctl kexec" and "systemctl exit" are now always asynchronous in
|
||
behaviour (that is: these commands return immediately after the
|
||
operation was enqueued instead of waiting for the operation to
|
||
complete). Previously, "systemctl poweroff" and "systemctl reboot"
|
||
were asynchronous on systems using systemd-logind (i.e. almost
|
||
always, and like they were on sysvinit), and the other three commands
|
||
were unconditionally synchronous. With this release this is cleaned
|
||
up, and callers will see the same asynchronous behaviour on all
|
||
systems for all five operations.
|
||
|
||
* systemd-logind gained new Halt() and CanHalt() bus calls for halting
|
||
the system.
|
||
|
||
* .timer units now accept calendar specifications in other timezones
|
||
than UTC or the local timezone.
|
||
|
||
* The tmpfiles snippet var.conf has been changed to create
|
||
/var/log/btmp with access mode 0660 instead of 0600. It was owned by
|
||
the "utmp" group already, and it appears to be generally understood
|
||
that members of "utmp" can modify/flush the utmp/wtmp/lastlog/btmp
|
||
databases. Previously this was implemented correctly for all these
|
||
databases excepts btmp, which has been opened up like this now
|
||
too. Note that while the other databases are world-readable
|
||
(i.e. 0644), btmp is not and remains more restrictive.
|
||
|
||
* The systemd-resolve tool gained a new --reset-server-features
|
||
switch. When invoked like this systemd-resolved will forget
|
||
everything it learnt about the features supported by the configured
|
||
upstream DNS servers, and restarts the feature probing logic on the
|
||
next resolver look-up for them at the highest feature level
|
||
again.
|
||
|
||
* The status dump systemd-resolved sends to the logs upon receiving
|
||
SIGUSR1 now also includes information about all DNS servers it is
|
||
configured to use, and the features levels it probed for them.
|
||
|
||
Contributions from: Abdó Roig-Maranges, Alan Jenkins, Alexander
|
||
Kuleshov, Andreas Rammhold, Andrew Jeddeloh, Andrew Soutar, Ansgar
|
||
Burchardt, Beniamino Galvani, Benjamin Berg, Benjamin Robin, Charles
|
||
Huber, Christian Hesse, Daniel Berrange, Daniel Kahn Gillmor, Daniel
|
||
Mack, Daniel Rusek, Daniel Șerbănescu, Davide Cavalca, Dimitri John
|
||
Ledkov, Diogo Pereira, Djalal Harouni, Dmitriy Geels, Dmitry Torokhov,
|
||
ettavolt, Evgeny Vereshchagin, Fabio Kung, Felipe Sateler, Franck Bui,
|
||
Hans de Goede, Harald Hoyer, Insun Pyo, Ivan Kurnosov, Ivan Shapovalov,
|
||
Jakub Wilk, Jan Synacek, Jason Gunthorpe, Jeremy Bicha, Jérémy Rosen,
|
||
John Lin, jonasBoss, Jonathan Lebon, Jonathan Teh, Jon Ringle, Jörg
|
||
Thalheim, Jouke Witteveen, juga0, Justin Capella, Justin Michaud,
|
||
Kai-Heng Feng, Lennart Poettering, Lion Yang, Luca Bruno, Lucas
|
||
Werkmeister, Lukáš Nykrýn, Marcel Hollerbach, Marcus Lundblad, Martin
|
||
Pitt, Michael Biebl, Michael Grzeschik, Michal Sekletar, Mike Gilbert,
|
||
Neil Brown, Nicolas Iooss, Patrik Flykt, pEJipE, Piotr Drąg, Russell
|
||
Stuart, S. Fan, Shengyao Xue, Stefan Pietsch, Susant Sahani, Tejun Heo,
|
||
Thomas Miller, Thomas Sailer, Tobias Hunger, Tomasz Pala, Tom
|
||
Gundersen, Tommi Rantala, Topi Miettinen, Torstein Husebø, userwithuid,
|
||
Vasilis Liaskovitis, Vito Caputo, WaLyong Cho, William Douglas, Xiang
|
||
Fan, Yu Watanabe, Zbigniew Jędrzejewski-Szmek
|
||
|
||
— Berlin, 2017-10-06
|
||
|
||
CHANGES WITH 234:
|
||
|
||
* Meson is now supported as build system in addition to Automake. It is
|
||
our plan to remove Automake in one of our next releases, so that
|
||
Meson becomes our exclusive build system. Hence, please start using
|
||
the Meson build system in your downstream packaging. There's plenty
|
||
of documentation around how to use Meson, the extremely brief
|
||
summary:
|
||
|
||
./autogen.sh && ./configure && make && sudo make install
|
||
|
||
becomes:
|
||
|
||
meson build && ninja -C build && sudo ninja -C build install
|
||
|
||
* Unit files gained support for a new JobRunningTimeoutUSec= setting,
|
||
which permits configuring a timeout on the time a job is
|
||
running. This is particularly useful for setting timeouts on jobs for
|
||
.device units.
|
||
|
||
* Unit files gained two new options ConditionUser= and ConditionGroup=
|
||
for conditionalizing units based on the identity of the user/group
|
||
running a systemd user instance.
|
||
|
||
* systemd-networkd now understands a new FlowLabel= setting in the
|
||
[VXLAN] section of .network files, as well as a Priority= in
|
||
[Bridge], GVRP= + MVRP= + LooseBinding= + ReorderHeader= in [VLAN]
|
||
and GatewayOnlink= + IPv6Preference= + Protocol= in [Route]. It also
|
||
gained support for configuration of GENEVE links, and IPv6 address
|
||
labels. The [Network] section gained the new IPv6ProxyNDP= setting.
|
||
|
||
* .link files now understand a new Port= setting.
|
||
|
||
* systemd-networkd's DHCP support gained support for DHCP option 119
|
||
(domain search list).
|
||
|
||
* systemd-networkd gained support for serving IPv6 address ranges using
|
||
the Router Advertisement protocol. The new .network configuration
|
||
section [IPv6Prefix] may be used to configure the ranges to
|
||
serve. This is implemented based on a new, minimal, native server
|
||
implementation of RA.
|
||
|
||
* journalctl's --output= switch gained support for a new parameter
|
||
"short-iso-precise" for a mode where timestamps are shown as precise
|
||
ISO date values.
|
||
|
||
* systemd-udevd's "net_id" builtin may now generate stable network
|
||
interface names from IBM PowerVM VIO devices as well as ACPI platform
|
||
devices.
|
||
|
||
* MulticastDNS support in systemd-resolved may now be explicitly
|
||
enabled/disabled using the new MulticastDNS= configuration file
|
||
option.
|
||
|
||
* systemd-resolved may now optionally use libidn2 instead of the libidn
|
||
for processing internationalized domain names. Support for libidn2
|
||
should be considered experimental and should not be enabled by
|
||
default yet.
|
||
|
||
* "machinectl pull-tar" and related call may now do verification of
|
||
downloaded images using SUSE-style .sha256 checksum files in addition
|
||
to the already existing support for validating using Ubuntu-style
|
||
SHA256SUMS files.
|
||
|
||
* sd-bus gained support for a new sd_bus_message_appendv() call which
|
||
is va_list equivalent of sd_bus_message_append().
|
||
|
||
* sd-boot gained support for validating images using SHIM/MOK.
|
||
|
||
* The SMACK code learnt support for "onlycap".
|
||
|
||
* systemd-mount --umount is now much smarter in figuring out how to
|
||
properly unmount a device given its mount or device path.
|
||
|
||
* The code to call libnss_dns as a fallback from libnss_resolve when
|
||
the communication with systemd-resolved fails was removed. This
|
||
fallback was redundant and interfered with the [!UNAVAIL=return]
|
||
suffix. See nss-resolve(8) for the recommended configuration.
|
||
|
||
* systemd-logind may now be restarted without losing state. It stores
|
||
the file descriptors for devices it manages in the system manager
|
||
using the FDSTORE= mechanism. Please note that further changes in
|
||
other components may be required to make use of this (for example
|
||
Xorg has code to listen for stops of systemd-logind and terminate
|
||
itself when logind is stopped or restarted, in order to avoid using
|
||
stale file descriptors for graphical devices, which is now
|
||
counterproductive and must be reverted in order for restarts of
|
||
systemd-logind to be safe. See
|
||
https://cgit.freedesktop.org/xorg/xserver/commit/?id=dc48bd653c7e101.)
|
||
|
||
* All kernel-install plugins are called with the environment variable
|
||
KERNEL_INSTALL_MACHINE_ID which is set to the machine ID given by
|
||
/etc/machine-id. If the machine ID could not be determined,
|
||
$KERNEL_INSTALL_MACHINE_ID will be empty. Plugins should not put
|
||
anything in the entry directory (passed as the second argument) if
|
||
$KERNEL_INSTALL_MACHINE_ID is empty. For backwards compatibility, a
|
||
temporary directory is passed as the entry directory and removed
|
||
after all the plugins exit.
|
||
|
||
* If KERNEL_INSTALL_MACHINE_ID is set in /etc/machine-info, kernel-install
|
||
will now use its value as the machine ID instead of the machine ID
|
||
from /etc/machine-id. If KERNEL_INSTALL_MACHINE_ID isn't set in
|
||
/etc/machine-info and no machine ID is set in /etc/machine-id,
|
||
kernel-install will try to store the current machine ID there as
|
||
KERNEL_INSTALL_MACHINE_ID. If there is no machine ID, kernel-install
|
||
will generate a new UUID, store it in /etc/machine-info as
|
||
KERNEL_INSTALL_MACHINE_ID and use it as the machine ID.
|
||
|
||
Contributions from: Adrian Heine né Lang, Aggelos Avgerinos, Alexander
|
||
Kurtz, Alexandros Frantzis, Alexey Brodkin, Alex Lu, Amir Pakdel, Amir
|
||
Yalon, Anchor Cat, Anthony Parsons, Bastien Nocera, Benjamin Gilbert,
|
||
Benjamin Robin, Boucman, Charles Plessy, Chris Chiu, Chris Lamb,
|
||
Christian Brauner, Christian Hesse, Colin Walters, Daniel Drake,
|
||
Danielle Church, Daniel Molkentin, Daniel Rusek, Daniel Wang, Davide
|
||
Cavalca, David Herrmann, David Michael, Dax Kelson, Dimitri John
|
||
Ledkov, Djalal Harouni, Dušan Kazik, Elias Probst, Evgeny Vereshchagin,
|
||
Federico Di Pierro, Felipe Sateler, Felix Zhang, Franck Bui, Gary
|
||
Tierney, George McCollister, Giedrius Statkevičius, Hans de Goede,
|
||
hecke, Hendrik Westerberg, Hristo Venev, Ian Wienand, Insun Pyo, Ivan
|
||
Shapovalov, James Cowgill, James Hemsing, Janne Heß, Jan Synacek, Jason
|
||
Reeder, João Paulo Rechi Vita, John Paul Adrian Glaubitz, Jörg
|
||
Thalheim, Josef Andersson, Josef Gajdusek, Julian Mehne, Kai Krakow,
|
||
Krzysztof Jackiewicz, Lars Karlitski, Lennart Poettering, Lluís Gili,
|
||
Lucas Werkmeister, Lukáš Nykrýn, Łukasz Stelmach, Mantas Mikulėnas,
|
||
Marcin Bachry, Marcus Cooper, Mark Stosberg, Martin Pitt, Matija Skala,
|
||
Matt Clarkson, Matthew Garrett, Matthias Greiner, Matthijs van Duin,
|
||
Max Resch, Michael Biebl, Michal Koutný, Michal Sekletar, Michal
|
||
Soltys, Michal Suchanek, Mike Gilbert, Nate Clark, Nathaniel R. Lewis,
|
||
Neil Brown, Nikolai Kondrashov, Pascal S. de Kloe, Pat Riehecky, Patrik
|
||
Flykt, Paul Kocialkowski, Peter Hutterer, Philip Withnall, Piotr
|
||
Szydełko, Rafael Fontenelle, Ray Strode, Richard Maw, Roelf Wichertjes,
|
||
Ronny Chevalier, Sarang S. Dalal, Sjoerd Simons, slodki, Stefan
|
||
Schweter, Susant Sahani, Ted Wood, Thomas Blume, Thomas Haller, Thomas
|
||
H. P. Andersen, Timothée Ravier, Tobias Jungel, Tobias Stoeckmann, Tom
|
||
Gundersen, Tom Yan, Torstein Husebø, Umut Tezduyar Lindskog,
|
||
userwithuid, Vito Caputo, Waldemar Brodkorb, WaLyong Cho, Yu, Li-Yu,
|
||
Yusuke Nojima, Yu Watanabe, Zbigniew Jędrzejewski-Szmek, Дамјан
|
||
Георгиевски
|
||
|
||
— Berlin, 2017-07-12
|
||
|
||
CHANGES WITH 233:
|
||
|
||
* The "hybrid" control group mode has been modified to improve
|
||
compatibility with "legacy" cgroups-v1 setups. Specifically, the
|
||
"hybrid" setup of /sys/fs/cgroup is now pretty much identical to
|
||
"legacy" (including /sys/fs/cgroup/systemd as "name=systemd" named
|
||
cgroups-v1 hierarchy), the only externally visible change being that
|
||
the cgroups-v2 hierarchy is also mounted, to
|
||
/sys/fs/cgroup/unified. This should provide a large degree of
|
||
compatibility with "legacy" cgroups-v1, while taking benefit of the
|
||
better management capabilities of cgroups-v2.
|
||
|
||
* The default control group setup mode may be selected both a boot-time
|
||
via a set of kernel command line parameters (specifically:
|
||
systemd.unified_cgroup_hierarchy= and
|
||
systemd.legacy_systemd_cgroup_controller=), as well as a compile-time
|
||
default selected on the configure command line
|
||
(--with-default-hierarchy=). The upstream default is "hybrid"
|
||
(i.e. the cgroups-v1 + cgroups-v2 mixture discussed above) now, but
|
||
this will change in a future systemd version to be "unified" (pure
|
||
cgroups-v2 mode). The third option for the compile time option is
|
||
"legacy", to enter pure cgroups-v1 mode. We recommend downstream
|
||
distributions to default to "hybrid" mode for release distributions,
|
||
starting with v233. We recommend "unified" for development
|
||
distributions (specifically: distributions such as Fedora's rawhide)
|
||
as that's where things are headed in the long run. Use "legacy" for
|
||
greatest stability and compatibility only.
|
||
|
||
* Note one current limitation of "unified" and "hybrid" control group
|
||
setup modes: the kernel currently does not permit the systemd --user
|
||
instance (i.e. unprivileged code) to migrate processes between two
|
||
disconnected cgroup subtrees, even if both are managed and owned by
|
||
the user. This effectively means "systemd-run --user --scope" doesn't
|
||
work when invoked from outside of any "systemd --user" service or
|
||
scope. Specifically, it is not supported from session scopes. We are
|
||
working on fixing this in a future systemd version. (See #3388 for
|
||
further details about this.)
|
||
|
||
* DBus policy files are now installed into /usr rather than /etc. Make
|
||
sure your system has dbus >= 1.9.18 running before upgrading to this
|
||
version, or override the install path with --with-dbuspolicydir= .
|
||
|
||
* All python scripts shipped with systemd (specifically: the various
|
||
tests written in Python) now require Python 3.
|
||
|
||
* systemd unit tests can now run standalone (without the source or
|
||
build directories), and can be installed into /usr/lib/systemd/tests/
|
||
with 'make install-tests'.
|
||
|
||
* Note that from this version on, CONFIG_CRYPTO_USER_API_HASH,
|
||
CONFIG_CRYPTO_HMAC and CONFIG_CRYPTO_SHA256 need to be enabled in the
|
||
kernel.
|
||
|
||
* Support for the %c, %r, %R specifiers in unit files has been
|
||
removed. Specifiers are not supposed to be dependent on configuration
|
||
in the unit file itself (so that they resolve the same regardless
|
||
where used in the unit files), but these specifiers were influenced
|
||
by the Slice= option.
|
||
|
||
* The shell invoked by debug-shell.service now defaults to /bin/sh in
|
||
all cases. If distributions want to use a different shell for this
|
||
purpose (for example Fedora's /sbin/sushell) they need to specify
|
||
this explicitly at configure time using --with-debug-shell=.
|
||
|
||
* The confirmation spawn prompt has been reworked to offer the
|
||
following choices:
|
||
|
||
(c)ontinue, proceed without asking anymore
|
||
(D)ump, show the state of the unit
|
||
(f)ail, don't execute the command and pretend it failed
|
||
(h)elp
|
||
(i)nfo, show a short summary of the unit
|
||
(j)obs, show jobs that are in progress
|
||
(s)kip, don't execute the command and pretend it succeeded
|
||
(y)es, execute the command
|
||
|
||
The 'n' choice for the confirmation spawn prompt has been removed,
|
||
because its meaning was confusing.
|
||
|
||
The prompt may now also be redirected to an alternative console by
|
||
specifying the console as parameter to systemd.confirm_spawn=.
|
||
|
||
* Services of Type=notify require a READY=1 notification to be sent
|
||
during startup. If no such message is sent, the service now fails,
|
||
even if the main process exited with a successful exit code.
|
||
|
||
* Services that fail to start up correctly now always have their
|
||
ExecStopPost= commands executed. Previously, they'd enter "failed"
|
||
state directly, without executing these commands.
|
||
|
||
* The option MulticastDNS= of network configuration files has acquired
|
||
an actual implementation. With MulticastDNS=yes a host can resolve
|
||
names of remote hosts and reply to mDNS A and AAAA requests.
|
||
|
||
* When units are about to be started an additional check is now done to
|
||
ensure that all dependencies of type BindsTo= (when used in
|
||
combination with After=) have been started.
|
||
|
||
* systemd-analyze gained a new verb "syscall-filter" which shows which
|
||
system call groups are defined for the SystemCallFilter= unit file
|
||
setting, and which system calls they contain.
|
||
|
||
* A new system call filter group "@filesystem" has been added,
|
||
consisting of various file system related system calls. Group
|
||
"@reboot" has been added, covering reboot, kexec and shutdown related
|
||
calls. Finally, group "@swap" has been added covering swap
|
||
configuration related calls.
|
||
|
||
* A new unit file option RestrictNamespaces= has been added that may be
|
||
used to restrict access to the various process namespace types the
|
||
Linux kernel provides. Specifically, it may be used to take away the
|
||
right for a service unit to create additional file system, network,
|
||
user, and other namespaces. This sandboxing option is particularly
|
||
relevant due to the high amount of recently discovered namespacing
|
||
related vulnerabilities in the kernel.
|
||
|
||
* systemd-udev's .link files gained support for a new AutoNegotiation=
|
||
setting for configuring Ethernet auto-negotiation.
|
||
|
||
* systemd-networkd's .network files gained support for a new
|
||
ListenPort= setting in the [DHCP] section to explicitly configure the
|
||
UDP client port the DHCP client shall listen on.
|
||
|
||
* .network files gained a new Unmanaged= boolean setting for explicitly
|
||
excluding one or more interfaces from management by systemd-networkd.
|
||
|
||
* The systemd-networkd ProxyARP= option has been renamed to
|
||
IPV4ProxyARP=. Similarly, VXLAN-specific option ARPProxy= has been
|
||
renamed to ReduceARPProxy=. The old names continue to be available
|
||
for compatibility.
|
||
|
||
* systemd-networkd gained support for configuring IPv6 Proxy NDP
|
||
addresses via the new IPv6ProxyNDPAddress= .network file setting.
|
||
|
||
* systemd-networkd's bonding device support gained support for two new
|
||
configuration options ActiveSlave= and PrimarySlave=.
|
||
|
||
* The various options in the [Match] section of .network files gained
|
||
support for negative matching.
|
||
|
||
* New systemd-specific mount options are now understood in /etc/fstab:
|
||
|
||
x-systemd.mount-timeout= may be used to configure the maximum
|
||
permitted runtime of the mount command.
|
||
|
||
x-systemd.device-bound may be set to bind a mount point to its
|
||
backing device unit, in order to automatically remove a mount point
|
||
if its backing device is unplugged. This option may also be
|
||
configured through the new SYSTEMD_MOUNT_DEVICE_BOUND udev property
|
||
on the block device, which is now automatically set for all CDROM
|
||
drives, so that mounted CDs are automatically unmounted when they are
|
||
removed from the drive.
|
||
|
||
x-systemd.after= and x-systemd.before= may be used to explicitly
|
||
order a mount after or before another unit or mount point.
|
||
|
||
* Enqueued start jobs for device units are now automatically garbage
|
||
collected if there are no jobs waiting for them anymore.
|
||
|
||
* systemctl list-jobs gained two new switches: with --after, for every
|
||
queued job the jobs it's waiting for are shown; with --before the
|
||
jobs which it's blocking are shown.
|
||
|
||
* systemd-nspawn gained support for ephemeral boots from disk images
|
||
(or in other words: --ephemeral and --image= may now be
|
||
combined). Moreover, ephemeral boots are now supported for normal
|
||
directories, even if the backing file system is not btrfs. Of course,
|
||
if the file system does not support file system snapshots or
|
||
reflinks, the initial copy operation will be relatively expensive, but
|
||
this should still be suitable for many use cases.
|
||
|
||
* Calendar time specifications in .timer units now support
|
||
specifications relative to the end of a month by using "~" instead of
|
||
"-" as separator between month and day. For example, "*-02~03" means
|
||
"the third last day in February". In addition a new syntax for
|
||
repeated events has been added using the "/" character. For example,
|
||
"9..17/2:00" means "every two hours from 9am to 5pm".
|
||
|
||
* systemd-socket-proxyd gained a new parameter --connections-max= for
|
||
configuring the maximum number of concurrent connections.
|
||
|
||
* sd-id128 gained a new API for generating unique IDs for the host in a
|
||
way that does not leak the machine ID. Specifically,
|
||
sd_id128_get_machine_app_specific() derives an ID based on the
|
||
machine ID in a well-defined, non-reversible, stable way. This is
|
||
useful whenever an identifier for the host is needed but where the
|
||
identifier shall not be useful to identify the system beyond the
|
||
scope of the application itself. (Internally this uses HMAC-SHA256 as
|
||
keyed hash function using the machine ID as input.)
|
||
|
||
* NotifyAccess= gained a new supported value "exec". When set
|
||
notifications are accepted from all processes systemd itself invoked,
|
||
including all control processes.
|
||
|
||
* .nspawn files gained support for defining overlay mounts using the
|
||
Overlay= and OverlayReadOnly= options. Previously this functionality
|
||
was only available on the systemd-nspawn command line.
|
||
|
||
* systemd-nspawn's --bind= and --overlay= options gained support for
|
||
bind/overlay mounts whose source lies within the container tree by
|
||
prefixing the source path with "+".
|
||
|
||
* systemd-nspawn's --bind= and --overlay= options gained support for
|
||
automatically allocating a temporary source directory in /var/tmp
|
||
that is removed when the container dies. Specifically, if the source
|
||
directory is specified as empty string this mechanism is selected. An
|
||
example usage is --overlay=+/var::/var, which creates an overlay
|
||
mount based on the original /var contained in the image, overlaid
|
||
with a temporary directory in the host's /var/tmp. This way changes
|
||
to /var are automatically flushed when the container shuts down.
|
||
|
||
* systemd-nspawn --image= option does now permit raw file system block
|
||
devices (in addition to images containing partition tables, as
|
||
before).
|
||
|
||
* The disk image dissection logic in systemd-nspawn gained support for
|
||
automatically setting up LUKS encrypted as well as Verity protected
|
||
partitions. When a container is booted from an encrypted image the
|
||
passphrase is queried at start-up time. When a container with Verity
|
||
data is started, the root hash is search in a ".roothash" file
|
||
accompanying the disk image (alternatively, pass the root hash via
|
||
the new --root-hash= command line option).
|
||
|
||
* A new tool /usr/lib/systemd/systemd-dissect has been added that may
|
||
be used to dissect disk images the same way as systemd-nspawn does
|
||
it, following the Bootable Partition Specification. It may even be
|
||
used to mount disk images with complex partition setups (including
|
||
LUKS and Verity partitions) to a local host directory, in order to
|
||
inspect them. This tool is not considered public API (yet), and is
|
||
thus not installed into /usr/bin. Please do not rely on its
|
||
existence, since it might go away or be changed in later systemd
|
||
versions.
|
||
|
||
* A new generator "systemd-verity-generator" has been added, similar in
|
||
style to "systemd-cryptsetup-generator", permitting automatic setup of
|
||
Verity root partitions when systemd boots up. In order to make use of
|
||
this your partition setup should follow the Discoverable Partitions
|
||
Specification, and the GPT partition ID of the root file system
|
||
partition should be identical to the upper 128-bit of the Verity root
|
||
hash. The GPT partition ID of the Verity partition protecting it
|
||
should be the lower 128-bit of the Verity root hash. If the partition
|
||
image follows this model it is sufficient to specify a single
|
||
"roothash=" kernel command line argument to both configure which root
|
||
image and verity partition to use as well as the root hash for
|
||
it. Note that systemd-nspawn's Verity support follows the same
|
||
semantics, meaning that disk images with proper Verity data in place
|
||
may be booted in containers with systemd-nspawn as well as on
|
||
physical systems via the verity generator. Also note that the "mkosi"
|
||
tool available at https://github.com/systemd/mkosi has been updated
|
||
to generate Verity protected disk images following this scheme. In
|
||
fact, it has been updated to generate disk images that optionally
|
||
implement a complete UEFI SecureBoot trust chain, involving a signed
|
||
kernel and initrd image that incorporates such a root hash as well as
|
||
a Verity-enabled root partition.
|
||
|
||
* The hardware database (hwdb) udev supports has been updated to carry
|
||
accelerometer quirks.
|
||
|
||
* All system services are now run with a fresh kernel keyring set up
|
||
for them. The invocation ID is stored by default in it, thus
|
||
providing a safe, non-overridable way to determine the invocation
|
||
ID of each service.
|
||
|
||
* Service unit files gained new BindPaths= and BindReadOnlyPaths=
|
||
options for bind mounting arbitrary paths in a service-specific
|
||
way. When these options are used, arbitrary host or service files and
|
||
directories may be mounted to arbitrary locations in the service's
|
||
view.
|
||
|
||
* Documentation has been added that lists all of systemd's low-level
|
||
environment variables:
|
||
|
||
https://github.com/systemd/systemd/blob/master/docs/ENVIRONMENT.md
|
||
|
||
* sd-daemon gained a new API sd_is_socket_sockaddr() for determining
|
||
whether a specific socket file descriptor matches a specified socket
|
||
address.
|
||
|
||
* systemd-firstboot has been updated to check for the
|
||
systemd.firstboot= kernel command line option. It accepts a boolean
|
||
and when set to false the first boot questions are skipped.
|
||
|
||
* systemd-fstab-generator has been updated to check for the
|
||
systemd.volatile= kernel command line option, which either takes an
|
||
optional boolean parameter or the special value "state". If used the
|
||
system may be booted in a "volatile" boot mode. Specifically,
|
||
"systemd.volatile" is used, the root directory will be mounted as
|
||
tmpfs, and only /usr is mounted from the actual root file system. If
|
||
"systemd.volatile=state" is used, the root directory will be mounted
|
||
as usual, but /var is mounted as tmpfs. This concept provides similar
|
||
functionality as systemd-nspawn's --volatile= option, but provides it
|
||
on physical boots. Use this option for implementing stateless
|
||
systems, or testing systems with all state and/or configuration reset
|
||
to the defaults. (Note though that many distributions are not
|
||
prepared to boot up without a populated /etc or /var, though.)
|
||
|
||
* systemd-gpt-auto-generator gained support for LUKS encrypted root
|
||
partitions. Previously it only supported LUKS encrypted partitions
|
||
for all other uses, except for the root partition itself.
|
||
|
||
* Socket units gained support for listening on AF_VSOCK sockets for
|
||
communication in virtualized QEMU environments.
|
||
|
||
* The "configure" script gained a new option --with-fallback-hostname=
|
||
for specifying the fallback hostname to use if none is configured in
|
||
/etc/hostname. For example, by specifying
|
||
--with-fallback-hostname=fedora it is possible to default to a
|
||
hostname of "fedora" on pristine installations.
|
||
|
||
* systemd-cgls gained support for a new --unit= switch for listing only
|
||
the control groups of a specific unit. Similar --user-unit= has been
|
||
added for listing only the control groups of a specific user unit.
|
||
|
||
* systemd-mount gained a new --umount switch for unmounting a mount or
|
||
automount point (and all mount/automount points below it).
|
||
|
||
* systemd will now refuse full configuration reloads (via systemctl
|
||
daemon-reload and related calls) unless at least 16MiB of free space
|
||
are available in /run. This is a safety precaution in order to ensure
|
||
that generators can safely operate after the reload completed.
|
||
|
||
* A new unit file option RootImage= has been added, which has a similar
|
||
effect as RootDirectory= but mounts the service's root directory from
|
||
a disk image instead of plain directory. This logic reuses the same
|
||
image dissection and mount logic that systemd-nspawn already uses,
|
||
and hence supports any disk images systemd-nspawn supports, including
|
||
those following the Discoverable Partition Specification, as well as
|
||
Verity enabled images. This option enables systemd to run system
|
||
services directly off disk images acting as resource bundles,
|
||
possibly even including full integrity data.
|
||
|
||
* A new MountAPIVFS= unit file option has been added, taking a boolean
|
||
argument. If enabled /proc, /sys and /dev (collectively called the
|
||
"API VFS") will be mounted for the service. This is only relevant if
|
||
RootDirectory= or RootImage= is used for the service, as these mounts
|
||
are of course in place in the host mount namespace anyway.
|
||
|
||
* systemd-nspawn gained support for a new --pivot-root= switch. If
|
||
specified the root directory within the container image is pivoted to
|
||
the specified mount point, while the original root disk is moved to a
|
||
different place. This option enables booting of ostree images
|
||
directly with systemd-nspawn.
|
||
|
||
* The systemd build scripts will no longer complain if the NTP server
|
||
addresses are not changed from the defaults. Google now supports
|
||
these NTP servers officially. We still recommend downstreams to
|
||
properly register an NTP pool with the NTP pool project though.
|
||
|
||
* coredumpctl gained a new "--reverse" option for printing the list
|
||
of coredumps in reverse order.
|
||
|
||
* coredumpctl will now show additional information about truncated and
|
||
inaccessible coredumps, as well as coredumps that are still being
|
||
processed. It also gained a new --quiet switch for suppressing
|
||
additional informational message in its output.
|
||
|
||
* coredumpctl gained support for only showing coredumps newer and/or
|
||
older than specific timestamps, using the new --since= and --until=
|
||
options, reminiscent of journalctl's options by the same name.
|
||
|
||
* The systemd-coredump logic has been improved so that it may be reused
|
||
to collect backtraces in non-compiled languages, for example in
|
||
scripting languages such as Python.
|
||
|
||
* machinectl will now show the UID shift of local containers, if user
|
||
namespacing is enabled for them.
|
||
|
||
* systemd will now optionally run "environment generator" binaries at
|
||
configuration load time. They may be used to add environment
|
||
variables to the environment block passed to services invoked. One
|
||
user environment generator is shipped by default that sets up
|
||
environment variables based on files dropped into /etc/environment.d
|
||
and ~/.config/environment.d/.
|
||
|
||
* systemd-resolved now includes the new, recently published 2017 DNSSEC
|
||
root key (KSK).
|
||
|
||
* hostnamed has been updated to report a new chassis type of
|
||
"convertible" to cover "foldable" laptops that can both act as a
|
||
tablet and as a laptop, such as various Lenovo Yoga devices.
|
||
|
||
Contributions from: Adrián López, Alexander Galanin, Alexander
|
||
Kochetkov, Alexandros Frantzis, Andrey Ulanov, Antoine Eiche, Baruch
|
||
Siach, Bastien Nocera, Benjamin Robin, Björn, Brandon Philips, Cédric
|
||
Schieli, Charles (Chas) Williams, Christian Hesse, Daniele Medri,
|
||
Daniel Drake, Daniel Rusek, Daniel Wagner, Dan Streetman, Dave Reisner,
|
||
David Glasser, David Herrmann, David Michael, Djalal Harouni, Dmitry
|
||
Khlebnikov, Dmitry Rozhkov, Dongsu Park, Douglas Christman, Earnestly,
|
||
Emil Soleyman, Eric Cook, Evgeny Vereshchagin, Felipe Sateler, Fionn
|
||
Cleary, Florian Klink, Francesco Brozzu, Franck Bui, Gabriel Rauter,
|
||
Gianluca Boiano, Giedrius Statkevičius, Graeme Lawes, Hans de Goede,
|
||
Harald Hoyer, Ian Kelling, Ivan Shapovalov, Jakub Wilk, Janne Heß, Jan
|
||
Synacek, Jason Reeder, Jonathan Boulle, Jörg Thalheim, Jouke Witteveen,
|
||
Karl Kraus, Kees Cook, Keith Busch, Kieran Colford, kilian-k, Lennart
|
||
Poettering, Lubomir Rintel, Lucas Werkmeister, Lukas Rusak, Maarten de
|
||
Vries, Maks Naumov, Mantas Mikulėnas, Marc-Andre Lureau, Marcin Bachry,
|
||
Mark Stosberg, Martin Ejdestig, Martin Pitt, Mauricio Faria de
|
||
Oliveira, micah, Michael Biebl, Michael Shields, Michal Schmidt, Michal
|
||
Sekletar, Michel Kraus, Mike Gilbert, Mikko Ylinen, Mirza Krak,
|
||
Namhyung Kim, nikolaof, peoronoob, Peter Hutterer, Peter Körner, Philip
|
||
Withnall, Piotr Drąg, Ray Strode, Reverend Homer, Rike-Benjamin
|
||
Schuppner, Robert Kreuzer, Ronny Chevalier, Ruslan Bilovol, sammynx,
|
||
Sergey Ptashnick, Sergiusz Urbaniak, Stefan Berger, Stefan Hajnoczi,
|
||
Stefan Schweter, Stuart McLaren, Susant Sahani, Sylvain Plantefève,
|
||
Taylor Smock, Tejun Heo, Thomas Blume, Thomas H. P. Andersen, Tibor
|
||
Nagy, Tobias Stoeckmann, Tom Gundersen, Torstein Husebø, Viktar
|
||
Vaŭčkievič, Viktor Mihajlovski, Vitaly Sulimov, Waldemar Brodkorb,
|
||
Walter Garcia-Fontes, Wim de With, Yassine Imounachen, Yi EungJun,
|
||
YunQiang Su, Yu Watanabe, Zbigniew Jędrzejewski-Szmek, Александр
|
||
Тихонов
|
||
|
||
— Berlin, 2017-03-01
|
||
|
||
CHANGES WITH 232:
|
||
|
||
* udev now runs with MemoryDenyWriteExecute=, RestrictRealtime= and
|
||
RestrictAddressFamilies= enabled. These sandboxing options should
|
||
generally be compatible with the various external udev call-out
|
||
binaries we are aware of, however there may be exceptions, in
|
||
particular when exotic languages for these call-outs are used. In
|
||
this case, consider turning off these settings locally.
|
||
|
||
* The new RemoveIPC= option can be used to remove IPC objects owned by
|
||
the user or group of a service when that service exits.
|
||
|
||
* The new ProtectKernelModules= option can be used to disable explicit
|
||
load and unload operations of kernel modules by a service. In
|
||
addition access to /usr/lib/modules is removed if this option is set.
|
||
|
||
* ProtectSystem= option gained a new value "strict", which causes the
|
||
whole file system tree with the exception of /dev, /proc, and /sys,
|
||
to be remounted read-only for a service.
|
||
|
||
* The new ProtectKernelTunables= option can be used to disable
|
||
modification of configuration files in /sys and /proc by a service.
|
||
Various directories and files are remounted read-only, so access is
|
||
restricted even if the file permissions would allow it.
|
||
|
||
* The new ProtectControlGroups= option can be used to disable write
|
||
access by a service to /sys/fs/cgroup.
|
||
|
||
* Various systemd services have been hardened with
|
||
ProtectKernelTunables=yes, ProtectControlGroups=yes,
|
||
RestrictAddressFamilies=.
|
||
|
||
* Support for dynamically creating users for the lifetime of a service
|
||
has been added. If DynamicUser=yes is specified, user and group IDs
|
||
will be allocated from the range 61184…65519 for the lifetime of the
|
||
service. They can be resolved using the new nss-systemd.so NSS
|
||
module. The module must be enabled in /etc/nsswitch.conf. Services
|
||
started in this way have PrivateTmp= and RemoveIPC= enabled, so that
|
||
any resources allocated by the service will be cleaned up when the
|
||
service exits. They also have ProtectHome=read-only and
|
||
ProtectSystem=strict enabled, so they are not able to make any
|
||
permanent modifications to the system.
|
||
|
||
* The nss-systemd module also always resolves root and nobody, making
|
||
it possible to have no /etc/passwd or /etc/group files in minimal
|
||
container or chroot environments.
|
||
|
||
* Services may be started with their own user namespace using the new
|
||
boolean PrivateUsers= option. Only root, nobody, and the uid/gid
|
||
under which the service is running are mapped. All other users are
|
||
mapped to nobody.
|
||
|
||
* Support for the cgroup namespace has been added to systemd-nspawn. If
|
||
supported by kernel, the container system started by systemd-nspawn
|
||
will have its own view of the cgroup hierarchy. This new behaviour
|
||
can be disabled using $SYSTEMD_NSPAWN_USE_CGNS environment variable.
|
||
|
||
* The new MemorySwapMax= option can be used to limit the maximum swap
|
||
usage under the unified cgroup hierarchy.
|
||
|
||
* Support for the CPU controller in the unified cgroup hierarchy has
|
||
been added, via the CPUWeight=, CPUStartupWeight=, CPUAccounting=
|
||
options. This controller requires out-of-tree patches for the kernel
|
||
and the support is provisional.
|
||
|
||
* Mount and automount units may now be created transiently
|
||
(i.e. dynamically at runtime via the bus API, instead of requiring
|
||
unit files in the file system).
|
||
|
||
* systemd-mount is a new tool which may mount file systems – much like
|
||
mount(8), optionally pulling in additional dependencies through
|
||
transient .mount and .automount units. For example, this tool
|
||
automatically runs fsck on a backing block device before mounting,
|
||
and allows the automount logic to be used dynamically from the
|
||
command line for establishing mount points. This tool is particularly
|
||
useful when dealing with removable media, as it will ensure fsck is
|
||
run – if necessary – before the first access and that the file system
|
||
is quickly unmounted after each access by utilizing the automount
|
||
logic. This maximizes the chance that the file system on the
|
||
removable media stays in a clean state, and if it isn't in a clean
|
||
state is fixed automatically.
|
||
|
||
* LazyUnmount=yes option for mount units has been added to expose the
|
||
umount --lazy option. Similarly, ForceUnmount=yes exposes the --force
|
||
option.
|
||
|
||
* /efi will be used as the mount point of the EFI boot partition, if
|
||
the directory is present, and the mount point was not configured
|
||
through other means (e.g. fstab). If /efi directory does not exist,
|
||
/boot will be used as before. This makes it easier to automatically
|
||
mount the EFI partition on systems where /boot is used for something
|
||
else.
|
||
|
||
* When operating on GPT disk images for containers, systemd-nspawn will
|
||
now mount the ESP to /boot or /efi according to the same rules as PID
|
||
1 running on a host. This allows tools like "bootctl" to operate
|
||
correctly within such containers, in order to make container images
|
||
bootable on physical systems.
|
||
|
||
* disk/by-id and disk/by-path symlinks are now created for NVMe drives.
|
||
|
||
* Two new user session targets have been added to support running
|
||
graphical sessions under the systemd --user instance:
|
||
graphical-session.target and graphical-session-pre.target. See
|
||
systemd.special(7) for a description of how those targets should be
|
||
used.
|
||
|
||
* The vconsole initialization code has been significantly reworked to
|
||
use KD_FONT_OP_GET/SET ioctls instead of KD_FONT_OP_COPY and better
|
||
support unicode keymaps. Font and keymap configuration will now be
|
||
copied to all allocated virtual consoles.
|
||
|
||
* FreeBSD's bhyve virtualization is now detected.
|
||
|
||
* Information recorded in the journal for core dumps now includes the
|
||
contents of /proc/mountinfo and the command line of the process at
|
||
the top of the process hierarchy (which is usually the init process
|
||
of the container).
|
||
|
||
* systemd-journal-gatewayd learned the --directory= option to serve
|
||
files from the specified location.
|
||
|
||
* journalctl --root=… can be used to peruse the journal in the
|
||
/var/log/ directories inside of a container tree. This is similar to
|
||
the existing --machine= option, but does not require the container to
|
||
be active.
|
||
|
||
* The hardware database has been extended to support
|
||
ID_INPUT_TRACKBALL, used in addition to ID_INPUT_MOUSE to identify
|
||
trackball devices.
|
||
|
||
MOUSE_WHEEL_CLICK_ANGLE_HORIZONTAL hwdb property has been added to
|
||
specify the click rate for mice which include a horizontal wheel with
|
||
a click rate that is different than the one for the vertical wheel.
|
||
|
||
* systemd-run gained a new --wait option that makes service execution
|
||
synchronous. (Specifically, the command will not return until the
|
||
specified service binary exited.)
|
||
|
||
* systemctl gained a new --wait option that causes the start command to
|
||
wait until the units being started have terminated again.
|
||
|
||
* A new journal output mode "short-full" has been added which displays
|
||
timestamps with abbreviated English day names and adds a timezone
|
||
suffix. Those timestamps include more information than the default
|
||
"short" output mode, and can be passed directly to journalctl's
|
||
--since= and --until= options.
|
||
|
||
* /etc/resolv.conf will be bind-mounted into containers started by
|
||
systemd-nspawn, if possible, so any changes to resolv.conf contents
|
||
are automatically propagated to the container.
|
||
|
||
* The number of instances for socket-activated services originating
|
||
from a single IP address can be limited with
|
||
MaxConnectionsPerSource=, extending the existing setting of
|
||
MaxConnections=.
|
||
|
||
* systemd-networkd gained support for vcan ("Virtual CAN") interface
|
||
configuration.
|
||
|
||
* .netdev and .network configuration can now be extended through
|
||
drop-ins.
|
||
|
||
* UDP Segmentation Offload, TCP Segmentation Offload, Generic
|
||
Segmentation Offload, Generic Receive Offload, Large Receive Offload
|
||
can be enabled and disabled using the new UDPSegmentationOffload=,
|
||
TCPSegmentationOffload=, GenericSegmentationOffload=,
|
||
GenericReceiveOffload=, LargeReceiveOffload= options in the
|
||
[Link] section of .link files.
|
||
|
||
* The Spanning Tree Protocol, Priority, Aging Time, and the Default
|
||
Port VLAN ID can be configured for bridge devices using the new STP=,
|
||
Priority=, AgeingTimeSec=, and DefaultPVID= settings in the [Bridge]
|
||
section of .netdev files.
|
||
|
||
* The route table to which routes received over DHCP or RA should be
|
||
added can be configured with the new RouteTable= option in the [DHCP]
|
||
and [IPv6AcceptRA] sections of .network files.
|
||
|
||
* The Address Resolution Protocol can be disabled on links managed by
|
||
systemd-networkd using the ARP=no setting in the [Link] section of
|
||
.network files.
|
||
|
||
* New environment variables $SERVICE_RESULT, $EXIT_CODE and
|
||
$EXIT_STATUS are set for ExecStop= and ExecStopPost= commands, and
|
||
encode information about the result and exit codes of the current
|
||
service runtime cycle.
|
||
|
||
* systemd-sysctl will now configure kernel parameters in the order
|
||
they occur in the configuration files. This matches what sysctl
|
||
has been traditionally doing.
|
||
|
||
* kernel-install "plugins" that are executed to perform various
|
||
tasks after a new kernel is added and before an old one is removed
|
||
can now return a special value to terminate the procedure and
|
||
prevent any later plugins from running.
|
||
|
||
* Journald's SplitMode=login setting has been deprecated. It has been
|
||
removed from documentation, and its use is discouraged. In a future
|
||
release it will be completely removed, and made equivalent to current
|
||
default of SplitMode=uid.
|
||
|
||
* Storage=both option setting in /etc/systemd/coredump.conf has been
|
||
removed. With fast LZ4 compression storing the core dump twice is not
|
||
useful.
|
||
|
||
* The --share-system systemd-nspawn option has been replaced with an
|
||
(undocumented) variable $SYSTEMD_NSPAWN_SHARE_SYSTEM, but the use of
|
||
this functionality is discouraged. In addition the variables
|
||
$SYSTEMD_NSPAWN_SHARE_NS_IPC, $SYSTEMD_NSPAWN_SHARE_NS_PID,
|
||
$SYSTEMD_NSPAWN_SHARE_NS_UTS may be used to control the unsharing of
|
||
individual namespaces.
|
||
|
||
* "machinectl list" now shows the IP address of running containers in
|
||
the output, as well as OS release information.
|
||
|
||
* "loginctl list" now shows the TTY of each session in the output.
|
||
|
||
* sd-bus gained new API calls sd_bus_track_set_recursive(),
|
||
sd_bus_track_get_recursive(), sd_bus_track_count_name(),
|
||
sd_bus_track_count_sender(). They permit usage of sd_bus_track peer
|
||
tracking objects in a "recursive" mode, where a single client can be
|
||
counted multiple times, if it takes multiple references.
|
||
|
||
* sd-bus gained new API calls sd_bus_set_exit_on_disconnect() and
|
||
sd_bus_get_exit_on_disconnect(). They may be used to make a
|
||
process using sd-bus automatically exit if the bus connection is
|
||
severed.
|
||
|
||
* Bus clients of the service manager may now "pin" loaded units into
|
||
memory, by taking an explicit reference on them. This is useful to
|
||
ensure the client can retrieve runtime data about the service even
|
||
after the service completed execution. Taking such a reference is
|
||
available only for privileged clients and should be helpful to watch
|
||
running services in a race-free manner, and in particular collect
|
||
information about exit statuses and results.
|
||
|
||
* The nss-resolve module has been changed to strictly return UNAVAIL
|
||
when communication via D-Bus with resolved failed, and NOTFOUND when
|
||
a lookup completed but was negative. This means it is now possible to
|
||
neatly configure fallbacks using nsswitch.conf result checking
|
||
expressions. Taking benefit of this, the new recommended
|
||
configuration line for the "hosts" entry in /etc/nsswitch.conf is:
|
||
|
||
hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
|
||
|
||
* A new setting CtrlAltDelBurstAction= has been added to
|
||
/etc/systemd/system.conf which may be used to configure the precise
|
||
behaviour if the user on the console presses Ctrl-Alt-Del more often
|
||
than 7 times in 2s. Previously this would unconditionally result in
|
||
an expedited, immediate reboot. With this new setting the precise
|
||
operation may be configured in more detail, and also turned off
|
||
entirely.
|
||
|
||
* In .netdev files two new settings RemoteChecksumTx= and
|
||
RemoteChecksumRx= are now understood that permit configuring the
|
||
remote checksumming logic for VXLAN networks.
|
||
|
||
* The service manager learnt a new "invocation ID" concept for invoked
|
||
services. Each runtime cycle of a service will get a new invocation
|
||
ID (a 128-bit random UUID) assigned that identifies the current
|
||
run of the service uniquely and globally. A new invocation ID
|
||
is generated each time a service starts up. The journal will store
|
||
the invocation ID of a service along with any logged messages, thus
|
||
making the invocation ID useful for matching the online runtime of a
|
||
service with the offline log data it generated in a safe way without
|
||
relying on synchronized timestamps. In many ways this new service
|
||
invocation ID concept is similar to the kernel's boot ID concept that
|
||
uniquely and globally identifies the runtime of each boot. The
|
||
invocation ID of a service is passed to the service itself via an
|
||
environment variable ($INVOCATION_ID). A new bus call
|
||
GetUnitByInvocationID() has been added that is similar to GetUnit()
|
||
but instead of retrieving the bus path for a unit by its name
|
||
retrieves it by its invocation ID. The returned path is valid only as
|
||
long as the passed invocation ID is current.
|
||
|
||
* systemd-resolved gained a new "DNSStubListener" setting in
|
||
resolved.conf. It either takes a boolean value or the special values
|
||
"udp" and "tcp", and configures whether to enable the stub DNS
|
||
listener on 127.0.0.53:53.
|
||
|
||
* IP addresses configured via networkd may now carry additional
|
||
configuration settings supported by the kernel. New options include:
|
||
HomeAddress=, DuplicateAddressDetection=, ManageTemporaryAddress=,
|
||
PrefixRoute=, AutoJoin=.
|
||
|
||
* The PAM configuration fragment file for "user@.service" shipped with
|
||
systemd (i.e. the --user instance of systemd) has been stripped to
|
||
the minimum necessary to make the system boot. Previously, it
|
||
contained Fedora-specific stanzas that did not apply to other
|
||
distributions. It is expected that downstream distributions add
|
||
additional configuration lines, matching their needs to this file,
|
||
using it only as rough template of what systemd itself needs. Note
|
||
that this reduced fragment does not even include an invocation of
|
||
pam_limits which most distributions probably want to add, even though
|
||
systemd itself does not need it. (There's also the new build time
|
||
option --with-pamconfdir=no to disable installation of the PAM
|
||
fragment entirely.)
|
||
|
||
* If PrivateDevices=yes is set for a service the CAP_SYS_RAWIO
|
||
capability is now also dropped from its set (in addition to
|
||
CAP_SYS_MKNOD as before).
|
||
|
||
* In service unit files it is now possible to connect a specific named
|
||
file descriptor with stdin/stdout/stdout of an executed service. The
|
||
name may be specified in matching .socket units using the
|
||
FileDescriptorName= setting.
|
||
|
||
* A number of journal settings may now be configured on the kernel
|
||
command line. Specifically, the following options are now understood:
|
||
systemd.journald.max_level_console=,
|
||
systemd.journald.max_level_store=,
|
||
systemd.journald.max_level_syslog=, systemd.journald.max_level_kmsg=,
|
||
systemd.journald.max_level_wall=.
|
||
|
||
* "systemctl is-enabled --full" will now show by which symlinks a unit
|
||
file is enabled in the unit dependency tree.
|
||
|
||
* Support for VeraCrypt encrypted partitions has been added to the
|
||
"cryptsetup" logic and /etc/crypttab.
|
||
|
||
* systemd-detect-virt gained support for a new --private-users switch
|
||
that checks whether the invoking processes are running inside a user
|
||
namespace. Similar, a new special value "private-users" for the
|
||
existing ConditionVirtualization= setting has been added, permitting
|
||
skipping of specific units in user namespace environments.
|
||
|
||
Contributions from: Alban Crequy, Alexander Kuleshov, Alfie John,
|
||
Andreas Henriksson, Andrew Jeddeloh, Balázs Úr, Bart Rulon, Benjamin
|
||
Richter, Ben Gamari, Ben Harris, Brian J. Murrell, Christian Brauner,
|
||
Christian Rebischke, Clinton Roy, Colin Walters, Cristian Rodríguez,
|
||
Daniel Hahler, Daniel Mack, Daniel Maixner, Daniel Rusek, Dan Dedrick,
|
||
Davide Cavalca, David Herrmann, David Michael, Dennis Wassenberg,
|
||
Djalal Harouni, Dongsu Park, Douglas Christman, Elias Probst, Eric
|
||
Cook, Erik Karlsson, Evgeny Vereshchagin, Felipe Sateler, Felix Zhang,
|
||
Franck Bui, George Hilliard, Giuseppe Scrivano, HATAYAMA Daisuke,
|
||
Heikki Kemppainen, Hendrik Brueckner, hi117, Ismo Puustinen, Ivan
|
||
Shapovalov, Jakub Filak, Jakub Wilk, Jan Synacek, Jason Kölker,
|
||
Jean-Sébastien Bour, Jiří Pírko, Jonathan Boulle, Jorge Niedbalski,
|
||
Keith Busch, kristbaum, Kyle Russell, Lans Zhang, Lennart Poettering,
|
||
Leonardo Brondani Schenkel, Lucas Werkmeister, Luca Bruno, Lukáš
|
||
Nykrýn, Maciek Borzecki, Mantas Mikulėnas, Marc-Antoine Perennou,
|
||
Marcel Holtmann, Marcos Mello, Martin Ejdestig, Martin Pitt, Matej
|
||
Habrnal, Maxime de Roucy, Michael Biebl, Michael Chapman, Michael Hoy,
|
||
Michael Olbrich, Michael Pope, Michal Sekletar, Michal Soltys, Mike
|
||
Gilbert, Nick Owens, Patrik Flykt, Paweł Szewczyk, Peter Hutterer,
|
||
Piotr Drąg, Reid Price, Richard W.M. Jones, Roman Stingler, Ronny
|
||
Chevalier, Seraphime Kirkovski, Stefan Schweter, Steve Muir, Susant
|
||
Sahani, Tejun Heo, Thomas Blume, Thomas H. P. Andersen, Tiago Levit,
|
||
Tobias Jungel, Tomáš Janoušek, Topi Miettinen, Torstein Husebø, Umut
|
||
Tezduyar Lindskog, Vito Caputo, WaLyong Cho, Wilhelm Schuster, Yann
|
||
E. MORIN, Yi EungJun, Yuki Inoguchi, Yu Watanabe, Zbigniew
|
||
Jędrzejewski-Szmek, Zeal Jagannatha
|
||
|
||
— Santa Fe, 2016-11-03
|
||
|
||
CHANGES WITH 231:
|
||
|
||
* In service units the various ExecXYZ= settings have been extended
|
||
with an additional special character as first argument of the
|
||
assigned value: if the character '+' is used the specified command
|
||
line it will be run with full privileges, regardless of User=,
|
||
Group=, CapabilityBoundingSet= and similar options. The effect is
|
||
similar to the existing PermissionsStartOnly= option, but allows
|
||
configuration of this concept for each executed command line
|
||
independently.
|
||
|
||
* Services may now alter the service watchdog timeout at runtime by
|
||
sending a WATCHDOG_USEC= message via sd_notify().
|
||
|
||
* MemoryLimit= and related unit settings now optionally take percentage
|
||
specifications. The percentage is taken relative to the amount of
|
||
physical memory in the system (or in case of containers, the assigned
|
||
amount of memory). This allows scaling service resources neatly with
|
||
the amount of RAM available on the system. Similarly, systemd-logind's
|
||
RuntimeDirectorySize= option now also optionally takes percentage
|
||
values.
|
||
|
||
* In similar fashion TasksMax= takes percentage values now, too. The
|
||
value is taken relative to the configured maximum number of processes
|
||
on the system. The per-service task maximum has been changed to 15%
|
||
using this functionality. (Effectively this is an increase of 512 →
|
||
4915 for service units, given the kernel's default pid_max setting.)
|
||
|
||
* Calendar time specifications in .timer units now understand a ".."
|
||
syntax for time ranges. Example: "4..7:10" may now be used for
|
||
defining a timer that is triggered at 4:10am, 5:10am, 6:10am and
|
||
7:10am every day.
|
||
|
||
* The InaccessableDirectories=, ReadOnlyDirectories= and
|
||
ReadWriteDirectories= unit file settings have been renamed to
|
||
InaccessablePaths=, ReadOnlyPaths= and ReadWritePaths= and may now be
|
||
applied to all kinds of file nodes, and not just directories, with
|
||
the exception of symlinks. Specifically these settings may now be
|
||
used on block and character device nodes, UNIX sockets and FIFOS as
|
||
well as regular files. The old names of these settings remain
|
||
available for compatibility.
|
||
|
||
* systemd will now log about all service processes it kills forcibly
|
||
(using SIGKILL) because they remained after the clean shutdown phase
|
||
of the service completed. This should help identifying services that
|
||
shut down uncleanly. Moreover if KillUserProcesses= is enabled in
|
||
systemd-logind's configuration a similar log message is generated for
|
||
processes killed at the end of each session due to this setting.
|
||
|
||
* systemd will now set the $JOURNAL_STREAM environment variable for all
|
||
services whose stdout/stderr are connected to the Journal (which
|
||
effectively means by default: all services). The variable contains
|
||
the device and inode number of the file descriptor used for
|
||
stdout/stderr. This may be used by invoked programs to detect whether
|
||
their stdout/stderr is connected to the Journal, in which case they
|
||
can switch over to direct Journal communication, thus being able to
|
||
pass extended, structured metadata along with their log messages. As
|
||
one example, this is now used by glib's logging primitives.
|
||
|
||
* When using systemd's default tmp.mount unit for /tmp, the mount point
|
||
will now be established with the "nosuid" and "nodev" options. This
|
||
avoids privilege escalation attacks that put traps and exploits into
|
||
/tmp. However, this might cause problems if you e.g. put container
|
||
images or overlays into /tmp; if you need this, override tmp.mount's
|
||
"Options=" with a drop-in, or mount /tmp from /etc/fstab with your
|
||
desired options.
|
||
|
||
* systemd now supports the "memory" cgroup controller also on
|
||
cgroup v2.
|
||
|
||
* The systemd-cgtop tool now optionally takes a control group path as
|
||
command line argument. If specified, the control group list shown is
|
||
limited to subgroups of that group.
|
||
|
||
* The SystemCallFilter= unit file setting gained support for
|
||
pre-defined, named system call filter sets. For example
|
||
SystemCallFilter=@clock is now an effective way to make all clock
|
||
changing-related system calls unavailable to a service. A number of
|
||
similar pre-defined groups are defined. Writing system call filters
|
||
for system services is simplified substantially with this new
|
||
concept. Accordingly, all of systemd's own, long-running services now
|
||
enable system call filtering based on this, by default.
|
||
|
||
* A new service setting MemoryDenyWriteExecute= has been added, taking
|
||
a boolean value. If turned on, a service may no longer create memory
|
||
mappings that are writable and executable at the same time. This
|
||
enhances security for services where this is enabled as it becomes
|
||
harder to dynamically write and then execute memory in exploited
|
||
service processes. This option has been enabled for all of systemd's
|
||
own long-running services.
|
||
|
||
* A new RestrictRealtime= service setting has been added, taking a
|
||
boolean argument. If set the service's processes may no longer
|
||
acquire realtime scheduling. This improves security as realtime
|
||
scheduling may otherwise be used to easily freeze the system.
|
||
|
||
* systemd-nspawn gained a new switch --notify-ready= taking a boolean
|
||
value. This may be used for requesting that the system manager inside
|
||
of the container reports start-up completion to nspawn which then
|
||
propagates this notification further to the service manager
|
||
supervising nspawn itself. A related option NotifyReady= in .nspawn
|
||
files has been added too. This functionality allows ordering of the
|
||
start-up of multiple containers using the usual systemd ordering
|
||
primitives.
|
||
|
||
* machinectl gained a new command "stop" that is an alias for
|
||
"terminate".
|
||
|
||
* systemd-resolved gained support for contacting DNS servers on
|
||
link-local IPv6 addresses.
|
||
|
||
* If systemd-resolved receives the SIGUSR2 signal it will now flush all
|
||
its caches. A method call for requesting the same operation has been
|
||
added to the bus API too, and is made available via "systemd-resolve
|
||
--flush-caches".
|
||
|
||
* systemd-resolve gained a new --status switch. If passed a brief
|
||
summary of the used DNS configuration with per-interface information
|
||
is shown.
|
||
|
||
* resolved.conf gained a new Cache= boolean option, defaulting to
|
||
on. If turned off local DNS caching is disabled. This comes with a
|
||
performance penalty in particular when DNSSEC is enabled. Note that
|
||
resolved disables its internal caching implicitly anyway, when the
|
||
configured DNS server is on a host-local IP address such as ::1 or
|
||
127.0.0.1, thus automatically avoiding double local caching.
|
||
|
||
* systemd-resolved now listens on the local IP address 127.0.0.53:53
|
||
for DNS requests. This improves compatibility with local programs
|
||
that do not use the libc NSS or systemd-resolved's bus APIs for name
|
||
resolution. This minimal DNS service is only available to local
|
||
programs and does not implement the full DNS protocol, but enough to
|
||
cover local DNS clients. A new, static resolv.conf file, listing just
|
||
this DNS server is now shipped in /usr/lib/systemd/resolv.conf. It is
|
||
now recommended to make /etc/resolv.conf a symlink to this file in
|
||
order to route all DNS lookups to systemd-resolved, regardless if
|
||
done via NSS, the bus API or raw DNS packets. Note that this local
|
||
DNS service is not as fully featured as the libc NSS or
|
||
systemd-resolved's bus APIs. For example, as unicast DNS cannot be
|
||
used to deliver link-local address information (as this implies
|
||
sending a local interface index along), LLMNR/mDNS support via this
|
||
interface is severely restricted. It is thus strongly recommended for
|
||
all applications to use the libc NSS API or native systemd-resolved
|
||
bus API instead.
|
||
|
||
* systemd-networkd's bridge support learned a new setting
|
||
VLANFiltering= for controlling VLAN filtering. Moreover a new section
|
||
in .network files has been added for configuring VLAN bridging in
|
||
more detail: VLAN=, EgressUntagged=, PVID= in [BridgeVLAN].
|
||
|
||
* systemd-networkd's IPv6 Router Advertisement code now makes use of
|
||
the DNSSL and RDNSS options. This means IPv6 DNS configuration may
|
||
now be acquired without relying on DHCPv6. Two new options
|
||
UseDomains= and UseDNS= have been added to configure this behaviour.
|
||
|
||
* systemd-networkd's IPv6AcceptRouterAdvertisements= option has been
|
||
renamed IPv6AcceptRA=, without altering its behaviour. The old
|
||
setting name remains available for compatibility reasons.
|
||
|
||
* The systemd-networkd VTI/VTI6 tunneling support gained new options
|
||
Key=, InputKey= and OutputKey=.
|
||
|
||
* systemd-networkd gained support for VRF ("Virtual Routing Function")
|
||
interface configuration.
|
||
|
||
* "systemctl edit" may now be used to create new unit files by
|
||
specifying the --force switch.
|
||
|
||
* sd-event gained a new function sd_event_get_iteration() for
|
||
requesting the current iteration counter of the event loop. It starts
|
||
at zero and is increased by one with each event loop iteration.
|
||
|
||
* A new rpm macro %systemd_ordering is provided by the macros.systemd
|
||
file. It can be used in lieu of %systemd_requires in packages which
|
||
don't use any systemd functionality and are intended to be installed
|
||
in minimal containers without systemd present. This macro provides
|
||
ordering dependencies to ensure that if the package is installed in
|
||
the same rpm transaction as systemd, systemd will be installed before
|
||
the scriptlets for the package are executed, allowing unit presets
|
||
to be handled.
|
||
|
||
New macros %_systemdgeneratordir and %_systemdusergeneratordir have
|
||
been added to simplify packaging of generators.
|
||
|
||
* The os-release file gained VERSION_CODENAME field for the
|
||
distribution nickname (e.g. VERSION_CODENAME=woody).
|
||
|
||
* New udev property UDEV_DISABLE_PERSISTENT_STORAGE_RULES_FLAG=1
|
||
can be set to disable parsing of metadata and the creation
|
||
of persistent symlinks for that device.
|
||
|
||
* The v230 change to tag framebuffer devices (/dev/fb*) with "uaccess"
|
||
to make them available to logged-in users has been reverted.
|
||
|
||
* Much of the common code of the various systemd components is now
|
||
built into an internal shared library libsystemd-shared-231.so
|
||
(incorporating the systemd version number in the name, to be updated
|
||
with future releases) that the components link to. This should
|
||
decrease systemd footprint both in memory during runtime and on
|
||
disk. Note that the shared library is not for public use, and is
|
||
neither API nor ABI stable, but is likely to change with every new
|
||
released update. Packagers need to make sure that binaries
|
||
linking to libsystemd-shared.so are updated in step with the
|
||
library.
|
||
|
||
* Configuration for "mkosi" is now part of the systemd
|
||
repository. mkosi is a tool to easily build legacy-free OS images,
|
||
and is available on github: https://github.com/systemd/mkosi. If
|
||
"mkosi" is invoked in the build tree a new raw OS image is generated
|
||
incorporating the systemd sources currently being worked on and a
|
||
clean, fresh distribution installation. The generated OS image may be
|
||
booted up with "systemd-nspawn -b -i", qemu-kvm or on any physical
|
||
UEFI PC. This functionality is particularly useful to easily test
|
||
local changes made to systemd in a pristine, defined environment. See
|
||
doc/HACKING for details.
|
||
|
||
* configure learned the --with-support-url= option to specify the
|
||
distribution's bugtracker.
|
||
|
||
Contributions from: Alban Crequy, Alessandro Puccetti, Alessio Igor
|
||
Bogani, Alexander Kuleshov, Alexander Kurtz, Alex Gaynor, Andika
|
||
Triwidada, Andreas Pokorny, Andreas Rammhold, Andrew Jeddeloh, Ansgar
|
||
Burchardt, Atrotors, Benjamin Drung, Brian Boylston, Christian Hesse,
|
||
Christian Rebischke, Daniele Medri, Daniel Mack, Dave Reisner, David
|
||
Herrmann, David Michael, Djalal Harouni, Douglas Christman, Elias
|
||
Probst, Evgeny Vereshchagin, Federico Mena Quintero, Felipe Sateler,
|
||
Franck Bui, Harald Hoyer, Ian Lee, Ivan Shapovalov, Jakub Wilk, Jan
|
||
Janssen, Jean-Sébastien Bour, John Paul Adrian Glaubitz, Jouke
|
||
Witteveen, Kai Ruhnau, kpengboy, Kyle Walker, Lénaïc Huard, Lennart
|
||
Poettering, Luca Bruno, Lukas Lösche, Lukáš Nykrýn, mahkoh, Marcel
|
||
Holtmann, Martin Pitt, Marty Plummer, Matthieu Codron, Max Prokhorov,
|
||
Michael Biebl, Michael Karcher, Michael Olbrich, Michał Bartoszkiewicz,
|
||
Michal Sekletar, Michal Soltys, Minkyung, Muhammet Kara, mulkieran,
|
||
Otto Wallenius, Pablo Lezaeta Reyes, Peter Hutterer, Ronny Chevalier,
|
||
Rusty Bird, Stef Walter, Susant Sahani, Tejun Heo, Thomas Blume, Thomas
|
||
Haller, Thomas H. P. Andersen, Tobias Jungel, Tom Gundersen, Tom Yan,
|
||
Topi Miettinen, Torstein Husebø, Valentin Vidić, Viktar Vaŭčkievič,
|
||
WaLyong Cho, Weng Xuetian, Werner Fink, Zbigniew Jędrzejewski-Szmek
|
||
|
||
— Berlin, 2016-07-25
|
||
|
||
CHANGES WITH 230:
|
||
|
||
* DNSSEC is now turned on by default in systemd-resolved (in
|
||
"allow-downgrade" mode), but may be turned off during compile time by
|
||
passing "--with-default-dnssec=no" to "configure" (and of course,
|
||
during runtime with DNSSEC= in resolved.conf). We recommend
|
||
downstreams to leave this on at least during development cycles and
|
||
report any issues with the DNSSEC logic upstream. We are very
|
||
interested in collecting feedback about the DNSSEC validator and its
|
||
limitations in the wild. Note however, that DNSSEC support is
|
||
probably nothing downstreams should turn on in stable distros just
|
||
yet, as it might create incompatibilities with a few DNS servers and
|
||
networks. We tried hard to make sure we downgrade to non-DNSSEC mode
|
||
automatically whenever we detect such incompatible setups, but there
|
||
might be systems we do not cover yet. Hence: please help us testing
|
||
the DNSSEC code, leave this on where you can, report back, but then
|
||
again don't consider turning this on in your stable, LTS or
|
||
production release just yet. (Note that you have to enable
|
||
nss-resolve in /etc/nsswitch.conf, to actually use systemd-resolved
|
||
and its DNSSEC mode for hostname resolution from local
|
||
applications.)
|
||
|
||
* systemd-resolve conveniently resolves DANE records with the --tlsa
|
||
option and OPENPGPKEY records with the --openpgp option. It also
|
||
supports dumping raw DNS record data via the new --raw= switch.
|
||
|
||
* systemd-logind will now by default terminate user processes that are
|
||
part of the user session scope unit (session-XX.scope) when the user
|
||
logs out. This behavior is controlled by the KillUserProcesses=
|
||
setting in logind.conf, and the previous default of "no" is now
|
||
changed to "yes". This means that user sessions will be properly
|
||
cleaned up after, but additional steps are necessary to allow
|
||
intentionally long-running processes to survive logout.
|
||
|
||
While the user is logged in at least once, user@.service is running,
|
||
and any service that should survive the end of any individual login
|
||
session can be started at a user service or scope using systemd-run.
|
||
systemd-run(1) man page has been extended with an example which shows
|
||
how to run screen in a scope unit underneath user@.service. The same
|
||
command works for tmux.
|
||
|
||
After the user logs out of all sessions, user@.service will be
|
||
terminated too, by default, unless the user has "lingering" enabled.
|
||
To effectively allow users to run long-term tasks even if they are
|
||
logged out, lingering must be enabled for them. See loginctl(1) for
|
||
details. The default polkit policy was modified to allow users to
|
||
set lingering for themselves without authentication.
|
||
|
||
Previous defaults can be restored at compile time by the
|
||
--without-kill-user-processes option to "configure".
|
||
|
||
* systemd-logind gained new configuration settings SessionsMax= and
|
||
InhibitorsMax=, both with a default of 8192. It will not register new
|
||
user sessions or inhibitors above this limit.
|
||
|
||
* systemd-logind will now reload configuration on SIGHUP.
|
||
|
||
* The unified cgroup hierarchy added in Linux 4.5 is now supported.
|
||
Use systemd.unified_cgroup_hierarchy=1 on the kernel command line to
|
||
enable. Also, support for the "io" cgroup controller in the unified
|
||
hierarchy has been added, so that the "memory", "pids" and "io" are
|
||
now the controllers that are supported on the unified hierarchy.
|
||
|
||
WARNING: it is not possible to use previous systemd versions with
|
||
systemd.unified_cgroup_hierarchy=1 and the new kernel. Therefore it
|
||
is necessary to also update systemd in the initramfs if using the
|
||
unified hierarchy. An updated SELinux policy is also required.
|
||
|
||
* LLDP support has been extended, and both passive (receive-only) and
|
||
active (sender) modes are supported. Passive mode ("routers-only") is
|
||
enabled by default in systemd-networkd. Active LLDP mode is enabled
|
||
by default for containers on the internal network. The "networkctl
|
||
lldp" command may be used to list information gathered. "networkctl
|
||
status" will also show basic LLDP information on connected peers now.
|
||
|
||
* The IAID and DUID unique identifier sent in DHCP requests may now be
|
||
configured for the system and each .network file managed by
|
||
systemd-networkd using the DUIDType=, DUIDRawData=, IAID= options.
|
||
|
||
* systemd-networkd gained support for configuring proxy ARP support for
|
||
each interface, via the ProxyArp= setting in .network files. It also
|
||
gained support for configuring the multicast querier feature of
|
||
bridge devices, via the new MulticastQuerier= setting in .netdev
|
||
files. Similarly, snooping on the IGMP traffic can be controlled
|
||
via the new setting MulticastSnooping=.
|
||
|
||
A new setting PreferredLifetime= has been added for addresses
|
||
configured in .network file to configure the lifetime intended for an
|
||
address.
|
||
|
||
The systemd-networkd DHCP server gained the option EmitRouter=, which
|
||
defaults to yes, to configure whether the DHCP Option 3 (Router)
|
||
should be emitted.
|
||
|
||
* The testing tool /usr/lib/systemd/systemd-activate is renamed to
|
||
systemd-socket-activate and installed into /usr/bin. It is now fully
|
||
supported.
|
||
|
||
* systemd-journald now uses separate threads to flush changes to disk
|
||
when closing journal files, thus reducing impact of slow disk I/O on
|
||
logging performance.
|
||
|
||
* The sd-journal API gained two new calls
|
||
sd_journal_open_directory_fd() and sd_journal_open_files_fd() which
|
||
can be used to open journal files using file descriptors instead of
|
||
file or directory paths. sd_journal_open_container() has been
|
||
deprecated, sd_journal_open_directory_fd() should be used instead
|
||
with the flag SD_JOURNAL_OS_ROOT.
|
||
|
||
* journalctl learned a new output mode "-o short-unix" that outputs log
|
||
lines prefixed by their UNIX time (i.e. seconds since Jan 1st, 1970
|
||
UTC). It also gained support for a new --no-hostname setting to
|
||
suppress the hostname column in the family of "short" output modes.
|
||
|
||
* systemd-ask-password now optionally skips printing of the password to
|
||
stdout with --no-output which can be useful in scripts.
|
||
|
||
* Framebuffer devices (/dev/fb*) and 3D printers and scanners
|
||
(devices tagged with ID_MAKER_TOOL) are now tagged with
|
||
"uaccess" and are available to logged in users.
|
||
|
||
* The DeviceAllow= unit setting now supports specifiers (with "%").
|
||
|
||
* "systemctl show" gained a new --value switch, which allows print a
|
||
only the contents of a specific unit property, without also printing
|
||
the property's name. Similar support was added to "show*" verbs
|
||
of loginctl and machinectl that output "key=value" lists.
|
||
|
||
* A new unit type "generated" was added for files dynamically generated
|
||
by generator tools. Similarly, a new unit type "transient" is used
|
||
for unit files created using the runtime API. "systemctl enable" will
|
||
refuse to operate on such files.
|
||
|
||
* A new command "systemctl revert" has been added that may be used to
|
||
revert to the vendor version of a unit file, in case local changes
|
||
have been made by adding drop-ins or overriding the unit file.
|
||
|
||
* "machinectl clean" gained a new verb to automatically remove all or
|
||
just hidden container images.
|
||
|
||
* systemd-tmpfiles gained support for a new line type "e" for emptying
|
||
directories, if they exist, without creating them if they don't.
|
||
|
||
* systemd-nspawn gained support for automatically patching the UID/GIDs
|
||
of the owners and the ACLs of all files and directories in a
|
||
container tree to match the UID/GID user namespacing range selected
|
||
for the container invocation. This mode is enabled via the new
|
||
--private-users-chown switch. It also gained support for
|
||
automatically choosing a free, previously unused UID/GID range when
|
||
starting a container, via the new --private-users=pick setting (which
|
||
implies --private-users-chown). Together, these options for the first
|
||
time make user namespacing for nspawn containers fully automatic and
|
||
thus deployable. The systemd-nspawn@.service template unit file has
|
||
been changed to use this functionality by default.
|
||
|
||
* systemd-nspawn gained a new --network-zone= switch, that allows
|
||
creating ad-hoc virtual Ethernet links between multiple containers,
|
||
that only exist as long as at least one container referencing them is
|
||
running. This allows easy connecting of multiple containers with a
|
||
common link that implements an Ethernet broadcast domain. Each of
|
||
these network "zones" may be named relatively freely by the user, and
|
||
may be referenced by any number of containers, but each container may
|
||
only reference one of these "zones". On the lower level, this is
|
||
implemented by an automatically managed bridge network interface for
|
||
each zone, that is created when the first container referencing its
|
||
zone is created and removed when the last one referencing its zone
|
||
terminates.
|
||
|
||
* The default start timeout may now be configured on the kernel command
|
||
line via systemd.default_timeout_start_sec=. It was already
|
||
configurable via the DefaultTimeoutStartSec= option in
|
||
/etc/systemd/system.conf.
|
||
|
||
* Socket units gained a new TriggerLimitIntervalSec= and
|
||
TriggerLimitBurst= setting to configure a limit on the activation
|
||
rate of the socket unit.
|
||
|
||
* The LimitNICE= setting now optionally takes normal UNIX nice values
|
||
in addition to the raw integer limit value. If the specified
|
||
parameter is prefixed with "+" or "-" and is in the range -20…19 the
|
||
value is understood as UNIX nice value. If not prefixed like this it
|
||
is understood as raw RLIMIT_NICE limit.
|
||
|
||
* Note that the effect of the PrivateDevices= unit file setting changed
|
||
slightly with this release: the per-device /dev file system will be
|
||
mounted read-only from this version on, and will have "noexec"
|
||
set. This (minor) change of behavior might cause some (exceptional)
|
||
legacy software to break, when PrivateDevices=yes is set for its
|
||
service. Please leave PrivateDevices= off if you run into problems
|
||
with this.
|
||
|
||
* systemd-bootchart has been split out to a separate repository:
|
||
https://github.com/systemd/systemd-bootchart
|
||
|
||
* systemd-bus-proxyd has been removed, as kdbus is unlikely to still be
|
||
merged into the kernel in its current form.
|
||
|
||
* The compatibility libraries libsystemd-daemon.so,
|
||
libsystemd-journal.so, libsystemd-id128.so, and libsystemd-login.so
|
||
which have been deprecated since systemd-209 have been removed along
|
||
with the corresponding pkg-config files. All symbols provided by
|
||
those libraries are provided by libsystemd.so.
|
||
|
||
* The Capabilities= unit file setting has been removed (it is ignored
|
||
for backwards compatibility). AmbientCapabilities= and
|
||
CapabilityBoundingSet= should be used instead.
|
||
|
||
* A new special target has been added, initrd-root-device.target,
|
||
which creates a synchronization point for dependencies of the root
|
||
device in early userspace. Initramfs builders must ensure that this
|
||
target is now included in early userspace.
|
||
|
||
Contributions from: Alban Crequy, Alexander Kuleshov, Alexander Shopov,
|
||
Alex Crawford, Andre Klärner, Andrew Eikum, Beniamino Galvani, Benjamin
|
||
Robin, Biao Lu, Bjørnar Ness, Calvin Owens, Christian Hesse, Clemens
|
||
Gruber, Colin Guthrie, Daniel Drake, Daniele Medri, Daniel J Walsh,
|
||
Daniel Mack, Dan Nicholson, daurnimator, David Herrmann, David
|
||
R. Hedges, Elias Probst, Emmanuel Gil Peyrot, EMOziko, Evgeny
|
||
Vereshchagin, Federico, Felipe Sateler, Filipe Brandenburger, Franck
|
||
Bui, frankheckenbach, gdamjan, Georgia Brikis, Harald Hoyer, Hendrik
|
||
Brueckner, Hristo Venev, Iago López Galeiras, Ian Kelling, Ismo
|
||
Puustinen, Jakub Wilk, Jaroslav Škarvada, Jeff Huang, Joel Holdsworth,
|
||
John Paul Adrian Glaubitz, Jonathan Boulle, kayrus, Klearchos
|
||
Chaloulos, Kyle Russell, Lars Uebernickel, Lennart Poettering, Lubomir
|
||
Rintel, Lukáš Nykrýn, Mantas Mikulėnas, Marcel Holtmann, Martin Pitt,
|
||
Michael Biebl, michaelolbrich, Michał Bartoszkiewicz, Michal Koutný,
|
||
Michal Sekletar, Mike Frysinger, Mike Gilbert, Mingcong Bai, Ming Lin,
|
||
mulkieran, muzena, Nalin Dahyabhai, Naohiro Aota, Nathan McSween,
|
||
Nicolas Braud-Santoni, Patrik Flykt, Peter Hutterer, Peter Mattern,
|
||
Petr Lautrbach, Petros Angelatos, Piotr Drąg, Rabin Vincent, Robert
|
||
Węcławski, Ronny Chevalier, Samuel Tardieu, Stefan Saraev, Stefan
|
||
Schallenberg aka nafets227, Steven Siloti, Susant Sahani, Sylvain
|
||
Plantefève, Taylor Smock, Tejun Heo, Thomas Blume, Thomas Haller,
|
||
Thomas H. P. Andersen, Tobias Klauser, Tom Gundersen, topimiettinen,
|
||
Torstein Husebø, Umut Tezduyar Lindskog, Uwe Kleine-König, Victor Toso,
|
||
Vinay Kulkarni, Vito Caputo, Vittorio G (VittGam), Vladimir Panteleev,
|
||
Wieland Hoffmann, Wouter Verhelst, Yu Watanabe, Zbigniew
|
||
Jędrzejewski-Szmek
|
||
|
||
— Fairfax, 2016-05-21
|
||
|
||
CHANGES WITH 229:
|
||
|
||
* The systemd-resolved DNS resolver service has gained a substantial
|
||
set of new features, most prominently it may now act as a DNSSEC
|
||
validating stub resolver. DNSSEC mode is currently turned off by
|
||
default, but is expected to be turned on by default in one of the
|
||
next releases. For now, we invite everybody to test the DNSSEC logic
|
||
by setting DNSSEC=allow-downgrade in /etc/systemd/resolved.conf. The
|
||
service also gained a full set of D-Bus interfaces, including calls
|
||
to configure DNS and DNSSEC settings per link (for use by external
|
||
network management software). systemd-resolved and systemd-networkd
|
||
now distinguish between "search" and "routing" domains. The former
|
||
are used to qualify single-label names, the latter are used purely
|
||
for routing lookups within certain domains to specific links.
|
||
resolved now also synthesizes RRs for all entries from /etc/hosts.
|
||
|
||
* The systemd-resolve tool (which is a client utility for
|
||
systemd-resolved) has been improved considerably and is now fully
|
||
supported and documented. Hence it has moved from /usr/lib/systemd to
|
||
/usr/bin.
|
||
|
||
* /dev/disk/by-path/ symlink support has been (re-)added for virtio
|
||
devices.
|
||
|
||
* The coredump collection logic has been reworked: when a coredump is
|
||
collected it is now written to disk, compressed and processed
|
||
(including stacktrace extraction) from a new instantiated service
|
||
systemd-coredump@.service, instead of directly from the
|
||
/proc/sys/kernel/core_pattern hook we provide. This is beneficial as
|
||
processing large coredumps can take up a substantial amount of
|
||
resources and time, and this previously happened entirely outside of
|
||
systemd's service supervision. With the new logic the core_pattern
|
||
hook only does minimal metadata collection before passing off control
|
||
to the new instantiated service, which is configured with a time
|
||
limit, a nice level and other settings to minimize negative impact on
|
||
the rest of the system. Also note that the new logic will honour the
|
||
RLIMIT_CORE setting of the crashed process, which now allows users
|
||
and processes to turn off coredumping for their processes by setting
|
||
this limit.
|
||
|
||
* The RLIMIT_CORE resource limit now defaults to "unlimited" for PID 1
|
||
and all forked processes by default. Previously, PID 1 would leave
|
||
the setting at "0" for all processes, as set by the kernel. Note that
|
||
the resource limit traditionally has no effect on the generated
|
||
coredumps on the system if the /proc/sys/kernel/core_pattern hook
|
||
logic is used. Since the limit is now honoured (see above) its
|
||
default has been changed so that the coredumping logic is enabled by
|
||
default for all processes, while allowing specific opt-out.
|
||
|
||
* When the stacktrace is extracted from processes of system users, this
|
||
is now done as "systemd-coredump" user, in order to sandbox this
|
||
potentially security sensitive parsing operation. (Note that when
|
||
processing coredumps of normal users this is done under the user ID
|
||
of process that crashed, as before.) Packagers should take notice
|
||
that it is now necessary to create the "systemd-coredump" system user
|
||
and group at package installation time.
|
||
|
||
* The systemd-activate socket activation testing tool gained support
|
||
for SOCK_DGRAM and SOCK_SEQPACKET sockets using the new --datagram
|
||
and --seqpacket switches. It also has been extended to support both
|
||
new-style and inetd-style file descriptor passing. Use the new
|
||
--inetd switch to request inetd-style file descriptor passing.
|
||
|
||
* Most systemd tools now honor a new $SYSTEMD_COLORS environment
|
||
variable, which takes a boolean value. If set to false, ANSI color
|
||
output is disabled in the tools even when run on a terminal that
|
||
supports it.
|
||
|
||
* The VXLAN support in networkd now supports two new settings
|
||
DestinationPort= and PortRange=.
|
||
|
||
* A new systemd.machine_id= kernel command line switch has been added,
|
||
that may be used to set the machine ID in /etc/machine-id if it is
|
||
not initialized yet. This command line option has no effect if the
|
||
file is already initialized.
|
||
|
||
* systemd-nspawn gained a new --as-pid2 switch that invokes any
|
||
specified command line as PID 2 rather than PID 1 in the
|
||
container. In this mode PID 1 is a minimal stub init process that
|
||
implements the special POSIX and Linux semantics of PID 1 regarding
|
||
signal and child process management. Note that this stub init process
|
||
is implemented in nspawn itself and requires no support from the
|
||
container image. This new logic is useful to support running
|
||
arbitrary commands in the container, as normal processes are
|
||
generally not prepared to run as PID 1.
|
||
|
||
* systemd-nspawn gained a new --chdir= switch for setting the current
|
||
working directory for the process started in the container.
|
||
|
||
* "journalctl /dev/sda" will now output all kernel log messages for
|
||
specified device from the current boot, in addition to all devices
|
||
that are parents of it. This should make log output about devices
|
||
pretty useful, as long as kernel drivers attach enough metadata to
|
||
the log messages. (The usual SATA drivers do.)
|
||
|
||
* The sd-journal API gained two new calls
|
||
sd_journal_has_runtime_files() and sd_journal_has_persistent_files()
|
||
that report whether log data from /run or /var has been found.
|
||
|
||
* journalctl gained a new switch "--fields" that prints all journal
|
||
record field names currently in use in the journal. This is backed
|
||
by two new sd-journal API calls sd_journal_enumerate_fields() and
|
||
sd_journal_restart_fields().
|
||
|
||
* Most configurable timeouts in systemd now expect an argument of
|
||
"infinity" to turn them off, instead of "0" as before. The semantics
|
||
from now on is that a timeout of "0" means "now", and "infinity"
|
||
means "never". To maintain backwards compatibility, "0" continues to
|
||
turn off previously existing timeout settings.
|
||
|
||
* "systemctl reload-or-try-restart" has been renamed to "systemctl
|
||
try-reload-or-restart" to clarify what it actually does: the "try"
|
||
logic applies to both reloading and restarting, not just restarting.
|
||
The old name continues to be accepted for compatibility.
|
||
|
||
* On boot-up, when PID 1 detects that the system clock is behind the
|
||
release date of the systemd version in use, the clock is now set
|
||
to the latter. Previously, this was already done in timesyncd, in order
|
||
to avoid running with clocks set to the various clock epochs such as
|
||
1902, 1938 or 1970. With this change the logic is now done in PID 1
|
||
in addition to timesyncd during early boot-up, so that it is enforced
|
||
before the first process is spawned by systemd. Note that the logic
|
||
in timesyncd remains, as it is more comprehensive and ensures
|
||
clock monotonicity by maintaining a persistent timestamp file in
|
||
/var. Since /var is generally not available in earliest boot or the
|
||
initrd, this part of the logic remains in timesyncd, and is not done
|
||
by PID 1.
|
||
|
||
* Support for tweaking details in net_cls.class_id through the
|
||
NetClass= configuration directive has been removed, as the kernel
|
||
people have decided to deprecate that controller in cgroup v2.
|
||
Userspace tools such as nftables are moving over to setting rules
|
||
that are specific to the full cgroup path of a task, which obsoletes
|
||
these controllers anyway. The NetClass= directive is kept around for
|
||
legacy compatibility reasons. For a more in-depth description of the
|
||
kernel change, please refer to the respective upstream commit:
|
||
|
||
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bd1060a1d671
|
||
|
||
* A new service setting RuntimeMaxSec= has been added that may be used
|
||
to specify a maximum runtime for a service. If the timeout is hit, the
|
||
service is terminated and put into a failure state.
|
||
|
||
* A new service setting AmbientCapabilities= has been added. It allows
|
||
configuration of additional Linux process capabilities that are
|
||
passed to the activated processes. This is only available on very
|
||
recent kernels.
|
||
|
||
* The process resource limit settings in service units may now be used
|
||
to configure hard and soft limits individually.
|
||
|
||
* The various libsystemd APIs such as sd-bus or sd-event now publicly
|
||
expose support for gcc's __attribute__((cleanup())) C extension.
|
||
Specifically, for many object destructor functions alternative
|
||
versions have been added that have names suffixed with "p" and take a
|
||
pointer to a pointer to the object to destroy, instead of just a
|
||
pointer to the object itself. This is useful because these destructor
|
||
functions may be used directly as parameters to the cleanup
|
||
construct. Internally, systemd has been a heavy user of this GCC
|
||
extension for a long time, and with this change similar support is
|
||
now available to consumers of the library outside of systemd. Note
|
||
that by using this extension in your sources compatibility with old
|
||
and strictly ANSI compatible C compilers is lost. However, all gcc or
|
||
LLVM versions of recent years support this extension.
|
||
|
||
* Timer units gained support for a new setting RandomizedDelaySec= that
|
||
allows configuring some additional randomized delay to the configured
|
||
time. This is useful to spread out timer events to avoid load peaks in
|
||
clusters or larger setups.
|
||
|
||
* Calendar time specifications now support sub-second accuracy.
|
||
|
||
* Socket units now support listening on SCTP and UDP-lite protocol
|
||
sockets.
|
||
|
||
* The sd-event API now comes with a full set of man pages.
|
||
|
||
* Older versions of systemd contained experimental support for
|
||
compressing journal files and coredumps with the LZ4 compressor that
|
||
was not compatible with the lz4 binary (due to API limitations of the
|
||
lz4 library). This support has been removed; only support for files
|
||
compatible with the lz4 binary remains. This LZ4 logic is now
|
||
officially supported and no longer considered experimental.
|
||
|
||
* The dkr image import logic has been removed again from importd. dkr's
|
||
micro-services focus doesn't fit into the machine image focus of
|
||
importd, and quickly got out of date with the upstream dkr API.
|
||
|
||
* Creation of the /run/lock/lockdev/ directory was dropped from
|
||
tmpfiles.d/legacy.conf. Better locking mechanisms like flock() have
|
||
been available for many years. If you still need this, you need to
|
||
create your own tmpfiles.d config file with:
|
||
|
||
d /run/lock/lockdev 0775 root lock -
|
||
|
||
* The settings StartLimitBurst=, StartLimitInterval=, StartLimitAction=
|
||
and RebootArgument= have been moved from the [Service] section of
|
||
unit files to [Unit], and they are now supported on all unit types,
|
||
not just service units. Of course, systemd will continue to
|
||
understand these settings also at the old location, in order to
|
||
maintain compatibility.
|
||
|
||
Contributions from: Abdo Roig-Maranges, Alban Crequy, Aleksander
|
||
Adamowski, Alexander Kuleshov, Andreas Pokorny, Andrei Borzenkov,
|
||
Andrew Wilcox, Arthur Clement, Beniamino Galvani, Casey Schaufler,
|
||
Chris Atkinson, Chris Mayo, Christian Hesse, Damjan Georgievski, Dan
|
||
Dedrick, Daniele Medri, Daniel J Walsh, Daniel Korostil, Daniel Mack,
|
||
David Herrmann, Dimitri John Ledkov, Dominik Hannen, Douglas Christman,
|
||
Evgeny Vereshchagin, Filipe Brandenburger, Franck Bui, Gabor Kelemen,
|
||
Harald Hoyer, Hayden Walles, Helmut Grohne, Henrik Kaare Poulsen,
|
||
Hristo Venev, Hui Wang, Indrajit Raychaudhuri, Ismo Puustinen, Jakub
|
||
Wilk, Jan Alexander Steffens (heftig), Jan Engelhardt, Jan Synacek,
|
||
Joost Bremmer, Jorgen Schaefer, Karel Zak, Klearchos Chaloulos,
|
||
lc85446, Lennart Poettering, Lukas Nykryn, Mantas Mikulėnas, Marcel
|
||
Holtmann, Martin Pitt, Michael Biebl, Michael Olbrich, Michael Scherer,
|
||
Michał Górny, Michal Sekletar, Nicolas Cornu, Nicolas Iooss, Nils
|
||
Carlson, nmartensen, nnz1024, Patrick Ohly, Peter Hutterer, Phillip Sz,
|
||
Ronny Chevalier, Samu Kallio, Shawn Landden, Stef Walter, Susant
|
||
Sahani, Sylvain Plantefève, Tadej Janež, Thomas Hindoe Paaboel
|
||
Andersen, Tom Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Vito
|
||
Caputo, WaLyong Cho, Yu Watanabe, Zbigniew Jędrzejewski-Szmek
|
||
|
||
— Berlin, 2016-02-11
|
||
|
||
CHANGES WITH 228:
|
||
|
||
* A number of properties previously only settable in unit
|
||
files are now also available as properties to set when
|
||
creating transient units programmatically via the bus, as it
|
||
is exposed with systemd-run's --property=
|
||
setting. Specifically, these are: SyslogIdentifier=,
|
||
SyslogLevelPrefix=, TimerSlackNSec=, OOMScoreAdjust=,
|
||
EnvironmentFile=, ReadWriteDirectories=,
|
||
ReadOnlyDirectories=, InaccessibleDirectories=,
|
||
ProtectSystem=, ProtectHome=, RuntimeDirectory=.
|
||
|
||
* When creating transient services via the bus API it is now
|
||
possible to pass in a set of file descriptors to use as
|
||
STDIN/STDOUT/STDERR for the invoked process.
|
||
|
||
* Slice units may now be created transiently via the bus APIs,
|
||
similar to the way service and scope units may already be
|
||
created transiently.
|
||
|
||
* Wherever systemd expects a calendar timestamp specification
|
||
(like in journalctl's --since= and --until= switches) UTC
|
||
timestamps are now supported. Timestamps suffixed with "UTC"
|
||
are now considered to be in Universal Time Coordinated
|
||
instead of the local timezone. Also, timestamps may now
|
||
optionally be specified with sub-second accuracy. Both of
|
||
these additions also apply to recurring calendar event
|
||
specification, such as OnCalendar= in timer units.
|
||
|
||
* journalctl gained a new "--sync" switch that asks the
|
||
journal daemon to write all so far unwritten log messages to
|
||
disk and sync the files, before returning.
|
||
|
||
* systemd-tmpfiles learned two new line types "q" and "Q" that
|
||
operate like "v", but also set up a basic btrfs quota
|
||
hierarchy when used on a btrfs file system with quota
|
||
enabled.
|
||
|
||
* tmpfiles' "v", "q" and "Q" will now create a plain directory
|
||
instead of a subvolume (even on a btrfs file system) if the
|
||
root directory is a plain directory, and not a
|
||
subvolume. This should simplify things with certain chroot()
|
||
environments which are not aware of the concept of btrfs
|
||
subvolumes.
|
||
|
||
* systemd-detect-virt gained a new --chroot switch to detect
|
||
whether execution takes place in a chroot() environment.
|
||
|
||
* CPUAffinity= now takes CPU index ranges in addition to
|
||
individual indexes.
|
||
|
||
* The various memory-related resource limit settings (such as
|
||
LimitAS=) now understand the usual K, M, G, … suffixes to
|
||
the base of 1024 (IEC). Similar, the time-related resource
|
||
limit settings understand the usual min, h, day, … suffixes
|
||
now.
|
||
|
||
* There's a new system.conf setting DefaultTasksMax= to
|
||
control the default TasksMax= setting for services and
|
||
scopes running on the system. (TasksMax= is the primary
|
||
setting that exposes the "pids" cgroup controller on systemd
|
||
and was introduced in the previous systemd release.) The
|
||
setting now defaults to 512, which means services that are
|
||
not explicitly configured otherwise will only be able to
|
||
create 512 processes or threads at maximum, from this
|
||
version on. Note that this means that thread- or
|
||
process-heavy services might need to be reconfigured to set
|
||
TasksMax= to a higher value. It is sufficient to set
|
||
TasksMax= in these specific unit files to a higher value, or
|
||
even "infinity". Similar, there's now a logind.conf setting
|
||
UserTasksMax= that defaults to 4096 and limits the total
|
||
number of processes or tasks each user may own
|
||
concurrently. nspawn containers also have the TasksMax=
|
||
value set by default now, to 8192. Note that all of this
|
||
only has an effect if the "pids" cgroup controller is
|
||
enabled in the kernel. The general benefit of these changes
|
||
should be a more robust and safer system, that provides a
|
||
certain amount of per-service fork() bomb protection.
|
||
|
||
* systemd-nspawn gained the new --network-veth-extra= switch
|
||
to define additional and arbitrarily-named virtual Ethernet
|
||
links between the host and the container.
|
||
|
||
* A new service execution setting PassEnvironment= has been
|
||
added that allows importing select environment variables
|
||
from PID1's environment block into the environment block of
|
||
the service.
|
||
|
||
* Timer units gained support for a new RemainAfterElapse=
|
||
setting which takes a boolean argument. It defaults to on,
|
||
exposing behaviour unchanged to previous releases. If set to
|
||
off, timer units are unloaded after they elapsed if they
|
||
cannot elapse again. This is particularly useful for
|
||
transient timer units, which shall not stay around longer
|
||
than until they first elapse.
|
||
|
||
* systemd will now bump the net.unix.max_dgram_qlen to 512 by
|
||
default now (the kernel default is 16). This is beneficial
|
||
for avoiding blocking on AF_UNIX/SOCK_DGRAM sockets since it
|
||
allows substantially larger numbers of queued
|
||
datagrams. This should increase the capability of systemd to
|
||
parallelize boot-up, as logging and sd_notify() are unlikely
|
||
to stall execution anymore. If you need to change the value
|
||
from the new defaults, use the usual sysctl.d/ snippets.
|
||
|
||
* The compression framing format used by the journal or
|
||
coredump processing has changed to be in line with what the
|
||
official LZ4 tools generate. LZ4 compression support in
|
||
systemd was considered unsupported previously, as the format
|
||
was not compatible with the normal tools. With this release
|
||
this has changed now, and it is hence safe for downstream
|
||
distributions to turn it on. While not compressing as well
|
||
as the XZ, LZ4 is substantially faster, which makes
|
||
it a good default choice for the compression logic in the
|
||
journal and in coredump handling.
|
||
|
||
* Any reference to /etc/mtab has been dropped from
|
||
systemd. The file has been obsolete since a while, but
|
||
systemd refused to work on systems where it was incorrectly
|
||
set up (it should be a symlink or non-existent). Please make
|
||
sure to update to util-linux 2.27.1 or newer in conjunction
|
||
with this systemd release, which also drops any reference to
|
||
/etc/mtab. If you maintain a distribution make sure that no
|
||
software you package still references it, as this is a
|
||
likely source of bugs. There's also a glibc bug pending,
|
||
asking for removal of any reference to this obsolete file:
|
||
|
||
https://sourceware.org/bugzilla/show_bug.cgi?id=19108
|
||
|
||
Note that only util-linux versions built with
|
||
--enable-libmount-force-mountinfo are supported.
|
||
|
||
* Support for the ".snapshot" unit type has been removed. This
|
||
feature turned out to be little useful and little used, and
|
||
has now been removed from the core and from systemctl.
|
||
|
||
* The dependency types RequiresOverridable= and
|
||
RequisiteOverridable= have been removed from systemd. They
|
||
have been used only very sparingly to our knowledge and
|
||
other options that provide a similar effect (such as
|
||
systemctl --mode=ignore-dependencies) are much more useful
|
||
and commonly used. Moreover, they were only half-way
|
||
implemented as the option to control behaviour regarding
|
||
these dependencies was never added to systemctl. By removing
|
||
these dependency types the execution engine becomes a bit
|
||
simpler. Unit files that use these dependencies should be
|
||
changed to use the non-Overridable dependency types
|
||
instead. In fact, when parsing unit files with these
|
||
options, that's what systemd will automatically convert them
|
||
too, but it will also warn, asking users to fix the unit
|
||
files accordingly. Removal of these dependency types should
|
||
only affect a negligible number of unit files in the wild.
|
||
|
||
* Behaviour of networkd's IPForward= option changed
|
||
(again). It will no longer maintain a per-interface setting,
|
||
but propagate one way from interfaces where this is enabled
|
||
to the global kernel setting. The global setting will be
|
||
enabled when requested by a network that is set up, but
|
||
never be disabled again. This change was made to make sure
|
||
IPv4 and IPv6 behaviour regarding packet forwarding is
|
||
similar (as the Linux IPv6 stack does not support
|
||
per-interface control of this setting) and to minimize
|
||
surprises.
|
||
|
||
* In unit files the behaviour of %u, %U, %h, %s has
|
||
changed. These specifiers will now unconditionally resolve
|
||
to the various user database fields of the user that the
|
||
systemd instance is running as, instead of the user
|
||
configured in the specific unit via User=. Note that this
|
||
effectively doesn't change much, as resolving of these
|
||
specifiers was already turned off in the --system instance
|
||
of systemd, as we cannot do NSS lookups from PID 1. In the
|
||
--user instance of systemd these specifiers where correctly
|
||
resolved, but hardly made any sense, since the user instance
|
||
lacks privileges to do user switches anyway, and User= is
|
||
hence useless. Moreover, even in the --user instance of
|
||
systemd behaviour was awkward as it would only take settings
|
||
from User= assignment placed before the specifier into
|
||
account. In order to unify and simplify the logic around
|
||
this the specifiers will now always resolve to the
|
||
credentials of the user invoking the manager (which in case
|
||
of PID 1 is the root user).
|
||
|
||
Contributions from: Andrew Jones, Beniamino Galvani, Boyuan
|
||
Yang, Daniel Machon, Daniel Mack, David Herrmann, David
|
||
Reynolds, David Strauss, Dongsu Park, Evgeny Vereshchagin,
|
||
Felipe Sateler, Filipe Brandenburger, Franck Bui, Hristo
|
||
Venev, Iago López Galeiras, Jan Engelhardt, Jan Janssen, Jan
|
||
Synacek, Jesus Ornelas Aguayo, Karel Zak, kayrus, Kay Sievers,
|
||
Lennart Poettering, Liu Yuan Yuan, Mantas Mikulėnas, Marcel
|
||
Holtmann, Marcin Bachry, Marcos Alano, Marcos Mello, Mark
|
||
Theunissen, Martin Pitt, Michael Marineau, Michael Olbrich,
|
||
Michal Schmidt, Michal Sekletar, Mirco Tischler, Nick Owens,
|
||
Nicolas Cornu, Patrik Flykt, Peter Hutterer, reverendhomer,
|
||
Ronny Chevalier, Sangjung Woo, Seong-ho Cho, Shawn Landden,
|
||
Susant Sahani, Thomas Haller, Thomas Hindoe Paaboel Andersen,
|
||
Tom Gundersen, Torstein Husebø, Vito Caputo, Zbigniew
|
||
Jędrzejewski-Szmek
|
||
|
||
— Berlin, 2015-11-18
|
||
|
||
CHANGES WITH 227:
|
||
|
||
* systemd now depends on util-linux v2.27. More specifically,
|
||
the newly added mount monitor feature in libmount now
|
||
replaces systemd's former own implementation.
|
||
|
||
* libmount mandates /etc/mtab not to be regular file, and
|
||
systemd now enforces this condition at early boot.
|
||
/etc/mtab has been deprecated and warned about for a very
|
||
long time, so systems running systemd should already have
|
||
stopped having this file around as anything else than a
|
||
symlink to /proc/self/mounts.
|
||
|
||
* Support for the "pids" cgroup controller has been added. It
|
||
allows accounting the number of tasks in a cgroup and
|
||
enforcing limits on it. This adds two new setting
|
||
TasksAccounting= and TasksMax= to each unit, as well as a
|
||
global option DefaultTasksAccounting=.
|
||
|
||
* Support for the "net_cls" cgroup controller has been added.
|
||
It allows assigning a net class ID to each task in the
|
||
cgroup, which can then be used in firewall rules and traffic
|
||
shaping configurations. Note that the kernel netfilter net
|
||
class code does not currently work reliably for ingress
|
||
packets on unestablished sockets.
|
||
|
||
This adds a new config directive called NetClass= to CGroup
|
||
enabled units. Allowed values are positive numbers for fixed
|
||
assignments and "auto" for picking a free value
|
||
automatically.
|
||
|
||
* 'systemctl is-system-running' now returns 'offline' if the
|
||
system is not booted with systemd. This command can now be
|
||
used as a substitute for 'systemd-notify --booted'.
|
||
|
||
* Watchdog timeouts have been increased to 3 minutes for all
|
||
in-tree service files. Apparently, disk IO issues are more
|
||
frequent than we hoped, and user reported >1 minute waiting
|
||
for disk IO.
|
||
|
||
* 'machine-id-commit' functionality has been merged into
|
||
'machine-id-setup --commit'. The separate binary has been
|
||
removed.
|
||
|
||
* The WorkingDirectory= directive in unit files may now be set
|
||
to the special value '~'. In this case, the working
|
||
directory is set to the home directory of the user
|
||
configured in User=.
|
||
|
||
* "machinectl shell" will now open the shell in the home
|
||
directory of the selected user by default.
|
||
|
||
* The CrashChVT= configuration file setting is renamed to
|
||
CrashChangeVT=, following our usual logic of not
|
||
abbreviating unnecessarily. The old directive is still
|
||
supported for compat reasons. Also, this directive now takes
|
||
an integer value between 1 and 63, or a boolean value. The
|
||
formerly supported '-1' value for disabling stays around for
|
||
compat reasons.
|
||
|
||
* The PrivateTmp=, PrivateDevices=, PrivateNetwork=,
|
||
NoNewPrivileges=, TTYPath=, WorkingDirectory= and
|
||
RootDirectory= properties can now be set for transient
|
||
units.
|
||
|
||
* The systemd-analyze tool gained a new "set-log-target" verb
|
||
to change the logging target the system manager logs to
|
||
dynamically during runtime. This is similar to how
|
||
"systemd-analyze set-log-level" already changes the log
|
||
level.
|
||
|
||
* In nspawn /sys is now mounted as tmpfs, with only a selected
|
||
set of subdirectories mounted in from the real sysfs. This
|
||
enhances security slightly, and is useful for ensuring user
|
||
namespaces work correctly.
|
||
|
||
* Support for USB FunctionFS activation has been added. This
|
||
allows implementation of USB gadget services that are
|
||
activated as soon as they are requested, so that they don't
|
||
have to run continuously, similar to classic socket
|
||
activation.
|
||
|
||
* The "systemctl exit" command now optionally takes an
|
||
additional parameter that sets the exit code to return from
|
||
the systemd manager when exiting. This is only relevant when
|
||
running the systemd user instance, or when running the
|
||
system instance in a container.
|
||
|
||
* sd-bus gained the new API calls sd_bus_path_encode_many()
|
||
and sd_bus_path_decode_many() that allow easy encoding and
|
||
decoding of multiple identifier strings inside a D-Bus
|
||
object path. Another new call sd_bus_default_flush_close()
|
||
has been added to flush and close per-thread default
|
||
connections.
|
||
|
||
* systemd-cgtop gained support for a -M/--machine= switch to
|
||
show the control groups within a certain container only.
|
||
|
||
* "systemctl kill" gained support for an optional --fail
|
||
switch. If specified the requested operation will fail of no
|
||
processes have been killed, because the unit had no
|
||
processes attached, or similar.
|
||
|
||
* A new systemd.crash_reboot=1 kernel command line option has
|
||
been added that triggers a reboot after crashing. This can
|
||
also be set through CrashReboot= in systemd.conf.
|
||
|
||
* The RuntimeDirectory= setting now understands unit
|
||
specifiers like %i or %f.
|
||
|
||
* A new (still internal) library API sd-ipv4acd has been added,
|
||
that implements address conflict detection for IPv4. It's
|
||
based on code from sd-ipv4ll, and will be useful for
|
||
detecting DHCP address conflicts.
|
||
|
||
* File descriptors passed during socket activation may now be
|
||
named. A new API sd_listen_fds_with_names() is added to
|
||
access the names. The default names may be overridden,
|
||
either in the .socket file using the FileDescriptorName=
|
||
parameter, or by passing FDNAME= when storing the file
|
||
descriptors using sd_notify().
|
||
|
||
* systemd-networkd gained support for:
|
||
|
||
- Setting the IPv6 Router Advertisement settings via
|
||
IPv6AcceptRouterAdvertisements= in .network files.
|
||
|
||
- Configuring the HelloTimeSec=, MaxAgeSec= and
|
||
ForwardDelaySec= bridge parameters in .netdev files.
|
||
|
||
- Configuring PreferredSource= for static routes in
|
||
.network files.
|
||
|
||
* The "ask-password" framework used to query for LUKS harddisk
|
||
passwords or SSL passwords during boot gained support for
|
||
caching passwords in the kernel keyring, if it is
|
||
available. This makes sure that the user only has to type in
|
||
a passphrase once if there are multiple objects to unlock
|
||
with the same one. Previously, such password caching was
|
||
available only when Plymouth was used; this moves the
|
||
caching logic into the systemd codebase itself. The
|
||
"systemd-ask-password" utility gained a new --keyname=
|
||
switch to control which kernel keyring key to use for
|
||
caching a password in. This functionality is also useful for
|
||
enabling display managers such as gdm to automatically
|
||
unlock the user's GNOME keyring if its passphrase, the
|
||
user's password and the harddisk password are the same, if
|
||
gdm-autologin is used.
|
||
|
||
* When downloading tar or raw images using "machinectl
|
||
pull-tar" or "machinectl pull-raw", a matching ".nspawn"
|
||
file is now also downloaded, if it is available and stored
|
||
next to the image file.
|
||
|
||
* Units of type ".socket" gained a new boolean setting
|
||
Writable= which is only useful in conjunction with
|
||
ListenSpecial=. If true, enables opening the specified
|
||
special file in O_RDWR mode rather than O_RDONLY mode.
|
||
|
||
* systemd-rfkill has been reworked to become a singleton
|
||
service that is activated through /dev/rfkill on each rfkill
|
||
state change and saves the settings to disk. This way,
|
||
systemd-rfkill is now compatible with devices that exist
|
||
only intermittendly, and even restores state if the previous
|
||
system shutdown was abrupt rather than clean.
|
||
|
||
* The journal daemon gained support for vacuuming old journal
|
||
files controlled by the number of files that shall remain,
|
||
in addition to the already existing control by size and by
|
||
date. This is useful as journal interleaving performance
|
||
degrades with too many separate journal files, and allows
|
||
putting an effective limit on them. The new setting defaults
|
||
to 100, but this may be changed by setting SystemMaxFiles=
|
||
and RuntimeMaxFiles= in journald.conf. Also, the
|
||
"journalctl" tool gained the new --vacuum-files= switch to
|
||
manually vacuum journal files to leave only the specified
|
||
number of files in place.
|
||
|
||
* udev will now create /dev/disk/by-path links for ATA devices
|
||
on kernels where that is supported.
|
||
|
||
* Galician, Serbian, Turkish and Korean translations were added.
|
||
|
||
Contributions from: Aaro Koskinen, Alban Crequy, Beniamino
|
||
Galvani, Benjamin Robin, Branislav Blaskovic, Chen-Han Hsiao
|
||
(Stanley), Daniel Buch, Daniel Machon, Daniel Mack, David
|
||
Herrmann, David Milburn, doubleodoug, Evgeny Vereshchagin,
|
||
Felipe Franciosi, Filipe Brandenburger, Fran Dieguez, Gabriel
|
||
de Perthuis, Georg Müller, Hans de Goede, Hendrik Brueckner,
|
||
Ivan Shapovalov, Jacob Keller, Jan Engelhardt, Jan Janssen,
|
||
Jan Synacek, Jens Kuske, Karel Zak, Kay Sievers, Krzesimir
|
||
Nowak, Krzysztof Kotlenga, Lars Uebernickel, Lennart
|
||
Poettering, Lukas Nykryn, Łukasz Stelmach, Maciej Wereski,
|
||
Marcel Holtmann, Marius Thesing, Martin Pitt, Michael Biebl,
|
||
Michael Gebetsroither, Michal Schmidt, Michal Sekletar, Mike
|
||
Gilbert, Muhammet Kara, nazgul77, Nicolas Cornu, NoXPhasma,
|
||
Olof Johansson, Patrik Flykt, Pawel Szewczyk, reverendhomer,
|
||
Ronny Chevalier, Sangjung Woo, Seong-ho Cho, Susant Sahani,
|
||
Sylvain Plantefève, Thomas Haller, Thomas Hindoe Paaboel
|
||
Andersen, Tom Gundersen, Tom Lyon, Viktar Vauchkevich,
|
||
Zbigniew Jędrzejewski-Szmek, Марко М. Костић
|
||
|
||
— Berlin, 2015-10-07
|
||
|
||
CHANGES WITH 226:
|
||
|
||
* The DHCP implementation of systemd-networkd gained a set of
|
||
new features:
|
||
|
||
- The DHCP server now supports emitting DNS and NTP
|
||
information. It may be enabled and configured via
|
||
EmitDNS=, DNS=, EmitNTP=, and NTP=. If transmission of DNS
|
||
and NTP information is enabled, but no servers are
|
||
configured, the corresponding uplink information (if there
|
||
is any) is propagated.
|
||
|
||
- Server and client now support transmission and reception
|
||
of timezone information. It can be configured via the
|
||
newly introduced network options UseTimezone=,
|
||
EmitTimezone=, and Timezone=. Transmission of timezone
|
||
information is enabled between host and containers by
|
||
default now: the container will change its local timezone
|
||
to what the host has set.
|
||
|
||
- Lease timeouts can now be configured via
|
||
MaxLeaseTimeSec= and DefaultLeaseTimeSec=.
|
||
|
||
- The DHCP server improved on the stability of
|
||
leases. Clients are more likely to get the same lease
|
||
information back, even if the server loses state.
|
||
|
||
- The DHCP server supports two new configuration options to
|
||
control the lease address pool metrics, PoolOffset= and
|
||
PoolSize=.
|
||
|
||
* The encapsulation limit of tunnels in systemd-networkd may
|
||
now be configured via 'EncapsulationLimit='. It allows
|
||
modifying the maximum additional levels of encapsulation
|
||
that are permitted to be prepended to a packet.
|
||
|
||
* systemd now supports the concept of user buses replacing
|
||
session buses, if used with dbus-1.10 (and enabled via dbus
|
||
--enable-user-session). It previously only supported this on
|
||
kdbus-enabled systems, and this release expands this to
|
||
'dbus-daemon' systems.
|
||
|
||
* systemd-networkd now supports predictable interface names
|
||
for virtio devices.
|
||
|
||
* systemd now optionally supports the new Linux kernel
|
||
"unified" control group hierarchy. If enabled via the kernel
|
||
command-line option 'systemd.unified_cgroup_hierarchy=1',
|
||
systemd will try to mount the unified cgroup hierarchy
|
||
directly on /sys/fs/cgroup. If not enabled, or not
|
||
available, systemd will fall back to the legacy cgroup
|
||
hierarchy setup, as before. Host system and containers can
|
||
mix and match legacy and unified hierarchies as they
|
||
wish. nspawn understands the $UNIFIED_CGROUP_HIERARCHY
|
||
environment variable to individually select the hierarchy to
|
||
use for executed containers. By default, nspawn will use the
|
||
unified hierarchy for the containers if the host uses the
|
||
unified hierarchy, and the legacy hierarchy otherwise.
|
||
Please note that at this point the unified hierarchy is an
|
||
experimental kernel feature and is likely to change in one
|
||
of the next kernel releases. Therefore, it should not be
|
||
enabled by default in downstream distributions yet. The
|
||
minimum required kernel version for the unified hierarchy to
|
||
work is 4.2. Note that when the unified hierarchy is used
|
||
for the first time delegated access to controllers is
|
||
safe. Because of this systemd-nspawn containers will get
|
||
access to controllers now, as will systemd user
|
||
sessions. This means containers and user sessions may now
|
||
manage their own resources, partitioning up what the system
|
||
grants them.
|
||
|
||
* A new special scope unit "init.scope" has been introduced
|
||
that encapsulates PID 1 of the system. It may be used to
|
||
determine resource usage and enforce resource limits on PID
|
||
1 itself. PID 1 hence moved out of the root of the control
|
||
group tree.
|
||
|
||
* The cgtop tool gained support for filtering out kernel
|
||
threads when counting tasks in a control group. Also, the
|
||
count of processes is now recursively summed up by
|
||
default. Two options -k and --recursive= have been added to
|
||
revert to old behaviour. The tool has also been updated to
|
||
work correctly in containers now.
|
||
|
||
* systemd-nspawn's --bind= and --bind-ro= options have been
|
||
extended to allow creation of non-recursive bind mounts.
|
||
|
||
* libsystemd gained two new calls sd_pid_get_cgroup() and
|
||
sd_peer_get_cgroup() which return the control group path of
|
||
a process or peer of a connected AF_UNIX socket. This
|
||
function call is particularly useful when implementing
|
||
delegated subtrees support in the control group hierarchy.
|
||
|
||
* The "sd-event" event loop API of libsystemd now supports
|
||
correct dequeuing of real-time signals, without losing
|
||
signal events.
|
||
|
||
* When systemd requests a polkit decision when managing units it
|
||
will now add additional fields to the request, including unit
|
||
name and desired operation. This enables more powerful polkit
|
||
policies, that make decisions depending on these parameters.
|
||
|
||
* nspawn learnt support for .nspawn settings files, that may
|
||
accompany the image files or directories of containers, and
|
||
may contain additional settings for the container. This is
|
||
an alternative to configuring container parameters via the
|
||
nspawn command line.
|
||
|
||
Contributions from: Cristian Rodríguez, Daniel Mack, David
|
||
Herrmann, Eugene Yakubovich, Evgeny Vereshchagin, Filipe
|
||
Brandenburger, Hans de Goede, Jan Alexander Steffens, Jan
|
||
Synacek, Kay Sievers, Lennart Poettering, Mangix, Marcel
|
||
Holtmann, Martin Pitt, Michael Biebl, Michael Chapman, Michal
|
||
Sekletar, Peter Hutterer, Piotr Drąg, reverendhomer, Robin
|
||
Hack, Susant Sahani, Sylvain Pasche, Thomas Hindoe Paaboel
|
||
Andersen, Tom Gundersen, Torstein Husebø
|
||
|
||
— Berlin, 2015-09-08
|
||
|
||
CHANGES WITH 225:
|
||
|
||
* machinectl gained a new verb 'shell' which opens a fresh
|
||
shell on the target container or the host. It is similar to
|
||
the existing 'login' command of machinectl, but spawns the
|
||
shell directly without prompting for username or
|
||
password. The pseudo machine '.host' now refers to the local
|
||
host and is used by default. Hence, 'machinectl shell' can
|
||
be used as replacement for 'su -' which spawns a session as
|
||
a fresh systemd unit in a way that is fully isolated from
|
||
the originating session.
|
||
|
||
* systemd-networkd learned to cope with private-zone DHCP
|
||
options and allows other programs to query the values.
|
||
|
||
* SELinux access control when enabling/disabling units is no
|
||
longer enforced with this release. The previous implementation
|
||
was incorrect, and a new corrected implementation is not yet
|
||
available. As unit file operations are still protected via
|
||
polkit and D-Bus policy this is not a security problem. Yet,
|
||
distributions which care about optimal SELinux support should
|
||
probably not stabilize on this release.
|
||
|
||
* sd-bus gained support for matches of type "arg0has=", that
|
||
test for membership of strings in string arrays sent in bus
|
||
messages.
|
||
|
||
* systemd-resolved now dumps the contents of its DNS and LLMNR
|
||
caches to the logs on reception of the SIGUSR1 signal. This
|
||
is useful to debug DNS behaviour.
|
||
|
||
* The coredumpctl tool gained a new --directory= option to
|
||
operate on journal files in a specific directory.
|
||
|
||
* "systemctl reboot" and related commands gained a new
|
||
"--message=" option which may be used to set a free-text
|
||
wall message when shutting down or rebooting the
|
||
system. This message is also logged, which is useful for
|
||
figuring out the reason for a reboot or shutdown a
|
||
posteriori.
|
||
|
||
* The "systemd-resolve-host" tool's -i switch now takes
|
||
network interface numbers as alternative to interface names.
|
||
|
||
* A new unit file setting for services has been introduced:
|
||
UtmpMode= allows configuration of how precisely systemd
|
||
handles utmp and wtmp entries for the service if this is
|
||
enabled. This allows writing services that appear similar to
|
||
user sessions in the output of the "w", "who", "last" and
|
||
"lastlog" tools.
|
||
|
||
* systemd-resolved will now locally synthesize DNS resource
|
||
records for the "localhost" and "gateway" domains as well as
|
||
the local hostname. This should ensure that clients querying
|
||
RRs via resolved will get similar results as those going via
|
||
NSS, if nss-myhostname is enabled.
|
||
|
||
Contributions from: Alastair Hughes, Alex Crawford, Daniel
|
||
Mack, David Herrmann, Dimitri John Ledkov, Eric Kostrowski,
|
||
Evgeny Vereshchagin, Felipe Sateler, HATAYAMA Daisuke, Jan
|
||
Pokorný, Jan Synacek, Johnny Robeson, Karel Zak, Kay Sievers,
|
||
Kefeng Wang, Lennart Poettering, Major Hayden, Marcel
|
||
Holtmann, Markus Elfring, Martin Mikkelsen, Martin Pitt, Matt
|
||
Turner, Maxim Mikityanskiy, Michael Biebl, Namhyung Kim,
|
||
Nicolas Cornu, Owen W. Taylor, Patrik Flykt, Peter Hutterer,
|
||
reverendhomer, Richard Maw, Ronny Chevalier, Seth Jennings,
|
||
Stef Walter, Susant Sahani, Thomas Blume, Thomas Hindoe
|
||
Paaboel Andersen, Thomas Meyer, Tom Gundersen, Vincent Batts,
|
||
WaLyong Cho, Zbigniew Jędrzejewski-Szmek
|
||
|
||
— Berlin, 2015-08-27
|
||
|
||
CHANGES WITH 224:
|
||
|
||
* The systemd-efi-boot-generator functionality was merged into
|
||
systemd-gpt-auto-generator.
|
||
|
||
* systemd-networkd now supports Group Policy for vxlan
|
||
devices. It can be enabled via the new boolean configuration
|
||
option called 'GroupPolicyExtension='.
|
||
|
||
Contributions from: Andreas Kempf, Christian Hesse, Daniel Mack, David
|
||
Herrmann, Herman Fries, Johannes Nixdorf, Kay Sievers, Lennart
|
||
Poettering, Peter Hutterer, Susant Sahani, Tom Gundersen
|
||
|
||
— Berlin, 2015-07-31
|
||
|
||
CHANGES WITH 223:
|
||
|
||
* The python-systemd code has been removed from the systemd repository.
|
||
A new repository has been created which accommodates the code from
|
||
now on, and we kindly ask distributions to create a separate package
|
||
for this: https://github.com/systemd/python-systemd
|
||
|
||
* The systemd daemon will now reload its main configuration
|
||
(/etc/systemd/system.conf) on daemon-reload.
|
||
|
||
* sd-dhcp now exposes vendor specific extensions via
|
||
sd_dhcp_lease_get_vendor_specific().
|
||
|
||
* systemd-networkd gained a number of new configuration options.
|
||
|
||
- A new boolean configuration option for TAP devices called
|
||
'VNetHeader='. If set, the IFF_VNET_HDR flag is set for the
|
||
device, thus allowing to send and receive GSO packets.
|
||
|
||
- A new tunnel configuration option called 'CopyDSCP='.
|
||
If enabled, the DSCP field of ip6 tunnels is copied into the
|
||
decapsulated packet.
|
||
|
||
- A set of boolean bridge configuration options were added.
|
||
'UseBPDU=', 'HairPin=', 'FastLeave=', 'AllowPortToBeRoot=',
|
||
and 'UnicastFlood=' are now parsed by networkd and applied to the
|
||
respective bridge link device via the respective IFLA_BRPORT_*
|
||
netlink attribute.
|
||
|
||
- A new string configuration option to override the hostname sent
|
||
to a DHCP server, called 'Hostname='. If set and 'SendHostname='
|
||
is true, networkd will use the configured hostname instead of the
|
||
system hostname when sending DHCP requests.
|
||
|
||
- A new tunnel configuration option called 'IPv6FlowLabel='. If set,
|
||
networkd will configure the IPv6 flow-label of the tunnel device
|
||
according to RFC2460.
|
||
|
||
- The 'macvtap' virtual network devices are now supported, similar to
|
||
the already supported 'macvlan' devices.
|
||
|
||
* systemd-resolved now implements RFC5452 to improve resilience against
|
||
cache poisoning. Additionally, source port randomization is enabled
|
||
by default to further protect against DNS spoofing attacks.
|
||
|
||
* nss-mymachines now supports translating UIDs and GIDs of running
|
||
containers with user-namespaces enabled. If a container 'foo'
|
||
translates a host uid 'UID' to the container uid 'TUID', then
|
||
nss-mymachines will also map uid 'UID' to/from username 'vu-foo-TUID'
|
||
(with 'foo' and 'TUID' replaced accordingly). Similarly, groups are
|
||
mapped as 'vg-foo-TGID'.
|
||
|
||
Contributions from: Beniamino Galvani, cee1, Christian Hesse, Daniel
|
||
Buch, Daniel Mack, daurnimator, David Herrmann, Dimitri John Ledkov,
|
||
HATAYAMA Daisuke, Ivan Shapovalov, Jan Alexander Steffens (heftig),
|
||
Johan Ouwerkerk, Jose Carlos Venegas Munoz, Karel Zak, Kay Sievers,
|
||
Lennart Poettering, Lidong Zhong, Martin Pitt, Michael Biebl, Michael
|
||
Olbrich, Michal Schmidt, Michal Sekletar, Mike Gilbert, Namhyung Kim,
|
||
Nick Owens, Peter Hutterer, Richard Maw, Steven Allen, Sungbae Yoo,
|
||
Susant Sahani, Thomas Blume, Thomas Hindoe Paaboel Andersen, Tom
|
||
Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Vito Caputo,
|
||
Vivenzio Pagliari, Zbigniew Jędrzejewski-Szmek
|
||
|
||
— Berlin, 2015-07-29
|
||
|
||
CHANGES WITH 222:
|
||
|
||
* udev does not longer support the WAIT_FOR_SYSFS= key in udev rules.
|
||
There are no known issues with current sysfs, and udev does not need
|
||
or should be used to work around such bugs.
|
||
|
||
* udev does no longer enable USB HID power management. Several reports
|
||
indicate, that some devices cannot handle that setting.
|
||
|
||
* The udev accelerometer helper was removed. The functionality
|
||
is now fully included in iio-sensor-proxy. But this means,
|
||
older iio-sensor-proxy versions will no longer provide
|
||
accelerometer/orientation data with this systemd version.
|
||
Please upgrade iio-sensor-proxy to version 1.0.
|
||
|
||
* networkd gained a new configuration option IPv6PrivacyExtensions=
|
||
which enables IPv6 privacy extensions (RFC 4941, "Privacy Extensions
|
||
for Stateless Address") on selected networks.
|
||
|
||
* For the sake of fewer build-time dependencies and less code in the
|
||
main repository, the python bindings are about to be removed in the
|
||
next release. A new repository has been created which accommodates
|
||
the code from now on, and we kindly ask distributions to create a
|
||
separate package for this. The removal will take place in v223.
|
||
|
||
https://github.com/systemd/python-systemd
|
||
|
||
Contributions from: Abdo Roig-Maranges, Andrew Eikum, Bastien Nocera,
|
||
Cédric Delmas, Christian Hesse, Christos Trochalakis, Daniel Mack,
|
||
daurnimator, David Herrmann, Dimitri John Ledkov, Eric Biggers, Eric
|
||
Cook, Felipe Sateler, Geert Jansen, Gerd Hoffmann, Gianpaolo Macario,
|
||
Greg Kroah-Hartman, Iago López Galeiras, Jan Alexander Steffens
|
||
(heftig), Jan Engelhardt, Jay Strict, Kay Sievers, Lennart Poettering,
|
||
Markus Knetschke, Martin Pitt, Michael Biebl, Michael Marineau, Michal
|
||
Sekletar, Miguel Bernal Marin, Peter Hutterer, Richard Maw, rinrinne,
|
||
Susant Sahani, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Torstein
|
||
Husebø, Vedran Miletić, WaLyong Cho, Zbigniew Jędrzejewski-Szmek
|
||
|
||
— Berlin, 2015-07-07
|
||
|
||
CHANGES WITH 221:
|
||
|
||
* The sd-bus.h and sd-event.h APIs have now been declared
|
||
stable and have been added to the official interface of
|
||
libsystemd.so. sd-bus implements an alternative D-Bus client
|
||
library, that is relatively easy to use, very efficient and
|
||
supports both classic D-Bus as well as kdbus as transport
|
||
backend. sd-event is a generic event loop abstraction that
|
||
is built around Linux epoll, but adds features such as event
|
||
prioritization or efficient timer handling. Both APIs are good
|
||
choices for C programs looking for a bus and/or event loop
|
||
implementation that is minimal and does not have to be
|
||
portable to other kernels.
|
||
|
||
* kdbus support is no longer compile-time optional. It is now
|
||
always built-in. However, it can still be disabled at
|
||
runtime using the kdbus=0 kernel command line setting, and
|
||
that setting may be changed to default to off, by specifying
|
||
--disable-kdbus at build-time. Note though that the kernel
|
||
command line setting has no effect if the kdbus.ko kernel
|
||
module is not installed, in which case kdbus is (obviously)
|
||
also disabled. We encourage all downstream distributions to
|
||
begin testing kdbus by adding it to the kernel images in the
|
||
development distributions, and leaving kdbus support in
|
||
systemd enabled.
|
||
|
||
* The minimal required util-linux version has been bumped to
|
||
2.26.
|
||
|
||
* Support for chkconfig (--enable-chkconfig) was removed in
|
||
favor of calling an abstraction tool
|
||
/lib/systemd/systemd-sysv-install. This needs to be
|
||
implemented for your distribution. See "SYSV INIT.D SCRIPTS"
|
||
in README for details.
|
||
|
||
* If there's a systemd unit and a SysV init script for the
|
||
same service name, and the user executes "systemctl enable"
|
||
for it (or a related call), then this will now enable both
|
||
(or execute the related operation on both), not just the
|
||
unit.
|
||
|
||
* The libudev API documentation has been converted from gtkdoc
|
||
into man pages.
|
||
|
||
* gudev has been removed from the systemd tree, it is now an
|
||
external project.
|
||
|
||
* The systemd-cgtop tool learnt a new --raw switch to generate
|
||
"raw" (machine parsable) output.
|
||
|
||
* networkd's IPForwarding= .network file setting learnt the
|
||
new setting "kernel", which ensures that networkd does not
|
||
change the IP forwarding sysctl from the default kernel
|
||
state.
|
||
|
||
* The systemd-logind bus API now exposes a new boolean
|
||
property "Docked" that reports whether logind considers the
|
||
system "docked", i.e. connected to a docking station or not.
|
||
|
||
Contributions from: Alex Crawford, Andreas Pokorny, Andrei
|
||
Borzenkov, Charles Duffy, Colin Guthrie, Cristian Rodríguez,
|
||
Daniele Medri, Daniel Hahler, Daniel Mack, David Herrmann,
|
||
David Mohr, Dimitri John Ledkov, Djalal Harouni, dslul, Ed
|
||
Swierk, Eric Cook, Filipe Brandenburger, Gianpaolo Macario,
|
||
Harald Hoyer, Iago López Galeiras, Igor Vuk, Jan Synacek,
|
||
Jason Pleau, Jason S. McMullan, Jean Delvare, Jeff Huang,
|
||
Jonathan Boulle, Karel Zak, Kay Sievers, kloun, Lennart
|
||
Poettering, Marc-Antoine Perennou, Marcel Holtmann, Mario
|
||
Limonciello, Martin Pitt, Michael Biebl, Michael Olbrich,
|
||
Michal Schmidt, Mike Gilbert, Nick Owens, Pablo Lezaeta Reyes,
|
||
Patrick Donnelly, Pavel Odvody, Peter Hutterer, Philip
|
||
Withnall, Ronny Chevalier, Simon McVittie, Susant Sahani,
|
||
Thomas Hindoe Paaboel Andersen, Tom Gundersen, Torstein
|
||
Husebø, Umut Tezduyar Lindskog, Viktar Vauchkevich, Werner
|
||
Fink, Zbigniew Jędrzejewski-Szmek
|
||
|
||
— Berlin, 2015-06-19
|
||
|
||
CHANGES WITH 220:
|
||
|
||
* The gudev library has been extracted into a separate repository
|
||
available at: https://git.gnome.org/browse/libgudev/
|
||
It is now managed as part of the Gnome project. Distributions
|
||
are recommended to pass --disable-gudev to systemd and use
|
||
gudev from the Gnome project instead. gudev is still included
|
||
in systemd, for now. It will be removed soon, though. Please
|
||
also see the announcement-thread on systemd-devel:
|
||
https://lists.freedesktop.org/archives/systemd-devel/2015-May/032070.html
|
||
|
||
* systemd now exposes a CPUUsageNSec= property for each
|
||
service unit on the bus, that contains the overall consumed
|
||
CPU time of a service (the sum of what each process of the
|
||
service consumed). This value is only available if
|
||
CPUAccounting= is turned on for a service, and is then shown
|
||
in the "systemctl status" output.
|
||
|
||
* Support for configuring alternative mappings of the old SysV
|
||
runlevels to systemd targets has been removed. They are now
|
||
hardcoded in a way that runlevels 2, 3, 4 all map to
|
||
multi-user.target and 5 to graphical.target (which
|
||
previously was already the default behaviour).
|
||
|
||
* The auto-mounter logic gained support for mount point
|
||
expiry, using a new TimeoutIdleSec= setting in .automount
|
||
units. (Also available as x-systemd.idle-timeout= in /etc/fstab).
|
||
|
||
* The EFI System Partition (ESP) as mounted to /boot by
|
||
systemd-efi-boot-generator will now be unmounted
|
||
automatically after 2 minutes of not being used. This should
|
||
minimize the risk of ESP corruptions.
|
||
|
||
* New /etc/fstab options x-systemd.requires= and
|
||
x-systemd.requires-mounts-for= are now supported to express
|
||
additional dependencies for mounts. This is useful for
|
||
journaling file systems that support external journal
|
||
devices or overlay file systems that require underlying file
|
||
systems to be mounted.
|
||
|
||
* systemd does not support direct live-upgrades (via systemctl
|
||
daemon-reexec) from versions older than v44 anymore. As no
|
||
distribution we are aware of shipped such old versions in a
|
||
stable release this should not be problematic.
|
||
|
||
* When systemd forks off a new per-connection service instance
|
||
it will now set the $REMOTE_ADDR environment variable to the
|
||
remote IP address, and $REMOTE_PORT environment variable to
|
||
the remote IP port. This behaviour is similar to the
|
||
corresponding environment variables defined by CGI.
|
||
|
||
* systemd-networkd gained support for uplink failure
|
||
detection. The BindCarrier= option allows binding interface
|
||
configuration dynamically to the link sense of other
|
||
interfaces. This is useful to achieve behaviour like in
|
||
network switches.
|
||
|
||
* systemd-networkd gained support for configuring the DHCP
|
||
client identifier to use when requesting leases.
|
||
|
||
* systemd-networkd now has a per-network UseNTP= option to
|
||
configure whether NTP server information acquired via DHCP
|
||
is passed on to services like systemd-timesyncd.
|
||
|
||
* systemd-networkd gained support for vti6 tunnels.
|
||
|
||
* Note that systemd-networkd manages the sysctl variable
|
||
/proc/sys/net/ipv[46]/conf/*/forwarding for each interface
|
||
it is configured for since v219. The variable controls IP
|
||
forwarding, and is a per-interface alternative to the global
|
||
/proc/sys/net/ipv[46]/ip_forward. This setting is
|
||
configurable in the IPForward= option, which defaults to
|
||
"no". This means if networkd is used for an interface it is
|
||
no longer sufficient to set the global sysctl option to turn
|
||
on IP forwarding! Instead, the .network file option
|
||
IPForward= needs to be turned on! Note that the
|
||
implementation of this behaviour was broken in v219 and has
|
||
been fixed in v220.
|
||
|
||
* Many bonding and vxlan options are now configurable in
|
||
systemd-networkd.
|
||
|
||
* systemd-nspawn gained a new --property= setting to set unit
|
||
properties for the container scope. This is useful for
|
||
setting resource parameters (e.g. "CPUShares=500") on
|
||
containers started from the command line.
|
||
|
||
* systemd-nspawn gained a new --private-users= switch to make
|
||
use of user namespacing available on recent Linux kernels.
|
||
|
||
* systemd-nspawn may now be called as part of a shell pipeline
|
||
in which case the pipes used for stdin and stdout are passed
|
||
directly to the process invoked in the container, without
|
||
indirection via a pseudo tty.
|
||
|
||
* systemd-nspawn gained a new switch to control the UNIX
|
||
signal to use when killing the init process of the container
|
||
when shutting down.
|
||
|
||
* systemd-nspawn gained a new --overlay= switch for mounting
|
||
overlay file systems into the container using the new kernel
|
||
overlayfs support.
|
||
|
||
* When a container image is imported via systemd-importd and
|
||
the host file system is not btrfs, a loopback block device
|
||
file is created in /var/lib/machines.raw with a btrfs file
|
||
system inside. It is then mounted to /var/lib/machines to
|
||
enable btrfs features for container management. The loopback
|
||
file and btrfs file system is grown as needed when container
|
||
images are imported via systemd-importd.
|
||
|
||
* systemd-machined/systemd-importd gained support for btrfs
|
||
quota, to enforce container disk space limits on disk. This
|
||
is exposed in "machinectl set-limit".
|
||
|
||
* systemd-importd now can import containers from local .tar,
|
||
.raw and .qcow2 images, and export them to .tar and .raw. It
|
||
can also import dkr v2 images now from the network (on top
|
||
of v1 as before).
|
||
|
||
* systemd-importd gained support for verifying downloaded
|
||
images with gpg2 (previously only gpg1 was supported).
|
||
|
||
* systemd-machined, systemd-logind, systemd: most bus calls are
|
||
now accessible to unprivileged processes via polkit. Also,
|
||
systemd-logind will now allow users to kill their own sessions
|
||
without further privileges or authorization.
|
||
|
||
* systemd-shutdownd has been removed. This service was
|
||
previously responsible for implementing scheduled shutdowns
|
||
as exposed in /usr/bin/shutdown's time parameter. This
|
||
functionality has now been moved into systemd-logind and is
|
||
accessible via a bus interface.
|
||
|
||
* "systemctl reboot" gained a new switch --firmware-setup that
|
||
can be used to reboot into the EFI firmware setup, if that
|
||
is available. systemd-logind now exposes an API on the bus
|
||
to trigger such reboots, in case graphical desktop UIs want
|
||
to cover this functionality.
|
||
|
||
* "systemctl enable", "systemctl disable" and "systemctl mask"
|
||
now support a new "--now" switch. If specified the units
|
||
that are enabled will also be started, and the ones
|
||
disabled/masked also stopped.
|
||
|
||
* The Gummiboot EFI boot loader tool has been merged into
|
||
systemd, and renamed to "systemd-boot". The bootctl tool has been
|
||
updated to support systemd-boot.
|
||
|
||
* An EFI kernel stub has been added that may be used to create
|
||
kernel EFI binaries that contain not only the actual kernel,
|
||
but also an initrd, boot splash, command line and OS release
|
||
information. This combined binary can then be signed as a
|
||
single image, so that the firmware can verify it all in one
|
||
step. systemd-boot has special support for EFI binaries created
|
||
like this and can extract OS release information from them
|
||
and show them in the boot menu. This functionality is useful
|
||
to implement cryptographically verified boot schemes.
|
||
|
||
* Optional support has been added to systemd-fsck to pass
|
||
fsck's progress report to an AF_UNIX socket in the file
|
||
system.
|
||
|
||
* udev will no longer create device symlinks for all block devices by
|
||
default. A deny list for excluding special block devices from this
|
||
logic has been turned into an allow list that requires picking block
|
||
devices explicitly that require device symlinks.
|
||
|
||
* A new (currently still internal) API sd-device.h has been
|
||
added to libsystemd. This modernized API is supposed to
|
||
replace libudev eventually. In fact, already much of libudev
|
||
is now just a wrapper around sd-device.h.
|
||
|
||
* A new hwdb database for storing metadata about pointing
|
||
stick devices has been added.
|
||
|
||
* systemd-tmpfiles gained support for setting file attributes
|
||
similar to the "chattr" tool with new 'h' and 'H' lines.
|
||
|
||
* systemd-journald will no longer unconditionally set the
|
||
btrfs NOCOW flag on new journal files. This is instead done
|
||
with tmpfiles snippet using the new 'h' line type. This
|
||
allows easy disabling of this logic, by masking the
|
||
journal-nocow.conf tmpfiles file.
|
||
|
||
* systemd-journald will now translate audit message types to
|
||
human readable identifiers when writing them to the
|
||
journal. This should improve readability of audit messages.
|
||
|
||
* The LUKS logic gained support for the offset= and skip=
|
||
options in /etc/crypttab, as previously implemented by
|
||
Debian.
|
||
|
||
* /usr/lib/os-release gained a new optional field VARIANT= for
|
||
distributions that support multiple variants (such as a
|
||
desktop edition, a server edition, …)
|
||
|
||
Contributions from: Aaro Koskinen, Adam Goode, Alban Crequy,
|
||
Alberto Fanjul Alonso, Alexander Sverdlin, Alex Puchades, Alin
|
||
Rauta, Alison Chaiken, Andrew Jones, Arend van Spriel,
|
||
Benedikt Morbach, Benjamin Franzke, Benjamin Tissoires, Blaž
|
||
Tomažič, Chris Morgan, Chris Morin, Colin Walters, Cristian
|
||
Rodríguez, Daniel Buch, Daniel Drake, Daniele Medri, Daniel
|
||
Mack, Daniel Mustieles, daurnimator, Davide Bettio, David
|
||
Herrmann, David Strauss, Didier Roche, Dimitri John Ledkov,
|
||
Eric Cook, Gavin Li, Goffredo Baroncelli, Hannes Reinecke,
|
||
Hans de Goede, Hans-Peter Deifel, Harald Hoyer, Iago López
|
||
Galeiras, Ivan Shapovalov, Jan Engelhardt, Jan Janssen, Jan
|
||
Pazdziora, Jan Synacek, Jasper St. Pierre, Jay Faulkner, John
|
||
Paul Adrian Glaubitz, Jonathon Gilbert, Karel Zak, Kay
|
||
Sievers, Koen Kooi, Lennart Poettering, Lubomir Rintel, Lucas
|
||
De Marchi, Lukas Nykryn, Lukas Rusak, Lukasz Skalski, Łukasz
|
||
Stelmach, Mantas Mikulėnas, Marc-Antoine Perennou, Marcel
|
||
Holtmann, Martin Pitt, Mathieu Chevrier, Matthew Garrett,
|
||
Michael Biebl, Michael Marineau, Michael Olbrich, Michal
|
||
Schmidt, Michal Sekletar, Mirco Tischler, Nir Soffer, Patrik
|
||
Flykt, Pavel Odvody, Peter Hutterer, Peter Lemenkov, Peter
|
||
Waller, Piotr Drąg, Raul Gutierrez S, Richard Maw, Ronny
|
||
Chevalier, Ross Burton, Sebastian Rasmussen, Sergey Ptashnick,
|
||
Seth Jennings, Shawn Landden, Simon Farnsworth, Stefan Junker,
|
||
Stephen Gallagher, Susant Sahani, Sylvain Plantefève, Thomas
|
||
Haller, Thomas Hindoe Paaboel Andersen, Tobias Hunger, Tom
|
||
Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Will
|
||
Woods, Zachary Cook, Zbigniew Jędrzejewski-Szmek
|
||
|
||
— Berlin, 2015-05-22
|
||
|
||
CHANGES WITH 219:
|
||
|
||
* Introduce a new API "sd-hwdb.h" for querying the hardware
|
||
metadata database. With this minimal interface one can query
|
||
and enumerate the udev hwdb, decoupled from the old libudev
|
||
library. libudev's interface for this is now only a wrapper
|
||
around sd-hwdb. A new tool systemd-hwdb has been added to
|
||
interface with and update the database.
|
||
|
||
* When any of systemd's tools copies files (for example due to
|
||
tmpfiles' C lines) a btrfs reflink will attempted first,
|
||
before bytewise copying is done.
|
||
|
||
* systemd-nspawn gained a new --ephemeral switch. When
|
||
specified a btrfs snapshot is taken of the container's root
|
||
directory, and immediately removed when the container
|
||
terminates again. Thus, a container can be started whose
|
||
changes never alter the container's root directory, and are
|
||
lost on container termination. This switch can also be used
|
||
for starting a container off the root file system of the
|
||
host without affecting the host OS. This switch is only
|
||
available on btrfs file systems.
|
||
|
||
* systemd-nspawn gained a new --template= switch. It takes the
|
||
path to a container tree to use as template for the tree
|
||
specified via --directory=, should that directory be
|
||
missing. This allows instantiating containers dynamically,
|
||
on first run. This switch is only available on btrfs file
|
||
systems.
|
||
|
||
* When a .mount unit refers to a mount point on which multiple
|
||
mounts are stacked, and the .mount unit is stopped all of
|
||
the stacked mount points will now be unmounted until no
|
||
mount point remains.
|
||
|
||
* systemd now has an explicit notion of supported and
|
||
unsupported unit types. Jobs enqueued for unsupported unit
|
||
types will now fail with an "unsupported" error code. More
|
||
specifically .swap, .automount and .device units are not
|
||
supported in containers, .busname units are not supported on
|
||
non-kdbus systems. .swap and .automount are also not
|
||
supported if their respective kernel compile time options
|
||
are disabled.
|
||
|
||
* machinectl gained support for two new "copy-from" and
|
||
"copy-to" commands for copying files from a running
|
||
container to the host or vice versa.
|
||
|
||
* machinectl gained support for a new "bind" command to bind
|
||
mount host directories into local containers. This is
|
||
currently only supported for nspawn containers.
|
||
|
||
* networkd gained support for configuring bridge forwarding
|
||
database entries (fdb) from .network files.
|
||
|
||
* A new tiny daemon "systemd-importd" has been added that can
|
||
download container images in tar, raw, qcow2 or dkr formats,
|
||
and make them available locally in /var/lib/machines, so
|
||
that they can run as nspawn containers. The daemon can GPG
|
||
verify the downloads (not supported for dkr, since it has no
|
||
provisions for verifying downloads). It will transparently
|
||
decompress bz2, xz, gzip compressed downloads if necessary,
|
||
and restore sparse files on disk. The daemon uses privilege
|
||
separation to ensure the actual download logic runs with
|
||
fewer privileges than the daemon itself. machinectl has
|
||
gained new commands "pull-tar", "pull-raw" and "pull-dkr" to
|
||
make the functionality of importd available to the
|
||
user. With this in place the Fedora and Ubuntu "Cloud"
|
||
images can be downloaded and booted as containers unmodified
|
||
(the Fedora images lack the appropriate GPG signature files
|
||
currently, so they cannot be verified, but this will change
|
||
soon, hopefully). Note that downloading images is currently
|
||
only fully supported on btrfs.
|
||
|
||
* machinectl is now able to list container images found in
|
||
/var/lib/machines, along with some metadata about sizes of
|
||
disk and similar. If the directory is located on btrfs and
|
||
quota is enabled, this includes quota display. A new command
|
||
"image-status" has been added that shows additional
|
||
information about images.
|
||
|
||
* machinectl is now able to clone container images
|
||
efficiently, if the underlying file system (btrfs) supports
|
||
it, with the new "machinectl clone" command. It also
|
||
gained commands for renaming and removing images, as well as
|
||
marking them read-only or read-write (supported also on
|
||
legacy file systems).
|
||
|
||
* networkd gained support for collecting LLDP network
|
||
announcements, from hardware that supports this. This is
|
||
shown in networkctl output.
|
||
|
||
* systemd-run gained support for a new -t (--pty) switch for
|
||
invoking a binary on a pty whose input and output is
|
||
connected to the invoking terminal. This allows executing
|
||
processes as system services while interactively
|
||
communicating with them via the terminal. Most interestingly
|
||
this is supported across container boundaries. Invoking
|
||
"systemd-run -t /bin/bash" is an alternative to running a
|
||
full login session, the difference being that the former
|
||
will not register a session, nor go through the PAM session
|
||
setup.
|
||
|
||
* tmpfiles gained support for a new "v" line type for creating
|
||
btrfs subvolumes. If the underlying file system is a legacy
|
||
file system, this automatically degrades to creating a
|
||
normal directory. Among others /var/lib/machines is now
|
||
created like this at boot, should it be missing.
|
||
|
||
* The directory /var/lib/containers/ has been deprecated and
|
||
been replaced by /var/lib/machines. The term "machines" has
|
||
been used in the systemd context as generic term for both
|
||
VMs and containers, and hence appears more appropriate for
|
||
this, as the directory can also contain raw images bootable
|
||
via qemu/kvm.
|
||
|
||
* systemd-nspawn when invoked with -M but without --directory=
|
||
or --image= is now capable of searching for the container
|
||
root directory, subvolume or disk image automatically, in
|
||
/var/lib/machines. systemd-nspawn@.service has been updated
|
||
to make use of this, thus allowing it to be used for raw
|
||
disk images, too.
|
||
|
||
* A new machines.target unit has been introduced that is
|
||
supposed to group all containers/VMs invoked as services on
|
||
the system. systemd-nspawn@.service has been updated to
|
||
integrate with that.
|
||
|
||
* machinectl gained a new "start" command, for invoking a
|
||
container as a service. "machinectl start foo" is mostly
|
||
equivalent to "systemctl start systemd-nspawn@foo.service",
|
||
but handles escaping in a nicer way.
|
||
|
||
* systemd-nspawn will now mount most of the cgroupfs tree
|
||
read-only into each container, with the exception of the
|
||
container's own subtree in the name=systemd hierarchy.
|
||
|
||
* journald now sets the special FS_NOCOW file flag for its
|
||
journal files. This should improve performance on btrfs, by
|
||
avoiding heavy fragmentation when journald's write-pattern
|
||
is used on COW file systems. It degrades btrfs' data
|
||
integrity guarantees for the files to the same levels as for
|
||
ext3/ext4 however. This should be OK though as journald does
|
||
its own data integrity checks and all its objects are
|
||
checksummed on disk. Also, journald should handle btrfs disk
|
||
full events a lot more gracefully now, by processing SIGBUS
|
||
errors, and not relying on fallocate() anymore.
|
||
|
||
* When journald detects that journal files it is writing to
|
||
have been deleted it will immediately start new journal
|
||
files.
|
||
|
||
* systemd now provides a way to store file descriptors
|
||
per-service in PID 1. This is useful for daemons to ensure
|
||
that fds they require are not lost during a daemon
|
||
restart. The fds are passed to the daemon on the next
|
||
invocation in the same way socket activation fds are
|
||
passed. This is now used by journald to ensure that the
|
||
various sockets connected to all the system's stdout/stderr
|
||
are not lost when journald is restarted. File descriptors
|
||
may be stored in PID 1 via the sd_pid_notify_with_fds() API,
|
||
an extension to sd_notify(). Note that a limit is enforced
|
||
on the number of fds a service can store in PID 1, and it
|
||
defaults to 0, so that no fds may be stored, unless this is
|
||
explicitly turned on.
|
||
|
||
* The default TERM variable to use for units connected to a
|
||
terminal, when no other value is explicitly is set is now
|
||
vt220 rather than vt102. This should be fairly safe still,
|
||
but allows PgUp/PgDn work.
|
||
|
||
* The /etc/crypttab option header= as known from Debian is now
|
||
supported.
|
||
|
||
* "loginctl user-status" and "loginctl session-status" will
|
||
now show the last 10 lines of log messages of the
|
||
user/session following the status output. Similar,
|
||
"machinectl status" will show the last 10 log lines
|
||
associated with a virtual machine or container
|
||
service. (Note that this is usually not the log messages
|
||
done in the VM/container itself, but simply what the
|
||
container manager logs. For nspawn this includes all console
|
||
output however.)
|
||
|
||
* "loginctl session-status" without further argument will now
|
||
show the status of the session of the caller. Similar,
|
||
"lock-session", "unlock-session", "activate",
|
||
"enable-linger", "disable-linger" may now be called without
|
||
session/user parameter in which case they apply to the
|
||
caller's session/user.
|
||
|
||
* An X11 session scriptlet is now shipped that uploads
|
||
$DISPLAY and $XAUTHORITY into the environment of the systemd
|
||
--user daemon if a session begins. This should improve
|
||
compatibility with X11 enabled applications run as systemd
|
||
user services.
|
||
|
||
* Generators are now subject to masking via /etc and /run, the
|
||
same way as unit files.
|
||
|
||
* networkd .network files gained support for configuring
|
||
per-link IPv4/IPv6 packet forwarding as well as IPv4
|
||
masquerading. This is by default turned on for veth links to
|
||
containers, as registered by systemd-nspawn. This means that
|
||
nspawn containers run with --network-veth will now get
|
||
automatic routed access to the host's networks without any
|
||
further configuration or setup, as long as networkd runs on
|
||
the host.
|
||
|
||
* systemd-nspawn gained the --port= (-p) switch to expose TCP
|
||
or UDP posts of a container on the host. With this in place
|
||
it is possible to run containers with private veth links
|
||
(--network-veth), and have their functionality exposed on
|
||
the host as if their services were running directly on the
|
||
host.
|
||
|
||
* systemd-nspawn's --network-veth switch now gained a short
|
||
version "-n", since with the changes above it is now truly
|
||
useful out-of-the-box. The systemd-nspawn@.service has been
|
||
updated to make use of it too by default.
|
||
|
||
* systemd-nspawn will now maintain a per-image R/W lock, to
|
||
ensure that the same image is not started more than once
|
||
writable. (It's OK to run an image multiple times
|
||
simultaneously in read-only mode.)
|
||
|
||
* systemd-nspawn's --image= option is now capable of
|
||
dissecting and booting MBR and GPT disk images that contain
|
||
only a single active Linux partition. Previously it
|
||
supported only GPT disk images with proper GPT type
|
||
IDs. This allows running cloud images from major
|
||
distributions directly with systemd-nspawn, without
|
||
modification.
|
||
|
||
* In addition to collecting mouse dpi data in the udev
|
||
hardware database, there's now support for collecting angle
|
||
information for mouse scroll wheels. The database is
|
||
supposed to guarantee similar scrolling behavior on mice
|
||
that it knows about. There's also support for collecting
|
||
information about Touchpad types.
|
||
|
||
* udev's input_id built-in will now also collect touch screen
|
||
dimension data and attach it to probed devices.
|
||
|
||
* /etc/os-release gained support for a Distribution Privacy
|
||
Policy link field.
|
||
|
||
* networkd gained support for creating "ipvlan", "gretap",
|
||
"ip6gre", "ip6gretap" and "ip6tnl" network devices.
|
||
|
||
* systemd-tmpfiles gained support for "a" lines for setting
|
||
ACLs on files.
|
||
|
||
* systemd-nspawn will now mount /tmp in the container to
|
||
tmpfs, automatically.
|
||
|
||
* systemd now exposes the memory.usage_in_bytes cgroup
|
||
attribute and shows it for each service in the "systemctl
|
||
status" output, if available.
|
||
|
||
* When the user presses Ctrl-Alt-Del more than 7x within 2s an
|
||
immediate reboot is triggered. This useful if shutdown is
|
||
hung and is unable to complete, to expedite the
|
||
operation. Note that this kind of reboot will still unmount
|
||
all file systems, and hence should not result in fsck being
|
||
run on next reboot.
|
||
|
||
* A .device unit for an optical block device will now be
|
||
considered active only when a medium is in the drive. Also,
|
||
mount units are now bound to their backing devices thus
|
||
triggering automatic unmounting when devices become
|
||
unavailable. With this in place systemd will now
|
||
automatically unmount left-over mounts when a CD-ROM is
|
||
ejected or a USB stick is yanked from the system.
|
||
|
||
* networkd-wait-online now has support for waiting for
|
||
specific interfaces only (with globbing), and for giving up
|
||
after a configurable timeout.
|
||
|
||
* networkd now exits when idle. It will be automatically
|
||
restarted as soon as interfaces show up, are removed or
|
||
change state. networkd will stay around as long as there is
|
||
at least one DHCP state machine or similar around, that keep
|
||
it non-idle.
|
||
|
||
* networkd may now configure IPv6 link-local addressing in
|
||
addition to IPv4 link-local addressing.
|
||
|
||
* The IPv6 "token" for use in SLAAC may now be configured for
|
||
each .network interface in networkd.
|
||
|
||
* Routes configured with networkd may now be assigned a scope
|
||
in .network files.
|
||
|
||
* networkd's [Match] sections now support globbing and lists
|
||
of multiple space-separated matches per item.
|
||
|
||
Contributions from: Alban Crequy, Alin Rauta, Andrey Chaser,
|
||
Bastien Nocera, Bruno Bottazzini, Carlos Garnacho, Carlos
|
||
Morata Castillo, Chris Atkinson, Chris J. Arges, Christian
|
||
Kirbach, Christian Seiler, Christoph Brill, Colin Guthrie,
|
||
Colin Walters, Cristian Rodríguez, Daniele Medri, Daniel Mack,
|
||
Dave Reisner, David Herrmann, Djalal Harouni, Erik Auerswald,
|
||
Filipe Brandenburger, Frank Theile, Gabor Kelemen, Gabriel de
|
||
Perthuis, Harald Hoyer, Hui Wang, Ivan Shapovalov, Jan
|
||
Engelhardt, Jan Synacek, Jay Faulkner, Johannes Hölzl, Jonas
|
||
Ådahl, Jonathan Boulle, Josef Andersson, Kay Sievers, Ken
|
||
Werner, Lennart Poettering, Lucas De Marchi, Lukas Märdian,
|
||
Lukas Nykryn, Lukasz Skalski, Luke Shumaker, Mantas Mikulėnas,
|
||
Manuel Mendez, Marcel Holtmann, Marc Schmitzer, Marko
|
||
Myllynen, Martin Pitt, Maxim Mikityanskiy, Michael Biebl,
|
||
Michael Marineau, Michael Olbrich, Michal Schmidt, Mindaugas
|
||
Baranauskas, Moez Bouhlel, Naveen Kumar, Patrik Flykt, Paul
|
||
Martin, Peter Hutterer, Peter Mattern, Philippe De Swert,
|
||
Piotr Drąg, Rafael Ferreira, Rami Rosen, Robert Milasan, Ronny
|
||
Chevalier, Sangjung Woo, Sebastien Bacher, Sergey Ptashnick,
|
||
Shawn Landden, Stéphane Graber, Susant Sahani, Sylvain
|
||
Plantefève, Thomas Hindoe Paaboel Andersen, Tim JP, Tom
|
||
Gundersen, Topi Miettinen, Torstein Husebø, Umut Tezduyar
|
||
Lindskog, Veres Lajos, Vincent Batts, WaLyong Cho, Wieland
|
||
Hoffmann, Zbigniew Jędrzejewski-Szmek
|
||
|
||
— Berlin, 2015-02-16
|
||
|
||
CHANGES WITH 218:
|
||
|
||
* When querying unit file enablement status (for example via
|
||
"systemctl is-enabled"), a new state "indirect" is now known
|
||
which indicates that a unit might not be enabled itself, but
|
||
another unit listed in its Also= setting might be.
|
||
|
||
* Similar to the various existing ConditionXYZ= settings for
|
||
units, there are now matching AssertXYZ= settings. While
|
||
failing conditions cause a unit to be skipped, but its job
|
||
to succeed, failing assertions declared like this will cause
|
||
a unit start operation and its job to fail.
|
||
|
||
* hostnamed now knows a new chassis type "embedded".
|
||
|
||
* systemctl gained a new "edit" command. When used on a unit
|
||
file, this allows extending unit files with .d/ drop-in
|
||
configuration snippets or editing the full file (after
|
||
copying it from /usr/lib to /etc). This will invoke the
|
||
user's editor (as configured with $EDITOR), and reload the
|
||
modified configuration after editing.
|
||
|
||
* "systemctl status" now shows the suggested enablement state
|
||
for a unit, as declared in the (usually vendor-supplied)
|
||
system preset files.
|
||
|
||
* nss-myhostname will now resolve the single-label hostname
|
||
"gateway" to the locally configured default IP routing
|
||
gateways, ordered by their metrics. This assigns a stable
|
||
name to the used gateways, regardless which ones are
|
||
currently configured. Note that the name will only be
|
||
resolved after all other name sources (if nss-myhostname is
|
||
configured properly) and should hence not negatively impact
|
||
systems that use the single-label hostname "gateway" in
|
||
other contexts.
|
||
|
||
* systemd-inhibit now allows filtering by mode when listing
|
||
inhibitors.
|
||
|
||
* Scope and service units gained a new "Delegate" boolean
|
||
property, which, when set, allows processes running inside the
|
||
unit to further partition resources. This is primarily
|
||
useful for systemd user instances as well as container
|
||
managers.
|
||
|
||
* journald will now pick up audit messages directly from
|
||
the kernel, and log them like any other log message. The
|
||
audit fields are split up and fully indexed. This means that
|
||
journalctl in many ways is now a (nicer!) alternative to
|
||
ausearch, the traditional audit client. Note that this
|
||
implements only a minimal audit client. If you want the
|
||
special audit modes like reboot-on-log-overflow, please use
|
||
the traditional auditd instead, which can be used in
|
||
parallel to journald.
|
||
|
||
* The ConditionSecurity= unit file option now understands the
|
||
special string "audit" to check whether auditing is
|
||
available.
|
||
|
||
* journalctl gained two new commands --vacuum-size= and
|
||
--vacuum-time= to delete old journal files until the
|
||
remaining ones take up no more than the specified size on disk,
|
||
or are not older than the specified time.
|
||
|
||
* A new, native PPPoE library has been added to sd-network,
|
||
systemd's library of light-weight networking protocols. This
|
||
library will be used in a future version of networkd to
|
||
enable PPPoE communication without an external pppd daemon.
|
||
|
||
* The busctl tool now understands a new "capture" verb that
|
||
works similar to "monitor", but writes a packet capture
|
||
trace to STDOUT that can be redirected to a file which is
|
||
compatible with libcap's capture file format. This can then
|
||
be loaded in Wireshark and similar tools to inspect bus
|
||
communication.
|
||
|
||
* The busctl tool now understands a new "tree" verb that shows
|
||
the object trees of a specific service on the bus, or of all
|
||
services.
|
||
|
||
* The busctl tool now understands a new "introspect" verb that
|
||
shows all interfaces and members of objects on the bus,
|
||
including their signature and values. This is particularly
|
||
useful to get more information about bus objects shown by
|
||
the new "busctl tree" command.
|
||
|
||
* The busctl tool now understands new verbs "call",
|
||
"set-property" and "get-property" for invoking bus method
|
||
calls, setting and getting bus object properties in a
|
||
friendly way.
|
||
|
||
* busctl gained a new --augment-creds= argument that controls
|
||
whether the tool shall augment credential information it
|
||
gets from the bus with data from /proc, in a possibly
|
||
race-ful way.
|
||
|
||
* nspawn's --link-journal= switch gained two new values
|
||
"try-guest" and "try-host" that work like "guest" and
|
||
"host", but do not fail if the host has no persistent
|
||
journaling enabled. -j is now equivalent to
|
||
--link-journal=try-guest.
|
||
|
||
* macvlan network devices created by nspawn will now have
|
||
stable MAC addresses.
|
||
|
||
* A new SmackProcessLabel= unit setting has been added, which
|
||
controls the SMACK security label processes forked off by
|
||
the respective unit shall use.
|
||
|
||
* If compiled with --enable-xkbcommon, systemd-localed will
|
||
verify x11 keymap settings by compiling the given keymap. It
|
||
will spew out warnings if the compilation fails. This
|
||
requires libxkbcommon to be installed.
|
||
|
||
* When a coredump is collected, a larger number of metadata
|
||
fields is now collected and included in the journal records
|
||
created for it. More specifically, control group membership,
|
||
environment variables, memory maps, working directory,
|
||
chroot directory, /proc/$PID/status, and a list of open file
|
||
descriptors is now stored in the log entry.
|
||
|
||
* The udev hwdb now contains DPI information for mice. For
|
||
details see:
|
||
|
||
http://who-t.blogspot.de/2014/12/building-a-dpi-database-for-mice.html
|
||
|
||
* All systemd programs that read standalone configuration
|
||
files in /etc now also support a corresponding series of
|
||
.conf.d configuration directories in /etc/, /run/,
|
||
/usr/local/lib/, /usr/lib/, and (if configured with
|
||
--enable-split-usr) /lib/. In particular, the following
|
||
configuration files now have corresponding configuration
|
||
directories: system.conf user.conf, logind.conf,
|
||
journald.conf, sleep.conf, bootchart.conf, coredump.conf,
|
||
resolved.conf, timesyncd.conf, journal-remote.conf, and
|
||
journal-upload.conf. Note that distributions should use the
|
||
configuration directories in /usr/lib/; the directories in
|
||
/etc/ are reserved for the system administrator.
|
||
|
||
* systemd-rfkill will no longer take the rfkill device name
|
||
into account when storing rfkill state on disk, as the name
|
||
might be dynamically assigned and not stable. Instead, the
|
||
ID_PATH udev variable combined with the rfkill type (wlan,
|
||
bluetooth, …) is used.
|
||
|
||
* A new service systemd-machine-id-commit.service has been
|
||
added. When used on systems where /etc is read-only during
|
||
boot, and /etc/machine-id is not initialized (but an empty
|
||
file), this service will copy the temporary machine ID
|
||
created as replacement into /etc after the system is fully
|
||
booted up. This is useful for systems that are freshly
|
||
installed with a non-initialized machine ID, but should get
|
||
a fixed machine ID for subsequent boots.
|
||
|
||
* networkd's .netdev files now provide a large set of
|
||
configuration parameters for VXLAN devices. Similarly, the
|
||
bridge port cost parameter is now configurable in .network
|
||
files. There's also new support for configuring IP source
|
||
routing. networkd .link files gained support for a new
|
||
OriginalName= match that is useful to match against the
|
||
original interface name the kernel assigned. .network files
|
||
may include MTU= and MACAddress= fields for altering the MTU
|
||
and MAC address while being connected to a specific network
|
||
interface.
|
||
|
||
* The LUKS logic gained supported for configuring
|
||
UUID-specific key files. There's also new support for naming
|
||
LUKS device from the kernel command line, using the new
|
||
luks.name= argument.
|
||
|
||
* Timer units may now be transiently created via the bus API
|
||
(this was previously already available for scope and service
|
||
units). In addition it is now possible to create multiple
|
||
transient units at the same time with a single bus call. The
|
||
"systemd-run" tool has been updated to make use of this for
|
||
running commands on a specified time, in at(1)-style.
|
||
|
||
* tmpfiles gained support for "t" lines, for assigning
|
||
extended attributes to files. Among other uses this may be
|
||
used to assign SMACK labels to files.
|
||
|
||
Contributions from: Alin Rauta, Alison Chaiken, Andrej
|
||
Manduch, Bastien Nocera, Chris Atkinson, Chris Leech, Chris
|
||
Mayo, Colin Guthrie, Colin Walters, Cristian Rodríguez,
|
||
Daniele Medri, Daniel Mack, Dan Williams, Dan Winship, Dave
|
||
Reisner, David Herrmann, Didier Roche, Felipe Sateler, Gavin
|
||
Li, Hans de Goede, Harald Hoyer, Iago López Galeiras, Ivan
|
||
Shapovalov, Jakub Filak, Jan Janssen, Jan Synacek, Joe
|
||
Lawrence, Josh Triplett, Kay Sievers, Lennart Poettering,
|
||
Lukas Nykryn, Łukasz Stelmach, Maciej Wereski, Mantas
|
||
Mikulėnas, Marcel Holtmann, Martin Pitt, Maurizio Lombardi,
|
||
Michael Biebl, Michael Chapman, Michael Marineau, Michal
|
||
Schmidt, Michal Sekletar, Olivier Brunel, Patrik Flykt, Peter
|
||
Hutterer, Przemyslaw Kedzierski, Rami Rosen, Ray Strode,
|
||
Richard Schütz, Richard W.M. Jones, Ronny Chevalier, Ross
|
||
Lagerwall, Sean Young, Stanisław Pitucha, Susant Sahani,
|
||
Thomas Haller, Thomas Hindoe Paaboel Andersen, Tom Gundersen,
|
||
Torstein Husebø, Umut Tezduyar Lindskog, Vicente Olivert
|
||
Riera, WaLyong Cho, Wesley Dawson, Zbigniew Jędrzejewski-Szmek
|
||
|
||
— Berlin, 2014-12-10
|
||
|
||
CHANGES WITH 217:
|
||
|
||
* journalctl gained the new options -t/--identifier= to match
|
||
on the syslog identifier (aka "tag"), as well as --utc to
|
||
show log timestamps in the UTC timezone. journalctl now also
|
||
accepts -n/--lines=all to disable line capping in a pager.
|
||
|
||
* journalctl gained a new switch, --flush, that synchronously
|
||
flushes logs from /run/log/journal to /var/log/journal if
|
||
persistent storage is enabled. systemd-journal-flush.service
|
||
now waits until the operation is complete.
|
||
|
||
* Services can notify the manager before they start a reload
|
||
(by sending RELOADING=1) or shutdown (by sending
|
||
STOPPING=1). This allows the manager to track and show the
|
||
internal state of daemons and closes a race condition when
|
||
the process is still running but has closed its D-Bus
|
||
connection.
|
||
|
||
* Services with Type=oneshot do not have to have any ExecStart
|
||
commands anymore.
|
||
|
||
* User units are now loaded also from
|
||
$XDG_RUNTIME_DIR/systemd/user/. This is similar to the
|
||
/run/systemd/user directory that was already previously
|
||
supported, but is under the control of the user.
|
||
|
||
* Job timeouts (i.e. timeouts on the time a job that is
|
||
queued stays in the run queue) can now optionally result in
|
||
immediate reboot or power-off actions (JobTimeoutAction= and
|
||
JobTimeoutRebootArgument=). This is useful on ".target"
|
||
units, to limit the maximum time a target remains
|
||
undispatched in the run queue, and to trigger an emergency
|
||
operation in such a case. This is now used by default to
|
||
turn off the system if boot-up (as defined by everything in
|
||
basic.target) hangs and does not complete for at least
|
||
15min. Also, if power-off or reboot hang for at least 30min
|
||
an immediate power-off/reboot operation is triggered. This
|
||
functionality is particularly useful to increase reliability
|
||
on embedded devices, but also on laptops which might
|
||
accidentally get powered on when carried in a backpack and
|
||
whose boot stays stuck in a hard disk encryption passphrase
|
||
question.
|
||
|
||
* systemd-logind can be configured to also handle lid switch
|
||
events even when the machine is docked or multiple displays
|
||
are attached (HandleLidSwitchDocked= option).
|
||
|
||
* A helper binary and a service have been added which can be
|
||
used to resume from hibernation in the initramfs. A
|
||
generator will parse the resume= option on the kernel
|
||
command line to trigger resume.
|
||
|
||
* A user console daemon systemd-consoled has been
|
||
added. Currently, it is a preview, and will so far open a
|
||
single terminal on each session of the user marked as
|
||
Desktop=systemd-console.
|
||
|
||
* Route metrics can be specified for DHCP routes added by
|
||
systemd-networkd.
|
||
|
||
* The SELinux context of socket-activated services can be set
|
||
from the information provided by the networking stack
|
||
(SELinuxContextFromNet= option).
|
||
|
||
* Userspace firmware loading support has been removed and
|
||
the minimum supported kernel version is thus bumped to 3.7.
|
||
|
||
* Timeout for udev workers has been increased from 1 to 3
|
||
minutes, but a warning will be printed after 1 minute to
|
||
help diagnose kernel modules that take a long time to load.
|
||
|
||
* Udev rules can now remove tags on devices with TAG-="foobar".
|
||
|
||
* systemd's readahead implementation has been removed. In many
|
||
circumstances it didn't give expected benefits even for
|
||
rotational disk drives and was becoming less relevant in the
|
||
age of SSDs. As none of the developers has been using
|
||
rotating media anymore, and nobody stepped up to actively
|
||
maintain this component of systemd it has now been removed.
|
||
|
||
* Swap units can use Options= to specify discard options.
|
||
Discard options specified for swaps in /etc/fstab are now
|
||
respected.
|
||
|
||
* Docker containers are now detected as a separate type of
|
||
virtualization.
|
||
|
||
* The Password Agent protocol gained support for queries where
|
||
the user input is shown, useful e.g. for user names.
|
||
systemd-ask-password gained a new --echo option to turn that
|
||
on.
|
||
|
||
* The default sysctl.d/ snippets will now set:
|
||
|
||
net.core.default_qdisc = fq_codel
|
||
|
||
This selects Fair Queuing Controlled Delay as the default
|
||
queuing discipline for network interfaces. fq_codel helps
|
||
fight the network bufferbloat problem. It is believed to be
|
||
a good default with no tuning required for most workloads.
|
||
Downstream distributions may override this choice. On 10Gbit
|
||
servers that do not do forwarding, "fq" may perform better.
|
||
Systems without a good clocksource should use "pfifo_fast".
|
||
|
||
* If kdbus is enabled during build a new option BusPolicy= is
|
||
available for service units, that allows locking all service
|
||
processes into a stricter bus policy, in order to limit
|
||
access to various bus services, or even hide most of them
|
||
from the service's view entirely.
|
||
|
||
* networkctl will now show the .network and .link file
|
||
networkd has applied to a specific interface.
|
||
|
||
* sd-login gained a new API call sd_session_get_desktop() to
|
||
query which desktop environment has been selected for a
|
||
session.
|
||
|
||
* UNIX utmp support is now compile-time optional to support
|
||
legacy-free systems.
|
||
|
||
* systemctl gained two new commands "add-wants" and
|
||
"add-requires" for pulling in units from specific targets
|
||
easily.
|
||
|
||
* If the word "rescue" is specified on the kernel command line
|
||
the system will now boot into rescue mode (aka
|
||
rescue.target), which was previously available only by
|
||
specifying "1" or "systemd.unit=rescue.target" on the kernel
|
||
command line. This new kernel command line option nicely
|
||
mirrors the already existing "emergency" kernel command line
|
||
option.
|
||
|
||
* New kernel command line options mount.usr=, mount.usrflags=,
|
||
mount.usrfstype= have been added that match root=, rootflags=,
|
||
rootfstype= but allow mounting a specific file system to
|
||
/usr.
|
||
|
||
* The $NOTIFY_SOCKET is now also passed to control processes of
|
||
services, not only the main process.
|
||
|
||
* This version reenables support for fsck's -l switch. This
|
||
means at least version v2.25 of util-linux is required for
|
||
operation, otherwise dead-locks on device nodes may
|
||
occur. Again: you need to update util-linux to at least
|
||
v2.25 when updating systemd to v217.
|
||
|
||
* The "multi-seat-x" tool has been removed from systemd, as
|
||
its functionality has been integrated into X servers 1.16,
|
||
and the tool is hence redundant. It is recommended to update
|
||
display managers invoking this tool to simply invoke X
|
||
directly from now on, again.
|
||
|
||
* Support for the new ALLOW_INTERACTIVE_AUTHORIZATION D-Bus
|
||
message flag has been added for all of systemd's polkit
|
||
authenticated method calls has been added. In particular this
|
||
now allows optional interactive authorization via polkit for
|
||
many of PID1's privileged operations such as unit file
|
||
enabling and disabling.
|
||
|
||
* "udevadm hwdb --update" learnt a new switch "--usr" for
|
||
placing the rebuilt hardware database in /usr instead of
|
||
/etc. When used only hardware database entries stored in
|
||
/usr will be used, and any user database entries in /etc are
|
||
ignored. This functionality is useful for vendors to ship a
|
||
pre-built database on systems where local configuration is
|
||
unnecessary or unlikely.
|
||
|
||
* Calendar time specifications in .timer units now also
|
||
understand the strings "semi-annually", "quarterly" and
|
||
"minutely" as shortcuts (in addition to the preexisting
|
||
"annually", "hourly", …).
|
||
|
||
* systemd-tmpfiles will now correctly create files in /dev
|
||
at boot which are marked for creation only at boot. It is
|
||
recommended to always create static device nodes with 'c!'
|
||
and 'b!', so that they are created only at boot and not
|
||
overwritten at runtime.
|
||
|
||
* When the watchdog logic is used for a service (WatchdogSec=)
|
||
and the watchdog timeout is hit the service will now be
|
||
terminated with SIGABRT (instead of just SIGTERM), in order
|
||
to make sure a proper coredump and backtrace is
|
||
generated. This ensures that hanging services will result in
|
||
similar coredump/backtrace behaviour as services that hit a
|
||
segmentation fault.
|
||
|
||
Contributions from: Andreas Henriksson, Andrei Borzenkov,
|
||
Angus Gibson, Ansgar Burchardt, Ben Wolsieffer, Brandon L.
|
||
Black, Christian Hesse, Cristian Rodríguez, Daniel Buch,
|
||
Daniele Medri, Daniel Mack, Dan Williams, Dave Reisner, David
|
||
Herrmann, David Sommerseth, David Strauss, Emil Renner
|
||
Berthing, Eric Cook, Evangelos Foutras, Filipe Brandenburger,
|
||
Gustavo Sverzut Barbieri, Hans de Goede, Harald Hoyer, Hristo
|
||
Venev, Hugo Grostabussiat, Ivan Shapovalov, Jan Janssen, Jan
|
||
Synacek, Jonathan Liu, Juho Son, Karel Zak, Kay Sievers, Klaus
|
||
Purer, Koen Kooi, Lennart Poettering, Lukas Nykryn, Lukasz
|
||
Skalski, Łukasz Stelmach, Mantas Mikulėnas, Marcel Holtmann,
|
||
Marius Tessmann, Marko Myllynen, Martin Pitt, Michael Biebl,
|
||
Michael Marineau, Michael Olbrich, Michael Scherer, Michal
|
||
Schmidt, Michal Sekletar, Miroslav Lichvar, Patrik Flykt,
|
||
Philippe De Swert, Piotr Drąg, Rahul Sundaram, Richard
|
||
Weinberger, Robert Milasan, Ronny Chevalier, Ruben Kerkhof,
|
||
Santiago Vila, Sergey Ptashnick, Simon McVittie, Sjoerd
|
||
Simons, Stefan Brüns, Steven Allen, Steven Noonan, Susant
|
||
Sahani, Sylvain Plantefève, Thomas Hindoe Paaboel Andersen,
|
||
Timofey Titovets, Tobias Hunger, Tom Gundersen, Torstein
|
||
Husebø, Umut Tezduyar Lindskog, WaLyong Cho, Zbigniew
|
||
Jędrzejewski-Szmek
|
||
|
||
— Berlin, 2014-10-28
|
||
|
||
CHANGES WITH 216:
|
||
|
||
* timedated no longer reads NTP implementation unit names from
|
||
/usr/lib/systemd/ntp-units.d/*.list. Alternative NTP
|
||
implementations should add a
|
||
|
||
Conflicts=systemd-timesyncd.service
|
||
|
||
to their unit files to take over and replace systemd's NTP
|
||
default functionality.
|
||
|
||
* systemd-sysusers gained a new line type "r" for configuring
|
||
which UID/GID ranges to allocate system users/groups
|
||
from. Lines of type "u" may now add an additional column
|
||
that specifies the home directory for the system user to be
|
||
created. Also, systemd-sysusers may now optionally read user
|
||
information from STDIN instead of a file. This is useful for
|
||
invoking it from RPM preinst scriptlets that need to create
|
||
users before the first RPM file is installed since these
|
||
files might need to be owned by them. A new
|
||
%sysusers_create_inline RPM macro has been introduced to do
|
||
just that. systemd-sysusers now updates the shadow files as
|
||
well as the user/group databases, which should enhance
|
||
compatibility with certain tools like grpck.
|
||
|
||
* A number of bus APIs of PID 1 now optionally consult polkit to
|
||
permit access for otherwise unprivileged clients under certain
|
||
conditions. Note that this currently doesn't support
|
||
interactive authentication yet, but this is expected to be
|
||
added eventually, too.
|
||
|
||
* /etc/machine-info now has new fields for configuring the
|
||
deployment environment of the machine, as well as the
|
||
location of the machine. hostnamectl has been updated with
|
||
new command to update these fields.
|
||
|
||
* systemd-timesyncd has been updated to automatically acquire
|
||
NTP server information from systemd-networkd, which might
|
||
have been discovered via DHCP.
|
||
|
||
* systemd-resolved now includes a caching DNS stub resolver
|
||
and a complete LLMNR name resolution implementation. A new
|
||
NSS module "nss-resolve" has been added which can be used
|
||
instead of glibc's own "nss-dns" to resolve hostnames via
|
||
systemd-resolved. Hostnames, addresses and arbitrary RRs may
|
||
be resolved via systemd-resolved D-Bus APIs. In contrast to
|
||
the glibc internal resolver systemd-resolved is aware of
|
||
multi-homed system, and keeps DNS server and caches separate
|
||
and per-interface. Queries are sent simultaneously on all
|
||
interfaces that have DNS servers configured, in order to
|
||
properly handle VPNs and local LANs which might resolve
|
||
separate sets of domain names. systemd-resolved may acquire
|
||
DNS server information from systemd-networkd automatically,
|
||
which in turn might have discovered them via DHCP. A tool
|
||
"systemd-resolve-host" has been added that may be used to
|
||
query the DNS logic in resolved. systemd-resolved implements
|
||
IDNA and automatically uses IDNA or UTF-8 encoding depending
|
||
on whether classic DNS or LLMNR is used as transport. In the
|
||
next releases we intend to add a DNSSEC and mDNS/DNS-SD
|
||
implementation to systemd-resolved.
|
||
|
||
* A new NSS module nss-mymachines has been added, that
|
||
automatically resolves the names of all local registered
|
||
containers to their respective IP addresses.
|
||
|
||
* A new client tool "networkctl" for systemd-networkd has been
|
||
added. It currently is entirely passive and will query
|
||
networking configuration from udev, rtnetlink and networkd,
|
||
and present it to the user in a very friendly
|
||
way. Eventually, we hope to extend it to become a full
|
||
control utility for networkd.
|
||
|
||
* .socket units gained a new DeferAcceptSec= setting that
|
||
controls the kernels' TCP_DEFER_ACCEPT sockopt for
|
||
TCP. Similarly, support for controlling TCP keep-alive
|
||
settings has been added (KeepAliveTimeSec=,
|
||
KeepAliveIntervalSec=, KeepAliveProbes=). Also, support for
|
||
turning off Nagle's algorithm on TCP has been added
|
||
(NoDelay=).
|
||
|
||
* logind learned a new session type "web", for use in projects
|
||
like Cockpit which register web clients as PAM sessions.
|
||
|
||
* timer units with at least one OnCalendar= setting will now
|
||
be started only after time-sync.target has been
|
||
reached. This way they will not elapse before the system
|
||
clock has been corrected by a local NTP client or
|
||
similar. This is particular useful on RTC-less embedded
|
||
machines, that come up with an invalid system clock.
|
||
|
||
* systemd-nspawn's --network-veth= switch should now result in
|
||
stable MAC addresses for both the outer and the inner side
|
||
of the link.
|
||
|
||
* systemd-nspawn gained a new --volatile= switch for running
|
||
container instances with /etc or /var unpopulated.
|
||
|
||
* The kdbus client code has been updated to use the new Linux
|
||
3.17 memfd subsystem instead of the old kdbus-specific one.
|
||
|
||
* systemd-networkd's DHCP client and server now support
|
||
FORCERENEW. There are also new configuration options to
|
||
configure the vendor client identifier and broadcast mode
|
||
for DHCP.
|
||
|
||
* systemd will no longer inform the kernel about the current
|
||
timezone, as this is necessarily incorrect and racy as the
|
||
kernel has no understanding of DST and similar
|
||
concepts. This hence means FAT timestamps will be always
|
||
considered UTC, similar to what Android is already
|
||
doing. Also, when the RTC is configured to the local time
|
||
(rather than UTC) systemd will never synchronize back to it,
|
||
as this might confuse Windows at a later boot.
|
||
|
||
* systemd-analyze gained a new command "verify" for offline
|
||
validation of unit files.
|
||
|
||
* systemd-networkd gained support for a couple of additional
|
||
settings for bonding networking setups. Also, the metric for
|
||
statically configured routes may now be configured. For
|
||
network interfaces where this is appropriate the peer IP
|
||
address may now be configured.
|
||
|
||
* systemd-networkd's DHCP client will no longer request
|
||
broadcasting by default, as this tripped up some networks.
|
||
For hardware where broadcast is required the feature should
|
||
be switched back on using RequestBroadcast=yes.
|
||
|
||
* systemd-networkd will now set up IPv4LL addresses (when
|
||
enabled) even if DHCP is configured successfully.
|
||
|
||
* udev will now default to respect network device names given
|
||
by the kernel when the kernel indicates that these are
|
||
predictable. This behavior can be tweaked by changing
|
||
NamePolicy= in the relevant .link file.
|
||
|
||
* A new library systemd-terminal has been added that
|
||
implements full TTY stream parsing and rendering. This
|
||
library is supposed to be used later on for implementing a
|
||
full userspace VT subsystem, replacing the current kernel
|
||
implementation.
|
||
|
||
* A new tool systemd-journal-upload has been added to push
|
||
journal data to a remote system running
|
||
systemd-journal-remote.
|
||
|
||
* journald will no longer forward all local data to another
|
||
running syslog daemon. This change has been made because
|
||
rsyslog (which appears to be the most commonly used syslog
|
||
implementation these days) no longer makes use of this, and
|
||
instead pulls the data out of the journal on its own. Since
|
||
forwarding the messages to a non-existent syslog server is
|
||
more expensive than we assumed we have now turned this
|
||
off. If you run a syslog server that is not a recent rsyslog
|
||
version, you have to turn this option on again
|
||
(ForwardToSyslog= in journald.conf).
|
||
|
||
* journald now optionally supports the LZ4 compressor for
|
||
larger journal fields. This compressor should perform much
|
||
better than XZ which was the previous default.
|
||
|
||
* machinectl now shows the IP addresses of local containers,
|
||
if it knows them, plus the interface name of the container.
|
||
|
||
* A new tool "systemd-escape" has been added that makes it
|
||
easy to escape strings to build unit names and similar.
|
||
|
||
* sd_notify() messages may now include a new ERRNO= field
|
||
which is parsed and collected by systemd and shown among the
|
||
"systemctl status" output for a service.
|
||
|
||
* A new component "systemd-firstboot" has been added that
|
||
queries the most basic systemd information (timezone,
|
||
hostname, root password) interactively on first
|
||
boot. Alternatively it may also be used to provision these
|
||
things offline on OS images installed into directories.
|
||
|
||
* The default sysctl.d/ snippets will now set
|
||
|
||
net.ipv4.conf.default.promote_secondaries=1
|
||
|
||
This has the benefit of no flushing secondary IP addresses
|
||
when primary addresses are removed.
|
||
|
||
Contributions from: Ansgar Burchardt, Bastien Nocera, Colin
|
||
Walters, Dan Dedrick, Daniel Buch, Daniel Korostil, Daniel
|
||
Mack, Dan Williams, Dave Reisner, David Herrmann, Denis
|
||
Kenzior, Eelco Dolstra, Eric Cook, Hannes Reinecke, Harald
|
||
Hoyer, Hong Shick Pak, Hui Wang, Jean-André Santoni, Jóhann
|
||
B. Guðmundsson, Jon Severinsson, Karel Zak, Kay Sievers, Kevin
|
||
Wells, Lennart Poettering, Lukas Nykryn, Mantas Mikulėnas,
|
||
Marc-Antoine Perennou, Martin Pitt, Michael Biebl, Michael
|
||
Marineau, Michael Olbrich, Michal Schmidt, Michal Sekletar,
|
||
Miguel Angel Ajo, Mike Gilbert, Olivier Brunel, Robert
|
||
Schiele, Ronny Chevalier, Simon McVittie, Sjoerd Simons, Stef
|
||
Walter, Steven Noonan, Susant Sahani, Tanu Kaskinen, Thomas
|
||
Blume, Thomas Hindoe Paaboel Andersen, Timofey Titovets,
|
||
Tobias Geerinckx-Rice, Tomasz Torcz, Tom Gundersen, Umut
|
||
Tezduyar Lindskog, Zbigniew Jędrzejewski-Szmek
|
||
|
||
— Berlin, 2014-08-19
|
||
|
||
CHANGES WITH 215:
|
||
|
||
* A new tool systemd-sysusers has been added. This tool
|
||
creates system users and groups in /etc/passwd and
|
||
/etc/group, based on static declarative system user/group
|
||
definitions in /usr/lib/sysusers.d/. This is useful to
|
||
enable factory resets and volatile systems that boot up with
|
||
an empty /etc directory, and thus need system users and
|
||
groups created during early boot. systemd now also ships
|
||
with two default sysusers.d/ files for the most basic
|
||
users and groups systemd and the core operating system
|
||
require.
|
||
|
||
* A new tmpfiles snippet has been added that rebuilds the
|
||
essential files in /etc on boot, should they be missing.
|
||
|
||
* A directive for ensuring automatic clean-up of
|
||
/var/cache/man/ has been removed from the default
|
||
configuration. This line should now be shipped by the man
|
||
implementation. The necessary change has been made to the
|
||
man-db implementation. Note that you need to update your man
|
||
implementation to one that ships this line, otherwise no
|
||
automatic clean-up of /var/cache/man will take place.
|
||
|
||
* A new condition ConditionNeedsUpdate= has been added that
|
||
may conditionalize services to only run when /etc or /var
|
||
are "older" than the vendor operating system resources in
|
||
/usr. This is useful for reconstructing or updating /etc
|
||
after an offline update of /usr or a factory reset, on the
|
||
next reboot. Services that want to run once after such an
|
||
update or reset should use this condition and order
|
||
themselves before the new systemd-update-done.service, which
|
||
will mark the two directories as fully updated. A number of
|
||
service files have been added making use of this, to rebuild
|
||
the udev hardware database, the journald message catalog and
|
||
dynamic loader cache (ldconfig). The systemd-sysusers tool
|
||
described above also makes use of this now. With this in
|
||
place it is now possible to start up a minimal operating
|
||
system with /etc empty cleanly. For more information on the
|
||
concepts involved see this recent blog story:
|
||
|
||
https://0pointer.de/blog/projects/stateless.html
|
||
|
||
* A new system group "input" has been introduced, and all
|
||
input device nodes get this group assigned. This is useful
|
||
for system-level software to get access to input devices. It
|
||
complements what is already done for "audio" and "video".
|
||
|
||
* systemd-networkd learnt minimal DHCPv4 server support in
|
||
addition to the existing DHCPv4 client support. It also
|
||
learnt DHCPv6 client and IPv6 Router Solicitation client
|
||
support. The DHCPv4 client gained support for static routes
|
||
passed in from the server. Note that the [DHCPv4] section
|
||
known in older systemd-networkd versions has been renamed to
|
||
[DHCP] and is now also used by the DHCPv6 client. Existing
|
||
.network files using settings of this section should be
|
||
updated, though compatibility is maintained. Optionally, the
|
||
client hostname may now be sent to the DHCP server.
|
||
|
||
* networkd gained support for vxlan virtual networks as well
|
||
as tun/tap and dummy devices.
|
||
|
||
* networkd gained support for automatic allocation of address
|
||
ranges for interfaces from a system-wide pool of
|
||
addresses. This is useful for dynamically managing a large
|
||
number of interfaces with a single network configuration
|
||
file. In particular this is useful to easily assign
|
||
appropriate IP addresses to the veth links of a large number
|
||
of nspawn instances.
|
||
|
||
* RPM macros for processing sysusers, sysctl and binfmt
|
||
drop-in snippets at package installation time have been
|
||
added.
|
||
|
||
* The /etc/os-release file should now be placed in
|
||
/usr/lib/os-release. The old location is automatically
|
||
created as symlink. /usr/lib is the more appropriate
|
||
location of this file, since it shall actually describe the
|
||
vendor operating system shipped in /usr, and not the
|
||
configuration stored in /etc.
|
||
|
||
* .mount units gained a new boolean SloppyOptions= setting
|
||
that maps to mount(8)'s -s option which enables permissive
|
||
parsing of unknown mount options.
|
||
|
||
* tmpfiles learnt a new "L+" directive which creates a symlink
|
||
but (unlike "L") deletes a pre-existing file first, should
|
||
it already exist and not already be the correct
|
||
symlink. Similarly, "b+", "c+" and "p+" directives have been
|
||
added as well, which create block and character devices, as
|
||
well as fifos in the filesystem, possibly removing any
|
||
pre-existing files of different types.
|
||
|
||
* For tmpfiles' "L", "L+", "C" and "C+" directives the final
|
||
'argument' field (which so far specified the source to
|
||
symlink/copy the files from) is now optional. If omitted the
|
||
same file os copied from /usr/share/factory/ suffixed by the
|
||
full destination path. This is useful for populating /etc
|
||
with essential files, by copying them from vendor defaults
|
||
shipped in /usr/share/factory/etc.
|
||
|
||
* A new command "systemctl preset-all" has been added that
|
||
applies the service preset settings to all installed unit
|
||
files. A new switch --preset-mode= has been added that
|
||
controls whether only enable or only disable operations
|
||
shall be executed.
|
||
|
||
* A new command "systemctl is-system-running" has been added
|
||
that allows checking the overall state of the system, for
|
||
example whether it is fully up and running.
|
||
|
||
* When the system boots up with an empty /etc, the equivalent
|
||
to "systemctl preset-all" is executed during early boot, to
|
||
make sure all default services are enabled after a factory
|
||
reset.
|
||
|
||
* systemd now contains a minimal preset file that enables the
|
||
most basic services systemd ships by default.
|
||
|
||
* Unit files' [Install] section gained a new DefaultInstance=
|
||
field for defining the default instance to create if a
|
||
template unit is enabled with no instance specified.
|
||
|
||
* A new passive target cryptsetup-pre.target has been added
|
||
that may be used by services that need to make they run and
|
||
finish before the first LUKS cryptographic device is set up.
|
||
|
||
* The /dev/loop-control and /dev/btrfs-control device nodes
|
||
are now owned by the "disk" group by default, opening up
|
||
access to this group.
|
||
|
||
* systemd-coredump will now automatically generate a
|
||
stack trace of all core dumps taking place on the system,
|
||
based on elfutils' libdw library. This stack trace is logged
|
||
to the journal.
|
||
|
||
* systemd-coredump may now optionally store coredumps directly
|
||
on disk (in /var/lib/systemd/coredump, possibly compressed),
|
||
instead of storing them unconditionally in the journal. This
|
||
mode is the new default. A new configuration file
|
||
/etc/systemd/coredump.conf has been added to configure this
|
||
and other parameters of systemd-coredump.
|
||
|
||
* coredumpctl gained a new "info" verb to show details about a
|
||
specific coredump. A new switch "-1" has also been added
|
||
that makes sure to only show information about the most
|
||
recent entry instead of all entries. Also, as the tool is
|
||
generally useful now the "systemd-" prefix of the binary
|
||
name has been removed. Distributions that want to maintain
|
||
compatibility with the old name should add a symlink from
|
||
the old name to the new name.
|
||
|
||
* journald's SplitMode= now defaults to "uid". This makes sure
|
||
that unprivileged users can access their own coredumps with
|
||
coredumpctl without restrictions.
|
||
|
||
* New kernel command line options "systemd.wants=" (for
|
||
pulling an additional unit during boot), "systemd.mask="
|
||
(for masking a specific unit for the boot), and
|
||
"systemd.debug-shell" (for enabling the debug shell on tty9)
|
||
have been added. This is implemented in the new generator
|
||
"systemd-debug-generator".
|
||
|
||
* systemd-nspawn will now by default filter a couple of
|
||
syscalls for containers, among them those required for
|
||
kernel module loading, direct x86 IO port access, swap
|
||
management, and kexec. Most importantly though
|
||
open_by_handle_at() is now prohibited for containers,
|
||
closing a hole similar to a recently discussed vulnerability
|
||
in docker regarding access to files on file hierarchies the
|
||
container should normally not have access to. Note that, for
|
||
nspawn, we generally make no security claims anyway (and
|
||
this is explicitly documented in the man page), so this is
|
||
just a fix for one of the most obvious problems.
|
||
|
||
* A new man page file-hierarchy(7) has been added that
|
||
contains a minimized, modernized version of the file system
|
||
layout systemd expects, similar in style to the FHS
|
||
specification or hier(5). A new tool systemd-path(1) has
|
||
been added to query many of these paths for the local
|
||
machine and user.
|
||
|
||
* Automatic time-based clean-up of $XDG_RUNTIME_DIR is no
|
||
longer done. Since the directory now has a per-user size
|
||
limit, and is cleaned on logout this appears unnecessary,
|
||
in particular since this now brings the lifecycle of this
|
||
directory closer in line with how IPC objects are handled.
|
||
|
||
* systemd.pc now exports a number of additional directories,
|
||
including $libdir (which is useful to identify the library
|
||
path for the primary architecture of the system), and a
|
||
couple of drop-in directories.
|
||
|
||
* udev's predictable network interface names now use the dev_port
|
||
sysfs attribute, introduced in linux 3.15 instead of dev_id to
|
||
distinguish between ports of the same PCI function. dev_id should
|
||
only be used for ports using the same HW address, hence the need
|
||
for dev_port.
|
||
|
||
* machined has been updated to export the OS version of a
|
||
container (read from /etc/os-release and
|
||
/usr/lib/os-release) on the bus. This is now shown in
|
||
"machinectl status" for a machine.
|
||
|
||
* A new service setting RestartForceExitStatus= has been
|
||
added. If configured to a set of exit signals or process
|
||
return values, the service will be restarted when the main
|
||
daemon process exits with any of them, regardless of the
|
||
Restart= setting.
|
||
|
||
* systemctl's -H switch for connecting to remote systemd
|
||
machines has been extended so that it may be used to
|
||
directly connect to a specific container on the
|
||
host. "systemctl -H root@foobar:waldi" will now connect as
|
||
user "root" to host "foobar", and then proceed directly to
|
||
the container named "waldi". Note that currently you have to
|
||
authenticate as user "root" for this to work, as entering
|
||
containers is a privileged operation.
|
||
|
||
Contributions from: Andreas Henriksson, Benjamin Steinwender,
|
||
Carl Schaefer, Christian Hesse, Colin Ian King, Cristian
|
||
Rodríguez, Daniel Mack, Dave Reisner, David Herrmann, Eugene
|
||
Yakubovich, Filipe Brandenburger, Frederic Crozat, Hristo
|
||
Venev, Jan Engelhardt, Jonathan Boulle, Kay Sievers, Lennart
|
||
Poettering, Luke Shumaker, Mantas Mikulėnas, Marc-Antoine
|
||
Perennou, Marcel Holtmann, Michael Marineau, Michael Olbrich,
|
||
Michał Bartoszkiewicz, Michal Sekletar, Patrik Flykt, Ronan Le
|
||
Martret, Ronny Chevalier, Ruediger Oertel, Steven Noonan,
|
||
Susant Sahani, Thadeu Lima de Souza Cascardo, Thomas Hindoe
|
||
Paaboel Andersen, Tom Gundersen, Tom Hirst, Umut Tezduyar
|
||
Lindskog, Uoti Urpala, Zbigniew Jędrzejewski-Szmek
|
||
|
||
— Berlin, 2014-07-03
|
||
|
||
CHANGES WITH 214:
|
||
|
||
* As an experimental feature, udev now tries to lock the
|
||
disk device node (flock(LOCK_SH|LOCK_NB)) while it
|
||
executes events for the disk or any of its partitions.
|
||
Applications like partitioning programs can lock the
|
||
disk device node (flock(LOCK_EX)) and claim temporary
|
||
device ownership that way; udev will entirely skip all event
|
||
handling for this disk and its partitions. If the disk
|
||
was opened for writing, the close will trigger a partition
|
||
table rescan in udev's "watch" facility, and if needed
|
||
synthesize "change" events for the disk and all its partitions.
|
||
This is now unconditionally enabled, and if it turns out to
|
||
cause major problems, we might turn it on only for specific
|
||
devices, or might need to disable it entirely. Device Mapper
|
||
devices are excluded from this logic.
|
||
|
||
* We temporarily dropped the "-l" switch for fsck invocations,
|
||
since they collide with the flock() logic above. util-linux
|
||
upstream has been changed already to avoid this conflict,
|
||
and we will re-add "-l" as soon as util-linux with this
|
||
change has been released.
|
||
|
||
* The dependency on libattr has been removed. Since a long
|
||
time, the extended attribute calls have moved to glibc, and
|
||
libattr is thus unnecessary.
|
||
|
||
* Virtualization detection works without privileges now. This
|
||
means the systemd-detect-virt binary no longer requires
|
||
CAP_SYS_PTRACE file capabilities, and our daemons can run
|
||
with fewer privileges.
|
||
|
||
* systemd-networkd now runs under its own "systemd-network"
|
||
user. It retains the CAP_NET_ADMIN, CAP_NET_BIND_SERVICE,
|
||
CAP_NET_BROADCAST, CAP_NET_RAW capabilities though, but
|
||
loses the ability to write to files owned by root this way.
|
||
|
||
* Similarly, systemd-resolved now runs under its own
|
||
"systemd-resolve" user with no capabilities remaining.
|
||
|
||
* Similarly, systemd-bus-proxyd now runs under its own
|
||
"systemd-bus-proxy" user with only CAP_IPC_OWNER remaining.
|
||
|
||
* systemd-networkd gained support for setting up "veth"
|
||
virtual Ethernet devices for container connectivity, as well
|
||
as GRE and VTI tunnels.
|
||
|
||
* systemd-networkd will no longer automatically attempt to
|
||
manually load kernel modules necessary for certain tunnel
|
||
transports. Instead, it is assumed the kernel loads them
|
||
automatically when required. This only works correctly on
|
||
very new kernels. On older kernels, please consider adding
|
||
the kernel modules to /etc/modules-load.d/ as a work-around.
|
||
|
||
* The resolv.conf file systemd-resolved generates has been
|
||
moved to /run/systemd/resolve/. If you have a symlink from
|
||
/etc/resolv.conf, it might be necessary to correct it.
|
||
|
||
* Two new service settings, ProtectHome= and ProtectSystem=,
|
||
have been added. When enabled, they will make the user data
|
||
(such as /home) inaccessible or read-only and the system
|
||
(such as /usr) read-only, for specific services. This allows
|
||
very light-weight per-service sandboxing to avoid
|
||
modifications of user data or system files from
|
||
services. These two new switches have been enabled for all
|
||
of systemd's long-running services, where appropriate.
|
||
|
||
* Socket units gained new SocketUser= and SocketGroup=
|
||
settings to set the owner user and group of AF_UNIX sockets
|
||
and FIFOs in the file system.
|
||
|
||
* Socket units gained a new RemoveOnStop= setting. If enabled,
|
||
all FIFOS and sockets in the file system will be removed
|
||
when the specific socket unit is stopped.
|
||
|
||
* Socket units gained a new Symlinks= setting. It takes a list
|
||
of symlinks to create to file system sockets or FIFOs
|
||
created by the specific Unix sockets. This is useful to
|
||
manage symlinks to socket nodes with the same lifecycle as
|
||
the socket itself.
|
||
|
||
* The /dev/log socket and /dev/initctl FIFO have been moved to
|
||
/run, and have been replaced by symlinks. This allows
|
||
connecting to these facilities even if PrivateDevices=yes is
|
||
used for a service (which makes /dev/log itself unavailable,
|
||
but /run is left). This also has the benefit of ensuring
|
||
that /dev only contains device nodes, directories and
|
||
symlinks, and nothing else.
|
||
|
||
* sd-daemon gained two new calls sd_pid_notify() and
|
||
sd_pid_notifyf(). They are similar to sd_notify() and
|
||
sd_notifyf(), but allow overriding of the source PID of
|
||
notification messages if permissions permit this. This is
|
||
useful to send notify messages on behalf of a different
|
||
process (for example, the parent process). The
|
||
systemd-notify tool has been updated to make use of this
|
||
when sending messages (so that notification messages now
|
||
originate from the shell script invoking systemd-notify and
|
||
not the systemd-notify process itself. This should minimize
|
||
a race where systemd fails to associate notification
|
||
messages to services when the originating process already
|
||
vanished.
|
||
|
||
* A new "on-abnormal" setting for Restart= has been added. If
|
||
set, it will result in automatic restarts on all "abnormal"
|
||
reasons for a process to exit, which includes unclean
|
||
signals, core dumps, timeouts and watchdog timeouts, but
|
||
does not include clean and unclean exit codes or clean
|
||
signals. Restart=on-abnormal is an alternative for
|
||
Restart=on-failure for services that shall be able to
|
||
terminate and avoid restarts on certain errors, by
|
||
indicating so with an unclean exit code. Restart=on-failure
|
||
or Restart=on-abnormal is now the recommended setting for
|
||
all long-running services.
|
||
|
||
* If the InaccessibleDirectories= service setting points to a
|
||
mount point (or if there are any submounts contained within
|
||
it), it is now attempted to completely unmount it, to make
|
||
the file systems truly unavailable for the respective
|
||
service.
|
||
|
||
* The ReadOnlyDirectories= service setting and
|
||
systemd-nspawn's --read-only parameter are now recursively
|
||
applied to all submounts, too.
|
||
|
||
* Mount units may now be created transiently via the bus APIs.
|
||
|
||
* The support for SysV and LSB init scripts has been removed
|
||
from the systemd daemon itself. Instead, it is now
|
||
implemented as a generator that creates native systemd units
|
||
from these scripts when needed. This enables us to remove a
|
||
substantial amount of legacy code from PID 1, following the
|
||
fact that many distributions only ship a very small number
|
||
of LSB/SysV init scripts nowadays.
|
||
|
||
* Privileged Xen (dom0) domains are not considered
|
||
virtualization anymore by the virtualization detection
|
||
logic. After all, they generally have unrestricted access to
|
||
the hardware and usually are used to manage the unprivileged
|
||
(domU) domains.
|
||
|
||
* systemd-tmpfiles gained a new "C" line type, for copying
|
||
files or entire directories.
|
||
|
||
* systemd-tmpfiles "m" lines are now fully equivalent to "z"
|
||
lines. So far, they have been non-globbing versions of the
|
||
latter, and have thus been redundant. In future, it is
|
||
recommended to only use "z". "m" has hence been removed
|
||
from the documentation, even though it stays supported.
|
||
|
||
* A tmpfiles snippet to recreate the most basic structure in
|
||
/var has been added. This is enough to create the /var/run →
|
||
/run symlink and create a couple of structural
|
||
directories. This allows systems to boot up with an empty or
|
||
volatile /var. Of course, while with this change, the core OS
|
||
now is capable with dealing with a volatile /var, not all
|
||
user services are ready for it. However, we hope that sooner
|
||
or later, many service daemons will be changed upstream so
|
||
that they are able to automatically create their necessary
|
||
directories in /var at boot, should they be missing. This is
|
||
the first step to allow state-less systems that only require
|
||
the vendor image for /usr to boot.
|
||
|
||
* systemd-nspawn has gained a new --tmpfs= switch to mount an
|
||
empty tmpfs instance to a specific directory. This is
|
||
particularly useful for making use of the automatic
|
||
reconstruction of /var (see above), by passing --tmpfs=/var.
|
||
|
||
* Access modes specified in tmpfiles snippets may now be
|
||
prefixed with "~", which indicates that they shall be masked
|
||
by whether the existing file or directory is currently
|
||
writable, readable or executable at all. Also, if specified,
|
||
the sgid/suid/sticky bits will be masked for all
|
||
non-directories.
|
||
|
||
* A new passive target unit "network-pre.target" has been
|
||
added which is useful for services that shall run before any
|
||
network is configured, for example firewall scripts.
|
||
|
||
* The "floppy" group that previously owned the /dev/fd*
|
||
devices is no longer used. The "disk" group is now used
|
||
instead. Distributions should probably deprecate usage of
|
||
this group.
|
||
|
||
Contributions from: Camilo Aguilar, Christian Hesse, Colin Ian
|
||
King, Cristian Rodríguez, Daniel Buch, Dave Reisner, David
|
||
Strauss, Denis Tikhomirov, John, Jonathan Liu, Kay Sievers,
|
||
Lennart Poettering, Mantas Mikulėnas, Mark Eichin, Ronny
|
||
Chevalier, Susant Sahani, Thomas Blume, Thomas Hindoe Paaboel
|
||
Andersen, Tom Gundersen, Umut Tezduyar Lindskog, Zbigniew
|
||
Jędrzejewski-Szmek
|
||
|
||
— Berlin, 2014-06-11
|
||
|
||
CHANGES WITH 213:
|
||
|
||
* A new "systemd-timesyncd" daemon has been added for
|
||
synchronizing the system clock across the network. It
|
||
implements an SNTP client. In contrast to NTP
|
||
implementations such as chrony or the NTP reference server,
|
||
this only implements a client side, and does not bother with
|
||
the full NTP complexity, focusing only on querying time from
|
||
one remote server and synchronizing the local clock to
|
||
it. Unless you intend to serve NTP to networked clients or
|
||
want to connect to local hardware clocks, this simple NTP
|
||
client should be more than appropriate for most
|
||
installations. The daemon runs with minimal privileges, and
|
||
has been hooked up with networkd to only operate when
|
||
network connectivity is available. The daemon saves the
|
||
current clock to disk every time a new NTP sync has been
|
||
acquired, and uses this to possibly correct the system clock
|
||
early at bootup, in order to accommodate for systems that
|
||
lack an RTC such as the Raspberry Pi and embedded devices,
|
||
and to make sure that time monotonically progresses on these
|
||
systems, even if it is not always correct. To make use of
|
||
this daemon, a new system user and group "systemd-timesync"
|
||
needs to be created on installation of systemd.
|
||
|
||
* The queue "seqnum" interface of libudev has been disabled, as
|
||
it was generally incompatible with device namespacing as
|
||
sequence numbers of devices go "missing" if the devices are
|
||
part of a different namespace.
|
||
|
||
* "systemctl list-timers" and "systemctl list-sockets" gained
|
||
a --recursive switch for showing units of these types also
|
||
for all local containers, similar in style to the already
|
||
supported --recursive switch for "systemctl list-units".
|
||
|
||
* A new RebootArgument= setting has been added for service
|
||
units, which may be used to specify a kernel reboot argument
|
||
to use when triggering reboots with StartLimitAction=.
|
||
|
||
* A new FailureAction= setting has been added for service
|
||
units which may be used to specify an operation to trigger
|
||
when a service fails. This works similarly to
|
||
StartLimitAction=, but unlike it, controls what is done
|
||
immediately rather than only after several attempts to
|
||
restart the service in question.
|
||
|
||
* hostnamed got updated to also expose the kernel name,
|
||
release, and version on the bus. This is useful for
|
||
executing commands like hostnamectl with the -H switch.
|
||
systemd-analyze makes use of this to properly display
|
||
details when running non-locally.
|
||
|
||
* The bootchart tool can now show cgroup information in the
|
||
graphs it generates.
|
||
|
||
* The CFS CPU quota cgroup attribute is now exposed for
|
||
services. The new CPUQuota= switch has been added for this
|
||
which takes a percentage value. Setting this will have the
|
||
result that a service may never get more CPU time than the
|
||
specified percentage, even if the machine is otherwise idle.
|
||
|
||
* systemd-networkd learned IPIP and SIT tunnel support.
|
||
|
||
* LSB init scripts exposing a dependency on $network will now
|
||
get a dependency on network-online.target rather than simply
|
||
network.target. This should bring LSB handling closer to
|
||
what it was on SysV systems.
|
||
|
||
* A new fsck.repair= kernel option has been added to control
|
||
how fsck shall deal with unclean file systems at boot.
|
||
|
||
* The (.ini) configuration file parser will now silently ignore
|
||
sections whose names begin with "X-". This may be used to maintain
|
||
application-specific extension sections in unit files.
|
||
|
||
* machined gained a new API to query the IP addresses of
|
||
registered containers. "machinectl status" has been updated
|
||
to show these addresses in its output.
|
||
|
||
* A new call sd_uid_get_display() has been added to the
|
||
sd-login APIs for querying the "primary" session of a
|
||
user. The "primary" session of the user is elected from the
|
||
user's sessions and generally a graphical session is
|
||
preferred over a text one.
|
||
|
||
* A minimal systemd-resolved daemon has been added. It
|
||
currently simply acts as a companion to systemd-networkd and
|
||
manages resolv.conf based on per-interface DNS
|
||
configuration, possibly supplied via DHCP. In the long run
|
||
we hope to extend this into a local DNSSEC enabled DNS and
|
||
mDNS cache.
|
||
|
||
* The systemd-networkd-wait-online tool is now enabled by
|
||
default. It will delay network-online.target until a network
|
||
connection has been configured. The tool primarily integrates
|
||
with networkd, but will also make a best effort to make sense
|
||
of network configuration performed in some other way.
|
||
|
||
* Two new service options StartupCPUShares= and
|
||
StartupBlockIOWeight= have been added that work similarly to
|
||
CPUShares= and BlockIOWeight= however only apply during
|
||
system startup. This is useful to prioritize certain services
|
||
differently during bootup than during normal runtime.
|
||
|
||
* hostnamed has been changed to prefer the statically
|
||
configured hostname in /etc/hostname (unless set to
|
||
'localhost' or empty) over any dynamic one supplied by
|
||
dhcp. With this change, the rules for picking the hostname
|
||
match more closely the rules of other configuration settings
|
||
where the local administrator's configuration in /etc always
|
||
overrides any other settings.
|
||
|
||
Contributions from: Ali H. Caliskan, Alison Chaiken, Bas van
|
||
den Berg, Brandon Philips, Cristian Rodríguez, Daniel Buch,
|
||
Dan Kilman, Dave Reisner, David Härdeman, David Herrmann,
|
||
David Strauss, Dimitris Spingos, Djalal Harouni, Eelco
|
||
Dolstra, Evan Nemerson, Florian Albrechtskirchinger, Greg
|
||
Kroah-Hartman, Harald Hoyer, Holger Hans Peter Freyther, Jan
|
||
Engelhardt, Jani Nikula, Jason St. John, Jeffrey Clark,
|
||
Jonathan Boulle, Kay Sievers, Lennart Poettering, Lukas
|
||
Nykryn, Lukasz Skalski, Łukasz Stelmach, Mantas Mikulėnas,
|
||
Marcel Holtmann, Martin Pitt, Matthew Monaco, Michael
|
||
Marineau, Michael Olbrich, Michal Sekletar, Mike Gilbert, Nis
|
||
Martensen, Patrik Flykt, Philip Lorenz, poma, Ray Strode,
|
||
Reyad Attiyat, Robert Milasan, Scott Thrasher, Stef Walter,
|
||
Steven Siloti, Susant Sahani, Tanu Kaskinen, Thomas Bächler,
|
||
Thomas Hindoe Paaboel Andersen, Tom Gundersen, Umut Tezduyar
|
||
Lindskog, WaLyong Cho, Will Woods, Zbigniew
|
||
Jędrzejewski-Szmek
|
||
|
||
— Beijing, 2014-05-28
|
||
|
||
CHANGES WITH 212:
|
||
|
||
* When restoring the screen brightness at boot, stay away from
|
||
the darkest setting or from the lowest 5% of the available
|
||
range, depending on which is the larger value of both. This
|
||
should effectively protect the user from rebooting into a
|
||
black screen, should the brightness have been set to minimum
|
||
by accident.
|
||
|
||
* sd-login gained a new sd_machine_get_class() call to
|
||
determine the class ("vm" or "container") of a machine
|
||
registered with machined.
|
||
|
||
* sd-login gained new calls
|
||
sd_peer_get_{session,owner_uid,unit,user_unit,slice,machine_name}(),
|
||
to query the identity of the peer of a local AF_UNIX
|
||
connection. They operate similarly to their sd_pid_get_xyz()
|
||
counterparts.
|
||
|
||
* PID 1 will now maintain a system-wide system state engine
|
||
with the states "starting", "running", "degraded",
|
||
"maintenance", "stopping". These states are bound to system
|
||
startup, normal runtime, runtime with at least one failed
|
||
service, rescue/emergency mode and system shutdown. This
|
||
state is shown in the "systemctl status" output when no unit
|
||
name is passed. It is useful to determine system state, in
|
||
particularly when doing so for many systems or containers at
|
||
once.
|
||
|
||
* A new command "list-machines" has been added to "systemctl"
|
||
that lists all local OS containers and shows their system
|
||
state (see above), if systemd runs inside of them.
|
||
|
||
* systemctl gained a new "-r" switch to recursively enumerate
|
||
units on all local containers, when used with the
|
||
"list-unit" command (which is the default one that is
|
||
executed when no parameters are specified).
|
||
|
||
* The GPT automatic partition discovery logic will now honour
|
||
two GPT partition flags: one may be set on a partition to
|
||
cause it to be mounted read-only, and the other may be set
|
||
on a partition to ignore it during automatic discovery.
|
||
|
||
* Two new GPT type UUIDs have been added for automatic root
|
||
partition discovery, for 32-bit and 64-bit ARM. This is not
|
||
particularly useful for discovering the root directory on
|
||
these architectures during bare-metal boots (since UEFI is
|
||
not common there), but still very useful to allow booting of
|
||
ARM disk images in nspawn with the -i option.
|
||
|
||
* MAC addresses of interfaces created with nspawn's
|
||
--network-interface= switch will now be generated from the
|
||
machine name, and thus be stable between multiple invocations
|
||
of the container.
|
||
|
||
* logind will now automatically remove all IPC objects owned
|
||
by a user if she or he fully logs out. This makes sure that
|
||
users who are logged out cannot continue to consume IPC
|
||
resources. This covers SysV memory, semaphores and message
|
||
queues as well as POSIX shared memory and message
|
||
queues. Traditionally, SysV and POSIX IPC had no lifecycle
|
||
limits. With this functionality, that is corrected. This may
|
||
be turned off by using the RemoveIPC= switch of logind.conf.
|
||
|
||
* The systemd-machine-id-setup and tmpfiles tools gained a
|
||
--root= switch to operate on a specific root directory,
|
||
instead of /.
|
||
|
||
* journald can now forward logged messages to the TTYs of all
|
||
logged in users ("wall"). This is the default for all
|
||
emergency messages now.
|
||
|
||
* A new tool systemd-journal-remote has been added to stream
|
||
journal log messages across the network.
|
||
|
||
* /sys/fs/cgroup/ is now mounted read-only after all cgroup
|
||
controller trees are mounted into it. Note that the
|
||
directories mounted beneath it are not read-only. This is a
|
||
security measure and is particularly useful because glibc
|
||
actually includes a search logic to pick any tmpfs it can
|
||
find to implement shm_open() if /dev/shm is not available
|
||
(which it might very well be in namespaced setups).
|
||
|
||
* machinectl gained a new "poweroff" command to cleanly power
|
||
down a local OS container.
|
||
|
||
* The PrivateDevices= unit file setting will now also drop the
|
||
CAP_MKNOD capability from the capability bound set, and
|
||
imply DevicePolicy=closed.
|
||
|
||
* PrivateDevices=, PrivateNetwork= and PrivateTmp= is now used
|
||
comprehensively on all long-running systemd services where
|
||
this is appropriate.
|
||
|
||
* systemd-udevd will now run in a disassociated mount
|
||
namespace. To mount directories from udev rules, make sure to
|
||
pull in mount units via SYSTEMD_WANTS properties.
|
||
|
||
* The kdbus support gained support for uploading policy into
|
||
the kernel. sd-bus gained support for creating "monitoring"
|
||
connections that can eavesdrop into all bus communication
|
||
for debugging purposes.
|
||
|
||
* Timestamps may now be specified in seconds since the UNIX
|
||
epoch Jan 1st, 1970 by specifying "@" followed by the value
|
||
in seconds.
|
||
|
||
* Native tcpwrap support in systemd has been removed. tcpwrap
|
||
is old code, not really maintained anymore and has serious
|
||
shortcomings, and better options such as firewalls
|
||
exist. For setups that require tcpwrap usage, please
|
||
consider invoking your socket-activated service via tcpd,
|
||
like on traditional inetd.
|
||
|
||
* A new system.conf configuration option
|
||
DefaultTimerAccuracySec= has been added that controls the
|
||
default AccuracySec= setting of .timer units.
|
||
|
||
* Timer units gained a new WakeSystem= switch. If enabled,
|
||
timers configured this way will cause the system to resume
|
||
from system suspend (if the system supports that, which most
|
||
do these days).
|
||
|
||
* Timer units gained a new Persistent= switch. If enabled,
|
||
timers configured this way will save to disk when they have
|
||
been last triggered. This information is then used on next
|
||
reboot to possible execute overdue timer events, that
|
||
could not take place because the system was powered off.
|
||
This enables simple anacron-like behaviour for timer units.
|
||
|
||
* systemctl's "list-timers" will now also list the time a
|
||
timer unit was last triggered in addition to the next time
|
||
it will be triggered.
|
||
|
||
* systemd-networkd will now assign predictable IPv4LL
|
||
addresses to its local interfaces.
|
||
|
||
Contributions from: Brandon Philips, Daniel Buch, Daniel Mack,
|
||
Dave Reisner, David Herrmann, Gerd Hoffmann, Greg
|
||
Kroah-Hartman, Hendrik Brueckner, Jason St. John, Josh
|
||
Triplett, Kay Sievers, Lennart Poettering, Marc-Antoine
|
||
Perennou, Michael Marineau, Michael Olbrich, Miklos Vajna,
|
||
Patrik Flykt, poma, Sebastian Thorarensen, Thomas Bächler,
|
||
Thomas Hindoe Paaboel Andersen, Tomasz Torcz, Tom Gundersen,
|
||
Umut Tezduyar Lindskog, Wieland Hoffmann, Zbigniew
|
||
Jędrzejewski-Szmek
|
||
|
||
— Berlin, 2014-03-25
|
||
|
||
CHANGES WITH 211:
|
||
|
||
* A new unit file setting RestrictAddressFamilies= has been
|
||
added to restrict which socket address families unit
|
||
processes gain access to. This takes address family names
|
||
like "AF_INET" or "AF_UNIX", and is useful to minimize the
|
||
attack surface of services via exotic protocol stacks. This
|
||
is built on seccomp system call filters.
|
||
|
||
* Two new unit file settings RuntimeDirectory= and
|
||
RuntimeDirectoryMode= have been added that may be used to
|
||
manage a per-daemon runtime directories below /run. This is
|
||
an alternative for setting up directory permissions with
|
||
tmpfiles snippets, and has the advantage that the runtime
|
||
directory's lifetime is bound to the daemon runtime and that
|
||
the daemon starts up with an empty directory each time. This
|
||
is particularly useful when writing services that drop
|
||
privileges using the User= or Group= setting.
|
||
|
||
* The DeviceAllow= unit setting now supports globbing for
|
||
matching against device group names.
|
||
|
||
* The systemd configuration file system.conf gained new
|
||
settings DefaultCPUAccounting=, DefaultBlockIOAccounting=,
|
||
DefaultMemoryAccounting= to globally turn on/off accounting
|
||
for specific resources (cgroups) for all units. These
|
||
settings may still be overridden individually in each unit
|
||
though.
|
||
|
||
* systemd-gpt-auto-generator is now able to discover /srv and
|
||
root partitions in addition to /home and swap partitions. It
|
||
also supports LUKS-encrypted partitions now. With this in
|
||
place, automatic discovery of partitions to mount following
|
||
the Discoverable Partitions Specification
|
||
(https://systemd.io/DISCOVERABLE_PARTITIONS/)
|
||
is now a lot more complete. This allows booting without
|
||
/etc/fstab and without root= on the kernel command line on
|
||
systems prepared appropriately.
|
||
|
||
* systemd-nspawn gained a new --image= switch which allows
|
||
booting up disk images and Linux installations on any block
|
||
device that follow the Discoverable Partitions Specification
|
||
(see above). This means that installations made with
|
||
appropriately updated installers may now be started and
|
||
deployed using container managers, completely
|
||
unmodified. (We hope that libvirt-lxc will add support for
|
||
this feature soon, too.)
|
||
|
||
* systemd-nspawn gained a new --network-macvlan= setting to
|
||
set up a private macvlan interface for the
|
||
container. Similarly, systemd-networkd gained a new
|
||
Kind=macvlan setting in .netdev files.
|
||
|
||
* systemd-networkd now supports configuring local addresses
|
||
using IPv4LL.
|
||
|
||
* A new tool systemd-network-wait-online has been added to
|
||
synchronously wait for network connectivity using
|
||
systemd-networkd.
|
||
|
||
* The sd-bus.h bus API gained a new sd_bus_track object for
|
||
tracking the lifecycle of bus peers. Note that sd-bus.h is
|
||
still not a public API though (unless you specify
|
||
--enable-kdbus on the configure command line, which however
|
||
voids your warranty and you get no API stability guarantee).
|
||
|
||
* The $XDG_RUNTIME_DIR runtime directories for each user are
|
||
now individual tmpfs instances, which has the benefit of
|
||
introducing separate pools for each user, with individual
|
||
size limits, and thus making sure that unprivileged clients
|
||
can no longer negatively impact the system or other users by
|
||
filling up their $XDG_RUNTIME_DIR. A new logind.conf setting
|
||
RuntimeDirectorySize= has been introduced that allows
|
||
controlling the default size limit for all users. It
|
||
defaults to 10% of the available physical memory. This is no
|
||
replacement for quotas on tmpfs though (which the kernel
|
||
still does not support), as /dev/shm and /tmp are still
|
||
shared resources used by both the system and unprivileged
|
||
users.
|
||
|
||
* logind will now automatically turn off automatic suspending
|
||
on laptop lid close when more than one display is
|
||
connected. This was previously expected to be implemented
|
||
individually in desktop environments (such as GNOME),
|
||
however has been added to logind now, in order to fix a
|
||
boot-time race where a desktop environment might not have
|
||
been started yet and thus not been able to take an inhibitor
|
||
lock at the time where logind already suspends the system
|
||
due to a closed lid.
|
||
|
||
* logind will now wait at least 30s after each system
|
||
suspend/resume cycle, and 3min after system boot before
|
||
suspending the system due to a closed laptop lid. This
|
||
should give USB docking stations and similar enough time to
|
||
be probed and configured after system resume and boot in
|
||
order to then act as suspend blocker.
|
||
|
||
* systemd-run gained a new --property= setting which allows
|
||
initialization of resource control properties (and others)
|
||
for the created scope or service unit. Example: "systemd-run
|
||
--property=BlockIOWeight=10 updatedb" may be used to run
|
||
updatedb at a low block IO scheduling weight.
|
||
|
||
* systemd-run's --uid=, --gid=, --setenv=, --setenv= switches
|
||
now also work in --scope mode.
|
||
|
||
* When systemd is compiled with kdbus support, basic support
|
||
for enforced policies is now in place. (Note that enabling
|
||
kdbus still voids your warranty and no API compatibility
|
||
promises are made.)
|
||
|
||
Contributions from: Andrey Borzenkov, Ansgar Burchardt, Armin
|
||
K., Daniel Mack, Dave Reisner, David Herrmann, Djalal Harouni,
|
||
Harald Hoyer, Henrik Grindal Bakken, Jasper St. Pierre, Kay
|
||
Sievers, Kieran Clancy, Lennart Poettering, Lukas Nykryn,
|
||
Mantas Mikulėnas, Marcel Holtmann, Mark Oteiza, Martin Pitt,
|
||
Mike Gilbert, Peter Rajnoha, poma, Samuli Suominen, Stef
|
||
Walter, Susant Sahani, Tero Roponen, Thomas Andersen, Thomas
|
||
Bächler, Thomas Hindoe Paaboel Andersen, Tomasz Torcz, Tom
|
||
Gundersen, Umut Tezduyar Lindskog, Uoti Urpala, Zachary Cook,
|
||
Zbigniew Jędrzejewski-Szmek
|
||
|
||
— Berlin, 2014-03-12
|
||
|
||
CHANGES WITH 210:
|
||
|
||
* systemd will now relabel /dev after loading the SMACK policy
|
||
according to SMACK rules.
|
||
|
||
* A new unit file option AppArmorProfile= has been added to
|
||
set the AppArmor profile for the processes of a unit.
|
||
|
||
* A new condition check ConditionArchitecture= has been added
|
||
to conditionalize units based on the system architecture, as
|
||
reported by uname()'s "machine" field.
|
||
|
||
* systemd-networkd now supports matching on the system
|
||
virtualization, architecture, kernel command line, hostname
|
||
and machine ID.
|
||
|
||
* logind is now a lot more aggressive when suspending the
|
||
machine due to a closed laptop lid. Instead of acting only
|
||
on the lid close action, it will continuously watch the lid
|
||
status and act on it. This is useful for laptops where the
|
||
power button is on the outside of the chassis so that it can
|
||
be reached without opening the lid (such as the Lenovo
|
||
Yoga). On those machines, logind will now immediately
|
||
re-suspend the machine if the power button has been
|
||
accidentally pressed while the laptop was suspended and in a
|
||
backpack or similar.
|
||
|
||
* logind will now watch SW_DOCK switches and inhibit reaction
|
||
to the lid switch if it is pressed. This means that logind
|
||
will not suspend the machine anymore if the lid is closed
|
||
and the system is docked, if the laptop supports SW_DOCK
|
||
notifications via the input layer. Note that ACPI docking
|
||
stations do not generate this currently. Also note that this
|
||
logic is usually not fully sufficient and Desktop
|
||
Environments should take a lid switch inhibitor lock when an
|
||
external display is connected, as systemd will not watch
|
||
this on its own.
|
||
|
||
* nspawn will now make use of the devices cgroup controller by
|
||
default, and only permit creation of and access to the usual
|
||
API device nodes like /dev/null or /dev/random, as well as
|
||
access to (but not creation of) the pty devices.
|
||
|
||
* We will now ship a default .network file for
|
||
systemd-networkd that automatically configures DHCP for
|
||
network interfaces created by nspawn's --network-veth or
|
||
--network-bridge= switches.
|
||
|
||
* systemd will now understand the usual M, K, G, T suffixes
|
||
according to SI conventions (i.e. to the base 1000) when
|
||
referring to throughput and hardware metrics. It will stay
|
||
with IEC conventions (i.e. to the base 1024) for software
|
||
metrics, according to what is customary according to
|
||
Wikipedia. We explicitly document which base applies for
|
||
each configuration option.
|
||
|
||
* The DeviceAllow= setting in unit files now supports a syntax to
|
||
allow-list an entire group of devices node majors at once, based on
|
||
the /proc/devices listing. For example, with the string "char-pts",
|
||
it is now possible to allow-list all current and future pseudo-TTYs
|
||
at once.
|
||
|
||
* sd-event learned a new "post" event source. Event sources of
|
||
this type are triggered by the dispatching of any event
|
||
source of a type that is not "post". This is useful for
|
||
implementing clean-up and check event sources that are
|
||
triggered by other work being done in the program.
|
||
|
||
* systemd-networkd is no longer statically enabled, but uses
|
||
the usual [Install] sections so that it can be
|
||
enabled/disabled using systemctl. It still is enabled by
|
||
default however.
|
||
|
||
* When creating a veth interface pair with systemd-nspawn, the
|
||
host side will now be prefixed with "vb-" if
|
||
--network-bridge= is used, and with "ve-" if --network-veth
|
||
is used. This way, it is easy to distinguish these cases on
|
||
the host, for example to apply different configuration to
|
||
them with systemd-networkd.
|
||
|
||
* The compatibility libraries for libsystemd-journal.so,
|
||
libsystem-id128.so, libsystemd-login.so and
|
||
libsystemd-daemon.so do not make use of IFUNC
|
||
anymore. Instead, we now build libsystemd.so multiple times
|
||
under these alternative names. This means that the footprint
|
||
is drastically increased, but given that these are
|
||
transitional compatibility libraries, this should not matter
|
||
much. This change has been made necessary to support the ARM
|
||
platform for these compatibility libraries, as the ARM
|
||
toolchain is not really at the same level as the toolchain
|
||
for other architectures like x86 and does not support
|
||
IFUNC. Please make sure to use --enable-compat-libs only
|
||
during a transitional period!
|
||
|
||
* The .include syntax has been deprecated and is not documented
|
||
anymore. Drop-in files in .d directories should be used instead.
|
||
|
||
Contributions from: Andreas Fuchs, Armin K., Colin Walters,
|
||
Daniel Mack, Dave Reisner, David Herrmann, Djalal Harouni,
|
||
Holger Schurig, Jason A. Donenfeld, Jason St. John, Jasper
|
||
St. Pierre, Kay Sievers, Lennart Poettering, Łukasz Stelmach,
|
||
Marcel Holtmann, Michael Scherer, Michal Sekletar, Mike
|
||
Gilbert, Samuli Suominen, Thomas Bächler, Thomas Hindoe
|
||
Paaboel Andersen, Tom Gundersen, Umut Tezduyar Lindskog,
|
||
Zbigniew Jędrzejewski-Szmek
|
||
|
||
— Berlin, 2014-02-24
|
||
|
||
CHANGES WITH 209:
|
||
|
||
* A new component "systemd-networkd" has been added that can
|
||
be used to configure local network interfaces statically or
|
||
via DHCP. It is capable of bringing up bridges, VLANs, and
|
||
bonding. Currently, no hook-ups for interactive network
|
||
configuration are provided. Use this for your initrd,
|
||
container, embedded, or server setup if you need a simple,
|
||
yet powerful, network configuration solution. This
|
||
configuration subsystem is quite nifty, as it allows wildcard
|
||
hotplug matching in interfaces. For example, with a single
|
||
configuration snippet, you can configure that all Ethernet
|
||
interfaces showing up are automatically added to a bridge,
|
||
or similar. It supports link-sensing and more.
|
||
|
||
* A new tool "systemd-socket-proxyd" has been added which can
|
||
act as a bidirectional proxy for TCP sockets. This is
|
||
useful for adding socket activation support to services that
|
||
do not actually support socket activation, including virtual
|
||
machines and the like.
|
||
|
||
* Add a new tool to save/restore rfkill state on
|
||
shutdown/boot.
|
||
|
||
* Save/restore state of keyboard backlights in addition to
|
||
display backlights on shutdown/boot.
|
||
|
||
* udev learned a new SECLABEL{} construct to label device
|
||
nodes with a specific security label when they appear. For
|
||
now, only SECLABEL{selinux} is supported, but the syntax is
|
||
prepared for additional security frameworks.
|
||
|
||
* udev gained a new scheme to configure link-level attributes
|
||
from files in /etc/systemd/network/*.link. These files can
|
||
match against MAC address, device path, driver name and type,
|
||
and will apply attributes like the naming policy, link speed,
|
||
MTU, duplex settings, Wake-on-LAN settings, MAC address, MAC
|
||
address assignment policy (randomized, …).
|
||
|
||
* The configuration of network interface naming rules for
|
||
"permanent interface names" has changed: a new NamePolicy=
|
||
setting in the [Link] section of .link files determines the
|
||
priority of possible naming schemes (onboard, slot, MAC,
|
||
path). The default value of this setting is determined by
|
||
/usr/lib/net/links/99-default.link. Old
|
||
80-net-name-slot.rules udev configuration file has been
|
||
removed, so local configuration overriding this file should
|
||
be adapted to override 99-default.link instead.
|
||
|
||
* When the User= switch is used in a unit file, also
|
||
initialize $SHELL= based on the user database entry.
|
||
|
||
* systemd no longer depends on libdbus. All communication is
|
||
now done with sd-bus, systemd's low-level bus library
|
||
implementation.
|
||
|
||
* kdbus support has been added to PID 1 itself. When kdbus is
|
||
enabled, this causes PID 1 to set up the system bus and
|
||
enable support for a new ".busname" unit type that
|
||
encapsulates bus name activation on kdbus. It works a little
|
||
bit like ".socket" units, except for bus names. A new
|
||
generator has been added that converts classic dbus1 service
|
||
activation files automatically into native systemd .busname
|
||
and .service units.
|
||
|
||
* sd-bus: add a light-weight vtable implementation that allows
|
||
defining objects on the bus with a simple static const
|
||
vtable array of its methods, signals and properties.
|
||
|
||
* systemd will not generate or install static dbus
|
||
introspection data anymore to /usr/share/dbus-1/interfaces,
|
||
as the precise format of these files is unclear, and
|
||
nothing makes use of it.
|
||
|
||
* A proxy daemon is now provided to proxy clients connecting
|
||
via classic D-Bus AF_UNIX sockets to kdbus, to provide full
|
||
compatibility with classic D-Bus.
|
||
|
||
* A bus driver implementation has been added that supports the
|
||
classic D-Bus bus driver calls on kdbus, also for
|
||
compatibility purposes.
|
||
|
||
* A new API "sd-event.h" has been added that implements a
|
||
minimal event loop API built around epoll. It provides a
|
||
couple of features that direct epoll usage is lacking:
|
||
prioritization of events, scales to large numbers of timer
|
||
events, per-event timer slack (accuracy), system-wide
|
||
coalescing of timer events, exit handlers, watchdog
|
||
supervision support using systemd's sd_notify() API, child
|
||
process handling.
|
||
|
||
* A new API "sd-rntl.h" has been added that provides an API
|
||
around the route netlink interface of the kernel, similar in
|
||
style to "sd-bus.h".
|
||
|
||
* A new API "sd-dhcp-client.h" has been added that provides a
|
||
small DHCPv4 client-side implementation. This is used by
|
||
"systemd-networkd".
|
||
|
||
* There is a new kernel command line option
|
||
"systemd.restore_state=0|1". When set to "0", none of the
|
||
systemd tools will restore saved runtime state to hardware
|
||
devices. More specifically, the rfkill and backlight states
|
||
are not restored.
|
||
|
||
* The FsckPassNo= compatibility option in mount/service units
|
||
has been removed. The fstab generator will now add the
|
||
necessary dependencies automatically, and does not require
|
||
PID1's support for that anymore.
|
||
|
||
* journalctl gained a new switch, --list-boots, that lists
|
||
recent boots with their times and boot IDs.
|
||
|
||
* The various tools like systemctl, loginctl, timedatectl,
|
||
busctl, systemd-run, … have gained a new switch "-M" to
|
||
connect to a specific, local OS container (as direct
|
||
connection, without requiring SSH). This works on any
|
||
container that is registered with machined, such as those
|
||
created by libvirt-lxc or nspawn.
|
||
|
||
* systemd-run and systemd-analyze also gained support for "-H"
|
||
to connect to remote hosts via SSH. This is particularly
|
||
useful for systemd-run because it enables queuing of jobs
|
||
onto remote systems.
|
||
|
||
* machinectl gained a new command "login" to open a getty
|
||
login in any local container. This works with any container
|
||
that is registered with machined (such as those created by
|
||
libvirt-lxc or nspawn), and which runs systemd inside.
|
||
|
||
* machinectl gained a new "reboot" command that may be used to
|
||
trigger a reboot on a specific container that is registered
|
||
with machined. This works on any container that runs an init
|
||
system of some kind.
|
||
|
||
* systemctl gained a new "list-timers" command to print a nice
|
||
listing of installed timer units with the times they elapse
|
||
next.
|
||
|
||
* Alternative reboot() parameters may now be specified on the
|
||
"systemctl reboot" command line and are passed to the
|
||
reboot() system call.
|
||
|
||
* systemctl gained a new --job-mode= switch to configure the
|
||
mode to queue a job with. This is a more generic version of
|
||
--fail, --irreversible, and --ignore-dependencies, which are
|
||
still available but not advertised anymore.
|
||
|
||
* /etc/systemd/system.conf gained new settings to configure
|
||
various default timeouts of units, as well as the default
|
||
start limit interval and burst. These may still be overridden
|
||
within each Unit.
|
||
|
||
* PID1 will now export on the bus profile data of the security
|
||
policy upload process (such as the SELinux policy upload to
|
||
the kernel).
|
||
|
||
* journald: when forwarding logs to the console, include
|
||
timestamps (following the setting in
|
||
/sys/module/printk/parameters/time).
|
||
|
||
* OnCalendar= in timer units now understands the special
|
||
strings "yearly" and "annually". (Both are equivalent)
|
||
|
||
* The accuracy of timer units is now configurable with the new
|
||
AccuracySec= setting. It defaults to 1min.
|
||
|
||
* A new dependency type JoinsNamespaceOf= has been added that
|
||
allows running two services within the same /tmp and network
|
||
namespace, if PrivateNetwork= or PrivateTmp= are used.
|
||
|
||
* A new command "cat" has been added to systemctl. It outputs
|
||
the original unit file of a unit, and concatenates the
|
||
contents of additional "drop-in" unit file snippets, so that
|
||
the full configuration is shown.
|
||
|
||
* systemctl now supports globbing on the various "list-xyz"
|
||
commands, like "list-units" or "list-sockets", as well as on
|
||
those commands which take multiple unit names.
|
||
|
||
* journalctl's --unit= switch gained support for globbing.
|
||
|
||
* All systemd daemons now make use of the watchdog logic so
|
||
that systemd automatically notices when they hang.
|
||
|
||
* If the $container_ttys environment variable is set,
|
||
getty-generator will automatically spawn a getty for each
|
||
listed tty. This is useful for container managers to request
|
||
login gettys to be spawned on as many ttys as needed.
|
||
|
||
* %h, %s, %U specifier support is not available anymore when
|
||
used in unit files for PID 1. This is because NSS calls are
|
||
not safe from PID 1. They stay available for --user
|
||
instances of systemd, and as special case for the root user.
|
||
|
||
* loginctl gained a new "--no-legend" switch to turn off output
|
||
of the legend text.
|
||
|
||
* The "sd-login.h" API gained three new calls:
|
||
sd_session_is_remote(), sd_session_get_remote_user(),
|
||
sd_session_get_remote_host() to query information about
|
||
remote sessions.
|
||
|
||
* The udev hardware database now also carries vendor/product
|
||
information of SDIO devices.
|
||
|
||
* The "sd-daemon.h" API gained a new sd_watchdog_enabled() to
|
||
determine whether watchdog notifications are requested by
|
||
the system manager.
|
||
|
||
* Socket-activated per-connection services now include a
|
||
short description of the connection parameters in the
|
||
description.
|
||
|
||
* tmpfiles gained a new "--boot" option. When this is not used,
|
||
only lines where the command character is not suffixed with
|
||
"!" are executed. When this option is specified, those
|
||
options are executed too. This partitions tmpfiles
|
||
directives into those that can be safely executed at any
|
||
time, and those which should be run only at boot (for
|
||
example, a line that creates /run/nologin).
|
||
|
||
* A new API "sd-resolve.h" has been added which provides a simple
|
||
asynchronous wrapper around glibc NSS hostname resolution
|
||
calls, such as getaddrinfo(). In contrast to glibc's
|
||
getaddrinfo_a(), it does not use signals. In contrast to most
|
||
other asynchronous name resolution libraries, this one does
|
||
not reimplement DNS, but reuses NSS, so that alternate
|
||
hostname resolution systems continue to work, such as mDNS,
|
||
LDAP, etc. This API is based on libasyncns, but it has been
|
||
cleaned up for inclusion in systemd.
|
||
|
||
* The APIs "sd-journal.h", "sd-login.h", "sd-id128.h",
|
||
"sd-daemon.h" are no longer found in individual libraries
|
||
libsystemd-journal.so, libsystemd-login.so,
|
||
libsystemd-id128.so, libsystemd-daemon.so. Instead, we have
|
||
merged them into a single library, libsystemd.so, which
|
||
provides all symbols. The reason for this is cyclic
|
||
dependencies, as these libraries tend to use each other's
|
||
symbols. So far, we have managed to workaround that by linking
|
||
a copy of a good part of our code into each of these
|
||
libraries again and again, which, however, makes certain
|
||
things hard to do, like sharing static variables. Also, it
|
||
substantially increases footprint. With this change, there
|
||
is only one library for the basic APIs systemd
|
||
provides. Also, "sd-bus.h", "sd-memfd.h", "sd-event.h",
|
||
"sd-rtnl.h", "sd-resolve.h", "sd-utf8.h" are found in this
|
||
library as well, however are subject to the --enable-kdbus
|
||
switch (see below). Note that "sd-dhcp-client.h" is not part
|
||
of this library (this is because it only consumes, never
|
||
provides, services of/to other APIs). To make the transition
|
||
easy from the separate libraries to the unified one, we
|
||
provide the --enable-compat-libs compile-time switch which
|
||
will generate stub libraries that are compatible with the
|
||
old ones but redirect all calls to the new one.
|
||
|
||
* All of the kdbus logic and the new APIs "sd-bus.h",
|
||
"sd-memfd.h", "sd-event.h", "sd-rtnl.h", "sd-resolve.h",
|
||
and "sd-utf8.h" are compile-time optional via the
|
||
"--enable-kdbus" switch, and they are not compiled in by
|
||
default. To make use of kdbus, you have to explicitly enable
|
||
the switch. Note however, that neither the kernel nor the
|
||
userspace API for all of this is considered stable yet. We
|
||
want to maintain the freedom to still change the APIs for
|
||
now. By specifying this build-time switch, you acknowledge
|
||
that you are aware of the instability of the current
|
||
APIs.
|
||
|
||
* Also, note that while kdbus is pretty much complete,
|
||
it lacks one thing: proper policy support. This means you
|
||
can build a fully working system with all features; however,
|
||
it will be highly insecure. Policy support will be added in
|
||
one of the next releases, at the same time that we will
|
||
declare the APIs stable.
|
||
|
||
* When the kernel command line argument "kdbus" is specified,
|
||
systemd will automatically load the kdbus.ko kernel module. At
|
||
this stage of development, it is only useful for testing kdbus
|
||
and should not be used in production. Note: if "--enable-kdbus"
|
||
is specified, and the kdbus.ko kernel module is available, and
|
||
"kdbus" is added to the kernel command line, the entire system
|
||
runs with kdbus instead of dbus-daemon, with the above mentioned
|
||
problem of missing the system policy enforcement. Also a future
|
||
version of kdbus.ko or a newer systemd will not be compatible with
|
||
each other, and will unlikely be able to boot the machine if only
|
||
one of them is updated.
|
||
|
||
* systemctl gained a new "import-environment" command which
|
||
uploads the caller's environment (or parts thereof) into the
|
||
service manager so that it is inherited by services started
|
||
by the manager. This is useful to upload variables like
|
||
$DISPLAY into the user service manager.
|
||
|
||
* A new PrivateDevices= switch has been added to service units
|
||
which allows running a service with a namespaced /dev
|
||
directory that does not contain any device nodes for
|
||
physical devices. More specifically, it only includes devices
|
||
such as /dev/null, /dev/urandom, and /dev/zero which are API
|
||
entry points.
|
||
|
||
* logind has been extended to support behaviour like VT
|
||
switching on seats that do not support a VT. This makes
|
||
multi-session available on seats that are not the first seat
|
||
(seat0), and on systems where kernel support for VTs has
|
||
been disabled at compile-time.
|
||
|
||
* If a process holds a delay lock for system sleep or shutdown
|
||
and fails to release it in time, we will now log its
|
||
identity. This makes it easier to identify processes that
|
||
cause slow suspends or power-offs.
|
||
|
||
* When parsing /etc/crypttab, support for a new key-slot=
|
||
option as supported by Debian is added. It allows indicating
|
||
which LUKS slot to use on disk, speeding up key loading.
|
||
|
||
* The sd_journal_sendv() API call has been checked and
|
||
officially declared to be async-signal-safe so that it may
|
||
be invoked from signal handlers for logging purposes.
|
||
|
||
* Boot-time status output is now enabled automatically after a
|
||
short timeout if boot does not progress, in order to give
|
||
the user an indication what she or he is waiting for.
|
||
|
||
* The boot-time output has been improved to show how much time
|
||
remains until jobs expire.
|
||
|
||
* The KillMode= switch in service units gained a new possible
|
||
value "mixed". If set, and the unit is shut down, then the
|
||
initial SIGTERM signal is sent only to the main daemon
|
||
process, while the following SIGKILL signal is sent to
|
||
all remaining processes of the service.
|
||
|
||
* When a scope unit is registered, a new property "Controller"
|
||
may be set. If set to a valid bus name, systemd will send a
|
||
RequestStop() signal to this name when it would like to shut
|
||
down the scope. This may be used to hook manager logic into
|
||
the shutdown logic of scope units. Also, scope units may now
|
||
be put in a special "abandoned" state, in which case the
|
||
manager process which created them takes no further
|
||
responsibilities for it.
|
||
|
||
* When reading unit files, systemd will now verify
|
||
the access mode of these files, and warn about certain
|
||
suspicious combinations. This has been added to make it
|
||
easier to track down packaging bugs where unit files are
|
||
marked executable or world-writable.
|
||
|
||
* systemd-nspawn gained a new "--setenv=" switch to set
|
||
container-wide environment variables. The similar option in
|
||
systemd-activate was renamed from "--environment=" to
|
||
"--setenv=" for consistency.
|
||
|
||
* systemd-nspawn has been updated to create a new kdbus domain
|
||
for each container that is invoked, thus allowing each
|
||
container to have its own set of system and user buses,
|
||
independent of the host.
|
||
|
||
* systemd-nspawn gained a new --drop-capability= switch to run
|
||
the container with less capabilities than the default. Both
|
||
--drop-capability= and --capability= now take the special
|
||
string "all" for dropping or keeping all capabilities.
|
||
|
||
* systemd-nspawn gained new switches for executing containers
|
||
with specific SELinux labels set.
|
||
|
||
* systemd-nspawn gained a new --quiet switch to not generate
|
||
any additional output but the container's own console
|
||
output.
|
||
|
||
* systemd-nspawn gained a new --share-system switch to run a
|
||
container without PID namespacing enabled.
|
||
|
||
* systemd-nspawn gained a new --register= switch to control
|
||
whether the container is registered with systemd-machined or
|
||
not. This is useful for containers that do not run full
|
||
OS images, but only specific apps.
|
||
|
||
* systemd-nspawn gained a new --keep-unit which may be used
|
||
when invoked as the only program from a service unit, and
|
||
results in registration of the unit service itself in
|
||
systemd-machined, instead of a newly opened scope unit.
|
||
|
||
* systemd-nspawn gained a new --network-interface= switch for
|
||
moving arbitrary interfaces to the container. The new
|
||
--network-veth switch creates a virtual Ethernet connection
|
||
between host and container. The new --network-bridge=
|
||
switch then allows assigning the host side of this virtual
|
||
Ethernet connection to a bridge device.
|
||
|
||
* systemd-nspawn gained a new --personality= switch for
|
||
setting the kernel personality for the container. This is
|
||
useful when running a 32-bit container on a 64-bit host. A
|
||
similar option Personality= is now also available for service
|
||
units to use.
|
||
|
||
* logind will now also track a "Desktop" identifier for each
|
||
session which encodes the desktop environment of it. This is
|
||
useful for desktop environments that want to identify
|
||
multiple running sessions of itself easily.
|
||
|
||
* A new SELinuxContext= setting for service units has been
|
||
added that allows setting a specific SELinux execution
|
||
context for a service.
|
||
|
||
* Most systemd client tools will now honour $SYSTEMD_LESS for
|
||
settings of the "less" pager. By default, these tools will
|
||
override $LESS to allow certain operations to work, such as
|
||
jump-to-the-end. With $SYSTEMD_LESS, it is possible to
|
||
influence this logic.
|
||
|
||
* systemd's "seccomp" hook-up has been changed to make use of
|
||
the libseccomp library instead of using its own
|
||
implementation. This has benefits for portability among
|
||
other things.
|
||
|
||
* For usage together with SystemCallFilter=, a new
|
||
SystemCallErrorNumber= setting has been introduced that
|
||
allows configuration of a system error number to be returned
|
||
on filtered system calls, instead of immediately killing the
|
||
process. Also, SystemCallArchitectures= has been added to
|
||
limit access to system calls of a particular architecture
|
||
(in order to turn off support for unused secondary
|
||
architectures). There is also a global
|
||
SystemCallArchitectures= setting in system.conf now to turn
|
||
off support for non-native system calls system-wide.
|
||
|
||
* systemd requires a kernel with a working name_to_handle_at(),
|
||
please see the kernel config requirements in the README file.
|
||
|
||
Contributions from: Adam Williamson, Alex Jia, Anatol Pomozov,
|
||
Ansgar Burchardt, AppleBloom, Auke Kok, Bastien Nocera,
|
||
Chengwei Yang, Christian Seiler, Colin Guthrie, Colin Walters,
|
||
Cristian Rodríguez, Daniel Buch, Daniele Medri, Daniel J
|
||
Walsh, Daniel Mack, Dan McGee, Dave Reisner, David Coppa,
|
||
David Herrmann, David Strauss, Djalal Harouni, Dmitry Pisklov,
|
||
Elia Pinto, Florian Weimer, George McCollister, Goffredo
|
||
Baroncelli, Greg Kroah-Hartman, Hendrik Brueckner, Igor
|
||
Zhbanov, Jan Engelhardt, Jan Janssen, Jason A. Donenfeld,
|
||
Jason St. John, Jasper St. Pierre, Jóhann B. Guðmundsson, Jose
|
||
Ignacio Naranjo, Karel Zak, Kay Sievers, Kristian Høgsberg,
|
||
Lennart Poettering, Lubomir Rintel, Lukas Nykryn, Lukasz
|
||
Skalski, Łukasz Stelmach, Luke Shumaker, Mantas Mikulėnas,
|
||
Marc-Antoine Perennou, Marcel Holtmann, Marcos Felipe Rasia de
|
||
Mello, Marko Myllynen, Martin Pitt, Matthew Monaco, Michael
|
||
Marineau, Michael Scherer, Michał Górny, Michal Sekletar,
|
||
Michele Curti, Oleksii Shevchuk, Olivier Brunel, Patrik Flykt,
|
||
Pavel Holica, Raudi, Richard Marko, Ronny Chevalier, Sébastien
|
||
Luttringer, Sergey Ptashnick, Shawn Landden, Simon Peeters,
|
||
Stefan Beller, Susant Sahani, Sylvain Plantefeve, Sylvia Else,
|
||
Tero Roponen, Thomas Bächler, Thomas Hindoe Paaboel Andersen,
|
||
Tom Gundersen, Umut Tezduyar Lindskog, Unai Uribarri, Václav
|
||
Pavlín, Vincent Batts, WaLyong Cho, William Giokas, Yang
|
||
Zhiyong, Yin Kangkai, Yuxuan Shui, Zbigniew Jędrzejewski-Szmek
|
||
|
||
— Berlin, 2014-02-20
|
||
|
||
CHANGES WITH 208:
|
||
|
||
* logind has gained support for facilitating privileged input
|
||
and drm device access for unprivileged clients. This work is
|
||
useful to allow Wayland display servers (and similar
|
||
programs, such as kmscon) to run under the user's ID and
|
||
access input and drm devices which are normally
|
||
protected. When this is used (and the kernel is new enough)
|
||
logind will "mute" IO on the file descriptors passed to
|
||
Wayland as long as it is in the background and "unmute" it
|
||
if it returns into the foreground. This allows secure
|
||
session switching without allowing background sessions to
|
||
eavesdrop on input and display data. This also introduces
|
||
session switching support if VT support is turned off in the
|
||
kernel, and on seats that are not seat0.
|
||
|
||
* A new kernel command line option luks.options= is understood
|
||
now which allows specifying LUKS options for usage for LUKS
|
||
encrypted partitions specified with luks.uuid=.
|
||
|
||
* tmpfiles.d(5) snippets may now use specifier expansion in
|
||
path names. More specifically %m, %b, %H, %v, are now
|
||
replaced by the local machine id, boot id, hostname, and
|
||
kernel version number.
|
||
|
||
* A new tmpfiles.d(5) command "m" has been introduced which
|
||
may be used to change the owner/group/access mode of a file
|
||
or directory if it exists, but do nothing if it does not.
|
||
|
||
* This release removes high-level support for the
|
||
MemorySoftLimit= cgroup setting. The underlying kernel
|
||
cgroup attribute memory.soft_limit= is currently badly
|
||
designed and likely to be removed from the kernel API in its
|
||
current form, hence we should not expose it for now.
|
||
|
||
* The memory.use_hierarchy cgroup attribute is now enabled for
|
||
all cgroups systemd creates in the memory cgroup
|
||
hierarchy. This option is likely to be come the built-in
|
||
default in the kernel anyway, and the non-hierarchical mode
|
||
never made much sense in the intrinsically hierarchical
|
||
cgroup system.
|
||
|
||
* A new field _SYSTEMD_SLICE= is logged along with all journal
|
||
messages containing the slice a message was generated
|
||
from. This is useful to allow easy per-customer filtering of
|
||
logs among other things.
|
||
|
||
* systemd-journald will no longer adjust the group of journal
|
||
files it creates to the "systemd-journal" group. Instead we
|
||
rely on the journal directory to be owned by the
|
||
"systemd-journal" group, and its setgid bit set, so that the
|
||
kernel file system layer will automatically enforce that
|
||
journal files inherit this group assignment. The reason for
|
||
this change is that we cannot allow NSS look-ups from
|
||
journald which would be necessary to resolve
|
||
"systemd-journal" to a numeric GID, because this might
|
||
create deadlocks if NSS involves synchronous queries to
|
||
other daemons (such as nscd, or sssd) which in turn are
|
||
logging clients of journald and might block on it, which
|
||
would then dead lock. A tmpfiles.d(5) snippet included in
|
||
systemd will make sure the setgid bit and group are
|
||
properly set on the journal directory if it exists on every
|
||
boot. However, we recommend adjusting it manually after
|
||
upgrades too (or from RPM scriptlets), so that the change is
|
||
not delayed until next reboot.
|
||
|
||
* Backlight and random seed files in /var/lib/ have moved into
|
||
the /var/lib/systemd/ directory, in order to centralize all
|
||
systemd generated files in one directory.
|
||
|
||
* Boot time performance measurements (as displayed by
|
||
"systemd-analyze" for example) will now read ACPI 5.0 FPDT
|
||
performance information if that's available to determine how
|
||
much time BIOS and boot loader initialization required. With
|
||
a sufficiently new BIOS you hence no longer need to boot
|
||
with Gummiboot to get access to such information.
|
||
|
||
Contributions from: Andrey Borzenkov, Chen Jie, Colin Walters,
|
||
Cristian Rodríguez, Dave Reisner, David Herrmann, David
|
||
Mackey, David Strauss, Eelco Dolstra, Evan Callicoat, Gao
|
||
feng, Harald Hoyer, Jimmie Tauriainen, Kay Sievers, Lennart
|
||
Poettering, Lukas Nykryn, Mantas Mikulėnas, Martin Pitt,
|
||
Michael Scherer, Michał Górny, Mike Gilbert, Patrick McCarty,
|
||
Sebastian Ott, Tom Gundersen, Zbigniew Jędrzejewski-Szmek
|
||
|
||
— Berlin, 2013-10-02
|
||
|
||
CHANGES WITH 207:
|
||
|
||
* The Restart= option for services now understands a new
|
||
on-watchdog setting, which will restart the service
|
||
automatically if the service stops sending out watchdog keep
|
||
alive messages (as configured with WatchdogSec=).
|
||
|
||
* The getty generator (which is responsible for bringing up a
|
||
getty on configured serial consoles) will no longer only
|
||
start a getty on the primary kernel console but on all
|
||
others, too. This makes the order in which console= is
|
||
specified on the kernel command line less important.
|
||
|
||
* libsystemd-logind gained a new sd_session_get_vt() call to
|
||
retrieve the VT number of a session.
|
||
|
||
* If the option "tries=0" is set for an entry of /etc/crypttab
|
||
its passphrase is queried indefinitely instead of any
|
||
maximum number of tries.
|
||
|
||
* If a service with a configure PID file terminates its PID
|
||
file will now be removed automatically if it still exists
|
||
afterwards. This should put an end to stale PID files.
|
||
|
||
* systemd-run will now also take relative binary path names
|
||
for execution and no longer insists on absolute paths.
|
||
|
||
* InaccessibleDirectories= and ReadOnlyDirectories= now take
|
||
paths that are optionally prefixed with "-" to indicate that
|
||
it should not be considered a failure if they do not exist.
|
||
|
||
* journalctl -o (and similar commands) now understands a new
|
||
output mode "short-precise", it is similar to "short" but
|
||
shows timestamps with usec accuracy.
|
||
|
||
* The option "discard" (as known from Debian) is now
|
||
synonymous to "allow-discards" in /etc/crypttab. In fact,
|
||
"discard" is preferred now (since it is easier to remember
|
||
and type).
|
||
|
||
* Some licensing clean-ups were made, so that more code is now
|
||
LGPL-2.1 licensed than before.
|
||
|
||
* A minimal tool to save/restore the display backlight
|
||
brightness across reboots has been added. It will store the
|
||
backlight setting as late as possible at shutdown, and
|
||
restore it as early as possible during reboot.
|
||
|
||
* A logic to automatically discover and enable home and swap
|
||
partitions on GPT disks has been added. With this in place
|
||
/etc/fstab becomes optional for many setups as systemd can
|
||
discover certain partitions located on the root disk
|
||
automatically. Home partitions are recognized under their
|
||
GPT type ID 933ac7e12eb44f13b8440e14e2aef915. Swap
|
||
partitions are recognized under their GPT type ID
|
||
0657fd6da4ab43c484e50933c84b4f4f.
|
||
|
||
* systemd will no longer pass any environment from the kernel
|
||
or initrd to system services. If you want to set an
|
||
environment for all services, do so via the kernel command
|
||
line systemd.setenv= assignment.
|
||
|
||
* The systemd-sysctl tool no longer natively reads the file
|
||
/etc/sysctl.conf. If desired, the file should be symlinked
|
||
from /etc/sysctl.d/99-sysctl.conf. Apart from providing
|
||
legacy support by a symlink rather than built-in code, it
|
||
also makes the otherwise hidden order of application of the
|
||
different files visible. (Note that this partly reverts to a
|
||
pre-198 application order of sysctl knobs!)
|
||
|
||
* The "systemctl set-log-level" and "systemctl dump" commands
|
||
have been moved to systemd-analyze.
|
||
|
||
* systemd-run learned the new --remain-after-exit switch,
|
||
which causes the scope unit not to be cleaned up
|
||
automatically after the process terminated.
|
||
|
||
* tmpfiles learned a new --exclude-prefix= switch to exclude
|
||
certain paths from operation.
|
||
|
||
* journald will now automatically flush all messages to disk
|
||
as soon as a message at the log level CRIT, ALERT or EMERG
|
||
is received.
|
||
|
||
Contributions from: Andrew Cook, Brandon Philips, Christian
|
||
Hesse, Christoph Junghans, Colin Walters, Daniel Schaal,
|
||
Daniel Wallace, Dave Reisner, David Herrmann, Gao feng, George
|
||
McCollister, Giovanni Campagna, Hannes Reinecke, Harald Hoyer,
|
||
Herczeg Zsolt, Holger Hans Peter Freyther, Jan Engelhardt,
|
||
Jesper Larsen, Kay Sievers, Khem Raj, Lennart Poettering,
|
||
Lukas Nykryn, Maciej Wereski, Mantas Mikulėnas, Marcel
|
||
Holtmann, Martin Pitt, Michael Biebl, Michael Marineau,
|
||
Michael Scherer, Michael Stapelberg, Michal Sekletar, Michał
|
||
Górny, Olivier Brunel, Ondrej Balaz, Ronny Chevalier, Shawn
|
||
Landden, Steven Hiscocks, Thomas Bächler, Thomas Hindoe
|
||
Paaboel Andersen, Tom Gundersen, Umut Tezduyar, WANG Chao,
|
||
William Giokas, Zbigniew Jędrzejewski-Szmek
|
||
|
||
— Berlin, 2013-09-13
|
||
|
||
CHANGES WITH 206:
|
||
|
||
* The documentation has been updated to cover the various new
|
||
concepts introduced with 205.
|
||
|
||
* Unit files now understand the new %v specifier which
|
||
resolves to the kernel version string as returned by "uname
|
||
-r".
|
||
|
||
* systemctl now supports filtering the unit list output by
|
||
load state, active state and sub state, using the new
|
||
--state= parameter.
|
||
|
||
* "systemctl status" will now show the results of the
|
||
condition checks (like ConditionPathExists= and similar) of
|
||
the last start attempts of the unit. They are also logged to
|
||
the journal.
|
||
|
||
* "journalctl -b" may now be used to look for boot output of a
|
||
specific boot. Try "journalctl -b -1" for the previous boot,
|
||
but the syntax is substantially more powerful.
|
||
|
||
* "journalctl --show-cursor" has been added which prints the
|
||
cursor string the last shown log line. This may then be used
|
||
with the new "journalctl --after-cursor=" switch to continue
|
||
browsing logs from that point on.
|
||
|
||
* "journalctl --force" may now be used to force regeneration
|
||
of an FSS key.
|
||
|
||
* Creation of "dead" device nodes has been moved from udev
|
||
into kmod and tmpfiles. Previously, udev would read the kmod
|
||
databases to pre-generate dead device nodes based on meta
|
||
information contained in kernel modules, so that these would
|
||
be auto-loaded on access rather then at boot. As this
|
||
does not really have much to do with the exposing actual
|
||
kernel devices to userspace this has always been slightly
|
||
alien in the udev codebase. Following the new scheme kmod
|
||
will now generate a runtime snippet for tmpfiles from the
|
||
module meta information and it now is tmpfiles' job to the
|
||
create the nodes. This also allows overriding access and
|
||
other parameters for the nodes using the usual tmpfiles
|
||
facilities. As side effect this allows us to remove the
|
||
CAP_SYS_MKNOD capability bit from udevd entirely.
|
||
|
||
* logind's device ACLs may now be applied to these "dead"
|
||
devices nodes too, thus finally allowing managed access to
|
||
devices such as /dev/snd/sequencer without loading the
|
||
backing module right-away.
|
||
|
||
* A new RPM macro has been added that may be used to apply
|
||
tmpfiles configuration during package installation.
|
||
|
||
* systemd-detect-virt and ConditionVirtualization= now can
|
||
detect User-Mode-Linux machines (UML).
|
||
|
||
* journald will now implicitly log the effective capabilities
|
||
set of processes in the message metadata.
|
||
|
||
* systemd-cryptsetup has gained support for TrueCrypt volumes.
|
||
|
||
* The initrd interface has been simplified (more specifically,
|
||
support for passing performance data via environment
|
||
variables and fsck results via files in /run has been
|
||
removed). These features were non-essential, and are
|
||
nowadays available in a much nicer way by having systemd in
|
||
the initrd serialize its state and have the hosts systemd
|
||
deserialize it again.
|
||
|
||
* The udev "keymap" data files and tools to apply keyboard
|
||
specific mappings of scan to key codes, and force-release
|
||
scan code lists have been entirely replaced by a udev
|
||
"keyboard" builtin and a hwdb data file.
|
||
|
||
* systemd will now honour the kernel's "quiet" command line
|
||
argument also during late shutdown, resulting in a
|
||
completely silent shutdown when used.
|
||
|
||
* There's now an option to control the SO_REUSEPORT socket
|
||
option in .socket units.
|
||
|
||
* Instance units will now automatically get a per-template
|
||
subslice of system.slice unless something else is explicitly
|
||
configured. For example, instances of sshd@.service will now
|
||
implicitly be placed in system-sshd.slice rather than
|
||
system.slice as before.
|
||
|
||
* Test coverage support may now be enabled at build time.
|
||
|
||
Contributions from: Dave Reisner, Frederic Crozat, Harald
|
||
Hoyer, Holger Hans Peter Freyther, Jan Engelhardt, Jan
|
||
Janssen, Jason St. John, Jesper Larsen, Kay Sievers, Lennart
|
||
Poettering, Lukas Nykryn, Maciej Wereski, Martin Pitt, Michael
|
||
Olbrich, Ramkumar Ramachandra, Ross Lagerwall, Shawn Landden,
|
||
Thomas H.P. Andersen, Tom Gundersen, Tomasz Torcz, William
|
||
Giokas, Zbigniew Jędrzejewski-Szmek
|
||
|
||
— Berlin, 2013-07-23
|
||
|
||
CHANGES WITH 205:
|
||
|
||
* Two new unit types have been introduced:
|
||
|
||
Scope units are very similar to service units, however, are
|
||
created out of pre-existing processes — instead of PID 1
|
||
forking off the processes. By using scope units it is
|
||
possible for system services and applications to group their
|
||
own child processes (worker processes) in a powerful way
|
||
which then maybe used to organize them, or kill them
|
||
together, or apply resource limits on them.
|
||
|
||
Slice units may be used to partition system resources in an
|
||
hierarchical fashion and then assign other units to them. By
|
||
default there are now three slices: system.slice (for all
|
||
system services), user.slice (for all user sessions),
|
||
machine.slice (for VMs and containers).
|
||
|
||
Slices and scopes have been introduced primarily in
|
||
context of the work to move cgroup handling to a
|
||
single-writer scheme, where only PID 1
|
||
creates/removes/manages cgroups.
|
||
|
||
* There's a new concept of "transient" units. In contrast to
|
||
normal units these units are created via an API at runtime,
|
||
not from configuration from disk. More specifically this
|
||
means it is now possible to run arbitrary programs as
|
||
independent services, with all execution parameters passed
|
||
in via bus APIs rather than read from disk. Transient units
|
||
make systemd substantially more dynamic then it ever was,
|
||
and useful as a general batch manager.
|
||
|
||
* logind has been updated to make use of scope and slice units
|
||
for managing user sessions. As a user logs in he will get
|
||
his own private slice unit, to which all sessions are added
|
||
as scope units. We also added support for automatically
|
||
adding an instance of user@.service for the user into the
|
||
slice. Effectively logind will no longer create cgroup
|
||
hierarchies on its own now, it will defer entirely to PID 1
|
||
for this by means of scope, service and slice units. Since
|
||
user sessions this way become entities managed by PID 1
|
||
the output of "systemctl" is now a lot more comprehensive.
|
||
|
||
* A new mini-daemon "systemd-machined" has been added which
|
||
may be used by virtualization managers to register local
|
||
VMs/containers. nspawn has been updated accordingly, and
|
||
libvirt will be updated shortly. machined will collect a bit
|
||
of meta information about the VMs/containers, and assign
|
||
them their own scope unit (see above). The collected
|
||
meta-data is then made available via the "machinectl" tool,
|
||
and exposed in "ps" and similar tools. machined/machinectl
|
||
is compile-time optional.
|
||
|
||
* As discussed earlier, the low-level cgroup configuration
|
||
options ControlGroup=, ControlGroupModify=,
|
||
ControlGroupPersistent=, ControlGroupAttribute= have been
|
||
removed. Please use high-level attribute settings instead as
|
||
well as slice units.
|
||
|
||
* A new bus call SetUnitProperties() has been added to alter
|
||
various runtime parameters of a unit. This is primarily
|
||
useful to alter cgroup parameters dynamically in a nice way,
|
||
but will be extended later on to make more properties
|
||
modifiable at runtime. systemctl gained a new set-properties
|
||
command that wraps this call.
|
||
|
||
* A new tool "systemd-run" has been added which can be used to
|
||
run arbitrary command lines as transient services or scopes,
|
||
while configuring a number of settings via the command
|
||
line. This tool is currently very basic, however already
|
||
very useful. We plan to extend this tool to even allow
|
||
queuing of execution jobs with time triggers from the
|
||
command line, similar in fashion to "at".
|
||
|
||
* nspawn will now inform the user explicitly that kernels with
|
||
audit enabled break containers, and suggest the user to turn
|
||
off audit.
|
||
|
||
* Support for detecting the IMA and AppArmor security
|
||
frameworks with ConditionSecurity= has been added.
|
||
|
||
* journalctl gained a new "-k" switch for showing only kernel
|
||
messages, mimicking dmesg output; in addition to "--user"
|
||
and "--system" switches for showing only user's own logs
|
||
and system logs.
|
||
|
||
* systemd-delta can now show information about drop-in
|
||
snippets extending unit files.
|
||
|
||
* libsystemd-bus has been substantially updated but is still
|
||
not available as public API.
|
||
|
||
* systemd will now look for the "debug" argument on the kernel
|
||
command line and enable debug logging, similar to what
|
||
"systemd.log_level=debug" already did before.
|
||
|
||
* "systemctl set-default", "systemctl get-default" has been
|
||
added to configure the default.target symlink, which
|
||
controls what to boot into by default.
|
||
|
||
* "systemctl set-log-level" has been added as a convenient
|
||
way to raise and lower systemd logging threshold.
|
||
|
||
* "systemd-analyze plot" will now show the time the various
|
||
generators needed for execution, as well as information
|
||
about the unit file loading.
|
||
|
||
* libsystemd-journal gained a new sd_journal_open_files() call
|
||
for opening specific journal files. journactl also gained a
|
||
new switch to expose this new functionality. Previously we
|
||
only supported opening all files from a directory, or all
|
||
files from the system, as opening individual files only is
|
||
racy due to journal file rotation.
|
||
|
||
* systemd gained the new DefaultEnvironment= setting in
|
||
/etc/systemd/system.conf to set environment variables for
|
||
all services.
|
||
|
||
* If a privileged process logs a journal message with the
|
||
OBJECT_PID= field set, then journald will automatically
|
||
augment this with additional OBJECT_UID=, OBJECT_GID=,
|
||
OBJECT_COMM=, OBJECT_EXE=, … fields. This is useful if
|
||
system services want to log events about specific client
|
||
processes. journactl/systemctl has been updated to make use
|
||
of this information if all log messages regarding a specific
|
||
unit is requested.
|
||
|
||
Contributions from: Auke Kok, Chengwei Yang, Colin Walters,
|
||
Cristian Rodríguez, Daniel Albers, Daniel Wallace, Dave
|
||
Reisner, David Coppa, David King, David Strauss, Eelco
|
||
Dolstra, Gabriel de Perthuis, Harald Hoyer, Jan Alexander
|
||
Steffens, Jan Engelhardt, Jan Janssen, Jason St. John, Johan
|
||
Heikkilä, Karel Zak, Karol Lewandowski, Kay Sievers, Lennart
|
||
Poettering, Lukas Nykryn, Mantas Mikulėnas, Marius Vollmer,
|
||
Martin Pitt, Michael Biebl, Michael Olbrich, Michael Tremer,
|
||
Michal Schmidt, Michał Bartoszkiewicz, Nirbheek Chauhan,
|
||
Pierre Neidhardt, Ross Burton, Ross Lagerwall, Sean McGovern,
|
||
Thomas Hindoe Paaboel Andersen, Tom Gundersen, Umut Tezduyar,
|
||
Václav Pavlín, Zachary Cook, Zbigniew Jędrzejewski-Szmek,
|
||
Łukasz Stelmach, 장동준
|
||
|
||
CHANGES WITH 204:
|
||
|
||
* The Python bindings gained some minimal support for the APIs
|
||
exposed by libsystemd-logind.
|
||
|
||
* ConditionSecurity= gained support for detecting SMACK. Since
|
||
this condition already supports SELinux and AppArmor we only
|
||
miss IMA for this. Patches welcome!
|
||
|
||
Contributions from: Karol Lewandowski, Lennart Poettering,
|
||
Zbigniew Jędrzejewski-Szmek
|
||
|
||
CHANGES WITH 203:
|
||
|
||
* systemd-nspawn will now create /etc/resolv.conf if
|
||
necessary, before bind-mounting the host's file onto it.
|
||
|
||
* systemd-nspawn will now store meta information about a
|
||
container on the container's cgroup as extended attribute
|
||
fields, including the root directory.
|
||
|
||
* The cgroup hierarchy has been reworked in many ways. All
|
||
objects any of the components systemd creates in the cgroup
|
||
tree are now suffixed. More specifically, user sessions are
|
||
now placed in cgroups suffixed with ".session", users in
|
||
cgroups suffixed with ".user", and nspawn containers in
|
||
cgroups suffixed with ".nspawn". Furthermore, all cgroup
|
||
names are now escaped in a simple scheme to avoid collision
|
||
of userspace object names with kernel filenames. This work
|
||
is preparation for making these objects relocatable in the
|
||
cgroup tree, in order to allow easy resource partitioning of
|
||
these objects without causing naming conflicts.
|
||
|
||
* systemctl list-dependencies gained the new switches
|
||
--plain, --reverse, --after and --before.
|
||
|
||
* systemd-inhibit now shows the process name of processes that
|
||
have taken an inhibitor lock.
|
||
|
||
* nss-myhostname will now also resolve "localhost"
|
||
implicitly. This makes /etc/hosts an optional file and
|
||
nicely handles that on IPv6 ::1 maps to both "localhost" and
|
||
the local hostname.
|
||
|
||
* libsystemd-logind.so gained a new call
|
||
sd_get_machine_names() to enumerate running containers and
|
||
VMs (currently only supported by very new libvirt and
|
||
nspawn). sd_login_monitor can now be used to watch
|
||
VMs/containers coming and going.
|
||
|
||
* .include is not allowed recursively anymore, and only in
|
||
unit files. Usually it is better to use drop-in snippets in
|
||
.d/*.conf anyway, as introduced with systemd 198.
|
||
|
||
* systemd-analyze gained a new "critical-chain" command that
|
||
determines the slowest chain of units run during system
|
||
boot-up. It is very useful for tracking down where
|
||
optimizing boot time is the most beneficial.
|
||
|
||
* systemd will no longer allow manipulating service paths in
|
||
the name=systemd:/system cgroup tree using ControlGroup= in
|
||
units. (But is still fine with it in all other dirs.)
|
||
|
||
* There's a new systemd-nspawn@.service service file that may
|
||
be used to easily run nspawn containers as system
|
||
services. With the container's root directory in
|
||
/var/lib/container/foobar it is now sufficient to run
|
||
"systemctl start systemd-nspawn@foobar.service" to boot it.
|
||
|
||
* systemd-cgls gained a new parameter "--machine" to list only
|
||
the processes within a certain container.
|
||
|
||
* ConditionSecurity= now can check for "apparmor". We still
|
||
are lacking checks for SMACK and IMA for this condition
|
||
check though. Patches welcome!
|
||
|
||
* A new configuration file /etc/systemd/sleep.conf has been
|
||
added that may be used to configure which kernel operation
|
||
systemd is supposed to execute when "suspend", "hibernate"
|
||
or "hybrid-sleep" is requested. This makes the new kernel
|
||
"freeze" state accessible to the user.
|
||
|
||
* ENV{SYSTEMD_WANTS} in udev rules will now implicitly escape
|
||
the passed argument if applicable.
|
||
|
||
Contributions from: Auke Kok, Colin Guthrie, Colin Walters,
|
||
Cristian Rodríguez, Daniel Buch, Daniel Wallace, Dave Reisner,
|
||
Evangelos Foutras, Greg Kroah-Hartman, Harald Hoyer, Josh
|
||
Triplett, Kay Sievers, Lennart Poettering, Lukas Nykryn,
|
||
MUNEDA Takahiro, Mantas Mikulėnas, Mirco Tischler, Nathaniel
|
||
Chen, Nirbheek Chauhan, Ronny Chevalier, Ross Lagerwall, Tom
|
||
Gundersen, Umut Tezduyar, Ville Skyttä, Zbigniew
|
||
Jędrzejewski-Szmek
|
||
|
||
CHANGES WITH 202:
|
||
|
||
* The output of 'systemctl list-jobs' got some polishing. The
|
||
'--type=' argument may now be passed more than once. A new
|
||
command 'systemctl list-sockets' has been added which shows
|
||
a list of kernel sockets systemd is listening on with the
|
||
socket units they belong to, plus the units these socket
|
||
units activate.
|
||
|
||
* The experimental libsystemd-bus library got substantial
|
||
updates to work in conjunction with the (also experimental)
|
||
kdbus kernel project. It works well enough to exchange
|
||
messages with some sophistication. Note that kdbus is not
|
||
ready yet, and the library is mostly an elaborate test case
|
||
for now, and not installable.
|
||
|
||
* systemd gained a new unit 'systemd-static-nodes.service'
|
||
that generates static device nodes earlier during boot, and
|
||
can run in conjunction with udev.
|
||
|
||
* libsystemd-login gained a new call sd_pid_get_user_unit()
|
||
to retrieve the user systemd unit a process is running
|
||
in. This is useful for systems where systemd is used as
|
||
session manager.
|
||
|
||
* systemd-nspawn now places all containers in the new /machine
|
||
top-level cgroup directory in the name=systemd
|
||
hierarchy. libvirt will soon do the same, so that we get a
|
||
uniform separation of /system, /user and /machine for system
|
||
services, user processes and containers/virtual
|
||
machines. This new cgroup hierarchy is also useful to stick
|
||
stable names to specific container instances, which can be
|
||
recognized later this way (this name may be controlled
|
||
via systemd-nspawn's new -M switch). libsystemd-login also
|
||
gained a new call sd_pid_get_machine_name() to retrieve the
|
||
name of the container/VM a specific process belongs to.
|
||
|
||
* bootchart can now store its data in the journal.
|
||
|
||
* libsystemd-journal gained a new call
|
||
sd_journal_add_conjunction() for AND expressions to the
|
||
matching logic. This can be used to express more complex
|
||
logical expressions.
|
||
|
||
* journactl can now take multiple --unit= and --user-unit=
|
||
switches.
|
||
|
||
* The cryptsetup logic now understands the "luks.key=" kernel
|
||
command line switch for specifying a file to read the
|
||
decryption key from. Also, if a configured key file is not
|
||
found the tool will now automatically fall back to prompting
|
||
the user.
|
||
|
||
* Python systemd.journal module was updated to wrap recently
|
||
added functions from libsystemd-journal. The interface was
|
||
changed to bring the low level interface in s.j._Reader
|
||
closer to the C API, and the high level interface in
|
||
s.j.Reader was updated to wrap and convert all data about
|
||
an entry.
|
||
|
||
Contributions from: Anatol Pomozov, Auke Kok, Harald Hoyer,
|
||
Henrik Grindal Bakken, Josh Triplett, Kay Sievers, Lennart
|
||
Poettering, Lukas Nykryn, Mantas Mikulėnas Marius Vollmer,
|
||
Martin Jansa, Martin Pitt, Michael Biebl, Michal Schmidt,
|
||
Mirco Tischler, Pali Rohar, Simon Peeters, Steven Hiscocks,
|
||
Tom Gundersen, Zbigniew Jędrzejewski-Szmek
|
||
|
||
CHANGES WITH 201:
|
||
|
||
* journalctl --update-catalog now understands a new --root=
|
||
option to operate on catalogs found in a different root
|
||
directory.
|
||
|
||
* During shutdown after systemd has terminated all running
|
||
services a final killing loop kills all remaining left-over
|
||
processes. We will now print the name of these processes
|
||
when we send SIGKILL to them, since this usually indicates a
|
||
problem.
|
||
|
||
* If /etc/crypttab refers to password files stored on
|
||
configured mount points automatic dependencies will now be
|
||
generated to ensure the specific mount is established first
|
||
before the key file is attempted to be read.
|
||
|
||
* 'systemctl status' will now show information about the
|
||
network sockets a socket unit is listening on.
|
||
|
||
* 'systemctl status' will also shown information about any
|
||
drop-in configuration file for units. (Drop-In configuration
|
||
files in this context are files such as
|
||
/etc/systemd/system/foobar.service.d/*.conf)
|
||
|
||
* systemd-cgtop now optionally shows summed up CPU times of
|
||
cgroups. Press '%' while running cgtop to switch between
|
||
percentage and absolute mode. This is useful to determine
|
||
which cgroups use up the most CPU time over the entire
|
||
runtime of the system. systemd-cgtop has also been updated
|
||
to be 'pipeable' for processing with further shell tools.
|
||
|
||
* 'hostnamectl set-hostname' will now allow setting of FQDN
|
||
hostnames.
|
||
|
||
* The formatting and parsing of time span values has been
|
||
changed. The parser now understands fractional expressions
|
||
such as "5.5h". The formatter will now output fractional
|
||
expressions for all time spans under 1min, i.e. "5.123456s"
|
||
rather than "5s 123ms 456us". For time spans under 1s
|
||
millisecond values are shown, for those under 1ms
|
||
microsecond values are shown. This should greatly improve
|
||
all time-related output of systemd.
|
||
|
||
* libsystemd-login and libsystemd-journal gained new
|
||
functions for querying the poll() events mask and poll()
|
||
timeout value for integration into arbitrary event
|
||
loops.
|
||
|
||
* localectl gained the ability to list available X11 keymaps
|
||
(models, layouts, variants, options).
|
||
|
||
* 'systemd-analyze dot' gained the ability to filter for
|
||
specific units via shell-style globs, to create smaller,
|
||
more useful graphs. I.e. it is now possible to create simple
|
||
graphs of all the dependencies between only target units, or
|
||
of all units that Avahi has dependencies with.
|
||
|
||
Contributions from: Cristian Rodríguez, Dr. Tilmann Bubeck,
|
||
Harald Hoyer, Holger Hans Peter Freyther, Kay Sievers, Kelly
|
||
Anderson, Koen Kooi, Lennart Poettering, Maksim Melnikau,
|
||
Marc-Antoine Perennou, Marius Vollmer, Martin Pitt, Michal
|
||
Schmidt, Oleksii Shevchuk, Ronny Chevalier, Simon McVittie,
|
||
Steven Hiscocks, Thomas Weißschuh, Umut Tezduyar, Václav
|
||
Pavlín, Zbigniew Jędrzejewski-Szmek, Łukasz Stelmach
|
||
|
||
CHANGES WITH 200:
|
||
|
||
* The boot-time readahead implementation for rotating media
|
||
will now read the read-ahead data in multiple passes which
|
||
consist of all read requests made in equidistant time
|
||
intervals. This means instead of strictly reading read-ahead
|
||
data in its physical order on disk we now try to find a
|
||
middle ground between physical and access time order.
|
||
|
||
* /etc/os-release files gained a new BUILD_ID= field for usage
|
||
on operating systems that provide continuous builds of OS
|
||
images.
|
||
|
||
Contributions from: Auke Kok, Eelco Dolstra, Kay Sievers,
|
||
Lennart Poettering, Lukas Nykryn, Martin Pitt, Václav Pavlín
|
||
William Douglas, Zbigniew Jędrzejewski-Szmek
|
||
|
||
CHANGES WITH 199:
|
||
|
||
* systemd-python gained an API exposing libsystemd-daemon.
|
||
|
||
* The SMACK setup logic gained support for uploading CIPSO
|
||
security policy.
|
||
|
||
* Behaviour of PrivateTmp=, ReadWriteDirectories=,
|
||
ReadOnlyDirectories= and InaccessibleDirectories= has
|
||
changed. The private /tmp and /var/tmp directories are now
|
||
shared by all processes of a service (which means
|
||
ExecStartPre= may now leave data in /tmp that ExecStart= of
|
||
the same service can still access). When a service is
|
||
stopped its temporary directories are immediately deleted
|
||
(normal clean-up with tmpfiles is still done in addition to
|
||
this though).
|
||
|
||
* By default, systemd will now set a couple of sysctl
|
||
variables in the kernel: the safe sysrq options are turned
|
||
on, IP route verification is turned on, and source routing
|
||
disabled. The recently added hardlink and softlink
|
||
protection of the kernel is turned on. These settings should
|
||
be reasonably safe, and good defaults for all new systems.
|
||
|
||
* The predictable network naming logic may now be turned off
|
||
with a new kernel command line switch: net.ifnames=0.
|
||
|
||
* A new libsystemd-bus module has been added that implements a
|
||
pretty complete D-Bus client library. For details see:
|
||
|
||
https://lists.freedesktop.org/archives/systemd-devel/2013-March/009797.html
|
||
|
||
* journald will now explicitly flush the journal files to disk
|
||
at the latest 5min after each write. The file will then also
|
||
be marked offline until the next write. This should increase
|
||
reliability in case of a crash. The synchronization delay
|
||
can be configured via SyncIntervalSec= in journald.conf.
|
||
|
||
* There's a new remote-fs-setup.target unit that can be used
|
||
to pull in specific services when at least one remote file
|
||
system is to be mounted.
|
||
|
||
* There are new targets timers.target and paths.target as
|
||
canonical targets to pull user timer and path units in
|
||
from. This complements sockets.target with a similar
|
||
purpose for socket units.
|
||
|
||
* libudev gained a new call udev_device_set_attribute_value()
|
||
to set sysfs attributes of a device.
|
||
|
||
* The udev daemon now sets the default number of worker
|
||
processes executed in parallel based on the number of available
|
||
CPUs instead of the amount of available RAM. This is supposed
|
||
to provide a more reliable default and limit a too aggressive
|
||
parallelism for setups with 1000s of devices connected.
|
||
|
||
Contributions from: Auke Kok, Colin Walters, Cristian
|
||
Rodríguez, Daniel Buch, Dave Reisner, Frederic Crozat, Hannes
|
||
Reinecke, Harald Hoyer, Jan Alexander Steffens, Jan
|
||
Engelhardt, Josh Triplett, Kay Sievers, Lennart Poettering,
|
||
Mantas Mikulėnas, Martin Pitt, Mathieu Bridon, Michael Biebl,
|
||
Michal Schmidt, Michal Sekletar, Miklos Vajna, Nathaniel Chen,
|
||
Oleksii Shevchuk, Ozan Çağlayan, Thomas Hindoe Paaboel
|
||
Andersen, Tollef Fog Heen, Tom Gundersen, Umut Tezduyar,
|
||
Zbigniew Jędrzejewski-Szmek
|
||
|
||
CHANGES WITH 198:
|
||
|
||
* Configuration of unit files may now be extended via drop-in
|
||
files without having to edit/override the unit files
|
||
themselves. More specifically, if the administrator wants to
|
||
change one value for a service file foobar.service he can
|
||
now do so by dropping in a configuration snippet into
|
||
/etc/systemd/system/foobar.service.d/*.conf. The unit logic
|
||
will load all these snippets and apply them on top of the
|
||
main unit configuration file, possibly extending or
|
||
overriding its settings. Using these drop-in snippets is
|
||
generally nicer than the two earlier options for changing
|
||
unit files locally: copying the files from
|
||
/usr/lib/systemd/system/ to /etc/systemd/system/ and editing
|
||
them there; or creating a new file in /etc/systemd/system/
|
||
that incorporates the original one via ".include". Drop-in
|
||
snippets into these .d/ directories can be placed in any
|
||
directory systemd looks for units in, and the usual
|
||
overriding semantics between /usr/lib, /etc and /run apply
|
||
for them too.
|
||
|
||
* Most unit file settings which take lists of items can now be
|
||
reset by assigning the empty string to them. For example,
|
||
normally, settings such as Environment=FOO=BAR append a new
|
||
environment variable assignment to the environment block,
|
||
each time they are used. By assigning Environment= the empty
|
||
string the environment block can be reset to empty. This is
|
||
particularly useful with the .d/*.conf drop-in snippets
|
||
mentioned above, since this adds the ability to reset list
|
||
settings from vendor unit files via these drop-ins.
|
||
|
||
* systemctl gained a new "list-dependencies" command for
|
||
listing the dependencies of a unit recursively.
|
||
|
||
* Inhibitors are now honored and listed by "systemctl
|
||
suspend", "systemctl poweroff" (and similar) too, not only
|
||
GNOME. These commands will also list active sessions by
|
||
other users.
|
||
|
||
* Resource limits (as exposed by the various control group
|
||
controllers) can now be controlled dynamically at runtime
|
||
for all units. More specifically, you can now use a command
|
||
like "systemctl set-cgroup-attr foobar.service cpu.shares
|
||
2000" to alter the CPU shares a specific service gets. These
|
||
settings are stored persistently on disk, and thus allow the
|
||
administrator to easily adjust the resource usage of
|
||
services with a few simple commands. This dynamic resource
|
||
management logic is also available to other programs via the
|
||
bus. Almost any kernel cgroup attribute and controller is
|
||
supported.
|
||
|
||
* systemd-vconsole-setup will now copy all font settings to
|
||
all allocated VTs, where it previously applied them only to
|
||
the foreground VT.
|
||
|
||
* libsystemd-login gained the new sd_session_get_tty() API
|
||
call.
|
||
|
||
* This release drops support for a few legacy or
|
||
distribution-specific LSB facility names when parsing init
|
||
scripts: $x-display-manager, $mail-transfer-agent,
|
||
$mail-transport-agent, $mail-transfer-agent, $smtp,
|
||
$null. Also, the mail-transfer-agent.target unit backing
|
||
this has been removed. Distributions which want to retain
|
||
compatibility with this should carry the burden for
|
||
supporting this themselves and patch support for these back
|
||
in, if they really need to. Also, the facilities $syslog and
|
||
$local_fs are now ignored, since systemd does not support
|
||
early-boot LSB init scripts anymore, and these facilities
|
||
are implied anyway for normal services. syslog.target has
|
||
also been removed.
|
||
|
||
* There are new bus calls on PID1's Manager object for
|
||
cancelling jobs, and removing snapshot units. Previously,
|
||
both calls were only available on the Job and Snapshot
|
||
objects themselves.
|
||
|
||
* systemd-journal-gatewayd gained SSL support.
|
||
|
||
* The various "environment" files, such as /etc/locale.conf
|
||
now support continuation lines with a backslash ("\") as
|
||
last character in the line, similarly in style (but different)
|
||
to how this is supported in shells.
|
||
|
||
* For normal user processes the _SYSTEMD_USER_UNIT= field is
|
||
now implicitly appended to every log entry logged. systemctl
|
||
has been updated to filter by this field when operating on a
|
||
user systemd instance.
|
||
|
||
* nspawn will now implicitly add the CAP_AUDIT_WRITE and
|
||
CAP_AUDIT_CONTROL capabilities to the capabilities set for
|
||
the container. This makes it easier to boot unmodified
|
||
Fedora systems in a container, which however still requires
|
||
audit=0 to be passed on the kernel command line. Auditing in
|
||
kernel and userspace is unfortunately still too broken in
|
||
context of containers, hence we recommend compiling it out
|
||
of the kernel or using audit=0. Hopefully this will be fixed
|
||
one day for good in the kernel.
|
||
|
||
* nspawn gained the new --bind= and --bind-ro= parameters to
|
||
bind mount specific directories from the host into the
|
||
container.
|
||
|
||
* nspawn will now mount its own devpts file system instance
|
||
into the container, in order not to leak pty devices from
|
||
the host into the container.
|
||
|
||
* systemd will now read the firmware boot time performance
|
||
information from the EFI variables, if the used boot loader
|
||
supports this, and takes it into account for boot performance
|
||
analysis via "systemd-analyze". This is currently supported
|
||
only in conjunction with Gummiboot, but could be supported
|
||
by other boot loaders too. For details see:
|
||
|
||
https://systemd.io/BOOT_LOADER_INTERFACE
|
||
|
||
* A new generator has been added that automatically mounts the
|
||
EFI System Partition (ESP) to /boot, if that directory
|
||
exists, is empty, and no other file system has been
|
||
configured to be mounted there.
|
||
|
||
* logind will now send out PrepareForSleep(false) out
|
||
unconditionally, after coming back from suspend. This may be
|
||
used by applications as asynchronous notification for
|
||
system resume events.
|
||
|
||
* "systemctl unlock-sessions" has been added, that allows
|
||
unlocking the screens of all user sessions at once, similar
|
||
to how "systemctl lock-sessions" already locked all users
|
||
sessions. This is backed by a new D-Bus call UnlockSessions().
|
||
|
||
* "loginctl seat-status" will now show the master device of a
|
||
seat. (i.e. the device of a seat that needs to be around for
|
||
the seat to be considered available, usually the graphics
|
||
card).
|
||
|
||
* tmpfiles gained a new "X" line type, that allows
|
||
configuration of files and directories (with wildcards) that
|
||
shall be excluded from automatic cleanup ("aging").
|
||
|
||
* udev default rules set the device node permissions now only
|
||
at "add" events, and do not change them any longer with a
|
||
later "change" event.
|
||
|
||
* The log messages for lid events and power/sleep keypresses
|
||
now carry a message ID.
|
||
|
||
* We now have a substantially larger unit test suite, but this
|
||
continues to be work in progress.
|
||
|
||
* udevadm hwdb gained a new --root= parameter to change the
|
||
root directory to operate relative to.
|
||
|
||
* logind will now issue a background sync() request to the kernel
|
||
early at shutdown, so that dirty buffers are flushed to disk early
|
||
instead of at the last moment, in order to optimize shutdown
|
||
times a little.
|
||
|
||
* A new bootctl tool has been added that is an interface for
|
||
certain boot loader operations. This is currently a preview
|
||
and is likely to be extended into a small mechanism daemon
|
||
like timedated, localed, hostnamed, and can be used by
|
||
graphical UIs to enumerate available boot options, and
|
||
request boot into firmware operations.
|
||
|
||
* systemd-bootchart has been relicensed to LGPLv2.1+ to match
|
||
the rest of the package. It also has been updated to work
|
||
correctly in initrds.
|
||
|
||
* polkit previously has been runtime optional, and is now also
|
||
compile time optional via a configure switch.
|
||
|
||
* systemd-analyze has been reimplemented in C. Also "systemctl
|
||
dot" has moved into systemd-analyze.
|
||
|
||
* "systemctl status" with no further parameters will now print
|
||
the status of all active or failed units.
|
||
|
||
* Operations such as "systemctl start" can now be executed
|
||
with a new mode "--irreversible" which may be used to queue
|
||
operations that cannot accidentally be reversed by a later
|
||
job queuing. This is by default used to make shutdown
|
||
requests more robust.
|
||
|
||
* The Python API of systemd now gained a new module for
|
||
reading journal files.
|
||
|
||
* A new tool kernel-install has been added that can install
|
||
kernel images according to the Boot Loader Specification:
|
||
|
||
https://systemd.io/BOOT_LOADER_SPECIFICATION
|
||
|
||
* Boot time console output has been improved to provide
|
||
animated boot time output for hanging jobs.
|
||
|
||
* A new tool systemd-activate has been added which can be used
|
||
to test socket activation with, directly from the command
|
||
line. This should make it much easier to test and debug
|
||
socket activation in daemons.
|
||
|
||
* journalctl gained a new "--reverse" (or -r) option to show
|
||
journal output in reverse order (i.e. newest line first).
|
||
|
||
* journalctl gained a new "--pager-end" (or -e) option to jump
|
||
to immediately jump to the end of the journal in the
|
||
pager. This is only supported in conjunction with "less".
|
||
|
||
* journalctl gained a new "--user-unit=" option, that works
|
||
similarly to "--unit=" but filters for user units rather than
|
||
system units.
|
||
|
||
* A number of unit files to ease adoption of systemd in
|
||
initrds has been added. This moves some minimal logic from
|
||
the various initrd implementations into systemd proper.
|
||
|
||
* The journal files are now owned by a new group
|
||
"systemd-journal", which exists specifically to allow access
|
||
to the journal, and nothing else. Previously, we used the
|
||
"adm" group for that, which however possibly covers more
|
||
than just journal/log file access. This new group is now
|
||
already used by systemd-journal-gatewayd to ensure this
|
||
daemon gets access to the journal files and as little else
|
||
as possible. Note that "make install" will also set FS ACLs
|
||
up for /var/log/journal to give "adm" and "wheel" read
|
||
access to it, in addition to "systemd-journal" which owns
|
||
the journal files. We recommend that packaging scripts also
|
||
add read access to "adm" + "wheel" to /var/log/journal, and
|
||
all existing/future journal files. To normal users and
|
||
administrators little changes, however packagers need to
|
||
ensure to create the "systemd-journal" system group at
|
||
package installation time.
|
||
|
||
* The systemd-journal-gatewayd now runs as unprivileged user
|
||
systemd-journal-gateway:systemd-journal-gateway. Packaging
|
||
scripts need to create these system user/group at
|
||
installation time.
|
||
|
||
* timedated now exposes a new boolean property CanNTP that
|
||
indicates whether a local NTP service is available or not.
|
||
|
||
* systemd-detect-virt will now also detect xen PVs
|
||
|
||
* The pstore file system is now mounted by default, if it is
|
||
available.
|
||
|
||
* In addition to the SELinux and IMA policies we will now also
|
||
load SMACK policies at early boot.
|
||
|
||
Contributions from: Adel Gadllah, Aleksander Morgado, Auke
|
||
Kok, Ayan George, Bastien Nocera, Colin Walters, Daniel Buch,
|
||
Daniel Wallace, Dave Reisner, David Herrmann, David Strauss,
|
||
Eelco Dolstra, Enrico Scholz, Frederic Crozat, Harald Hoyer,
|
||
Jan Janssen, Jonathan Callen, Kay Sievers, Lennart Poettering,
|
||
Lukas Nykryn, Mantas Mikulėnas, Marc-Antoine Perennou, Martin
|
||
Pitt, Mauro Dreissig, Max F. Albrecht, Michael Biebl, Michael
|
||
Olbrich, Michal Schmidt, Michal Sekletar, Michal Vyskocil,
|
||
Michał Bartoszkiewicz, Mirco Tischler, Nathaniel Chen, Nestor
|
||
Ovroy, Oleksii Shevchuk, Paul W. Frields, Piotr Drąg, Rob
|
||
Clark, Ryan Lortie, Simon McVittie, Simon Peeters, Steven
|
||
Hiscocks, Thomas Hindoe Paaboel Andersen, Tollef Fog Heen, Tom
|
||
Gundersen, Umut Tezduyar, William Giokas, Zbigniew
|
||
Jędrzejewski-Szmek, Zeeshan Ali (Khattak)
|
||
|
||
CHANGES WITH 197:
|
||
|
||
* Timer units now support calendar time events in addition to
|
||
monotonic time events. That means you can now trigger a unit
|
||
based on a calendar time specification such as "Thu,Fri
|
||
2013-*-1,5 11:12:13" which refers to 11:12:13 of the first
|
||
or fifth day of any month of the year 2013, given that it is
|
||
a Thursday or a Friday. This brings timer event support
|
||
considerably closer to cron's capabilities. For details on
|
||
the supported calendar time specification language see
|
||
systemd.time(7).
|
||
|
||
* udev now supports a number of different naming policies for
|
||
network interfaces for predictable names, and a combination
|
||
of these policies is now the default. Please see this wiki
|
||
document for details:
|
||
|
||
https://www.freedesktop.org/software/systemd/man/systemd.net-naming-scheme.html
|
||
|
||
* Auke Kok's bootchart implementation has been added to the
|
||
systemd tree. It is an optional component that can graph the
|
||
boot in quite some detail. It is one of the best bootchart
|
||
implementations around and minimal in its code and
|
||
dependencies.
|
||
|
||
* nss-myhostname has been integrated into the systemd source
|
||
tree. nss-myhostname guarantees that the local hostname
|
||
always stays resolvable via NSS. It has been a weak
|
||
requirement of systemd-hostnamed since a long time, and
|
||
since its code is actually trivial we decided to just
|
||
include it in systemd's source tree. It can be turned off
|
||
with a configure switch.
|
||
|
||
* The read-ahead logic is now capable of properly detecting
|
||
whether a btrfs file system is on SSD or rotating media, in
|
||
order to optimize the read-ahead scheme. Previously, it was
|
||
only capable of detecting this on traditional file systems
|
||
such as ext4.
|
||
|
||
* In udev, additional device properties are now read from the
|
||
IAB in addition to the OUI database. Also, Bluetooth company
|
||
identities are attached to the devices as well.
|
||
|
||
* In service files %U may be used as specifier that is
|
||
replaced by the configured user name of the service.
|
||
|
||
* nspawn may now be invoked without a controlling TTY. This
|
||
makes it suitable for invocation as its own service. This
|
||
may be used to set up a simple containerized server system
|
||
using only core OS tools.
|
||
|
||
* systemd and nspawn can now accept socket file descriptors
|
||
when they are started for socket activation. This enables
|
||
implementation of socket activated nspawn
|
||
containers. i.e. think about autospawning an entire OS image
|
||
when the first SSH or HTTP connection is received. We expect
|
||
that similar functionality will also be added to libvirt-lxc
|
||
eventually.
|
||
|
||
* journalctl will now suppress ANSI color codes when
|
||
presenting log data.
|
||
|
||
* systemctl will no longer show control group information for
|
||
a unit if the control group is empty anyway.
|
||
|
||
* logind can now automatically suspend/hibernate/shutdown the
|
||
system on idle.
|
||
|
||
* /etc/machine-info and hostnamed now also expose the chassis
|
||
type of the system. This can be used to determine whether
|
||
the local system is a laptop, desktop, handset or
|
||
tablet. This information may either be configured by the
|
||
user/vendor or is automatically determined from ACPI and DMI
|
||
information if possible.
|
||
|
||
* A number of polkit actions are now bound together with "imply"
|
||
rules. This should simplify creating UIs because many actions
|
||
will now authenticate similar ones as well.
|
||
|
||
* Unit files learnt a new condition ConditionACPower= which
|
||
may be used to conditionalize a unit depending on whether an
|
||
AC power source is connected or not, of whether the system
|
||
is running on battery power.
|
||
|
||
* systemctl gained a new "is-failed" verb that may be used in
|
||
shell scripts and suchlike to check whether a specific unit
|
||
is in the "failed" state.
|
||
|
||
* The EnvironmentFile= setting in unit files now supports file
|
||
globbing, and can hence be used to easily read a number of
|
||
environment files at once.
|
||
|
||
* systemd will no longer detect and recognize specific
|
||
distributions. All distribution-specific #ifdeffery has been
|
||
removed, systemd is now fully generic and
|
||
distribution-agnostic. Effectively, not too much is lost as
|
||
a lot of the code is still accessible via explicit configure
|
||
switches. However, support for some distribution specific
|
||
legacy configuration file formats has been dropped. We
|
||
recommend distributions to simply adopt the configuration
|
||
files everybody else uses now and convert the old
|
||
configuration from packaging scripts. Most distributions
|
||
already did that. If that's not possible or desirable,
|
||
distributions are welcome to forward port the specific
|
||
pieces of code locally from the git history.
|
||
|
||
* When logging a message about a unit systemd will now always
|
||
log the unit name in the message meta data.
|
||
|
||
* localectl will now also discover system locale data that is
|
||
not stored in locale archives, but directly unpacked.
|
||
|
||
* logind will no longer unconditionally use framebuffer
|
||
devices as seat masters, i.e. as devices that are required
|
||
to be existing before a seat is considered preset. Instead,
|
||
it will now look for all devices that are tagged as
|
||
"seat-master" in udev. By default, framebuffer devices will
|
||
be marked as such, but depending on local systems, other
|
||
devices might be marked as well. This may be used to
|
||
integrate graphics cards using closed source drivers (such
|
||
as NVidia ones) more nicely into logind. Note however, that
|
||
we recommend using the open source NVidia drivers instead,
|
||
and no udev rules for the closed-source drivers will be
|
||
shipped from us upstream.
|
||
|
||
Contributions from: Adam Williamson, Alessandro Crismani, Auke
|
||
Kok, Colin Walters, Daniel Wallace, Dave Reisner, David
|
||
Herrmann, David Strauss, Dimitrios Apostolou, Eelco Dolstra,
|
||
Eric Benoit, Giovanni Campagna, Hannes Reinecke, Henrik
|
||
Grindal Bakken, Hermann Gausterer, Kay Sievers, Lennart
|
||
Poettering, Lukas Nykryn, Mantas Mikulėnas, Marcel Holtmann,
|
||
Martin Pitt, Matthew Monaco, Michael Biebl, Michael Terry,
|
||
Michal Schmidt, Michal Sekletar, Michał Bartoszkiewicz, Oleg
|
||
Samarin, Pekka Lundstrom, Philip Nilsson, Ramkumar
|
||
Ramachandra, Richard Yao, Robert Millan, Sami Kerola, Shawn
|
||
Landden, Thomas Hindoe Paaboel Andersen, Thomas Jarosch,
|
||
Tollef Fog Heen, Tom Gundersen, Umut Tezduyar, Zbigniew
|
||
Jędrzejewski-Szmek
|
||
|
||
CHANGES WITH 196:
|
||
|
||
* udev gained support for loading additional device properties
|
||
from an indexed database that is keyed by vendor/product IDs
|
||
and similar device identifiers. For the beginning this
|
||
"hwdb" is populated with data from the well-known PCI and
|
||
USB database, but also includes PNP, ACPI and OID data. In
|
||
the longer run this indexed database shall grow into
|
||
becoming the one central database for non-essential
|
||
userspace device metadata. Previously, data from the PCI/USB
|
||
database was only attached to select devices, since the
|
||
lookup was a relatively expensive operation due to O(n) time
|
||
complexity (with n being the number of entries in the
|
||
database). Since this is now O(1), we decided to add in this
|
||
data for all devices where this is available, by
|
||
default. Note that the indexed database needs to be rebuilt
|
||
when new data files are installed. To achieve this you need
|
||
to update your packaging scripts to invoke "udevadm hwdb
|
||
--update" after installation of hwdb data files. For
|
||
RPM-based distributions we introduced the new
|
||
%udev_hwdb_update macro for this purpose.
|
||
|
||
* The Journal gained support for the "Message Catalog", an
|
||
indexed database to link up additional information with
|
||
journal entries. For further details please check:
|
||
|
||
https://systemd.io/CATALOG
|
||
|
||
The indexed message catalog database also needs to be
|
||
rebuilt after installation of message catalog files. Use
|
||
"journalctl --update-catalog" for this. For RPM-based
|
||
distributions we introduced the %journal_catalog_update
|
||
macro for this purpose.
|
||
|
||
* The Python Journal bindings gained support for the standard
|
||
Python logging framework.
|
||
|
||
* The Journal API gained new functions for checking whether
|
||
the underlying file system of a journal file is capable of
|
||
properly reporting file change notifications, or whether
|
||
applications that want to reflect journal changes "live"
|
||
need to recheck journal files continuously in appropriate
|
||
time intervals.
|
||
|
||
* It is now possible to set the "age" field for tmpfiles
|
||
entries to 0, indicating that files matching this entry
|
||
shall always be removed when the directories are cleaned up.
|
||
|
||
* coredumpctl gained a new "gdb" verb which invokes gdb
|
||
right-away on the selected coredump.
|
||
|
||
* There's now support for "hybrid sleep" on kernels that
|
||
support this, in addition to "suspend" and "hibernate". Use
|
||
"systemctl hybrid-sleep" to make use of this.
|
||
|
||
* logind's HandleSuspendKey= setting (and related settings)
|
||
now gained support for a new "lock" setting to simply
|
||
request the screen lock on all local sessions, instead of
|
||
actually executing a suspend or hibernation.
|
||
|
||
* systemd will now mount the EFI variables file system by
|
||
default.
|
||
|
||
* Socket units now gained support for configuration of the
|
||
SMACK security label.
|
||
|
||
* timedatectl will now output the time of the last and next
|
||
daylight saving change.
|
||
|
||
* We dropped support for various legacy and distro-specific
|
||
concepts, such as insserv, early-boot SysV services
|
||
(i.e. those for non-standard runlevels such as 'b' or 'S')
|
||
or ArchLinux /etc/rc.conf support. We recommend the
|
||
distributions who still need support this to either continue
|
||
to maintain the necessary patches downstream, or find a
|
||
different solution. (Talk to us if you have questions!)
|
||
|
||
* Various systemd components will now bypass polkit checks for
|
||
root and otherwise handle properly if polkit is not found to
|
||
be around. This should fix most issues for polkit-less
|
||
systems. Quite frankly this should have been this way since
|
||
day one. It is absolutely our intention to make systemd work
|
||
fine on polkit-less systems, and we consider it a bug if
|
||
something does not work as it should if polkit is not around.
|
||
|
||
* For embedded systems it is now possible to build udev and
|
||
systemd without blkid and/or kmod support.
|
||
|
||
* "systemctl switch-root" is now capable of switching root
|
||
more than once. I.e. in addition to transitions from the
|
||
initrd to the host OS it is now possible to transition to
|
||
further OS images from the host. This is useful to implement
|
||
offline updating tools.
|
||
|
||
* Various other additions have been made to the RPM macros
|
||
shipped with systemd. Use %udev_rules_update() after
|
||
installing new udev rules files. %_udevhwdbdir,
|
||
%_udevrulesdir, %_journalcatalogdir, %_tmpfilesdir,
|
||
%_sysctldir are now available which resolve to the right
|
||
directories for packages to place various data files in.
|
||
|
||
* journalctl gained the new --full switch (in addition to
|
||
--all, to disable ellipsation for long messages.
|
||
|
||
Contributions from: Anders Olofsson, Auke Kok, Ben Boeckel,
|
||
Colin Walters, Cosimo Cecchi, Daniel Wallace, Dave Reisner,
|
||
Eelco Dolstra, Holger Hans Peter Freyther, Kay Sievers,
|
||
Chun-Yi Lee, Lekensteyn, Lennart Poettering, Mantas Mikulėnas,
|
||
Marti Raudsepp, Martin Pitt, Mauro Dreissig, Michael Biebl,
|
||
Michal Schmidt, Michal Sekletar, Miklos Vajna, Nis Martensen,
|
||
Oleksii Shevchuk, Olivier Brunel, Ramkumar Ramachandra, Thomas
|
||
Bächler, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Tony
|
||
Camuso, Umut Tezduyar, Zbigniew Jędrzejewski-Szmek
|
||
|
||
CHANGES WITH 195:
|
||
|
||
* journalctl gained new --since= and --until= switches to
|
||
filter by time. It also now supports nice filtering for
|
||
units via --unit=/-u.
|
||
|
||
* Type=oneshot services may use ExecReload= and do the
|
||
right thing.
|
||
|
||
* The journal daemon now supports time-based rotation and
|
||
vacuuming, in addition to the usual disk-space based
|
||
rotation.
|
||
|
||
* The journal will now index the available field values for
|
||
each field name. This enables clients to show pretty drop
|
||
downs of available match values when filtering. The bash
|
||
completion of journalctl has been updated
|
||
accordingly. journalctl gained a new switch -F to list all
|
||
values a certain field takes in the journal database.
|
||
|
||
* More service events are now written as structured messages
|
||
to the journal, and made recognizable via message IDs.
|
||
|
||
* The timedated, localed and hostnamed mini-services which
|
||
previously only provided support for changing time, locale
|
||
and hostname settings from graphical DEs such as GNOME now
|
||
also have a minimal (but very useful) text-based client
|
||
utility each. This is probably the nicest way to changing
|
||
these settings from the command line now, especially since
|
||
it lists available options and is fully integrated with bash
|
||
completion.
|
||
|
||
* There's now a new tool "systemd-coredumpctl" to list and
|
||
extract coredumps from the journal.
|
||
|
||
* We now install a README each in /var/log/ and
|
||
/etc/rc.d/init.d explaining where the system logs and init
|
||
scripts went. This hopefully should help folks who go to
|
||
that dirs and look into the otherwise now empty void and
|
||
scratch their heads.
|
||
|
||
* When user-services are invoked (by systemd --user) the
|
||
$MANAGERPID env var is set to the PID of systemd.
|
||
|
||
* SIGRTMIN+24 when sent to a --user instance will now result
|
||
in immediate termination of systemd.
|
||
|
||
* gatewayd received numerous feature additions such as a
|
||
"follow" mode, for live syncing and filtering.
|
||
|
||
* browse.html now allows filtering and showing detailed
|
||
information on specific entries. Keyboard navigation and
|
||
mouse screen support has been added.
|
||
|
||
* gatewayd/journalctl now supports HTML5/JSON
|
||
Server-Sent-Events as output.
|
||
|
||
* The SysV init script compatibility logic will now
|
||
heuristically determine whether a script supports the
|
||
"reload" verb, and only then make this available as
|
||
"systemctl reload".
|
||
|
||
* "systemctl status --follow" has been removed, use "journalctl
|
||
-u" instead.
|
||
|
||
* journald.conf's RuntimeMinSize=, PersistentMinSize= settings
|
||
have been removed since they are hardly useful to be
|
||
configured.
|
||
|
||
* And I'd like to take the opportunity to specifically mention
|
||
Zbigniew for his great contributions. Zbigniew, you rock!
|
||
|
||
Contributions from: Andrew Eikum, Christian Hesse, Colin
|
||
Guthrie, Daniel J Walsh, Dave Reisner, Eelco Dolstra, Ferenc
|
||
Wágner, Kay Sievers, Lennart Poettering, Lukas Nykryn, Mantas
|
||
Mikulėnas, Martin Mikkelsen, Martin Pitt, Michael Olbrich,
|
||
Michael Stapelberg, Michal Schmidt, Sebastian Ott, Thomas
|
||
Bächler, Umut Tezduyar, Will Woods, Wulf C. Krueger, Zbigniew
|
||
Jędrzejewski-Szmek, Сковорода Никита Андреевич
|
||
|
||
CHANGES WITH 194:
|
||
|
||
* If /etc/vconsole.conf is non-existent or empty we will no
|
||
longer load any console font or key map at boot by
|
||
default. Instead the kernel defaults will be left
|
||
intact. This is definitely the right thing to do, as no
|
||
configuration should mean no configuration, and hard-coding
|
||
font names that are different on all archs is probably a bad
|
||
idea. Also, the kernel default key map and font should be
|
||
good enough for most cases anyway, and mostly identical to
|
||
the userspace fonts/key maps we previously overloaded them
|
||
with. If distributions want to continue to default to a
|
||
non-kernel font or key map they should ship a default
|
||
/etc/vconsole.conf with the appropriate contents.
|
||
|
||
Contributions from: Colin Walters, Daniel J Walsh, Dave
|
||
Reisner, Kay Sievers, Lennart Poettering, Lukas Nykryn, Tollef
|
||
Fog Heen, Tom Gundersen, Zbigniew Jędrzejewski-Szmek
|
||
|
||
CHANGES WITH 193:
|
||
|
||
* journalctl gained a new --cursor= switch to show entries
|
||
starting from the specified location in the journal.
|
||
|
||
* We now enforce a size limit on journal entry fields exported
|
||
with "-o json" in journalctl. Fields larger than 4K will be
|
||
assigned null. This can be turned off with --all.
|
||
|
||
* An (optional) journal gateway daemon is now available as
|
||
"systemd-journal-gatewayd.service". This service provides
|
||
access to the journal via HTTP and JSON. This functionality
|
||
will be used to implement live log synchronization in both
|
||
pull and push modes, but has various other users too, such
|
||
as easy log access for debugging of embedded devices. Right
|
||
now it is already useful to retrieve the journal via HTTP:
|
||
|
||
# systemctl start systemd-journal-gatewayd.service
|
||
# wget http://localhost:19531/entries
|
||
|
||
This will download the journal contents in a
|
||
/var/log/messages compatible format. The same as JSON:
|
||
|
||
# curl -H"Accept: application/json" http://localhost:19531/entries
|
||
|
||
This service is also accessible via a web browser where a
|
||
single static HTML5 app is served that uses the JSON logic
|
||
to enable the user to do some basic browsing of the
|
||
journal. This will be extended later on. Here's an example
|
||
screenshot of this app in its current state:
|
||
|
||
https://0pointer.de/public/journal-gatewayd
|
||
|
||
Contributions from: Kay Sievers, Lennart Poettering, Robert
|
||
Milasan, Tom Gundersen
|
||
|
||
CHANGES WITH 192:
|
||
|
||
* The bash completion logic is now available for journalctl
|
||
too.
|
||
|
||
* We do not mount the "cpuset" controller anymore together with
|
||
"cpu" and "cpuacct", as "cpuset" groups generally cannot be
|
||
started if no parameters are assigned to it. "cpuset" hence
|
||
broke code that assumed it could create "cpu" groups and
|
||
just start them.
|
||
|
||
* journalctl -f will now subscribe to terminal size changes,
|
||
and line break accordingly.
|
||
|
||
Contributions from: Dave Reisner, Kay Sievers, Lennart
|
||
Poettering, Lukas Nykrynm, Mirco Tischler, Václav Pavlín
|
||
|
||
CHANGES WITH 191:
|
||
|
||
* nspawn will now create a symlink /etc/localtime in the
|
||
container environment, copying the host's timezone
|
||
setting. Previously this has been done via a bind mount, but
|
||
since symlinks cannot be bind mounted this has now been
|
||
changed to create/update the appropriate symlink.
|
||
|
||
* journalctl -n's line number argument is now optional, and
|
||
will default to 10 if omitted.
|
||
|
||
* journald will now log the maximum size the journal files may
|
||
take up on disk. This is particularly useful if the default
|
||
built-in logic of determining this parameter from the file
|
||
system size is used. Use "systemctl status
|
||
systemd-journald.service" to see this information.
|
||
|
||
* The multi-seat X wrapper tool has been stripped down. As X
|
||
is now capable of enumerating graphics devices via udev in a
|
||
seat-aware way the wrapper is not strictly necessary
|
||
anymore. A stripped down temporary stop-gap is still shipped
|
||
until the upstream display managers have been updated to
|
||
fully support the new X logic. Expect this wrapper to be
|
||
removed entirely in one of the next releases.
|
||
|
||
* HandleSleepKey= in logind.conf has been split up into
|
||
HandleSuspendKey= and HandleHibernateKey=. The old setting
|
||
is not available anymore. X11 and the kernel are
|
||
distinguishing between these keys and we should too. This
|
||
also means the inhibition lock for these keys has been split
|
||
into two.
|
||
|
||
Contributions from: Dave Airlie, Eelco Dolstra, Lennart
|
||
Poettering, Lukas Nykryn, Václav Pavlín
|
||
|
||
CHANGES WITH 190:
|
||
|
||
* Whenever a unit changes state we will now log this to the
|
||
journal and show along the unit's own log output in
|
||
"systemctl status".
|
||
|
||
* ConditionPathIsMountPoint= can now properly detect bind
|
||
mount points too. (Previously, a bind mount of one file
|
||
system to another place in the same file system could not be
|
||
detected as mount, since they shared struct stat's st_dev
|
||
field.)
|
||
|
||
* We will now mount the cgroup controllers cpu, cpuacct,
|
||
cpuset and the controllers net_cls, net_prio together by
|
||
default.
|
||
|
||
* nspawn containers will now have a virtualized boot
|
||
ID. (i.e. /proc/sys/kernel/random/boot_id is now mounted
|
||
over with a randomized ID at container initialization). This
|
||
has the effect of making "journalctl -b" do the right thing
|
||
in a container.
|
||
|
||
* The JSON output journal serialization has been updated not
|
||
to generate "endless" list objects anymore, but rather one
|
||
JSON object per line. This is more in line how most JSON
|
||
parsers expect JSON objects. The new output mode
|
||
"json-pretty" has been added to provide similar output, but
|
||
neatly aligned for readability by humans.
|
||
|
||
* We dropped all explicit sync() invocations in the shutdown
|
||
code. The kernel does this implicitly anyway in the kernel
|
||
reboot() syscall. halt(8)'s -n option is now a compatibility
|
||
no-op.
|
||
|
||
* We now support virtualized reboot() in containers, as
|
||
supported by newer kernels. We will fall back to exit() if
|
||
CAP_SYS_REBOOT is not available to the container. Also,
|
||
nspawn makes use of this now and will actually reboot the
|
||
container if the containerized OS asks for that.
|
||
|
||
* journalctl will only show local log output by default
|
||
now. Use --merge (-m) to show remote log output, too.
|
||
|
||
* libsystemd-journal gained the new sd_journal_get_usage()
|
||
call to determine the current disk usage of all journal
|
||
files. This is exposed in the new "journalctl --disk-usage"
|
||
command.
|
||
|
||
* journald gained a new configuration setting SplitMode= in
|
||
journald.conf which may be used to control how user journals
|
||
are split off. See journald.conf(5) for details.
|
||
|
||
* A new condition type ConditionFileNotEmpty= has been added.
|
||
|
||
* tmpfiles' "w" lines now support file globbing, to write
|
||
multiple files at once.
|
||
|
||
* We added Python bindings for the journal submission
|
||
APIs. More Python APIs for a number of selected APIs will
|
||
likely follow. Note that we intend to add native bindings
|
||
only for the Python language, as we consider it common
|
||
enough to deserve bindings shipped within systemd. There are
|
||
various projects outside of systemd that provide bindings
|
||
for languages such as PHP or Lua.
|
||
|
||
* Many conditions will now resolve specifiers such as %i. In
|
||
addition, PathChanged= and related directives of .path units
|
||
now support specifiers as well.
|
||
|
||
* There's now a new RPM macro definition for the system preset
|
||
dir: %_presetdir.
|
||
|
||
* journald will now warn if it ca not forward a message to the
|
||
syslog daemon because its socket is full.
|
||
|
||
* timedated will no longer write or process /etc/timezone,
|
||
except on Debian. As we do not support late mounted /usr
|
||
anymore /etc/localtime always being a symlink is now safe,
|
||
and hence the information in /etc/timezone is not necessary
|
||
anymore.
|
||
|
||
* logind will now always reserve one VT for a text getty (VT6
|
||
by default). Previously if more than 6 X sessions where
|
||
started they took up all the VTs with auto-spawned gettys,
|
||
so that no text gettys were available anymore.
|
||
|
||
* udev will now automatically inform the btrfs kernel logic
|
||
about btrfs RAID components showing up. This should make
|
||
simple hotplug based btrfs RAID assembly work.
|
||
|
||
* PID 1 will now increase its RLIMIT_NOFILE to 64K by default
|
||
(but not for its children which will stay at the kernel
|
||
default). This should allow setups with a lot more listening
|
||
sockets.
|
||
|
||
* systemd will now always pass the configured timezone to the
|
||
kernel at boot. timedated will do the same when the timezone
|
||
is changed.
|
||
|
||
* logind's inhibition logic has been updated. By default,
|
||
logind will now handle the lid switch, the power and sleep
|
||
keys all the time, even in graphical sessions. If DEs want
|
||
to handle these events on their own they should take the new
|
||
handle-power-key, handle-sleep-key and handle-lid-switch
|
||
inhibitors during their runtime. A simple way to achieve
|
||
that is to invoke the DE wrapped in an invocation of:
|
||
|
||
systemd-inhibit --what=handle-power-key:handle-sleep-key:handle-lid-switch …
|
||
|
||
* Access to unit operations is now checked via SELinux taking
|
||
the unit file label and client process label into account.
|
||
|
||
* systemd will now notify the administrator in the journal
|
||
when he over-mounts a non-empty directory.
|
||
|
||
* There are new specifiers that are resolved in unit files,
|
||
for the hostname (%H), the machine ID (%m) and the boot ID
|
||
(%b).
|
||
|
||
Contributions from: Allin Cottrell, Auke Kok, Brandon Philips,
|
||
Colin Guthrie, Colin Walters, Daniel J Walsh, Dave Reisner,
|
||
Eelco Dolstra, Jan Engelhardt, Kay Sievers, Lennart
|
||
Poettering, Lucas De Marchi, Lukas Nykryn, Mantas Mikulėnas,
|
||
Martin Pitt, Matthias Clasen, Michael Olbrich, Pierre Schmitz,
|
||
Shawn Landden, Thomas Hindoe Paaboel Andersen, Tom Gundersen,
|
||
Václav Pavlín, Yin Kangkai, Zbigniew Jędrzejewski-Szmek
|
||
|
||
CHANGES WITH 189:
|
||
|
||
* Support for reading structured kernel messages from
|
||
/dev/kmsg has now been added and is enabled by default.
|
||
|
||
* Support for reading kernel messages from /proc/kmsg has now
|
||
been removed. If you want kernel messages in the journal
|
||
make sure to run a recent kernel (>= 3.5) that supports
|
||
reading structured messages from /dev/kmsg (see
|
||
above). /proc/kmsg is now exclusive property of classic
|
||
syslog daemons again.
|
||
|
||
* The libudev API gained the new
|
||
udev_device_new_from_device_id() call.
|
||
|
||
* The logic for file system namespace (ReadOnlyDirectory=,
|
||
ReadWriteDirectoy=, PrivateTmp=) has been reworked not to
|
||
require pivot_root() anymore. This means fewer temporary
|
||
directories are created below /tmp for this feature.
|
||
|
||
* nspawn containers will now see and receive all submounts
|
||
made on the host OS below the root file system of the
|
||
container.
|
||
|
||
* Forward Secure Sealing is now supported for Journal files,
|
||
which provide cryptographical sealing of journal files so
|
||
that attackers cannot alter log history anymore without this
|
||
being detectable. Lennart will soon post a blog story about
|
||
this explaining it in more detail.
|
||
|
||
* There are two new service settings RestartPreventExitStatus=
|
||
and SuccessExitStatus= which allow configuration of exit
|
||
status (exit code or signal) which will be excepted from the
|
||
restart logic, resp. consider successful.
|
||
|
||
* journalctl gained the new --verify switch that can be used
|
||
to check the integrity of the structure of journal files and
|
||
(if Forward Secure Sealing is enabled) the contents of
|
||
journal files.
|
||
|
||
* nspawn containers will now be run with /dev/stdin, /dev/fd/
|
||
and similar symlinks pre-created. This makes running shells
|
||
as container init process a lot more fun.
|
||
|
||
* The fstab support can now handle PARTUUID= and PARTLABEL=
|
||
entries.
|
||
|
||
* A new ConditionHost= condition has been added to match
|
||
against the hostname (with globs) and machine ID. This is
|
||
useful for clusters where a single OS image is used to
|
||
provision a large number of hosts which shall run slightly
|
||
different sets of services.
|
||
|
||
* Services which hit the restart limit will now be placed in a
|
||
failure state.
|
||
|
||
Contributions from: Bertram Poettering, Dave Reisner, Huang
|
||
Hang, Kay Sievers, Lennart Poettering, Lukas Nykryn, Martin
|
||
Pitt, Simon Peeters, Zbigniew Jędrzejewski-Szmek
|
||
|
||
CHANGES WITH 188:
|
||
|
||
* When running in --user mode systemd will now become a
|
||
subreaper (PR_SET_CHILD_SUBREAPER). This should make the ps
|
||
tree a lot more organized.
|
||
|
||
* A new PartOf= unit dependency type has been introduced that
|
||
may be used to group services in a natural way.
|
||
|
||
* "systemctl enable" may now be used to enable instances of
|
||
services.
|
||
|
||
* journalctl now prints error log levels in red, and
|
||
warning/notice log levels in bright white. It also supports
|
||
filtering by log level now.
|
||
|
||
* cgtop gained a new -n switch (similar to top), to configure
|
||
the maximum number of iterations to run for. It also gained
|
||
-b, to run in batch mode (accepting no input).
|
||
|
||
* The suffix ".service" may now be omitted on most systemctl
|
||
command lines involving service unit names.
|
||
|
||
* There's a new bus call in logind to lock all sessions, as
|
||
well as a loginctl verb for it "lock-sessions".
|
||
|
||
* libsystemd-logind.so gained a new call sd_journal_perror()
|
||
that works similar to libc perror() but logs to the journal
|
||
and encodes structured information about the error number.
|
||
|
||
* /etc/crypttab entries now understand the new keyfile-size=
|
||
option.
|
||
|
||
* shutdown(8) now can send a (configurable) wall message when
|
||
a shutdown is cancelled.
|
||
|
||
* The mount propagation mode for the root file system will now
|
||
default to "shared", which is useful to make containers work
|
||
nicely out-of-the-box so that they receive new mounts from
|
||
the host. This can be undone locally by running "mount
|
||
--make-rprivate /" if needed.
|
||
|
||
* The prefdm.service file has been removed. Distributions
|
||
should maintain this unit downstream if they intend to keep
|
||
it around. However, we recommend writing normal unit files
|
||
for display managers instead.
|
||
|
||
* Since systemd is a crucial part of the OS we will now
|
||
default to a number of compiler switches that improve
|
||
security (hardening) such as read-only relocations, stack
|
||
protection, and suchlike.
|
||
|
||
* The TimeoutSec= setting for services is now split into
|
||
TimeoutStartSec= and TimeoutStopSec= to allow configuration
|
||
of individual time outs for the start and the stop phase of
|
||
the service.
|
||
|
||
Contributions from: Artur Zaprzala, Arvydas Sidorenko, Auke
|
||
Kok, Bryan Kadzban, Dave Reisner, David Strauss, Harald Hoyer,
|
||
Jim Meyering, Kay Sievers, Lennart Poettering, Mantas
|
||
Mikulėnas, Martin Pitt, Michal Schmidt, Michal Sekletar, Peter
|
||
Alfredsen, Shawn Landden, Simon Peeters, Terence Honles, Tom
|
||
Gundersen, Zbigniew Jędrzejewski-Szmek
|
||
|
||
CHANGES WITH 187:
|
||
|
||
* The journal and id128 C APIs are now fully documented as man
|
||
pages.
|
||
|
||
* Extra safety checks have been added when transitioning from
|
||
the initial RAM disk to the main system to avoid accidental
|
||
data loss.
|
||
|
||
* /etc/crypttab entries now understand the new keyfile-offset=
|
||
option.
|
||
|
||
* systemctl -t can now be used to filter by unit load state.
|
||
|
||
* The journal C API gained the new sd_journal_wait() call to
|
||
make writing synchronous journal clients easier.
|
||
|
||
* journalctl gained the new -D switch to show journals from a
|
||
specific directory.
|
||
|
||
* journalctl now displays a special marker between log
|
||
messages of two different boots.
|
||
|
||
* The journal is now explicitly flushed to /var via a service
|
||
systemd-journal-flush.service, rather than implicitly simply
|
||
by seeing /var/log/journal to be writable.
|
||
|
||
* journalctl (and the journal C APIs) can now match for much
|
||
more complex expressions, with alternatives and
|
||
disjunctions.
|
||
|
||
* When transitioning from the initial RAM disk to the main
|
||
system we will now kill all processes in a killing spree to
|
||
ensure no processes stay around by accident.
|
||
|
||
* Three new specifiers may be used in unit files: %u, %h, %s
|
||
resolve to the user name, user home directory resp. user
|
||
shell. This is useful for running systemd user instances.
|
||
|
||
* We now automatically rotate journal files if their data
|
||
object hash table gets a fill level > 75%. We also size the
|
||
hash table based on the configured maximum file size. This
|
||
together should lower hash collisions drastically and thus
|
||
speed things up a bit.
|
||
|
||
* journalctl gained the new "--header" switch to introspect
|
||
header data of journal files.
|
||
|
||
* A new setting SystemCallFilters= has been added to services which may
|
||
be used to apply deny lists or allow lists to system calls. This is
|
||
based on SECCOMP Mode 2 of Linux 3.5.
|
||
|
||
* nspawn gained a new --link-journal= switch (and quicker: -j)
|
||
to link the container journal with the host. This makes it
|
||
very easy to centralize log viewing on the host for all
|
||
guests while still keeping the journal files separated.
|
||
|
||
* Many bugfixes and optimizations
|
||
|
||
Contributions from: Auke Kok, Eelco Dolstra, Harald Hoyer, Kay
|
||
Sievers, Lennart Poettering, Malte Starostik, Paul Menzel, Rex
|
||
Tsai, Shawn Landden, Tom Gundersen, Ville Skyttä, Zbigniew
|
||
Jędrzejewski-Szmek
|
||
|
||
CHANGES WITH 186:
|
||
|
||
* Several tools now understand kernel command line arguments,
|
||
which are only read when run in an initial RAM disk. They
|
||
usually follow closely their normal counterparts, but are
|
||
prefixed with rd.
|
||
|
||
* There's a new tool to analyze the readahead files that are
|
||
automatically generated at boot. Use:
|
||
|
||
/usr/lib/systemd/systemd-readahead analyze /.readahead
|
||
|
||
* We now provide an early debug shell on tty9 if this enabled. Use:
|
||
|
||
systemctl enable debug-shell.service
|
||
|
||
* All plymouth related units have been moved into the Plymouth
|
||
package. Please make sure to upgrade your Plymouth version
|
||
as well.
|
||
|
||
* systemd-tmpfiles now supports getting passed the basename of
|
||
a configuration file only, in which case it will look for it
|
||
in all appropriate directories automatically.
|
||
|
||
* udevadm info now takes a /dev or /sys path as argument, and
|
||
does the right thing. Example:
|
||
|
||
udevadm info /dev/sda
|
||
udevadm info /sys/class/block/sda
|
||
|
||
* systemctl now prints a warning if a unit is stopped but a
|
||
unit that might trigger it continues to run. Example: a
|
||
service is stopped but the socket that activates it is left
|
||
running.
|
||
|
||
* "systemctl status" will now mention if the log output was
|
||
shortened due to rotation since a service has been started.
|
||
|
||
* The journal API now exposes functions to determine the
|
||
"cutoff" times due to rotation.
|
||
|
||
* journald now understands SIGUSR1 and SIGUSR2 for triggering
|
||
immediately flushing of runtime logs to /var if possible,
|
||
resp. for triggering immediate rotation of the journal
|
||
files.
|
||
|
||
* It is now considered an error if a service is attempted to
|
||
be stopped that is not loaded.
|
||
|
||
* XDG_RUNTIME_DIR now uses numeric UIDs instead of usernames.
|
||
|
||
* systemd-analyze now supports Python 3
|
||
|
||
* tmpfiles now supports cleaning up directories via aging
|
||
where the first level dirs are always kept around but
|
||
directories beneath it automatically aged. This is enabled
|
||
by prefixing the age field with '~'.
|
||
|
||
* Seat objects now expose CanGraphical, CanTTY properties
|
||
which is required to deal with very fast bootups where the
|
||
display manager might be running before the graphics drivers
|
||
completed initialization.
|
||
|
||
* Seat objects now expose a State property.
|
||
|
||
* We now include RPM macros for service enabling/disabling
|
||
based on the preset logic. We recommend RPM based
|
||
distributions to make use of these macros if possible. This
|
||
makes it simpler to reuse RPM spec files across
|
||
distributions.
|
||
|
||
* We now make sure that the collected systemd unit name is
|
||
always valid when services log to the journal via
|
||
STDOUT/STDERR.
|
||
|
||
* There's a new man page kernel-command-line(7) detailing all
|
||
command line options we understand.
|
||
|
||
* The fstab generator may now be disabled at boot by passing
|
||
fstab=0 on the kernel command line.
|
||
|
||
* A new kernel command line option modules-load= is now understood
|
||
to load a specific kernel module statically, early at boot.
|
||
|
||
* Unit names specified on the systemctl command line are now
|
||
automatically escaped as needed. Also, if file system or
|
||
device paths are specified they are automatically turned
|
||
into the appropriate mount or device unit names. Example:
|
||
|
||
systemctl status /home
|
||
systemctl status /dev/sda
|
||
|
||
* The SysVConsole= configuration option has been removed from
|
||
system.conf parsing.
|
||
|
||
* The SysV search path is no longer exported on the D-Bus
|
||
Manager object.
|
||
|
||
* The Names= option has been removed from unit file parsing.
|
||
|
||
* There's a new man page bootup(7) detailing the boot process.
|
||
|
||
* Every unit and every generator we ship with systemd now
|
||
comes with full documentation. The self-explanatory boot is
|
||
complete.
|
||
|
||
* A couple of services gained "systemd-" prefixes in their
|
||
name if they wrap systemd code, rather than only external
|
||
code. Among them fsck@.service which is now
|
||
systemd-fsck@.service.
|
||
|
||
* The HaveWatchdog property has been removed from the D-Bus
|
||
Manager object.
|
||
|
||
* systemd.confirm_spawn= on the kernel command line should now
|
||
work sensibly.
|
||
|
||
* There's a new man page crypttab(5) which details all options
|
||
we actually understand.
|
||
|
||
* systemd-nspawn gained a new --capability= switch to pass
|
||
additional capabilities to the container.
|
||
|
||
* timedated will now read known NTP implementation unit names
|
||
from /usr/lib/systemd/ntp-units.d/*.list,
|
||
systemd-timedated-ntp.target has been removed.
|
||
|
||
* journalctl gained a new switch "-b" that lists log data of
|
||
the current boot only.
|
||
|
||
* The notify socket is in the abstract namespace again, in
|
||
order to support daemons which chroot() at start-up.
|
||
|
||
* There is a new Storage= configuration option for journald
|
||
which allows configuration of where log data should go. This
|
||
also provides a way to disable journal logging entirely, so
|
||
that data collected is only forwarded to the console, the
|
||
kernel log buffer or another syslog implementation.
|
||
|
||
* Many bugfixes and optimizations
|
||
|
||
Contributions from: Auke Kok, Colin Guthrie, Dave Reisner,
|
||
David Strauss, Eelco Dolstra, Kay Sievers, Lennart Poettering,
|
||
Lukas Nykryn, Michal Schmidt, Michal Sekletar, Paul Menzel,
|
||
Shawn Landden, Tom Gundersen
|
||
|
||
CHANGES WITH 185:
|
||
|
||
* "systemctl help <unit>" now shows the man page if one is
|
||
available.
|
||
|
||
* Several new man pages have been added.
|
||
|
||
* MaxLevelStore=, MaxLevelSyslog=, MaxLevelKMsg=,
|
||
MaxLevelConsole= can now be specified in
|
||
journald.conf. These options allow reducing the amount of
|
||
data stored on disk or forwarded by the log level.
|
||
|
||
* TimerSlackNSec= can now be specified in system.conf for
|
||
PID1. This allows system-wide power savings.
|
||
|
||
Contributions from: Dave Reisner, Kay Sievers, Lauri Kasanen,
|
||
Lennart Poettering, Malte Starostik, Marc-Antoine Perennou,
|
||
Matthias Clasen
|
||
|
||
CHANGES WITH 184:
|
||
|
||
* logind is now capable of (optionally) handling power and
|
||
sleep keys as well as the lid switch.
|
||
|
||
* journalctl now understands the syntax "journalctl
|
||
/usr/bin/avahi-daemon" to get all log output of a specific
|
||
daemon.
|
||
|
||
* CapabilityBoundingSet= in system.conf now also influences
|
||
the capability bound set of usermode helpers of the kernel.
|
||
|
||
Contributions from: Daniel Drake, Daniel J. Walsh, Gert
|
||
Michael Kulyk, Harald Hoyer, Jean Delvare, Kay Sievers,
|
||
Lennart Poettering, Matthew Garrett, Matthias Clasen, Paul
|
||
Menzel, Shawn Landden, Tero Roponen, Tom Gundersen
|
||
|
||
CHANGES WITH 183:
|
||
|
||
* Note that we skipped 139 releases here in order to set the
|
||
new version to something that is greater than both udev's
|
||
and systemd's most recent version number.
|
||
|
||
* udev: all udev sources are merged into the systemd source tree now.
|
||
All future udev development will happen in the systemd tree. It
|
||
is still fully supported to use the udev daemon and tools without
|
||
systemd running, like in initramfs or other init systems. Building
|
||
udev though, will require the *build* of the systemd tree, but
|
||
udev can be properly *run* without systemd.
|
||
|
||
* udev: /lib/udev/devices/ are not read anymore; systemd-tmpfiles
|
||
should be used to create dead device nodes as workarounds for broken
|
||
subsystems.
|
||
|
||
* udev: RUN+="socket:…" and udev_monitor_new_from_socket() is
|
||
no longer supported. udev_monitor_new_from_netlink() needs to be
|
||
used to subscribe to events.
|
||
|
||
* udev: when udevd is started by systemd, processes which are left
|
||
behind by forking them off of udev rules, are unconditionally cleaned
|
||
up and killed now after the event handling has finished. Services or
|
||
daemons must be started as systemd services. Services can be
|
||
pulled-in by udev to get started, but they can no longer be directly
|
||
forked by udev rules.
|
||
|
||
* udev: the daemon binary is called systemd-udevd now and installed
|
||
in /usr/lib/systemd/. Standalone builds or non-systemd systems need
|
||
to adapt to that, create symlink, or rename the binary after building
|
||
it.
|
||
|
||
* libudev no longer provides these symbols:
|
||
udev_monitor_from_socket()
|
||
udev_queue_get_failed_list_entry()
|
||
udev_get_{dev,sys,run}_path()
|
||
The versions number was bumped and symbol versioning introduced.
|
||
|
||
* systemd-loginctl and systemd-journalctl have been renamed
|
||
to loginctl and journalctl to match systemctl.
|
||
|
||
* The config files: /etc/systemd/systemd-logind.conf and
|
||
/etc/systemd/systemd-journald.conf have been renamed to
|
||
logind.conf and journald.conf. Package updates should rename
|
||
the files to the new names on upgrade.
|
||
|
||
* For almost all files the license is now LGPL2.1+, changed
|
||
from the previous GPL2.0+. Exceptions are some minor stuff
|
||
of udev (which will be changed to LGPL2.1 eventually, too),
|
||
and the MIT licensed sd-daemon.[ch] library that is suitable
|
||
to be used as drop-in files.
|
||
|
||
* systemd and logind now handle system sleep states, in
|
||
particular suspending and hibernating.
|
||
|
||
* logind now implements a sleep/shutdown/idle inhibiting logic
|
||
suitable for a variety of uses. Soonishly Lennart will blog
|
||
about this in more detail.
|
||
|
||
* var-run.mount and var-lock.mount are no longer provided
|
||
(which previously bind mounted these directories to their new
|
||
places). Distributions which have not converted these
|
||
directories to symlinks should consider stealing these files
|
||
from git history and add them downstream.
|
||
|
||
* We introduced the Documentation= field for units and added
|
||
this to all our shipped units. This is useful to make it
|
||
easier to explore the boot and the purpose of the various
|
||
units.
|
||
|
||
* All smaller setup units (such as
|
||
systemd-vconsole-setup.service) now detect properly if they
|
||
are run in a container and are skipped when
|
||
appropriate. This guarantees an entirely noise-free boot in
|
||
Linux container environments such as systemd-nspawn.
|
||
|
||
* A framework for implementing offline system updates is now
|
||
integrated, for details see:
|
||
https://www.freedesktop.org/software/systemd/man/systemd.offline-updates.html
|
||
|
||
* A new service type Type=idle is available now which helps us
|
||
avoiding ugly interleaving of getty output and boot status
|
||
messages.
|
||
|
||
* There's now a system-wide CapabilityBoundingSet= option to
|
||
globally reduce the set of capabilities for the
|
||
system. This is useful to drop CAP_SYS_MKNOD, CAP_SYS_RAWIO,
|
||
CAP_NET_RAW, CAP_SYS_MODULE, CAP_SYS_TIME, CAP_SYS_PTRACE or
|
||
even CAP_NET_ADMIN system-wide for secure systems.
|
||
|
||
* There are now system-wide DefaultLimitXXX= options to
|
||
globally change the defaults of the various resource limits
|
||
for all units started by PID 1.
|
||
|
||
* Harald Hoyer's systemd test suite has been integrated into
|
||
systemd which allows easy testing of systemd builds in qemu
|
||
and nspawn. (This is really awesome! Ask us for details!)
|
||
|
||
* The fstab parser is now implemented as generator, not inside
|
||
of PID 1 anymore.
|
||
|
||
* systemctl will now warn you if .mount units generated from
|
||
/etc/fstab are out of date due to changes in fstab that
|
||
have not been read by systemd yet.
|
||
|
||
* systemd is now suitable for usage in initrds. Dracut has
|
||
already been updated to make use of this. With this in place
|
||
initrds get a slight bit faster but primarily are much
|
||
easier to introspect and debug since "systemctl status" in
|
||
the host system can be used to introspect initrd services,
|
||
and the journal from the initrd is kept around too.
|
||
|
||
* systemd-delta has been added, a tool to explore differences
|
||
between user/admin configuration and vendor defaults.
|
||
|
||
* PrivateTmp= now affects both /tmp and /var/tmp.
|
||
|
||
* Boot time status messages are now much prettier and feature
|
||
proper english language. Booting up systemd has never been
|
||
so sexy.
|
||
|
||
* Read-ahead pack files now include the inode number of all
|
||
files to pre-cache. When the inode changes the pre-caching
|
||
is not attempted. This should be nicer to deal with updated
|
||
packages which might result in changes of read-ahead
|
||
patterns.
|
||
|
||
* We now temporaritly lower the kernel's read_ahead_kb variable
|
||
when collecting read-ahead data to ensure the kernel's
|
||
built-in read-ahead does not add noise to our measurements
|
||
of necessary blocks to pre-cache.
|
||
|
||
* There's now RequiresMountsFor= to add automatic dependencies
|
||
for all mounts necessary for a specific file system path.
|
||
|
||
* MountAuto= and SwapAuto= have been removed from
|
||
system.conf. Mounting file systems at boot has to take place
|
||
in systemd now.
|
||
|
||
* nspawn now learned a new switch --uuid= to set the machine
|
||
ID on the command line.
|
||
|
||
* nspawn now learned the -b switch to automatically search
|
||
for an init system.
|
||
|
||
* vt102 is now the default TERM for serial TTYs, upgraded from
|
||
vt100.
|
||
|
||
* systemd-logind now works on VT-less systems.
|
||
|
||
* The build tree has been reorganized. The individual
|
||
components now have directories of their own.
|
||
|
||
* A new condition type ConditionPathIsReadWrite= is now available.
|
||
|
||
* nspawn learned the new -C switch to create cgroups for the
|
||
container in other hierarchies.
|
||
|
||
* We now have support for hardware watchdogs, configurable in
|
||
system.conf.
|
||
|
||
* The scheduled shutdown logic now has a public API.
|
||
|
||
* We now mount /tmp as tmpfs by default, but this can be
|
||
masked and /etc/fstab can override it.
|
||
|
||
* Since udisks does not make use of /media anymore we are not
|
||
mounting a tmpfs on it anymore.
|
||
|
||
* journalctl gained a new --local switch to only interleave
|
||
locally generated journal files.
|
||
|
||
* We can now load the IMA policy at boot automatically.
|
||
|
||
* The GTK tools have been split off into a systemd-ui.
|
||
|
||
Contributions from: Andreas Schwab, Auke Kok, Ayan George,
|
||
Colin Guthrie, Daniel Mack, Dave Reisner, David Ward, Elan
|
||
Ruusamäe, Frederic Crozat, Gergely Nagy, Guillermo Vidal,
|
||
Hannes Reinecke, Harald Hoyer, Javier Jardón, Kay Sievers,
|
||
Lennart Poettering, Lucas De Marchi, Léo Gillot-Lamure,
|
||
Marc-Antoine Perennou, Martin Pitt, Matthew Monaco, Maxim
|
||
A. Mikityanskiy, Michael Biebl, Michael Olbrich, Michal
|
||
Schmidt, Nis Martensen, Patrick McCarty, Roberto Sassu, Shawn
|
||
Landden, Sjoerd Simons, Sven Anders, Tollef Fog Heen, Tom
|
||
Gundersen
|
||
|
||
CHANGES WITH 44:
|
||
|
||
* This is mostly a bugfix release
|
||
|
||
* Support optional initialization of the machine ID from the
|
||
KVM or container configured UUID.
|
||
|
||
* Support immediate reboots with "systemctl reboot -ff"
|
||
|
||
* Show /etc/os-release data in systemd-analyze output
|
||
|
||
* Many bugfixes for the journal, including endianness fixes and
|
||
ensuring that disk space enforcement works
|
||
|
||
* sd-login.h is C++ compatible again
|
||
|
||
* Extend the /etc/os-release format on request of the Debian
|
||
folks
|
||
|
||
* We now refuse non-UTF8 strings used in various configuration
|
||
and unit files. This is done to ensure we do not pass invalid
|
||
data over D-Bus or expose it elsewhere.
|
||
|
||
* Register Mimo USB Screens as suitable for automatic seat
|
||
configuration
|
||
|
||
* Read SELinux client context from journal clients in a race
|
||
free fashion
|
||
|
||
* Reorder configuration file lookup order. /etc now always
|
||
overrides /run in order to allow the administrator to always
|
||
and unconditionally override vendor-supplied or
|
||
automatically generated data.
|
||
|
||
* The various user visible bits of the journal now have man
|
||
pages. We still lack man pages for the journal API calls
|
||
however.
|
||
|
||
* We now ship all man pages in HTML format again in the
|
||
tarball.
|
||
|
||
Contributions from: Dave Reisner, Dirk Eibach, Frederic
|
||
Crozat, Harald Hoyer, Kay Sievers, Lennart Poettering, Marti
|
||
Raudsepp, Michal Schmidt, Shawn Landden, Tero Roponen, Thierry
|
||
Reding
|
||
|
||
CHANGES WITH 43:
|
||
|
||
* This is mostly a bugfix release
|
||
|
||
* systems lacking /etc/os-release are no longer supported.
|
||
|
||
* Various functionality updates to libsystemd-login.so
|
||
|
||
* Track class of PAM logins to distinguish greeters from
|
||
normal user logins.
|
||
|
||
Contributions from: Kay Sievers, Lennart Poettering, Michael
|
||
Biebl
|
||
|
||
CHANGES WITH 42:
|
||
|
||
* This is an important bugfix release for v41.
|
||
|
||
* Building man pages is now optional which should be useful
|
||
for those building systemd from git but unwilling to install
|
||
xsltproc.
|
||
|
||
* Watchdog support for supervising services is now usable. In
|
||
a future release support for hardware watchdogs
|
||
(i.e. /dev/watchdog) will be added building on this.
|
||
|
||
* Service start rate limiting is now configurable and can be
|
||
turned off per service. When a start rate limit is hit a
|
||
reboot can automatically be triggered.
|
||
|
||
* New CanReboot(), CanPowerOff() bus calls in systemd-logind.
|
||
|
||
Contributions from: Benjamin Franzke, Bill Nottingham,
|
||
Frederic Crozat, Lennart Poettering, Michael Olbrich, Michal
|
||
Schmidt, Michał Górny, Piotr Drąg
|
||
|
||
CHANGES WITH 41:
|
||
|
||
* The systemd binary is installed /usr/lib/systemd/systemd now;
|
||
An existing /sbin/init symlink needs to be adapted with the
|
||
package update.
|
||
|
||
* The code that loads kernel modules has been ported to invoke
|
||
libkmod directly, instead of modprobe. This means we do not
|
||
support systems with module-init-tools anymore.
|
||
|
||
* Watchdog support is now already useful, but still not
|
||
complete.
|
||
|
||
* A new kernel command line option systemd.setenv= is
|
||
understood to set system wide environment variables
|
||
dynamically at boot.
|
||
|
||
* We now limit the set of capabilities of systemd-journald.
|
||
|
||
* We now set SIGPIPE to ignore by default, since it only is
|
||
useful in shell pipelines, and has little use in general
|
||
code. This can be disabled with IgnoreSIPIPE=no in unit
|
||
files.
|
||
|
||
Contributions from: Benjamin Franzke, Kay Sievers, Lennart
|
||
Poettering, Michael Olbrich, Michal Schmidt, Tom Gundersen,
|
||
William Douglas
|
||
|
||
CHANGES WITH 40:
|
||
|
||
* This is mostly a bugfix release
|
||
|
||
* We now expose the reason why a service failed in the
|
||
"Result" D-Bus property.
|
||
|
||
* Rudimentary service watchdog support (will be completed over
|
||
the next few releases.)
|
||
|
||
* When systemd forks off in order execute some service we will
|
||
now immediately changes its argv[0] to reflect which process
|
||
it will execute. This is useful to minimize the time window
|
||
with a generic argv[0], which makes bootcharts more useful
|
||
|
||
Contributions from: Alvaro Soliverez, Chris Paulson-Ellis, Kay
|
||
Sievers, Lennart Poettering, Michael Olbrich, Michal Schmidt,
|
||
Mike Kazantsev, Ray Strode
|
||
|
||
CHANGES WITH 39:
|
||
|
||
* This is mostly a test release, but incorporates many
|
||
bugfixes.
|
||
|
||
* New systemd-cgtop tool to show control groups by their
|
||
resource usage.
|
||
|
||
* Linking against libacl for ACLs is optional again. If
|
||
disabled, support tracking device access for active logins
|
||
goes becomes unavailable, and so does access to the user
|
||
journals by the respective users.
|
||
|
||
* If a group "adm" exists, journal files are automatically
|
||
owned by them, thus allow members of this group full access
|
||
to the system journal as well as all user journals.
|
||
|
||
* The journal now stores the SELinux context of the logging
|
||
client for all entries.
|
||
|
||
* Add C++ inclusion guards to all public headers
|
||
|
||
* New output mode "cat" in the journal to print only text
|
||
messages, without any meta data like date or time.
|
||
|
||
* Include tiny X server wrapper as a temporary stop-gap to
|
||
teach XOrg udev display enumeration. This is used by display
|
||
managers such as gdm, and will go away as soon as XOrg
|
||
learned native udev hotplugging for display devices.
|
||
|
||
* Add new systemd-cat tool for executing arbitrary programs
|
||
with STDERR/STDOUT connected to the journal. Can also act as
|
||
BSD logger replacement, and does so by default.
|
||
|
||
* Optionally store all locally generated coredumps in the
|
||
journal along with meta data.
|
||
|
||
* systemd-tmpfiles learnt four new commands: n, L, c, b, for
|
||
writing short strings to files (for usage for /sys), and for
|
||
creating symlinks, character and block device nodes.
|
||
|
||
* New unit file option ControlGroupPersistent= to make cgroups
|
||
persistent, following the mechanisms outlined in
|
||
https://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups
|
||
|
||
* Support multiple local RTCs in a sane way
|
||
|
||
* No longer monopolize IO when replaying readahead data on
|
||
rotating disks, since we might starve non-file-system IO to
|
||
death, since fanotify() will not see accesses done by blkid,
|
||
or fsck.
|
||
|
||
* Do not show kernel threads in systemd-cgls anymore, unless
|
||
requested with new -k switch.
|
||
|
||
Contributions from: Dan Horák, Kay Sievers, Lennart
|
||
Poettering, Michal Schmidt
|
||
|
||
CHANGES WITH 38:
|
||
|
||
* This is mostly a test release, but incorporates many
|
||
bugfixes.
|
||
|
||
* The git repository moved to:
|
||
git://anongit.freedesktop.org/systemd/systemd
|
||
ssh://git.freedesktop.org/git/systemd/systemd
|
||
|
||
* First release with the journal
|
||
https://0pointer.de/blog/projects/the-journal.html
|
||
|
||
* The journal replaces both systemd-kmsg-syslogd and
|
||
systemd-stdout-bridge.
|
||
|
||
* New sd_pid_get_unit() API call in libsystemd-logind
|
||
|
||
* Many systemadm clean-ups
|
||
|
||
* Introduce remote-fs-pre.target which is ordered before all
|
||
remote mounts and may be used to start services before all
|
||
remote mounts.
|
||
|
||
* Added Mageia support
|
||
|
||
* Add bash completion for systemd-loginctl
|
||
|
||
* Actively monitor PID file creation for daemons which exit in
|
||
the parent process before having finished writing the PID
|
||
file in the daemon process. Daemons which do this need to be
|
||
fixed (i.e. PID file creation must have finished before the
|
||
parent exits), but we now react a bit more gracefully to them.
|
||
|
||
* Add colourful boot output, mimicking the well-known output
|
||
of existing distributions.
|
||
|
||
* New option PassCredentials= for socket units, for
|
||
compatibility with a recent kernel ABI breakage.
|
||
|
||
* /etc/rc.local is now hooked in via a generator binary, and
|
||
thus will no longer act as synchronization point during
|
||
boot.
|
||
|
||
* systemctl list-unit-files now supports --root=.
|
||
|
||
* systemd-tmpfiles now understands two new commands: z, Z for
|
||
relabelling files according to the SELinux database. This is
|
||
useful to apply SELinux labels to specific files in /sys,
|
||
among other things.
|
||
|
||
* Output of SysV services is now forwarded to both the console
|
||
and the journal by default, not only just the console.
|
||
|
||
* New man pages for all APIs from libsystemd-login.
|
||
|
||
* The build tree got reorganized and the build system is a
|
||
lot more modular allowing embedded setups to specifically
|
||
select the components of systemd they are interested in.
|
||
|
||
* Support for Linux systems lacking the kernel VT subsystem is
|
||
restored.
|
||
|
||
* configure's --with-rootdir= got renamed to
|
||
--with-rootprefix= to follow the naming used by udev and
|
||
kmod
|
||
|
||
* Unless specified otherwise we will now install to /usr instead
|
||
of /usr/local by default.
|
||
|
||
* Processes with '@' in argv[0][0] are now excluded from the
|
||
final shut-down killing spree, following the logic explained
|
||
in:
|
||
https://systemd.io/ROOT_STORAGE_DAEMONS/
|
||
|
||
* All processes remaining in a service cgroup when we enter
|
||
the START or START_PRE states are now killed with
|
||
SIGKILL. That means it is no longer possible to spawn
|
||
background processes from ExecStart= lines (which was never
|
||
supported anyway, and bad style).
|
||
|
||
* New PropagateReloadTo=/PropagateReloadFrom= options to bind
|
||
reloading of units together.
|
||
|
||
Contributions from: Bill Nottingham, Daniel J. Walsh, Dave
|
||
Reisner, Dexter Morgan, Gregs Gregs, Jonathan Nieder, Kay
|
||
Sievers, Lennart Poettering, Michael Biebl, Michal Schmidt,
|
||
Michał Górny, Ran Benita, Thomas Jarosch, Tim Waugh, Tollef
|
||
Fog Heen, Tom Gundersen, Zbigniew Jędrzejewski-Szmek
|