Permalink
7173 lines (5805 sloc) 359 KB
systemd System and Service Manager
CHANGES WITH 233 in spe
[ LIST FAR FROM COMPLETE YET ]
* DBus policy files are now installed into /usr rather than /etc. Make
sure your system has dbus >= 1.9.18 running before upgrading to this
version, or override the install path with --with-dbuspolicydir= .
* The shell invoked by debug-shell.service now defaults to /bin/sh in
all cases. If distributions want to use a different shell for this
purpose (for example Fedora's /sbin/sushell) they need to specify
this explicitly at configure time using --with-debug-shell=.
* The confirmation spawn prompt has been reworked to offer the
following choices:
(c)ontinue, proceed without asking anymore
(D)ump, show the state of the unit
(f)ail, don't execute the command and pretend it failed
(h)elp
(i)nfo, show a short summary of the unit
(j)obs, show jobs that are in progress
(s)kip, don't execute the command and pretend it succeeded
(y)es, execute the command
The 'n' choice for the confirmation spawn prompt has been removed,
because its meaning was confusing.
The prompt may now also be redirected to an alternative console by
specifying the console as parameter to systemd.confirm_spawn=.
* Services of Type=notify require a READY=1 notification to be sent
during startup. If no such message is sent, the service now fails,
even if the main process exited with a successful exit code.
* Services that fail to start up correctly now always have their
ExecStopPost= commands executed. Previously, they'd enter "failed"
state directly, without executing these commands.
* The option MulticastDNS= of network configuration files has acquired
an actual implementation. With MulticastDNS=yes a host can resolve
names of remote hosts and to reply to mDNS's A and AAAA requests from
the hosts.
* When units are about to be started an additional check is now done to
ensure that all dependencies of type BindsTo= (when used in
combination with After=) have been started.
* systemd-analyze gained a new verb "syscall-filter" which shows which
system call groups are defined for the SystemCallFilter= unit file
setting, and which system calls they precisely contain.
* A new system call filter group "@filesystem" has been added,
consisting of various file system related system calls. A group
"@reboot" has been added, covering reboot, kexec and shutdown related
calls. Finally, a group "@swap" has been added covering swap
configuration related calls.
* A new unit file option RestrictNamespaces= has been added that may be
used to restrict access to the various process namespace types the
Linux kernel provides. Specifically, it may be used to take away the
right for specific service units to create additional file system,
networking, user, and other namespaces. This sandboxing option is
particularly relevant due to the high amount of recently discovered
namespacing related vulnerabilities in the kernel.
* .link gained support for a new AutoNegotiation= setting for
configuring Ethernet auto-negotiation.
* systemd-networkd's .network files gained support for a new
ListenPort= setting in the [DHCP] section to explicitly configure the
UDP client port the DHCP client shall listen on.
* New systemd-specific mount options are now understood in /etc/fstab:
x-systemd.mount-timeout= may be used to configure the maximum
permitted runtime of the mount command.
x-systemd.device-bound may be set to bind a mount point to its
backing device unit, in order to automatically remove a mount point
if its backing device is unplugged. This option may also be
configured through the new SYSTEMD_MOUNT_DEVICE_BOUND udev property
on the block device, which is now automatically set for all CDROM
drives, so that mounted CDs are automatically unmounted when they are
removed from the drive.
x-systemd.after= and x-systemd.before= may be use to explicitly order
a mount after or before another unit or mount point.
* Enqueued start jobs for device units are now automatically garbage
collected if there are no jobs waiting for them anymore.
* systemctl list-jobs gained two new switches: With --after, every
queued job shows which other queued job is waiting for it; with
--before it shows which other jobs every job is waiting for.
* systemd-nspawn gained support for ephemeral boots from disk images
(or in other words: --ephemeral and --image= may now be
combined). Moreover, ephemeral boots are now supported for normal
directories, even if the backing file system is not btrfs. Of course,
if the file system does not support file system snapshots or
reflinks, the initial copy operation will be relatively expensive, but
this should still be suitable for many use cases.
* Calendar time specifications in .timer units now support
specifications relative to the end of a month by using "~" instead of
"-" as separator between month and day. For example, "*-02~03" means
"The third last day in February". In addition a new syntax for
repeated events has been added using the "/" character. For example,
"9..17/2:00" means "every two hours from 9am to 5pm".
* systemd-socket-proxyd gained a new parameter --connections-max= for
configuring the maximum number of concurrent connections.
* All python scripts shipped with systemd (specifically: the various
tests written in Python) now require Python 3.
* sd-id128 gained a new API for generating unique IDs for the host
that does not leak the machine ID. Specifically,
sd_id128_get_machine_app_specific() derives an ID based on the
machine ID a in well-defined, non-reversible, stable way. This is
useful whenever an identifier for the host is needed but where the
identifier shall not be useful to identify the system beyond the
scope of the application itself. (Internally this uses HMAC-SHA256 as
keyed hash function using the machine ID as input.)
* NotifyAccess= gained a new supported value "exec". When set
notifications are accepted from all processes systemd itself invoked,
including all control processes.
* .nspawn files gained support for defining overlay mounts using the
Overlay= and OverlayReadOnly= options. Previously this functionality
was only available on the systemd-nspawn command line.
* systemd-nspawn's --bind= and --overlay= options gained support for
bind/overlay mounts whose source lies within the container tree by
prefixing the source path with "+".
* systemd-nspawn's --bind= and --overlay= options gained support for
automatically allocating a temporary source directory in /var/tmp
that is removed when the container dies. Specifically, if the source
directory is specified as empty string this mechanism is selected. An
example usage is --overlay=+/var::/var, which creates an overlay
mount based on the original /var contained in the image, overlayed
with a temporary directory in the host's /var/tmp. This way changes
to /var are automatically flushed when the container shuts down.
* .network files gained a new Unmanaged= boolean setting for explicitly
excluding one or more interfaces from management by systemd-networkd.
* systemd-nspawn --image= option does now permit raw file system block
devices (in addition to images containing partition tables, as
before).
* The disk image dissection logic in systemd-nspawn gained support for
automatically setting up LUKS encrypted as well as Verity protected
partitions. When a container is booted from an encrypted image the
passphrase is queried at start-up time. When a container with Verity
data is started, the root hash is search in a ".roothash" file
accompanying the disk image (alternatively, pass the root hash via
the new --root-hash= command line option).
* A new tool /usr/lib/systemd/systemd-dissect has been added that may
be used to dissect disk images the same way as systemd-nspawn does
it, following the Bootable Partition Specification. It may even be
used to mount disk images with complex partition setups (including
LUKS and Verity partitions) to a local host directory, in order to
inspect them. This tool is not considered public API (yet), and is
thus not installed into /usr/bin. Please do not rely on its
existance, since it might go away or be changed in later systemd
versions.
* A new generator "systemd-verity-generator" has been added, similar in
style to "systemd-cryptsetup-generator", permitting automatic setup of
Verity root partitions when systemd boots up. In order to make use of
this your partition setup should follow the Discoverable Partitions
Specification, and the GPT partition ID of the root file system
partition should be identical to the upper 128bit of the Verity root
hash. The GPT partition ID of the Verity partition protecting it
should be the lower 128bit of the Verity root hash. If the partition
image follows this model it is sufficient to specify a single
"roothash=" kernel command line argument to both configure which root
image and verity partition to use as well as the root hash for
it. Note that systemd-nspawn's Verity support follows the same
semantics, meaning that disk images with proper Verity data in place
may be booted in containers with systemd-nspawn as well as on
physical systems via the verity generator. Also note that the "mkosi"
tool available at https://github.com/systemd/mkosi has been updated
to generate Verity protected disk images following this scheme. In
fact, it has been updated to generate disk images that optionally
implement a complete UEFI SecureBoot trust chain, involving a signed
kernel and initrd image that incorporates such a root hash as well as
a Verity-enabled root partition.
* Support for the %c, %r, %R specifiers in unit files has been
removed. Specifiers are not supposed to be dependent on configuration
of unit files themselves (so that they resolve to the same regardless
where used in the unit files), but these options were due to the
existence of the Slice= option.
* The various options in the [Match] section of .network files gained
support for negative matching.
* The hardware database (hwdb) udev supports has been updated to carry
accelerometer quirks.
* All system services are now run with a fresh kernel keyring set up
for them. The invocation ID is stored by default in it, thus
providing a safe, non-overridable way to determine the invocation
ID of each service.
* Service unit files gained new BindPaths= and BindReadOnlyPaths=
options for bind mounting arbitrary paths in a service-specific
way. When these options are used, arbitrary host or service files and
directories may be mounted to arbitrary locations in the service's
view.
* Documentation has been added that lists all of systemd's low-level
environment variables:
https://github.com/systemd/systemd/blob/master/ENVIRONMENT.md
* sd-daemon gained a new API sd_is_socket_sockaddr() for determining
whether a specific socket file descriptor matches a specified socket
address.
* systemd-firstboot has been updated to check for the
systemd.firstboot= kernel command line option. It accepts a boolean
and when set to false the first boot questions are skipped.
* The systemd-networkd ProxyARP= option has been renamed to
IPV4ProxyARP=. Similar, VXLAN-specific option ARPProxy= has been
renamed to ReduceARPProxy=. The old names continue to be available
for compatibility.
* systemd-networkd's bonding device support gained support for two new
configuration options ActiveSlave= and PrimarySlave=.
* systemd-fstab-generator has been updated to check for the
systemd.volatile= kernel command line option, which either takes a
boolean parameter or the special value "state". If used the system
may be booted in a "volatile" boot mode. Specifically,
systemd.volatile=yes is used, the root directory will be mounted as
tmpfs, and only /usr is mounted from the actual root file system. If
systemd.volatile=state is used, the root directory will be mounted as
usual, but /var is mounted as tmpfs. This concept provides similar
functionality as systemd-nspawn's --volatile= option, but provides it
on physical boots. Use this option for implementing stateless
systems, or testing systems with all state and/or configuration reset
to the defaults. (Note though that many distributions are not
prepared to boot up without a populated /etc or /var, though)
* systemd-gpt-auto-generator gained support for LUKS encrypted root
partitions. Previously it only supported LUKS encrypted partitions
for all other uses, except for the root partition itself.
* Socket units gained support for listening on AF_VSOCK sockets for
communication in virtualized QEMU environments.
* The "configure" script gained a new option --with-fallback-hostname=
for specifying the fallback hostname to use if none is configured in
/etc/hostname. For example, by specifying
--with-fallback-hostname=fedora it is possible to default to a
hostname of "fedora" when the user didn't specify anything
explicitly.
* systemd-cgls gained support for a new --unit= switch for listing only
the control groups of a specific unit. Similar --user-unit= has been
added for listing only the control groups of a specific user unit.
* systemd-mount gained a new --umount switch for unmounting a mount or
automount point (and all mount/automount points below it).
* systemd will now refuse full configuration reloads (via systemctl
daemon-reload and related calls) unless at least 16MiB of free space
are available in /run. This is a safety precaution in order to ensure
that generators can safely operate after the reload completed.
* A new unit file option RootImage= has been added, which has a similar
effect as RootDirectory= but mounts the service's root directory from
a disk image instead of plain directory. This logic reuses the same
image dissection and mount logic that systemd-nspawn already uses,
and hence supports any disk images systemd-nspawn supports, including
those following the Discoverable Partition Specification, as well as
Verity enabled images. This option enables systemd to run system
services directly off disk images acting as resource bundles,
possibly even including full integrity data.
* A new MountAPIVFS= unit file option has been added, taking a boolean
argument. If enabled /proc, /sys and /dev (collectively called the
"API VFS") will be mounted for the service. This is only relevant if
RootDirectory= or RootImage= is used for the service, as these mounts
are of course in place in the host mount namespace anyway.
* systemd-nspawn gained support for a new --pivot-root= switch. If
specified the root directory within the container image is pivoted to
the specified mount point, while the original root disk is moved to a
different place. This option enables booting of ostree images
directly with systemd-nspawn.
* systemd-networkd gained support for configuring IPv6 Proxy NDP
addresses via the new IPv6ProxyNDPAddress= .network file setting.
* The systemd build scripts will no longer complain if the NTP server
addresses are not changed from the defaults. Google is now supporting
these NTP servers officially. We still recommend downstreams to
properly register an NTP pool with the NTP pool project though.
* coredumpctl gained new new "--reverse" option for printing the list
of coredumps in reverse order.
* The systemd-coredump logic has been improved so that it may be reused
for collecting backtraces in non-compiled languages, for example in
scripting languages such as Python.
* machinectl will now show the UID shift of local containers, if user
namespacing is enabled for them.
* systemd will now optionally run "environment generator" binaries at
configuration load time. They may be used to add environment
variables to the environment block passed to services invoked. One
user environment generator is shipped by default that sets up
environment variables based on files dropped into
~/.config/environment.d/.
Contributions from: Adrián López, Alexander Galanin, Alexander
Kochetkov, Alexandros Frantzis, Andrey Ulanov, Antoine Eiche, Baruch
Siach, Bastien Nocera, Benjamin Robin, Björn, Brandon Philips, Cédric
Schieli, Charles (Chas) Williams, Christian Hesse, Daniele Medri,
Daniel Drake, Daniel Rusek, Daniel Wagner, Dan Streetman, Dave Reisner,
David Glasser, David Herrmann, David Michael, Djalal Harouni, Dmitry
Khlebnikov, Dmitry Rozhkov, Dongsu Park, Douglas Christman, Earnestly,
Emil Soleyman, Eric Cook, Evgeny Vereshchagin, Felipe Sateler, Fionn
Cleary, Florian Klink, Francesco Brozzu, Franck Bui, Gabriel Rauter,
Gianluca Boiano, Graeme Lawes, Hans de Goede, Harald Hoyer, Ian
Kelling, Ivan Shapovalov, Jakub Wilk, Janne Heß, Jan Synacek, Jason
Reeder, Jonathan Boulle, Jörg Thalheim, Jouke Witteveen, Karl Kraus,
Kees Cook, Keith Busch, Kieran Colford, kilian-k, Lennart Poettering,
Lubomir Rintel, Lucas Werkmeister, Lukas Rusak, Maarten de Vries, Maks
Naumov, Mantas Mikulėnas, Marc-Andre Lureau, Marcin Bachry, Mark
Stosberg, Martin Ejdestig, Martin Pitt, micah, Michael Biebl, Michael
Shields, Michal Schmidt, Michal Sekletar, Michel Kraus, Mike Gilbert,
Mirza Krak, Namhyung Kim, nikolaof, peoronoob, Peter Hutterer, Peter
Körner, Philip Withnall, Piotr Drąg, Ray Strode, Reverend Homer,
Rike-Benjamin Schuppner, Robert Kreuzer, Ronny Chevalier, Ruslan
Bilovol, sammynx, Sergey Ptashnick, Sergiusz Urbaniak, Stefan Berger,
Stefan Hajnoczi, Stefan Schweter, Susant Sahani, Sylvain Plantefève,
Taylor Smock, Thomas Blume, Thomas H. P. Andersen, Tobias Stoeckmann,
Tom Gundersen, Torstein Husebø, Viktar Vaŭčkievič, Viktor Mihajlovski,
Waldemar Brodkorb, Walter Garcia-Fontes, Wim de With, Yassine
Imounachen, Yi EungJun, Yu Watanabe, Zbigniew Jędrzejewski-Szmek,
Александр Тихонов
— Berlin, 2017-02-XX
CHANGES WITH 232:
* udev now runs with MemoryDenyWriteExecute=, RestrictRealtime= and
RestrictAddressFamilies= enabled. These sandboxing options should
generally be compatible with the various external udev call-out
binaries we are aware of, however there may be exceptions, in
particular when exotic languages for these call-outs are used. In
this case, consider turning off these settings locally.
* The new RemoveIPC= option can be used to remove IPC objects owned by
the user or group of a service when that service exits.
* The new ProtectKernelModules= option can be used to disable explicit
load and unload operations of kernel modules by a service. In
addition access to /usr/lib/modules is removed if this option is set.
* ProtectSystem= option gained a new value "strict", which causes the
whole file system tree with the exception of /dev, /proc, and /sys,
to be remounted read-only for a service.
* The new ProtectKernelTunables= option can be used to disable
modification of configuration files in /sys and /proc by a service.
Various directories and files are remounted read-only, so access is
restricted even if the file permissions would allow it.
* The new ProtectControlGroups= option can be used to disable write
access by a service to /sys/fs/cgroup.
* Various systemd services have been hardened with
ProtectKernelTunables=yes, ProtectControlGroups=yes,
RestrictAddressFamilies=.
* Support for dynamically creating users for the lifetime of a service
has been added. If DynamicUser=yes is specified, user and group IDs
will be allocated from the range 61184..65519 for the lifetime of the
service. They can be resolved using the new nss-systemd.so NSS
module. The module must be enabled in /etc/nsswitch.conf. Services
started in this way have PrivateTmp= and RemoveIPC= enabled, so that
any resources allocated by the service will be cleaned up when the
service exits. They also have ProtectHome=read-only and
ProtectSystem=strict enabled, so they are not able to make any
permanent modifications to the system.
* The nss-systemd module also always resolves root and nobody, making
it possible to have no /etc/passwd or /etc/group files in minimal
container or chroot environments.
* Services may be started with their own user namespace using the new
boolean PrivateUsers= option. Only root, nobody, and the uid/gid
under which the service is running are mapped. All other users are
mapped to nobody.
* Support for the cgroup namespace has been added to systemd-nspawn. If
supported by kernel, the container system started by systemd-nspawn
will have its own view of the cgroup hierarchy. This new behaviour
can be disabled using $SYSTEMD_NSPAWN_USE_CGNS environment variable.
* The new MemorySwapMax= option can be used to limit the maximum swap
usage under the unified cgroup hierarchy.
* Support for the CPU controller in the unified cgroup hierarchy has
been added, via the CPUWeight=, CPUStartupWeight=, CPUAccounting=
options. This controller requires out-of-tree patches for the kernel
and the support is provisional.
* Mount and automount units may now be created transiently
(i.e. dynamically at runtime via the bus API, instead of requiring
unit files in the file system).
* systemd-mount is a new tool which may mount file systems – much like
mount(8), optionally pulling in additional dependencies through
transient .mount and .automount units. For example, this tool
automatically runs fsck on a backing block device before mounting,
and allows the automount logic to be used dynamically from the
command line for establishing mount points. This tool is particularly
useful when dealing with removable media, as it will ensure fsck is
run – if necessary – before the first access and that the file system
is quickly unmounted after each access by utilizing the automount
logic. This maximizes the chance that the file system on the
removable media stays in a clean state, and if it isn't in a clean
state is fixed automatically.
* LazyUnmount=yes option for mount units has been added to expose the
umount --lazy option. Similarly, ForceUnmount=yes exposes the --force
option.
* /efi will be used as the mount point of the EFI boot partition, if
the directory is present, and the mount point was not configured
through other means (e.g. fstab). If /efi directory does not exist,
/boot will be used as before. This makes it easier to automatically
mount the EFI partition on systems where /boot is used for something
else.
* When operating on GPT disk images for containers, systemd-nspawn will
now mount the ESP to /boot or /efi according to the same rules as PID
1 running on a host. This allows tools like "bootctl" to operate
correctly within such containers, in order to make container images
bootable on physical systems.
* disk/by-id and disk/by-path symlinks are now created for NVMe drives.
* Two new user session targets have been added to support running
graphical sessions under the systemd --user instance:
graphical-session.target and graphical-session-pre.target. See
systemd.special(7) for a description of how those targets should be
used.
* The vconsole initialization code has been significantly reworked to
use KD_FONT_OP_GET/SET ioctls instead of KD_FONT_OP_COPY and better
support unicode keymaps. Font and keymap configuration will now be
copied to all allocated virtual consoles.
* FreeBSD's bhyve virtualization is now detected.
* Information recorded in the journal for core dumps now includes the
contents of /proc/mountinfo and the command line of the process at
the top of the process hierarchy (which is usually the init process
of the container).
* systemd-journal-gatewayd learned the --directory= option to serve
files from the specified location.
* journalctl --root=… can be used to peruse the journal in the
/var/log/ directories inside of a container tree. This is similar to
the existing --machine= option, but does not require the container to
be active.
* The hardware database has been extended to support
ID_INPUT_TRACKBALL, used in addition to ID_INPUT_MOUSE to identify
trackball devices.
MOUSE_WHEEL_CLICK_ANGLE_HORIZONTAL hwdb property has been added to
specify the click rate for mice which include a horizontal wheel with
a click rate that is different than the one for the vertical wheel.
* systemd-run gained a new --wait option that makes service execution
synchronous. (Specifically, the command will not return until the
specified service binary exited.)
* systemctl gained a new --wait option that causes the start command to
wait until the units being started have terminated again.
* A new journal output mode "short-full" has been added which displays
timestamps with abbreviated English day names and adds a timezone
suffix. Those timestamps include more information than the default
"short" output mode, and can be passed directly to journalctl's
--since= and --until= options.
* /etc/resolv.conf will be bind-mounted into containers started by
systemd-nspawn, if possible, so any changes to resolv.conf contents
are automatically propagated to the container.
* The number of instances for socket-activated services originating
from a single IP address can be limited with
MaxConnectionsPerSource=, extending the existing setting of
MaxConnections=.
* systemd-networkd gained support for vcan ("Virtual CAN") interface
configuration.
* .netdev and .network configuration can now be extended through
drop-ins.
* UDP Segmentation Offload, TCP Segmentation Offload, Generic
Segmentation Offload, Generic Receive Offload, Large Receive Offload
can be enabled and disabled using the new UDPSegmentationOffload=,
TCPSegmentationOffload=, GenericSegmentationOffload=,
GenericReceiveOffload=, LargeReceiveOffload= options in the
[Link] section of .link files.
* The Spanning Tree Protocol, Priority, Aging Time, and the Default
Port VLAN ID can be configured for bridge devices using the new STP=,
Priority=, AgeingTimeSec=, and DefaultPVID= settings in the [Bridge]
section of .netdev files.
* The route table to which routes received over DHCP or RA should be
added can be configured with the new RouteTable= option in the [DHCP]
and [IPv6AcceptRA] sections of .network files.
* The Address Resolution Protocol can be disabled on links managed by
systemd-networkd using the ARP=no setting in the [Link] section of
.network files.
* New environment variables $SERVICE_RESULT, $EXIT_CODE and
$EXIT_STATUS are set for ExecStop= and ExecStopPost= commands, and
encode information about the result and exit codes of the current
service runtime cycle.
* systemd-sysctl will now configure kernel parameters in the order
they occur in the configuration files. This matches what sysctl
has been traditionally doing.
* kernel-install "plugins" that are executed to perform various
tasks after a new kernel is added and before an old one is removed
can now return a special value to terminate the procedure and
prevent any later plugins from running.
* Journald's SplitMode=login setting has been deprecated. It has been
removed from documentation, and its use is discouraged. In a future
release it will be completely removed, and made equivalent to current
default of SplitMode=uid.
* Storage=both option setting in /etc/systemd/coredump.conf has been
removed. With fast LZ4 compression storing the core dump twice is not
useful.
* The --share-system systemd-nspawn option has been replaced with an
(undocumented) variable $SYSTEMD_NSPAWN_SHARE_SYSTEM, but the use of
this functionality is discouraged. In addition the variables
$SYSTEMD_NSPAWN_SHARE_NS_IPC, $SYSTEMD_NSPAWN_SHARE_NS_PID,
$SYSTEMD_NSPAWN_SHARE_NS_UTS may be used to control the unsharing of
individual namespaces.
* "machinectl list" now shows the IP address of running containers in
the output, as well as OS release information.
* "loginctl list" now shows the TTY of each session in the output.
* sd-bus gained new API calls sd_bus_track_set_recursive(),
sd_bus_track_get_recursive(), sd_bus_track_count_name(),
sd_bus_track_count_sender(). They permit usage of sd_bus_track peer
tracking objects in a "recursive" mode, where a single client can be
counted multiple times, if it takes multiple references.
* sd-bus gained new API calls sd_bus_set_exit_on_disconnect() and
sd_bus_get_exit_on_disconnect(). They may be used to to make a
process using sd-bus automatically exit if the bus connection is
severed.
* Bus clients of the service manager may now "pin" loaded units into
memory, by taking an explicit reference on them. This is useful to
ensure the client can retrieve runtime data about the service even
after the service completed execution. Taking such a reference is
available only for privileged clients and should be helpful to watch
running services in a race-free manner, and in particular collect
information about exit statuses and results.
* The nss-resolve module has been changed to strictly return UNAVAIL
when communication via D-Bus with resolved failed, and NOTFOUND when
a lookup completed but was negative. This means it is now possible to
neatly configure fallbacks using nsswitch.conf result checking
expressions. Taking benefit of this, the new recommended
configuration line for the "hosts" entry in /etc/nsswitch.conf is:
hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
* A new setting CtrlAltDelBurstAction= has been added to
/etc/systemd/system.conf which may be used to configure the precise
behaviour if the user on the console presses Ctrl-Alt-Del more often
than 7 times in 2s. Previously this would unconditionally result in
an expedited, immediate reboot. With this new setting the precise
operation may be configured in more detail, and also turned off
entirely.
* In .netdev files two new settings RemoteChecksumTx= and
RemoteChecksumRx= are now understood that permit configuring the
remote checksumming logic for VXLAN networks.
* The service manager learnt a new "invocation ID" concept for invoked
services. Each runtime cycle of a service will get a new invocation
ID (a 128bit random UUID) assigned that identifies the current
run of the service uniquely and globally. A new invocation ID
is generated each time a service starts up. The journal will store
the invocation ID of a service along with any logged messages, thus
making the invocation ID useful for matching the online runtime of a
service with the offline log data it generated in a safe way without
relying on synchronized timestamps. In many ways this new service
invocation ID concept is similar to the kernel's boot ID concept that
uniquely and globally identifies the runtime of each boot. The
invocation ID of a service is passed to the service itself via an
environment variable ($INVOCATION_ID). A new bus call
GetUnitByInvocationID() has been added that is similar to GetUnit()
but instead of retrieving the bus path for a unit by its name
retrieves it by its invocation ID. The returned path is valid only as
long as the passed invocation ID is current.
* systemd-resolved gained a new "DNSStubListener" setting in
resolved.conf. It either takes a boolean value or the special values
"udp" and "tcp", and configures whether to enable the stub DNS
listener on 127.0.0.53:53.
* IP addresses configured via networkd may now carry additional
configuration settings supported by the kernel. New options include:
HomeAddress=, DuplicateAddressDetection=, ManageTemporaryAddress=,
PrefixRoute=, AutoJoin=.
* The PAM configuration fragment file for "user@.service" shipped with
systemd (i.e. the --user instance of systemd) has been stripped to
the minimum necessary to make the system boot. Previously, it
contained Fedora-specific stanzas that did not apply to other
distributions. It is expected that downstream distributions add
additional configuration lines, matching their needs to this file,
using it only as rough template of what systemd itself needs. Note
that this reduced fragment does not even include an invocation of
pam_limits which most distributions probably want to add, even though
systemd itself does not need it. (There's also the new build time
option --with-pamconfdir=no to disable installation of the PAM
fragment entirely.)
* If PrivateDevices=yes is set for a service the CAP_SYS_RAWIO
capability is now also dropped from its set (in addition to
CAP_SYS_MKNOD as before).
* In service unit files it is now possible to connect a specific named
file descriptor with stdin/stdout/stdout of an executed service. The
name may be specified in matching .socket units using the
FileDescriptorName= setting.
* A number of journal settings may now be configured on the kernel
command line. Specifically, the following options are now understood:
systemd.journald.max_level_console=,
systemd.journald.max_level_store=,
systemd.journald.max_level_syslog=, systemd.journald.max_level_kmsg=,
systemd.journald.max_level_wall=.
* "systemctl is-enabled --full" will now show by which symlinks a unit
file is enabled in the unit dependency tree.
* Support for VeraCrypt encrypted partitions has been added to the
"cryptsetup" logic and /etc/crypttab.
* systemd-detect-virt gained support for a new --private-users switch
that checks whether the invoking processes are running inside a user
namespace. Similar, a new special value "private-users" for the
existing ConditionVirtualization= setting has been added, permitting
skipping of specific units in user namespace environments.
Contributions from: Alban Crequy, Alexander Kuleshov, Alfie John,
Andreas Henriksson, Andrew Jeddeloh, Balázs Úr, Bart Rulon, Benjamin
Richter, Ben Gamari, Ben Harris, Brian J. Murrell, Christian Brauner,
Christian Rebischke, Clinton Roy, Colin Walters, Cristian Rodríguez,
Daniel Hahler, Daniel Mack, Daniel Maixner, Daniel Rusek, Dan Dedrick,
Davide Cavalca, David Herrmann, David Michael, Dennis Wassenberg,
Djalal Harouni, Dongsu Park, Douglas Christman, Elias Probst, Eric
Cook, Erik Karlsson, Evgeny Vereshchagin, Felipe Sateler, Felix Zhang,
Franck Bui, George Hilliard, Giuseppe Scrivano, HATAYAMA Daisuke,
Heikki Kemppainen, Hendrik Brueckner, hi117, Ismo Puustinen, Ivan
Shapovalov, Jakub Filak, Jakub Wilk, Jan Synacek, Jason Kölker,
Jean-Sébastien Bour, Jiří Pírko, Jonathan Boulle, Jorge Niedbalski,
Keith Busch, kristbaum, Kyle Russell, Lans Zhang, Lennart Poettering,
Leonardo Brondani Schenkel, Lucas Werkmeister, Luca Bruno, Lukáš
Nykrýn, Maciek Borzecki, Mantas Mikulėnas, Marc-Antoine Perennou,
Marcel Holtmann, Marcos Mello, Martin Ejdestig, Martin Pitt, Matej
Habrnal, Maxime de Roucy, Michael Biebl, Michael Chapman, Michael Hoy,
Michael Olbrich, Michael Pope, Michal Sekletar, Michal Soltys, Mike
Gilbert, Nick Owens, Patrik Flykt, Paweł Szewczyk, Peter Hutterer,
Piotr Drąg, Reid Price, Richard W.M. Jones, Roman Stingler, Ronny
Chevalier, Seraphime Kirkovski, Stefan Schweter, Steve Muir, Susant
Sahani, Tejun Heo, Thomas Blume, Thomas H. P. Andersen, Tiago Levit,
Tobias Jungel, Tomáš Janoušek, Topi Miettinen, Torstein Husebø, Umut
Tezduyar Lindskog, Vito Caputo, WaLyong Cho, Wilhelm Schuster, Yann
E. MORIN, Yi EungJun, Yuki Inoguchi, Yu Watanabe, Zbigniew
Jędrzejewski-Szmek, Zeal Jagannatha
— Santa Fe, 2016-11-03
CHANGES WITH 231:
* In service units the various ExecXYZ= settings have been extended
with an additional special character as first argument of the
assigned value: if the character '+' is used the specified command
line it will be run with full privileges, regardless of User=,
Group=, CapabilityBoundingSet= and similar options. The effect is
similar to the existing PermissionsStartOnly= option, but allows
configuration of this concept for each executed command line
independently.
* Services may now alter the service watchdog timeout at runtime by
sending a WATCHDOG_USEC= message via sd_notify().
* MemoryLimit= and related unit settings now optionally take percentage
specifications. The percentage is taken relative to the amount of
physical memory in the system (or in case of containers, the assigned
amount of memory). This allows scaling service resources neatly with
the amount of RAM available on the system. Similarly, systemd-logind's
RuntimeDirectorySize= option now also optionally takes percentage
values.
* In similar fashion TasksMax= takes percentage values now, too. The
value is taken relative to the configured maximum number of processes
on the system. The per-service task maximum has been changed to 15%
using this functionality. (Effectively this is an increase of 512 →
4915 for service units, given the kernel's default pid_max setting.)
* Calendar time specifications in .timer units now understand a ".."
syntax for time ranges. Example: "4..7:10" may now be used for
defining a timer that is triggered at 4:10am, 5:10am, 6:10am and
7:10am every day.
* The InaccessableDirectories=, ReadOnlyDirectories= and
ReadWriteDirectories= unit file settings have been renamed to
InaccessablePaths=, ReadOnlyPaths= and ReadWritePaths= and may now be
applied to all kinds of file nodes, and not just directories, with
the exception of symlinks. Specifically these settings may now be
used on block and character device nodes, UNIX sockets and FIFOS as
well as regular files. The old names of these settings remain
available for compatibility.
* systemd will now log about all service processes it kills forcibly
(using SIGKILL) because they remained after the clean shutdown phase
of the service completed. This should help identifying services that
shut down uncleanly. Moreover if KillUserProcesses= is enabled in
systemd-logind's configuration a similar log message is generated for
processes killed at the end of each session due to this setting.
* systemd will now set the $JOURNAL_STREAM environment variable for all
services whose stdout/stderr are connected to the Journal (which
effectively means by default: all services). The variable contains
the device and inode number of the file descriptor used for
stdout/stderr. This may be used by invoked programs to detect whether
their stdout/stderr is connected to the Journal, in which case they
can switch over to direct Journal communication, thus being able to
pass extended, structured metadata along with their log messages. As
one example, this is now used by glib's logging primitives.
* When using systemd's default tmp.mount unit for /tmp, the mount point
will now be established with the "nosuid" and "nodev" options. This
avoids privilege escalation attacks that put traps and exploits into
/tmp. However, this might cause problems if you e. g. put container
images or overlays into /tmp; if you need this, override tmp.mount's
"Options=" with a drop-in, or mount /tmp from /etc/fstab with your
desired options.
* systemd now supports the "memory" cgroup controller also on
cgroupsv2.
* The systemd-cgtop tool now optionally takes a control group path as
command line argument. If specified, the control group list shown is
limited to subgroups of that group.
* The SystemCallFilter= unit file setting gained support for
pre-defined, named system call filter sets. For example
SystemCallFilter=@clock is now an effective way to make all clock
changing-related system calls unavailable to a service. A number of
similar pre-defined groups are defined. Writing system call filters
for system services is simplified substantially with this new
concept. Accordingly, all of systemd's own, long-running services now
enable system call filtering based on this, by default.
* A new service setting MemoryDenyWriteExecute= has been added, taking
a boolean value. If turned on, a service may no longer create memory
mappings that are writable and executable at the same time. This
enhances security for services where this is enabled as it becomes
harder to dynamically write and then execute memory in exploited
service processes. This option has been enabled for all of systemd's
own long-running services.
* A new RestrictRealtime= service setting has been added, taking a
boolean argument. If set the service's processes may no longer
acquire realtime scheduling. This improves security as realtime
scheduling may otherwise be used to easily freeze the system.
* systemd-nspawn gained a new switch --notify-ready= taking a boolean
value. This may be used for requesting that the system manager inside
of the container reports start-up completion to nspawn which then
propagates this notification further to the service manager
supervising nspawn itself. A related option NotifyReady= in .nspawn
files has been added too. This functionality allows ordering of the
start-up of multiple containers using the usual systemd ordering
primitives.
* machinectl gained a new command "stop" that is an alias for
"terminate".
* systemd-resolved gained support for contacting DNS servers on
link-local IPv6 addresses.
* If systemd-resolved receives the SIGUSR2 signal it will now flush all
its caches. A method call for requesting the same operation has been
added to the bus API too, and is made available via "systemd-resolve
--flush-caches".
* systemd-resolve gained a new --status switch. If passed a brief
summary of the used DNS configuration with per-interface information
is shown.
* resolved.conf gained a new Cache= boolean option, defaulting to
on. If turned off local DNS caching is disabled. This comes with a
performance penalty in particular when DNSSEC is enabled. Note that
resolved disables its internal caching implicitly anyway, when the
configured DNS server is on a host-local IP address such as ::1 or
127.0.0.1, thus automatically avoiding double local caching.
* systemd-resolved now listens on the local IP address 127.0.0.53:53
for DNS requests. This improves compatibility with local programs
that do not use the libc NSS or systemd-resolved's bus APIs for name
resolution. This minimal DNS service is only available to local
programs and does not implement the full DNS protocol, but enough to
cover local DNS clients. A new, static resolv.conf file, listing just
this DNS server is now shipped in /usr/lib/systemd/resolv.conf. It is
now recommended to make /etc/resolv.conf a symlink to this file in
order to route all DNS lookups to systemd-resolved, regardless if
done via NSS, the bus API or raw DNS packets. Note that this local
DNS service is not as fully featured as the libc NSS or
systemd-resolved's bus APIs. For example, as unicast DNS cannot be
used to deliver link-local address information (as this implies
sending a local interface index along), LLMNR/mDNS support via this
interface is severely restricted. It is thus strongly recommended for
all applications to use the libc NSS API or native systemd-resolved
bus API instead.
* systemd-networkd's bridge support learned a new setting
VLANFiltering= for controlling VLAN filtering. Moreover a new section
in .network files has been added for configuring VLAN bridging in
more detail: VLAN=, EgressUntagged=, PVID= in [BridgeVLAN].
* systemd-networkd's IPv6 Router Advertisement code now makes use of
the DNSSL and RDNSS options. This means IPv6 DNS configuration may
now be acquired without relying on DHCPv6. Two new options
UseDomains= and UseDNS= have been added to configure this behaviour.
* systemd-networkd's IPv6AcceptRouterAdvertisements= option has been
renamed IPv6AcceptRA=, without altering its behaviour. The old
setting name remains available for compatibility reasons.
* The systemd-networkd VTI/VTI6 tunneling support gained new options
Key=, InputKey= and OutputKey=.
* systemd-networkd gained support for VRF ("Virtual Routing Function")
interface configuration.
* "systemctl edit" may now be used to create new unit files by
specifying the --force switch.
* sd-event gained a new function sd_event_get_iteration() for
requesting the current iteration counter of the event loop. It starts
at zero and is increased by one with each event loop iteration.
* A new rpm macro %systemd_ordering is provided by the macros.systemd
file. It can be used in lieu of %systemd_requires in packages which
don't use any systemd functionality and are intended to be installed
in minimal containers without systemd present. This macro provides
ordering dependencies to ensure that if the package is installed in
the same rpm transaction as systemd, systemd will be installed before
the scriptlets for the package are executed, allowing unit presets
to be handled.
New macros %_systemdgeneratordir and %_systemdusergeneratordir have
been added to simplify packaging of generators.
* The os-release file gained VERSION_CODENAME field for the
distribution nickname (e.g. VERSION_CODENAME=woody).
* New udev property UDEV_DISABLE_PERSISTENT_STORAGE_RULES_FLAG=1
can be set to disable parsing of metadata and the creation
of persistent symlinks for that device.
* The v230 change to tag framebuffer devices (/dev/fb*) with "uaccess"
to make them available to logged-in users has been reverted.
* Much of the common code of the various systemd components is now
built into an internal shared library libsystemd-shared-231.so
(incorporating the systemd version number in the name, to be updated
with future releases) that the components link to. This should
decrease systemd footprint both in memory during runtime and on
disk. Note that the shared library is not for public use, and is
neither API not ABI stable, but is likely to change with every new
released update. Packagers need to make sure that binaries
linking to libsystemd-shared.so are updated in step with the
library.
* Configuration for "mkosi" is now part of the systemd
repository. mkosi is a tool to easily build legacy-free OS images,
and is available on github: https://github.com/systemd/mkosi. If
"mkosi" is invoked in the build tree a new raw OS image is generated
incorporating the systemd sources currently being worked on and a
clean, fresh distribution installation. The generated OS image may be
booted up with "systemd-nspawn -b -i", qemu-kvm or on any physical
UEFI PC. This functionality is particularly useful to easily test
local changes made to systemd in a pristine, defined environment. See
HACKING for details.
* configure learned the --with-support-url= option to specify the
distribution's bugtracker.
Contributions from: Alban Crequy, Alessandro Puccetti, Alessio Igor
Bogani, Alexander Kuleshov, Alexander Kurtz, Alex Gaynor, Andika
Triwidada, Andreas Pokorny, Andreas Rammhold, Andrew Jeddeloh, Ansgar
Burchardt, Atrotors, Benjamin Drung, Brian Boylston, Christian Hesse,
Christian Rebischke, Daniele Medri, Daniel Mack, Dave Reisner, David
Herrmann, David Michael, Djalal Harouni, Douglas Christman, Elias
Probst, Evgeny Vereshchagin, Federico Mena Quintero, Felipe Sateler,
Franck Bui, Harald Hoyer, Ian Lee, Ivan Shapovalov, Jakub Wilk, Jan
Janssen, Jean-Sébastien Bour, John Paul Adrian Glaubitz, Jouke
Witteveen, Kai Ruhnau, kpengboy, Kyle Walker, Lénaïc Huard, Lennart
Poettering, Luca Bruno, Lukas Lösche, Lukáš Nykrýn, mahkoh, Marcel
Holtmann, Martin Pitt, Marty Plummer, Matthieu Codron, Max Prokhorov,
Michael Biebl, Michael Karcher, Michael Olbrich, Michał Bartoszkiewicz,
Michal Sekletar, Michal Soltys, Minkyung, Muhammet Kara, mulkieran,
Otto Wallenius, Pablo Lezaeta Reyes, Peter Hutterer, Ronny Chevalier,
Rusty Bird, Stef Walter, Susant Sahani, Tejun Heo, Thomas Blume, Thomas
Haller, Thomas H. P. Andersen, Tobias Jungel, Tom Gundersen, Tom Yan,
Topi Miettinen, Torstein Husebø, Valentin Vidić, Viktar Vaŭčkievič,
WaLyong Cho, Weng Xuetian, Werner Fink, Zbigniew Jędrzejewski-Szmek
— Berlin, 2016-07-25
CHANGES WITH 230:
* DNSSEC is now turned on by default in systemd-resolved (in
"allow-downgrade" mode), but may be turned off during compile time by
passing "--with-default-dnssec=no" to "configure" (and of course,
during runtime with DNSSEC= in resolved.conf). We recommend
downstreams to leave this on at least during development cycles and
report any issues with the DNSSEC logic upstream. We are very
interested in collecting feedback about the DNSSEC validator and its
limitations in the wild. Note however, that DNSSEC support is
probably nothing downstreams should turn on in stable distros just
yet, as it might create incompatibilities with a few DNS servers and
networks. We tried hard to make sure we downgrade to non-DNSSEC mode
automatically whenever we detect such incompatible setups, but there
might be systems we do not cover yet. Hence: please help us testing
the DNSSEC code, leave this on where you can, report back, but then
again don't consider turning this on in your stable, LTS or
production release just yet. (Note that you have to enable
nss-resolve in /etc/nsswitch.conf, to actually use systemd-resolved
and its DNSSEC mode for host name resolution from local
applications.)
* systemd-resolve conveniently resolves DANE records with the --tlsa
option and OPENPGPKEY records with the --openpgp option. It also
supports dumping raw DNS record data via the new --raw= switch.
* systemd-logind will now by default terminate user processes that are
part of the user session scope unit (session-XX.scope) when the user
logs out. This behavior is controlled by the KillUserProcesses=
setting in logind.conf, and the previous default of "no" is now
changed to "yes". This means that user sessions will be properly
cleaned up after, but additional steps are necessary to allow
intentionally long-running processes to survive logout.
While the user is logged in at least once, user@.service is running,
and any service that should survive the end of any individual login
session can be started at a user service or scope using systemd-run.
systemd-run(1) man page has been extended with an example which shows
how to run screen in a scope unit underneath user@.service. The same
command works for tmux.
After the user logs out of all sessions, user@.service will be
terminated too, by default, unless the user has "lingering" enabled.
To effectively allow users to run long-term tasks even if they are
logged out, lingering must be enabled for them. See loginctl(1) for
details. The default polkit policy was modified to allow users to
set lingering for themselves without authentication.
Previous defaults can be restored at compile time by the
--without-kill-user-processes option to "configure".
* systemd-logind gained new configuration settings SessionsMax= and
InhibitorsMax=, both with a default of 8192. It will not register new
user sessions or inhibitors above this limit.
* systemd-logind will now reload configuration on SIGHUP.
* The unified cgroup hierarchy added in Linux 4.5 is now supported.
Use systemd.unified_cgroup_hierarchy=1 on the kernel command line to
enable. Also, support for the "io" cgroup controller in the unified
hierarchy has been added, so that the "memory", "pids" and "io" are
now the controllers that are supported on the unified hierarchy.
WARNING: it is not possible to use previous systemd versions with
systemd.unified_cgroup_hierarchy=1 and the new kernel. Therefore it
is necessary to also update systemd in the initramfs if using the
unified hierarchy. An updated SELinux policy is also required.
* LLDP support has been extended, and both passive (receive-only) and
active (sender) modes are supported. Passive mode ("routers-only") is
enabled by default in systemd-networkd. Active LLDP mode is enabled
by default for containers on the internal network. The "networkctl
lldp" command may be used to list information gathered. "networkctl
status" will also show basic LLDP information on connected peers now.
* The IAID and DUID unique identifier sent in DHCP requests may now be
configured for the system and each .network file managed by
systemd-networkd using the DUIDType=, DUIDRawData=, IAID= options.
* systemd-networkd gained support for configuring proxy ARP support for
each interface, via the ProxyArp= setting in .network files. It also
gained support for configuring the multicast querier feature of
bridge devices, via the new MulticastQuerier= setting in .netdev
files. Similarly, snooping on the IGMP traffic can be controlled
via the new setting MulticastSnooping=.
A new setting PreferredLifetime= has been added for addresses
configured in .network file to configure the lifetime intended for an
address.
The systemd-networkd DHCP server gained the option EmitRouter=, which
defaults to yes, to configure whether the DHCP Option 3 (Router)
should be emitted.
* The testing tool /usr/lib/systemd/systemd-activate is renamed to
systemd-socket-activate and installed into /usr/bin. It is now fully
supported.
* systemd-journald now uses separate threads to flush changes to disk
when closing journal files, thus reducing impact of slow disk I/O on
logging performance.
* The sd-journal API gained two new calls
sd_journal_open_directory_fd() and sd_journal_open_files_fd() which
can be used to open journal files using file descriptors instead of
file or directory paths. sd_journal_open_container() has been
deprecated, sd_journal_open_directory_fd() should be used instead
with the flag SD_JOURNAL_OS_ROOT.
* journalctl learned a new output mode "-o short-unix" that outputs log
lines prefixed by their UNIX time (i.e. seconds since Jan 1st, 1970
UTC). It also gained support for a new --no-hostname setting to
suppress the hostname column in the family of "short" output modes.
* systemd-ask-password now optionally skips printing of the password to
stdout with --no-output which can be useful in scripts.
* Framebuffer devices (/dev/fb*) and 3D printers and scanners
(devices tagged with ID_MAKER_TOOL) are now tagged with
"uaccess" and are available to logged in users.
* The DeviceAllow= unit setting now supports specifiers (with "%").
* "systemctl show" gained a new --value switch, which allows print a
only the contents of a specific unit property, without also printing
the property's name. Similar support was added to "show*" verbs
of loginctl and machinectl that output "key=value" lists.
* A new unit type "generated" was added for files dynamically generated
by generator tools. Similarly, a new unit type "transient" is used
for unit files created using the runtime API. "systemctl enable" will
refuse to operate on such files.
* A new command "systemctl revert" has been added that may be used to
revert to the vendor version of a unit file, in case local changes
have been made by adding drop-ins or overriding the unit file.
* "machinectl clean" gained a new verb to automatically remove all or
just hidden container images.
* systemd-tmpfiles gained support for a new line type "e" for emptying
directories, if they exist, without creating them if they don't.
* systemd-nspawn gained support for automatically patching the UID/GIDs
of the owners and the ACLs of all files and directories in a
container tree to match the UID/GID user namespacing range selected
for the container invocation. This mode is enabled via the new
--private-users-chown switch. It also gained support for
automatically choosing a free, previously unused UID/GID range when
starting a container, via the new --private-users=pick setting (which
implies --private-users-chown). Together, these options for the first
time make user namespacing for nspawn containers fully automatic and
thus deployable. The systemd-nspawn@.service template unit file has
been changed to use this functionality by default.
* systemd-nspawn gained a new --network-zone= switch, that allows
creating ad-hoc virtual Ethernet links between multiple containers,
that only exist as long as at least one container referencing them is
running. This allows easy connecting of multiple containers with a
common link that implements an Ethernet broadcast domain. Each of
these network "zones" may be named relatively freely by the user, and
may be referenced by any number of containers, but each container may
only reference one of these "zones". On the lower level, this is
implemented by an automatically managed bridge network interface for
each zone, that is created when the first container referencing its
zone is created and removed when the last one referencing its zone
terminates.
* The default start timeout may now be configured on the kernel command
line via systemd.default_timeout_start_sec=. It was already
configurable via the DefaultTimeoutStartSec= option in
/etc/systemd/system.conf.
* Socket units gained a new TriggerLimitIntervalSec= and
TriggerLimitBurst= setting to configure a limit on the activation
rate of the socket unit.
* The LimitNICE= setting now optionally takes normal UNIX nice values
in addition to the raw integer limit value. If the specified
parameter is prefixed with "+" or "-" and is in the range -20..19 the
value is understood as UNIX nice value. If not prefixed like this it
is understood as raw RLIMIT_NICE limit.
* Note that the effect of the PrivateDevices= unit file setting changed
slightly with this release: the per-device /dev file system will be
mounted read-only from this version on, and will have "noexec"
set. This (minor) change of behavior might cause some (exceptional)
legacy software to break, when PrivateDevices=yes is set for its
service. Please leave PrivateDevices= off if you run into problems
with this.
* systemd-bootchart has been split out to a separate repository:
https://github.com/systemd/systemd-bootchart
* systemd-bus-proxyd has been removed, as kdbus is unlikely to still be
merged into the kernel in its current form.
* The compatibility libraries libsystemd-daemon.so,
libsystemd-journal.so, libsystemd-id128.so, and libsystemd-login.so
which have been deprecated since systemd-209 have been removed along
with the corresponding pkg-config files. All symbols provided by
those libraries are provided by libsystemd.so.
* The Capabilities= unit file setting has been removed (it is ignored
for backwards compatibility). AmbientCapabilities= and
CapabilityBoundingSet= should be used instead.
* A new special target has been added, initrd-root-device.target,
which creates a synchronization point for dependencies of the root
device in early userspace. Initramfs builders must ensure that this
target is now included in early userspace.
Contributions from: Alban Crequy, Alexander Kuleshov, Alexander Shopov,
Alex Crawford, Andre Klärner, Andrew Eikum, Beniamino Galvani, Benjamin
Robin, Biao Lu, Bjørnar Ness, Calvin Owens, Christian Hesse, Clemens
Gruber, Colin Guthrie, Daniel Drake, Daniele Medri, Daniel J Walsh,
Daniel Mack, Dan Nicholson, daurnimator, David Herrmann, David
R. Hedges, Elias Probst, Emmanuel Gil Peyrot, EMOziko, Evgeny
Vereshchagin, Federico, Felipe Sateler, Filipe Brandenburger, Franck
Bui, frankheckenbach, gdamjan, Georgia Brikis, Harald Hoyer, Hendrik
Brueckner, Hristo Venev, Iago López Galeiras, Ian Kelling, Ismo
Puustinen, Jakub Wilk, Jaroslav Škarvada, Jeff Huang, Joel Holdsworth,
John Paul Adrian Glaubitz, Jonathan Boulle, kayrus, Klearchos
Chaloulos, Kyle Russell, Lars Uebernickel, Lennart Poettering, Lubomir
Rintel, Lukáš Nykrýn, Mantas Mikulėnas, Marcel Holtmann, Martin Pitt,
Michael Biebl, michaelolbrich, Michał Bartoszkiewicz, Michal Koutný,
Michal Sekletar, Mike Frysinger, Mike Gilbert, Mingcong Bai, Ming Lin,
mulkieran, muzena, Nalin Dahyabhai, Naohiro Aota, Nathan McSween,
Nicolas Braud-Santoni, Patrik Flykt, Peter Hutterer, Peter Mattern,
Petr Lautrbach, Petros Angelatos, Piotr Drąg, Rabin Vincent, Robert
Węcławski, Ronny Chevalier, Samuel Tardieu, Stefan Saraev, Stefan
Schallenberg aka nafets227, Steven Siloti, Susant Sahani, Sylvain
Plantefève, Taylor Smock, Tejun Heo, Thomas Blume, Thomas Haller,
Thomas H. P. Andersen, Tobias Klauser, Tom Gundersen, topimiettinen,
Torstein Husebø, Umut Tezduyar Lindskog, Uwe Kleine-König, Victor Toso,
Vinay Kulkarni, Vito Caputo, Vittorio G (VittGam), Vladimir Panteleev,
Wieland Hoffmann, Wouter Verhelst, Yu Watanabe, Zbigniew
Jędrzejewski-Szmek
— Fairfax, 2016-05-21
CHANGES WITH 229:
* The systemd-resolved DNS resolver service has gained a substantial
set of new features, most prominently it may now act as a DNSSEC
validating stub resolver. DNSSEC mode is currently turned off by
default, but is expected to be turned on by default in one of the
next releases. For now, we invite everybody to test the DNSSEC logic
by setting DNSSEC=allow-downgrade in /etc/systemd/resolved.conf. The
service also gained a full set of D-Bus interfaces, including calls
to configure DNS and DNSSEC settings per link (for use by external
network management software). systemd-resolved and systemd-networkd
now distinguish between "search" and "routing" domains. The former
are used to qualify single-label names, the latter are used purely
for routing lookups within certain domains to specific links.
resolved now also synthesizes RRs for all entries from /etc/hosts.
* The systemd-resolve tool (which is a client utility for
systemd-resolved) has been improved considerably and is now fully
supported and documented. Hence it has moved from /usr/lib/systemd to
/usr/bin.
* /dev/disk/by-path/ symlink support has been (re-)added for virtio
devices.
* The coredump collection logic has been reworked: when a coredump is
collected it is now written to disk, compressed and processed
(including stacktrace extraction) from a new instantiated service
systemd-coredump@.service, instead of directly from the
/proc/sys/kernel/core_pattern hook we provide. This is beneficial as
processing large coredumps can take up a substantial amount of
resources and time, and this previously happened entirely outside of
systemd's service supervision. With the new logic the core_pattern
hook only does minimal metadata collection before passing off control
to the new instantiated service, which is configured with a time
limit, a nice level and other settings to minimize negative impact on
the rest of the system. Also note that the new logic will honour the
RLIMIT_CORE setting of the crashed process, which now allows users
and processes to turn off coredumping for their processes by setting
this limit.
* The RLIMIT_CORE resource limit now defaults to "unlimited" for PID 1
and all forked processes by default. Previously, PID 1 would leave
the setting at "0" for all processes, as set by the kernel. Note that
the resource limit traditionally has no effect on the generated
coredumps on the system if the /proc/sys/kernel/core_pattern hook
logic is used. Since the limit is now honoured (see above) its
default has been changed so that the coredumping logic is enabled by
default for all processes, while allowing specific opt-out.
* When the stacktrace is extracted from processes of system users, this
is now done as "systemd-coredump" user, in order to sandbox this
potentially security sensitive parsing operation. (Note that when
processing coredumps of normal users this is done under the user ID
of process that crashed, as before.) Packagers should take notice
that it is now necessary to create the "systemd-coredump" system user
and group at package installation time.
* The systemd-activate socket activation testing tool gained support
for SOCK_DGRAM and SOCK_SEQPACKET sockets using the new --datagram
and --seqpacket switches. It also has been extended to support both
new-style and inetd-style file descriptor passing. Use the new
--inetd switch to request inetd-style file descriptor passing.
* Most systemd tools now honor a new $SYSTEMD_COLORS environment
variable, which takes a boolean value. If set to false, ANSI color
output is disabled in the tools even when run on a terminal that
supports it.
* The VXLAN support in networkd now supports two new settings
DestinationPort= and PortRange=.
* A new systemd.machine_id= kernel command line switch has been added,
that may be used to set the machine ID in /etc/machine-id if it is
not initialized yet. This command line option has no effect if the
file is already initialized.
* systemd-nspawn gained a new --as-pid2 switch that invokes any
specified command line as PID 2 rather than PID 1 in the
container. In this mode PID 1 is a minimal stub init process that
implements the special POSIX and Linux semantics of PID 1 regarding
signal and child process management. Note that this stub init process
is implemented in nspawn itself and requires no support from the
container image. This new logic is useful to support running
arbitrary commands in the container, as normal processes are
generally not prepared to run as PID 1.
* systemd-nspawn gained a new --chdir= switch for setting the current
working directory for the process started in the container.
* "journalctl /dev/sda" will now output all kernel log messages for
specified device from the current boot, in addition to all devices
that are parents of it. This should make log output about devices
pretty useful, as long as kernel drivers attach enough metadata to
the log messages. (The usual SATA drivers do.)
* The sd-journal API gained two new calls
sd_journal_has_runtime_files() and sd_journal_has_persistent_files()
that report whether log data from /run or /var has been found.
* journalctl gained a new switch "--fields" that prints all journal
record field names currently in use in the journal. This is backed
by two new sd-journal API calls sd_journal_enumerate_fields() and
sd_journal_restart_fields().
* Most configurable timeouts in systemd now expect an argument of
"infinity" to turn them off, instead of "0" as before. The semantics
from now on is that a timeout of "0" means "now", and "infinity"
means "never". To maintain backwards compatibility, "0" continues to
turn off previously existing timeout settings.
* "systemctl reload-or-try-restart" has been renamed to "systemctl
try-reload-or-restart" to clarify what it actually does: the "try"
logic applies to both reloading and restarting, not just restarting.
The old name continues to be accepted for compatibility.
* On boot-up, when PID 1 detects that the system clock is behind the
release date of the systemd version in use, the clock is now set
to the latter. Previously, this was already done in timesyncd, in order
to avoid running with clocks set to the various clock epochs such as
1902, 1938 or 1970. With this change the logic is now done in PID 1
in addition to timesyncd during early boot-up, so that it is enforced
before the first process is spawned by systemd. Note that the logic
in timesyncd remains, as it is more comprehensive and ensures
clock monotonicity by maintaining a persistent timestamp file in
/var. Since /var is generally not available in earliest boot or the
initrd, this part of the logic remains in timesyncd, and is not done
by PID 1.
* Support for tweaking details in net_cls.class_id through the
NetClass= configuration directive has been removed, as the kernel
people have decided to deprecate that controller in cgroup v2.
Userspace tools such as nftables are moving over to setting rules
that are specific to the full cgroup path of a task, which obsoletes
these controllers anyway. The NetClass= directive is kept around for
legacy compatibility reasons. For a more in-depth description of the
kernel change, please refer to the respective upstream commit:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bd1060a1d671
* A new service setting RuntimeMaxSec= has been added that may be used
to specify a maximum runtime for a service. If the timeout is hit, the
service is terminated and put into a failure state.
* A new service setting AmbientCapabilities= has been added. It allows
configuration of additional Linux process capabilities that are
passed to the activated processes. This is only available on very
recent kernels.
* The process resource limit settings in service units may now be used
to configure hard and soft limits individually.
* The various libsystemd APIs such as sd-bus or sd-event now publicly
expose support for gcc's __attribute__((cleanup())) C extension.
Specifically, for many object destructor functions alternative
versions have been added that have names suffixed with "p" and take a
pointer to a pointer to the object to destroy, instead of just a
pointer to the object itself. This is useful because these destructor
functions may be used directly as parameters to the cleanup
construct. Internally, systemd has been a heavy user of this GCC
extension for a long time, and with this change similar support is
now available to consumers of the library outside of systemd. Note
that by using this extension in your sources compatibility with old
and strictly ANSI compatible C compilers is lost. However, all gcc or
LLVM versions of recent years support this extension.
* Timer units gained support for a new setting RandomizedDelaySec= that
allows configuring some additional randomized delay to the configured
time. This is useful to spread out timer events to avoid load peaks in
clusters or larger setups.
* Calendar time specifications now support sub-second accuracy.
* Socket units now support listening on SCTP and UDP-lite protocol
sockets.
* The sd-event API now comes with a full set of man pages.
* Older versions of systemd contained experimental support for
compressing journal files and coredumps with the LZ4 compressor that
was not compatible with the lz4 binary (due to API limitations of the
lz4 library). This support has been removed; only support for files
compatible with the lz4 binary remains. This LZ4 logic is now
officially supported and no longer considered experimental.
* The dkr image import logic has been removed again from importd. dkr's
micro-services focus doesn't fit into the machine image focus of
importd, and quickly got out of date with the upstream dkr API.
* Creation of the /run/lock/lockdev/ directory was dropped from
tmpfiles.d/legacy.conf. Better locking mechanisms like flock() have
been available for many years. If you still need this, you need to
create your own tmpfiles.d config file with:
d /run/lock/lockdev 0775 root lock -
Contributions from: Abdo Roig-Maranges, Alban Crequy, Aleksander
Adamowski, Alexander Kuleshov, Andreas Pokorny, Andrei Borzenkov,
Andrew Wilcox, Arthur Clement, Beniamino Galvani, Casey Schaufler,
Chris Atkinson, Chris Mayo, Christian Hesse, Damjan Georgievski, Dan
Dedrick, Daniele Medri, Daniel J Walsh, Daniel Korostil, Daniel Mack,
David Herrmann, Dimitri John Ledkov, Dominik Hannen, Douglas Christman,
Evgeny Vereshchagin, Filipe Brandenburger, Franck Bui, Gabor Kelemen,
Harald Hoyer, Hayden Walles, Helmut Grohne, Henrik Kaare Poulsen,
Hristo Venev, Hui Wang, Indrajit Raychaudhuri, Ismo Puustinen, Jakub
Wilk, Jan Alexander Steffens (heftig), Jan Engelhardt, Jan Synacek,
Joost Bremmer, Jorgen Schaefer, Karel Zak, Klearchos Chaloulos,
lc85446, Lennart Poettering, Lukas Nykryn, Mantas Mikulėnas, Marcel
Holtmann, Martin Pitt, Michael Biebl, Michael Olbrich, Michael Scherer,
Michał Górny, Michal Sekletar, Nicolas Cornu, Nicolas Iooss, Nils
Carlson, nmartensen, nnz1024, Patrick Ohly, Peter Hutterer, Phillip Sz,
Ronny Chevalier, Samu Kallio, Shawn Landden, Stef Walter, Susant
Sahani, Sylvain Plantefève, Tadej Janež, Thomas Hindoe Paaboel
Andersen, Tom Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Vito
Caputo, WaLyong Cho, Yu Watanabe, Zbigniew Jędrzejewski-Szmek
— Berlin, 2016-02-11
CHANGES WITH 228:
* A number of properties previously only settable in unit
files are now also available as properties to set when
creating transient units programmatically via the bus, as it
is exposed with systemd-run's --property=
setting. Specifically, these are: SyslogIdentifier=,
SyslogLevelPrefix=, TimerSlackNSec=, OOMScoreAdjust=,
EnvironmentFile=, ReadWriteDirectories=,
ReadOnlyDirectories=, InaccessibleDirectories=,
ProtectSystem=, ProtectHome=, RuntimeDirectory=.
* When creating transient services via the bus API it is now
possible to pass in a set of file descriptors to use as
STDIN/STDOUT/STDERR for the invoked process.
* Slice units may now be created transiently via the bus APIs,
similar to the way service and scope units may already be
created transiently.
* Wherever systemd expects a calendar timestamp specification
(like in journalctl's --since= and --until= switches) UTC
timestamps are now supported. Timestamps suffixed with "UTC"
are now considered to be in Universal Time Coordinated
instead of the local timezone. Also, timestamps may now
optionally be specified with sub-second accuracy. Both of
these additions also apply to recurring calendar event
specification, such as OnCalendar= in timer units.
* journalctl gained a new "--sync" switch that asks the
journal daemon to write all so far unwritten log messages to
disk and sync the files, before returning.
* systemd-tmpfiles learned two new line types "q" and "Q" that
operate like "v", but also set up a basic btrfs quota
hierarchy when used on a btrfs file system with quota
enabled.
* tmpfiles' "v", "q" and "Q" will now create a plain directory
instead of a subvolume (even on a btrfs file system) if the
root directory is a plain directory, and not a
subvolume. This should simplify things with certain chroot()
environments which are not aware of the concept of btrfs
subvolumes.
* systemd-detect-virt gained a new --chroot switch to detect
whether execution takes place in a chroot() environment.
* CPUAffinity= now takes CPU index ranges in addition to
individual indexes.
* The various memory-related resource limit settings (such as
LimitAS=) now understand the usual K, M, G, ... suffixes to
the base of 1024 (IEC). Similar, the time-related resource
limit settings understand the usual min, h, day, ...
suffixes now.
* There's a new system.conf setting DefaultTasksMax= to
control the default TasksMax= setting for services and
scopes running on the system. (TasksMax= is the primary
setting that exposes the "pids" cgroup controller on systemd
and was introduced in the previous systemd release.) The
setting now defaults to 512, which means services that are
not explicitly configured otherwise will only be able to
create 512 processes or threads at maximum, from this
version on. Note that this means that thread- or
process-heavy services might need to be reconfigured to set
TasksMax= to a higher value. It is sufficient to set
TasksMax= in these specific unit files to a higher value, or
even "infinity". Similar, there's now a logind.conf setting
UserTasksMax= that defaults to 4096 and limits the total
number of processes or tasks each user may own
concurrently. nspawn containers also have the TasksMax=
value set by default now, to 8192. Note that all of this
only has an effect if the "pids" cgroup controller is
enabled in the kernel. The general benefit of these changes
should be a more robust and safer system, that provides a
certain amount of per-service fork() bomb protection.
* systemd-nspawn gained the new --network-veth-extra= switch
to define additional and arbitrarily-named virtual Ethernet
links between the host and the container.
* A new service execution setting PassEnvironment= has been
added that allows importing select environment variables
from PID1's environment block into the environment block of
the service.
* Timer units gained support for a new RemainAfterElapse=
setting which takes a boolean argument. It defaults to on,
exposing behaviour unchanged to previous releases. If set to
off, timer units are unloaded after they elapsed if they
cannot elapse again. This is particularly useful for
transient timer units, which shall not stay around longer
than until they first elapse.
* systemd will now bump the net.unix.max_dgram_qlen to 512 by
default now (the kernel default is 16). This is beneficial
for avoiding blocking on AF_UNIX/SOCK_DGRAM sockets since it
allows substantially larger numbers of queued
datagrams. This should increase the capability of systemd to
parallelize boot-up, as logging and sd_notify() are unlikely
to stall execution anymore. If you need to change the value
from the new defaults, use the usual sysctl.d/ snippets.
* The compression framing format used by the journal or
coredump processing has changed to be in line with what the
official LZ4 tools generate. LZ4 compression support in
systemd was considered unsupported previously, as the format
was not compatible with the normal tools. With this release
this has changed now, and it is hence safe for downstream
distributions to turn it on. While not compressing as well
as the XZ, LZ4 is substantially faster, which makes
it a good default choice for the compression logic in the
journal and in coredump handling.
* Any reference to /etc/mtab has been dropped from
systemd. The file has been obsolete since a while, but
systemd refused to work on systems where it was incorrectly
set up (it should be a symlink or non-existent). Please make
sure to update to util-linux 2.27.1 or newer in conjunction
with this systemd release, which also drops any reference to
/etc/mtab. If you maintain a distribution make sure that no
software you package still references it, as this is a
likely source of bugs. There's also a glibc bug pending,
asking for removal of any reference to this obsolete file:
https://sourceware.org/bugzilla/show_bug.cgi?id=19108
Note that only util-linux versions built with
--enable-libmount-force-mountinfo are supported.
* Support for the ".snapshot" unit type has been removed. This
feature turned out to be little useful and little used, and
has now been removed from the core and from systemctl.
* The dependency types RequiresOverridable= and
RequisiteOverridable= have been removed from systemd. They
have been used only very sparingly to our knowledge and
other options that provide a similar effect (such as
systemctl --mode=ignore-dependencies) are much more useful
and commonly used. Moreover, they were only half-way
implemented as the option to control behaviour regarding
these dependencies was never added to systemctl. By removing
these dependency types the execution engine becomes a bit
simpler. Unit files that use these dependencies should be
changed to use the non-Overridable dependency types
instead. In fact, when parsing unit files with these
options, that's what systemd will automatically convert them
too, but it will also warn, asking users to fix the unit
files accordingly. Removal of these dependency types should
only affect a negligible number of unit files in the wild.
* Behaviour of networkd's IPForward= option changed
(again). It will no longer maintain a per-interface setting,
but propagate one way from interfaces where this is enabled
to the global kernel setting. The global setting will be
enabled when requested by a network that is set up, but
never be disabled again. This change was made to make sure
IPv4 and IPv6 behaviour regarding packet forwarding is
similar (as the Linux IPv6 stack does not support
per-interface control of this setting) and to minimize
surprises.
* In unit files the behaviour of %u, %U, %h, %s has
changed. These specifiers will now unconditionally resolve
to the various user database fields of the user that the
systemd instance is running as, instead of the user
configured in the specific unit via User=. Note that this
effectively doesn't change much, as resolving of these
specifiers was already turned off in the --system instance
of systemd, as we cannot do NSS lookups from PID 1. In the
--user instance of systemd these specifiers where correctly
resolved, but hardly made any sense, since the user instance
lacks privileges to do user switches anyway, and User= is
hence useless. Moreover, even in the --user instance of
systemd behaviour was awkward as it would only take settings
from User= assignment placed before the specifier into
account. In order to unify and simplify the logic around
this the specifiers will now always resolve to the
credentials of the user invoking the manager (which in case
of PID 1 is the root user).
Contributions from: Andrew Jones, Beniamino Galvani, Boyuan
Yang, Daniel Machon, Daniel Mack, David Herrmann, David
Reynolds, David Strauss, Dongsu Park, Evgeny Vereshchagin,
Felipe Sateler, Filipe Brandenburger, Franck Bui, Hristo
Venev, Iago López Galeiras, Jan Engelhardt, Jan Janssen, Jan
Synacek, Jesus Ornelas Aguayo, Karel Zak, kayrus, Kay Sievers,
Lennart Poettering, Liu Yuan Yuan, Mantas Mikulėnas, Marcel
Holtmann, Marcin Bachry, Marcos Alano, Marcos Mello, Mark
Theunissen, Martin Pitt, Michael Marineau, Michael Olbrich,
Michal Schmidt, Michal Sekletar, Mirco Tischler, Nick Owens,
Nicolas Cornu, Patrik Flykt, Peter Hutterer, reverendhomer,
Ronny Chevalier, Sangjung Woo, Seong-ho Cho, Shawn Landden,
Susant Sahani, Thomas Haller, Thomas Hindoe Paaboel Andersen,
Tom Gundersen, Torstein Husebø, Vito Caputo, Zbigniew
Jędrzejewski-Szmek
— Berlin, 2015-11-18
CHANGES WITH 227:
* systemd now depends on util-linux v2.27. More specifically,
the newly added mount monitor feature in libmount now
replaces systemd's former own implementation.
* libmount mandates /etc/mtab not to be regular file, and
systemd now enforces this condition at early boot.
/etc/mtab has been deprecated and warned about for a very
long time, so systems running systemd should already have
stopped having this file around as anything else than a
symlink to /proc/self/mounts.
* Support for the "pids" cgroup controller has been added. It
allows accounting the number of tasks in a cgroup and
enforcing limits on it. This adds two new setting
TasksAccounting= and TasksMax= to each unit, as well as a
global option DefaultTasksAccounting=.
* Support for the "net_cls" cgroup controller has been added.
It allows assigning a net class ID to each task in the
cgroup, which can then be used in firewall rules and traffic
shaping configurations. Note that the kernel netfilter net
class code does not currently work reliably for ingress
packets on unestablished sockets.
This adds a new config directive called NetClass= to CGroup
enabled units. Allowed values are positive numbers for fixed
assignments and "auto" for picking a free value
automatically.
* 'systemctl is-system-running' now returns 'offline' if the
system is not booted with systemd. This command can now be
used as a substitute for 'systemd-notify --booted'.
* Watchdog timeouts have been increased to 3 minutes for all
in-tree service files. Apparently, disk IO issues are more
frequent than we hoped, and user reported >1 minute waiting
for disk IO.
* 'machine-id-commit' functionality has been merged into
'machine-id-setup --commit'. The separate binary has been
removed.
* The WorkingDirectory= directive in unit files may now be set
to the special value '~'. In this case, the working
directory is set to the home directory of the user
configured in User=.
* "machinectl shell" will now open the shell in the home
directory of the selected user by default.
* The CrashChVT= configuration file setting is renamed to
CrashChangeVT=, following our usual logic of not
abbreviating unnecessarily. The old directive is still
supported for compat reasons. Also, this directive now takes
an integer value between 1 and 63, or a boolean value. The
formerly supported '-1' value for disabling stays around for
compat reasons.
* The PrivateTmp=, PrivateDevices=, PrivateNetwork=,
NoNewPrivileges=, TTYPath=, WorkingDirectory= and
RootDirectory= properties can now be set for transient
units.
* The systemd-analyze tool gained a new "set-log-target" verb
to change the logging target the system manager logs to
dynamically during runtime. This is similar to how
"systemd-analyze set-log-level" already changes the log
level.
* In nspawn /sys is now mounted as tmpfs, with only a selected
set of subdirectories mounted in from the real sysfs. This
enhances security slightly, and is useful for ensuring user
namespaces work correctly.
* Support for USB FunctionFS activation has been added. This
allows implementation of USB gadget services that are
activated as soon as they are requested, so that they don't
have to run continuously, similar to classic socket
activation.
* The "systemctl exit" command now optionally takes an
additional parameter that sets the exit code to return from
the systemd manager when exiting. This is only relevant when
running the systemd user instance, or when running the
system instance in a container.
* sd-bus gained the new API calls sd_bus_path_encode_many()
and sd_bus_path_decode_many() that allow easy encoding and
decoding of multiple identifier strings inside a D-Bus
object path. Another new call sd_bus_default_flush_close()
has been added to flush and close per-thread default
connections.
* systemd-cgtop gained support for a -M/--machine= switch to
show the control groups within a certain container only.
* "systemctl kill" gained support for an optional --fail
switch. If specified the requested operation will fail of no
processes have been killed, because the unit had no
processes attached, or similar.
* A new systemd.crash_reboot=1 kernel command line option has
been added that triggers a reboot after crashing. This can
also be set through CrashReboot= in systemd.conf.
* The RuntimeDirectory= setting now understands unit
specifiers like %i or %f.
* A new (still internal) library API sd-ipv4acd has been added,
that implements address conflict detection for IPv4. It's
based on code from sd-ipv4ll, and will be useful for
detecting DHCP address conflicts.
* File descriptors passed during socket activation may now be
named. A new API sd_listen_fds_with_names() is added to
access the names. The default names may be overridden,
either in the .socket file using the FileDescriptorName=
parameter, or by passing FDNAME= when storing the file
descriptors using sd_notify().
* systemd-networkd gained support for:
- Setting the IPv6 Router Advertisement settings via
IPv6AcceptRouterAdvertisements= in .network files.
- Configuring the HelloTimeSec=, MaxAgeSec= and
ForwardDelaySec= bridge parameters in .netdev files.
- Configuring PreferredSource= for static routes in
.network files.
* The "ask-password" framework used to query for LUKS harddisk
passwords or SSL passwords during boot gained support for
caching passwords in the kernel keyring, if it is
available. This makes sure that the user only has to type in
a passphrase once if there are multiple objects to unlock
with the same one. Previously, such password caching was
available only when Plymouth was used; this moves the
caching logic into the systemd codebase itself. The
"systemd-ask-password" utility gained a new --keyname=
switch to control which kernel keyring key to use for
caching a password in. This functionality is also useful for
enabling display managers such as gdm to automatically
unlock the user's GNOME keyring if its passphrase, the
user's password and the harddisk password are the same, if
gdm-autologin is used.
* When downloading tar or raw images using "machinectl
pull-tar" or "machinectl pull-raw", a matching ".nspawn"
file is now also downloaded, if it is available and stored
next to the image file.
* Units of type ".socket" gained a new boolean setting
Writable= which is only useful in conjunction with
ListenSpecial=. If true, enables opening the specified
special file in O_RDWR mode rather than O_RDONLY mode.
* systemd-rfkill has been reworked to become a singleton
service that is activated through /dev/rfkill on each rfkill
state change and saves the settings to disk. This way,
systemd-rfkill is now compatible with devices that exist
only intermittendly, and even restores state if the previous
system shutdown was abrupt rather than clean.
* The journal daemon gained support for vacuuming old journal
files controlled by the number of files that shall remain,
in addition to the already existing control by size and by
date. This is useful as journal interleaving performance
degrades with too many separate journal files, and allows
putting an effective limit on them. The new setting defaults
to 100, but this may be changed by setting SystemMaxFiles=
and RuntimeMaxFiles= in journald.conf. Also, the
"journalctl" tool gained the new --vacuum-files= switch to
manually vacuum journal files to leave only the specified
number of files in place.
* udev will now create /dev/disk/by-path links for ATA devices
on kernels where that is supported.
* Galician, Serbian, Turkish and Korean translations were added.
Contributions from: Aaro Koskinen, Alban Crequy, Beniamino
Galvani, Benjamin Robin, Branislav Blaskovic, Chen-Han Hsiao
(Stanley), Daniel Buch, Daniel Machon, Daniel Mack, David
Herrmann, David Milburn, doubleodoug, Evgeny Vereshchagin,
Felipe Franciosi, Filipe Brandenburger, Fran Dieguez, Gabriel
de Perthuis, Georg Müller, Hans de Goede, Hendrik Brueckner,
Ivan Shapovalov, Jacob Keller, Jan Engelhardt, Jan Janssen,
Jan Synacek, Jens Kuske, Karel Zak, Kay Sievers, Krzesimir
Nowak, Krzysztof Kotlenga, Lars Uebernickel, Lennart
Poettering, Lukas Nykryn, Łukasz Stelmach, Maciej Wereski,
Marcel Holtmann, Marius Thesing, Martin Pitt, Michael Biebl,
Michael Gebetsroither, Michal Schmidt, Michal Sekletar, Mike
Gilbert, Muhammet Kara, nazgul77, Nicolas Cornu, NoXPhasma,
Olof Johansson, Patrik Flykt, Pawel Szewczyk, reverendhomer,
Ronny Chevalier, Sangjung Woo, Seong-ho Cho, Susant Sahani,
Sylvain Plantefève, Thomas Haller, Thomas Hindoe Paaboel
Andersen, Tom Gundersen, Tom Lyon, Viktar Vauchkevich,
Zbigniew Jędrzejewski-Szmek, Марко М. Костић
— Berlin, 2015-10-07
CHANGES WITH 226:
* The DHCP implementation of systemd-networkd gained a set of
new features:
- The DHCP server now supports emitting DNS and NTP
information. It may be enabled and configured via
EmitDNS=, DNS=, EmitNTP=, and NTP=. If transmission of DNS
and NTP information is enabled, but no servers are
configured, the corresponding uplink information (if there
is any) is propagated.
- Server and client now support transmission and reception
of timezone information. It can be configured via the
newly introduced network options UseTimezone=,
EmitTimezone=, and Timezone=. Transmission of timezone
information is enabled between host and containers by
default now: the container will change its local timezone
to what the host has set.
- Lease timeouts can now be configured via
MaxLeaseTimeSec= and DefaultLeaseTimeSec=.
- The DHCP server improved on the stability of
leases. Clients are more likely to get the same lease
information back, even if the server loses state.
- The DHCP server supports two new configuration options to
control the lease address pool metrics, PoolOffset= and
PoolSize=.
* The encapsulation limit of tunnels in systemd-networkd may
now be configured via 'EncapsulationLimit='. It allows
modifying the maximum additional levels of encapsulation
that are permitted to be prepended to a packet.
* systemd now supports the concept of user buses replacing
session buses, if used with dbus-1.10 (and enabled via dbus
--enable-user-session). It previously only supported this on
kdbus-enabled systems, and this release expands this to
'dbus-daemon' systems.
* systemd-networkd now supports predictable interface names
for virtio devices.
* systemd now optionally supports the new Linux kernel
"unified" control group hierarchy. If enabled via the kernel
command-line option 'systemd.unified_cgroup_hierarchy=1',
systemd will try to mount the unified cgroup hierarchy
directly on /sys/fs/cgroup. If not enabled, or not
available, systemd will fall back to the legacy cgroup
hierarchy setup, as before. Host system and containers can
mix and match legacy and unified hierarchies as they
wish. nspawn understands the $UNIFIED_CGROUP_HIERARCHY
environment variable to individually select the hierarchy to
use for executed containers. By default, nspawn will use the
unified hierarchy for the containers if the host uses the
unified hierarchy, and the legacy hierarchy otherwise.
Please note that at this point the unified hierarchy is an
experimental kernel feature and is likely to change in one
of the next kernel releases. Therefore, it should not be
enabled by default in downstream distributions yet. The
minimum required kernel version for the unified hierarchy to
work is 4.2. Note that when the unified hierarchy is used
for the first time delegated access to controllers is
safe. Because of this systemd-nspawn containers will get
access to controllers now, as will systemd user
sessions. This means containers and user sessions may now
manage their own resources, partitioning up what the system
grants them.
* A new special scope unit "init.scope" has been introduced
that encapsulates PID 1 of the system. It may be used to
determine resource usage and enforce resource limits on PID
1 itself. PID 1 hence moved out of the root of the control
group tree.
* The cgtop tool gained support for filtering out kernel
threads when counting tasks in a control group. Also, the
count of processes is now recursively summed up by
default. Two options -k and --recursive= have been added to
revert to old behaviour. The tool has also been updated to
work correctly in containers now.
* systemd-nspawn's --bind= and --bind-ro= options have been
extended to allow creation of non-recursive bind mounts.
* libsystemd gained two new calls sd_pid_get_cgroup() and
sd_peer_get_cgroup() which return the control group path of
a process or peer of a connected AF_UNIX socket. This
function call is particularly useful when implementing
delegated subtrees support in the control group hierarchy.
* The "sd-event" event loop API of libsystemd now supports
correct dequeuing of real-time signals, without losing
signal events.
* When systemd requests a PolicyKit decision when managing
units it will now add additional fields to the request,
including unit name and desired operation. This enables more
powerful PolicyKit policies, that make decisions depending
on these parameters.
* nspawn learnt support for .nspawn settings files, that may
accompany the image files or directories of containers, and
may contain additional settings for the container. This is
an alternative to configuring container parameters via the
nspawn command line.
Contributions from: Cristian Rodríguez, Daniel Mack, David
Herrmann, Eugene Yakubovich, Evgeny Vereshchagin, Filipe
Brandenburger, Hans de Goede, Jan Alexander Steffens, Jan
Synacek, Kay Sievers, Lennart Poettering, Mangix, Marcel
Holtmann, Martin Pitt, Michael Biebl, Michael Chapman, Michal
Sekletar, Peter Hutterer, Piotr Drąg, reverendhomer, Robin
Hack, Susant Sahani, Sylvain Pasche, Thomas Hindoe Paaboel
Andersen, Tom Gundersen, Torstein Husebø
— Berlin, 2015-09-08
CHANGES WITH 225:
* machinectl gained a new verb 'shell' which opens a fresh
shell on the target container or the host. It is similar to
the existing 'login' command of machinectl, but spawns the
shell directly without prompting for username or
password. The pseudo machine '.host' now refers to the local
host and is used by default. Hence, 'machinectl shell' can
be used as replacement for 'su -' which spawns a session as
a fresh systemd unit in a way that is fully isolated from
the originating session.
* systemd-networkd learned to cope with private-zone DHCP
options and allows other programs to query the values.
* SELinux access control when enabling/disabling units is no
longer enforced with this release. The previous
implementation was incorrect, and a new corrected
implementation is not yet available. As unit file operations
are still protected via PolicyKit and D-Bus policy this is
not a security problem. Yet, distributions which care about
optimal SELinux support should probably not stabilize on
this release.
* sd-bus gained support for matches of type "arg0has=", that
test for membership of strings in string arrays sent in bus
messages.
* systemd-resolved now dumps the contents of its DNS and LLMNR
caches to the logs on reception of the SIGUSR1 signal. This
is useful to debug DNS behaviour.
* The coredumpctl tool gained a new --directory= option to
operate on journal files in a specific directory.
* "systemctl reboot" and related commands gained a new
"--message=" option which may be used to set a free-text
wall message when shutting down or rebooting the
system. This message is also logged, which is useful for
figuring out the reason for a reboot or shutdown a
posteriori.
* The "systemd-resolve-host" tool's -i switch now takes
network interface numbers as alternative to interface names.
* A new unit file setting for services has been introduced:
UtmpMode= allows configuration of how precisely systemd
handles utmp and wtmp entries for the service if this is
enabled. This allows writing services that appear similar to
user sessions in the output of the "w", "who", "last" and
"lastlog" tools.
* systemd-resolved will now locally synthesize DNS resource
records for the "localhost" and "gateway" domains as well as
the local hostname. This should ensure that clients querying
RRs via resolved will get similar results as those going via
NSS, if nss-myhostname is enabled.
Contributions from: Alastair Hughes, Alex Crawford, Daniel
Mack, David Herrmann, Dimitri John Ledkov, Eric Kostrowski,
Evgeny Vereshchagin, Felipe Sateler, HATAYAMA Daisuke, Jan
Pokorný, Jan Synacek, Johnny Robeson, Karel Zak, Kay Sievers,
Kefeng Wang, Lennart Poettering, Major Hayden, Marcel
Holtmann, Markus Elfring, Martin Mikkelsen, Martin Pitt, Matt
Turner, Maxim Mikityanskiy, Michael Biebl, Namhyung Kim,
Nicolas Cornu, Owen W. Taylor, Patrik Flykt, Peter Hutterer,
reverendhomer, Richard Maw, Ronny Chevalier, Seth Jennings,
Stef Walter, Susant Sahani, Thomas Blume, Thomas Hindoe
Paaboel Andersen, Thomas Meyer, Tom Gundersen, Vincent Batts,
WaLyong Cho, Zbigniew Jędrzejewski-Szmek
— Berlin, 2015-08-27
CHANGES WITH 224:
* The systemd-efi-boot-generator functionality was merged into
systemd-gpt-auto-generator.
* systemd-networkd now supports Group Policy for vxlan
devices. It can be enabled via the new boolean configuration
option called 'GroupPolicyExtension='.
Contributions from: Andreas Kempf, Christian Hesse, Daniel Mack, David
Herrmann, Herman Fries, Johannes Nixdorf, Kay Sievers, Lennart
Poettering, Peter Hutterer, Susant Sahani, Tom Gundersen
— Berlin, 2015-07-31
CHANGES WITH 223:
* The python-systemd code has been removed from the systemd repository.
A new repository has been created which accommodates the code from
now on, and we kindly ask distributions to create a separate package
for this: https://github.com/systemd/python-systemd
* The systemd daemon will now reload its main configuration
(/etc/systemd/system.conf) on daemon-reload.
* sd-dhcp now exposes vendor specific extensions via
sd_dhcp_lease_get_vendor_specific().
* systemd-networkd gained a number of new configuration options.
- A new boolean configuration option for TAP devices called
'VNetHeader='. If set, the IFF_VNET_HDR flag is set for the
device, thus allowing to send and receive GSO packets.
- A new tunnel configuration option called 'CopyDSCP='.
If enabled, the DSCP field of ip6 tunnels is copied into the
decapsulated packet.
- A set of boolean bridge configuration options were added.
'UseBPDU=', 'HairPin=', 'FastLeave=', 'AllowPortToBeRoot=',
and 'UnicastFlood=' are now parsed by networkd and applied to the
respective bridge link device via the respective IFLA_BRPORT_*
netlink attribute.
- A new string configuration option to override the hostname sent
to a DHCP server, called 'Hostname='. If set and 'SendHostname='
is true, networkd will use the configured hostname instead of the
system hostname when sending DHCP requests.
- A new tunnel configuration option called 'IPv6FlowLabel='. If set,
networkd will configure the IPv6 flow-label of the tunnel device
according to RFC2460.
- The 'macvtap' virtual network devices are now supported, similar to
the already supported 'macvlan' devices.
* systemd-resolved now implements RFC5452 to improve resilience against
cache poisoning. Additionally, source port randomization is enabled
by default to further protect against DNS spoofing attacks.
* nss-mymachines now supports translating UIDs and GIDs of running
containers with user-namespaces enabled. If a container 'foo'
translates a host uid 'UID' to the container uid 'TUID', then
nss-mymachines will also map uid 'UID' to/from username 'vu-foo-TUID'
(with 'foo' and 'TUID' replaced accordingly). Similarly, groups are
mapped as 'vg-foo-TGID'.
Contributions from: Beniamino Galvani, cee1, Christian Hesse, Daniel
Buch, Daniel Mack, daurnimator, David Herrmann, Dimitri John Ledkov,
HATAYAMA Daisuke, Ivan Shapovalov, Jan Alexander Steffens (heftig),
Johan Ouwerkerk, Jose Carlos Venegas Munoz, Karel Zak, Kay Sievers,
Lennart Poettering, Lidong Zhong, Martin Pitt, Michael Biebl, Michael
Olbrich, Michal Schmidt, Michal Sekletar, Mike Gilbert, Namhyung Kim,
Nick Owens, Peter Hutterer, Richard Maw, Steven Allen, Sungbae Yoo,
Susant Sahani, Thomas Blume, Thomas Hindoe Paaboel Andersen, Tom
Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Vito Caputo,
Vivenzio Pagliari, Zbigniew Jędrzejewski-Szmek
— Berlin, 2015-07-29
CHANGES WITH 222:
* udev does not longer support the WAIT_FOR_SYSFS= key in udev rules.
There are no known issues with current sysfs, and udev does not need
or should be used to work around such bugs.
* udev does no longer enable USB HID power management. Several reports
indicate, that some devices cannot handle that setting.
* The udev accelerometer helper was removed. The functionality
is now fully included in iio-sensor-proxy. But this means,
older iio-sensor-proxy versions will no longer provide
accelerometer/orientation data with this systemd version.
Please upgrade iio-sensor-proxy to version 1.0.
* networkd gained a new configuration option IPv6PrivacyExtensions=
which enables IPv6 privacy extensions (RFC 4941, "Privacy Extensions
for Stateless Address") on selected networks.
* For the sake of fewer build-time dependencies and less code in the
main repository, the python bindings are about to be removed in the
next release. A new repository has been created which accommodates
the code from now on, and we kindly ask distributions to create a
separate package for this. The removal will take place in v223.
https://github.com/systemd/python-systemd
Contributions from: Abdo Roig-Maranges, Andrew Eikum, Bastien Nocera,
Cédric Delmas, Christian Hesse, Christos Trochalakis, Daniel Mack,
daurnimator, David Herrmann, Dimitri John Ledkov, Eric Biggers, Eric
Cook, Felipe Sateler, Geert Jansen, Gerd Hoffmann, Gianpaolo Macario,
Greg Kroah-Hartman, Iago López Galeiras, Jan Alexander Steffens
(heftig), Jan Engelhardt, Jay Strict, Kay Sievers, Lennart Poettering,
Markus Knetschke, Martin Pitt, Michael Biebl, Michael Marineau, Michal
Sekletar, Miguel Bernal Marin, Peter Hutterer, Richard Maw, rinrinne,
Susant Sahani, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Torstein
Husebø, Vedran Miletić, WaLyong Cho, Zbigniew Jędrzejewski-Szmek
— Berlin, 2015-07-07
CHANGES WITH 221:
* The sd-bus.h and sd-event.h APIs have now been declared
stable and have been added to the official interface of
libsystemd.so. sd-bus implements an alternative D-Bus client
library, that is relatively easy to use, very efficient and
supports both classic D-Bus as well as kdbus as transport
backend. sd-event is a generic event loop abstraction that
is built around Linux epoll, but adds features such as event
prioritization or efficient timer handling. Both APIs are good
choices for C programs looking for a bus and/or event loop
implementation that is minimal and does not have to be
portable to other kernels.
* kdbus support is no longer compile-time optional. It is now
always built-in. However, it can still be disabled at
runtime using the kdbus=0 kernel command line setting, and
that setting may be changed to default to off, by specifying
--disable-kdbus at build-time. Note though that the kernel
command line setting has no effect if the kdbus.ko kernel
module is not installed, in which case kdbus is (obviously)
also disabled. We encourage all downstream distributions to
begin testing kdbus by adding it to the kernel images in the
development distributions, and leaving kdbus support in
systemd enabled.
* The minimal required util-linux version has been bumped to
2.26.
* Support for chkconfig (--enable-chkconfig) was removed in
favor of calling an abstraction tool
/lib/systemd/systemd-sysv-install. This needs to be
implemented for your distribution. See "SYSV INIT.D SCRIPTS"
in README for details.
* If there's a systemd unit and a SysV init script for the
same service name, and the user executes "systemctl enable"
for it (or a related call), then this will now enable both
(or execute the related operation on both), not just the
unit.
* The libudev API documentation has been converted from gtkdoc
into man pages.
* gudev has been removed from the systemd tree, it is now an
external project.
* The systemd-cgtop tool learnt a new --raw switch to generate
"raw" (machine parsable) output.
* networkd's IPForwarding= .network file setting learnt the
new setting "kernel", which ensures that networkd does not
change the IP forwarding sysctl from the default kernel
state.
* The systemd-logind bus API now exposes a new boolean
property "Docked" that reports whether logind considers the
system "docked", i.e. connected to a docking station or not.
Contributions from: Alex Crawford, Andreas Pokorny, Andrei
Borzenkov, Charles Duffy, Colin Guthrie, Cristian Rodríguez,
Daniele Medri, Daniel Hahler, Daniel Mack, David Herrmann,
David Mohr, Dimitri John Ledkov, Djalal Harouni, dslul, Ed
Swierk, Eric Cook, Filipe Brandenburger, Gianpaolo Macario,
Harald Hoyer, Iago López Galeiras, Igor Vuk, Jan Synacek,
Jason Pleau, Jason S. McMullan, Jean Delvare, Jeff Huang,
Jonathan Boulle, Karel Zak, Kay Sievers, kloun, Lennart
Poettering, Marc-Antoine Perennou, Marcel Holtmann, Mario
Limonciello, Martin Pitt, Michael Biebl, Michael Olbrich,
Michal Schmidt, Mike Gilbert, Nick Owens, Pablo Lezaeta Reyes,
Patrick Donnelly, Pavel Odvody, Peter Hutterer, Philip
Withnall, Ronny Chevalier, Simon McVittie, Susant Sahani,
Thomas Hindoe Paaboel Andersen, Tom Gundersen, Torstein
Husebø, Umut Tezduyar Lindskog, Viktar Vauchkevich, Werner
Fink, Zbigniew Jędrzejewski-Szmek
— Berlin, 2015-06-19
CHANGES WITH 220:
* The gudev library has been extracted into a separate repository
available at: https://git.gnome.org/browse/libgudev/
It is now managed as part of the Gnome project. Distributions
are recommended to pass --disable-gudev to systemd and use
gudev from the Gnome project instead. gudev is still included
in systemd, for now. It will be removed soon, though. Please
also see the announcement-thread on systemd-devel:
https://lists.freedesktop.org/archives/systemd-devel/2015-May/032070.html
* systemd now exposes a CPUUsageNSec= property for each
service unit on the bus, that contains the overall consumed
CPU time of a service (the sum of what each process of the
service consumed). This value is only available if
CPUAccounting= is turned on for a service, and is then shown
in the "systemctl status" output.
* Support for configuring alternative mappings of the old SysV
runlevels to systemd targets has been removed. They are now
hardcoded in a way that runlevels 2, 3, 4 all map to
multi-user.target and 5 to graphical.target (which
previously was already the default behaviour).
* The auto-mounter logic gained support for mount point
expiry, using a new TimeoutIdleSec= setting in .automount
units. (Also available as x-systemd.idle-timeout= in /etc/fstab).
* The EFI System Partition (ESP) as mounted to /boot by
systemd-efi-boot-generator will now be unmounted
automatically after 2 minutes of not being used. This should
minimize the risk of ESP corruptions.
* New /etc/fstab options x-systemd.requires= and
x-systemd.requires-mounts-for= are now supported to express
additional dependencies for mounts. This is useful for
journalling file systems that support external journal
devices or overlay file systems that require underlying file
systems to be mounted.
* systemd does not support direct live-upgrades (via systemctl
daemon-reexec) from versions older than v44 anymore. As no
distribution we are aware of shipped such old versions in a
stable release this should not be problematic.
* When systemd forks off a new per-connection service instance
it will now set the $REMOTE_ADDR environment variable to the
remote IP address, and $REMOTE_PORT environment variable to
the remote IP port. This behaviour is similar to the
corresponding environment variables defined by CGI.
* systemd-networkd gained support for uplink failure
detection. The BindCarrier= option allows binding interface
configuration dynamically to the link sense of other
interfaces. This is useful to achieve behaviour like in
network switches.
* systemd-networkd gained support for configuring the DHCP
client identifier to use when requesting leases.
* systemd-networkd now has a per-network UseNTP= option to
configure whether NTP server information acquired via DHCP
is passed on to services like systemd-timesyncd.
* systemd-networkd gained support for vti6 tunnels.
* Note that systemd-networkd manages the sysctl variable
/proc/sys/net/ipv[46]/conf/*/forwarding for each interface
it is configured for since v219. The variable controls IP
forwarding, and is a per-interface alternative to the global
/proc/sys/net/ipv[46]/ip_forward. This setting is
configurable in the IPForward= option, which defaults to
"no". This means if networkd is used for an interface it is
no longer sufficient to set the global sysctl option to turn
on IP forwarding! Instead, the .network file option
IPForward= needs to be turned on! Note that the
implementation of this behaviour was broken in v219 and has
been fixed in v220.
* Many bonding and vxlan options are now configurable in
systemd-networkd.
* systemd-nspawn gained a new --property= setting to set unit
properties for the container scope. This is useful for
setting resource parameters (e.g. "CPUShares=500") on
containers started from the command line.
* systemd-nspawn gained a new --private-users= switch to make
use of user namespacing available on recent Linux kernels.
* systemd-nspawn may now be called as part of a shell pipeline
in which case the pipes used for stdin and stdout are passed
directly to the process invoked in the container, without
indirection via a pseudo tty.
* systemd-nspawn gained a new switch to control the UNIX
signal to use when killing the init process of the container
when shutting down.
* systemd-nspawn gained a new --overlay= switch for mounting
overlay file systems into the container using the new kernel
overlayfs support.
* When a container image is imported via systemd-importd and
the host file system is not btrfs, a loopback block device
file is created in /var/lib/machines.raw with a btrfs file
system inside. It is then mounted to /var/lib/machines to
enable btrfs features for container management. The loopback
file and btrfs file system is grown as needed when container
images are imported via systemd-importd.
* systemd-machined/systemd-importd gained support for btrfs
quota, to enforce container disk space limits on disk. This
is exposed in "machinectl set-limit".
* systemd-importd now can import containers from local .tar,
.raw and .qcow2 images, and export them to .tar and .raw. It
can also import dkr v2 images now from the network (on top
of v1 as before).
* systemd-importd gained support for verifying downloaded
images with gpg2 (previously only gpg1 was supported).
* systemd-machined, systemd-logind, systemd: most bus calls
are now accessible to unprivileged processes via
PolicyKit. Also, systemd-logind will now allow users to kill
their own sessions without further privileges or
authorization.
* systemd-shutdownd has been removed. This service was
previously responsible for implementing scheduled shutdowns
as exposed in /usr/bin/shutdown's time parameter. This
functionality has now been moved into systemd-logind and is
accessible via a bus interface.
* "systemctl reboot" gained a new switch --firmware-setup that
can be used to reboot into the EFI firmware setup, if that
is available. systemd-logind now exposes an API on the bus
to trigger such reboots, in case graphical desktop UIs want
to cover this functionality.
* "systemctl enable", "systemctl disable" and "systemctl mask"
now support a new "--now" switch. If specified the units
that are enabled will also be started, and the ones
disabled/masked also stopped.
* The Gummiboot EFI boot loader tool has been merged into
systemd, and renamed to "systemd-boot". The bootctl tool has been
updated to support systemd-boot.
* An EFI kernel stub has been added that may be used to create
kernel EFI binaries that contain not only the actual kernel,
but also an initrd, boot splash, command line and OS release
information. This combined binary can then be signed as a
single image, so that the firmware can verify it all in one
step. systemd-boot has special support for EFI binaries created
like this and can extract OS release information from them
and show them in the boot menu. This functionality is useful
to implement cryptographically verified boot schemes.
* Optional support has been added to systemd-fsck to pass
fsck's progress report to an AF_UNIX socket in the file
system.
* udev will no longer create device symlinks for all block
devices by default. A blacklist for excluding special block
devices from this logic has been turned into a whitelist
that requires picking block devices explicitly that require
device symlinks.
* A new (currently still internal) API sd-device.h has been
added to libsystemd. This modernized API is supposed to
replace libudev eventually. In fact, already much of libudev
is now just a wrapper around sd-device.h.
* A new hwdb database for storing metadata about pointing
stick devices has been added.
* systemd-tmpfiles gained support for setting file attributes
similar to the "chattr" tool with new 'h' and 'H' lines.
* systemd-journald will no longer unconditionally set the
btrfs NOCOW flag on new journal files. This is instead done
with tmpfiles snippet using the new 'h' line type. This
allows easy disabling of this logic, by masking the
journal-nocow.conf tmpfiles file.
* systemd-journald will now translate audit message types to
human readable identifiers when writing them to the
journal. This should improve readability of audit messages.
* The LUKS logic gained support for the offset= and skip=
options in /etc/crypttab, as previously implemented by
Debian.
* /usr/lib/os-release gained a new optional field VARIANT= for
distributions that support multiple variants (such as a
desktop edition, a server edition, ...)
Contributions from: Aaro Koskinen, Adam Goode, Alban Crequy,
Alberto Fanjul Alonso, Alexander Sverdlin, Alex Puchades, Alin
Rauta, Alison Chaiken, Andrew Jones, Arend van Spriel,
Benedikt Morbach, Benjamin Franzke, Benjamin Tissoires, Blaž
Tomažič, Chris Morgan, Chris Morin, Colin Walters, Cristian
Rodríguez, Daniel Buch, Daniel Drake, Daniele Medri, Daniel
Mack, Daniel Mustieles, daurnimator, Davide Bettio, David
Herrmann, David Strauss, Didier Roche, Dimitri John Ledkov,
Eric Cook, Gavin Li, Goffredo Baroncelli, Hannes Reinecke,
Hans de Goede, Hans-Peter Deifel, Harald Hoyer, Iago López
Galeiras, Ivan Shapovalov, Jan Engelhardt, Jan Janssen, Jan
Pazdziora, Jan Synacek, Jasper St. Pierre, Jay Faulkner, John
Paul Adrian Glaubitz, Jonathon Gilbert, Karel Zak, Kay
Sievers, Koen Kooi, Lennart Poettering, Lubomir Rintel, Lucas
De Marchi, Lukas Nykryn, Lukas Rusak, Lukasz Skalski, Łukasz
Stelmach, Mantas Mikulėnas, Marc-Antoine Perennou, Marcel
Holtmann, Martin Pitt, Mathieu Chevrier, Matthew Garrett,
Michael Biebl, Michael Marineau, Michael Olbrich, Michal
Schmidt, Michal Sekletar, Mirco Tischler, Nir Soffer, Patrik
Flykt, Pavel Odvody, Peter Hutterer, Peter Lemenkov, Peter
Waller, Piotr Drąg, Raul Gutierrez S, Richard Maw, Ronny
Chevalier, Ross Burton, Sebastian Rasmussen, Sergey Ptashnick,
Seth Jennings, Shawn Landden, Simon Farnsworth, Stefan Junker,
Stephen Gallagher, Susant Sahani, Sylvain Plantefève, Thomas
Haller, Thomas Hindoe Paaboel Andersen, Tobias Hunger, Tom
Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Will
Woods, Zachary Cook, Zbigniew Jędrzejewski-Szmek
— Berlin, 2015-05-22
CHANGES WITH 219:
* Introduce a new API "sd-hwdb.h" for querying the hardware
metadata database. With this minimal interface one can query
and enumerate the udev hwdb, decoupled from the old libudev
library. libudev's interface for this is now only a wrapper
around sd-hwdb. A new tool systemd-hwdb has been added to
interface with and update the database.
* When any of systemd's tools copies files (for example due to
tmpfiles' C lines) a btrfs reflink will attempted first,
before bytewise copying is done.
* systemd-nspawn gained a new --ephemeral switch. When
specified a btrfs snapshot is taken of the container's root
directory, and immediately removed when the container
terminates again. Thus, a container can be started whose
changes never alter the container's root directory, and are
lost on container termination. This switch can also be used
for starting a container off the root file system of the
host without affecting the host OS. This switch is only
available on btrfs file systems.
* systemd-nspawn gained a new --template= switch. It takes the
path to a container tree to use as template for the tree
specified via --directory=, should that directory be
missing. This allows instantiating containers dynamically,
on first run. This switch is only available on btrfs file
systems.
* When a .mount unit refers to a mount point on which multiple
mounts are stacked, and the .mount unit is stopped all of
the stacked mount points will now be unmounted until no
mount point remains.
* systemd now has an explicit notion of supported and
unsupported unit types. Jobs enqueued for unsupported unit
types will now fail with an "unsupported" error code. More
specifically .swap, .automount and .device units are not
supported in containers, .busname units are not supported on
non-kdbus systems. .swap and .automount are also not
supported if their respective kernel compile time options
are disabled.
* machinectl gained support for two new "copy-from" and
"copy-to" commands for copying files from a running
container to the host or vice versa.
* machinectl gained support for a new "bind" command to bind
mount host directories into local containers. This is
currently only supported for nspawn containers.
* networkd gained support for configuring bridge forwarding
database entries (fdb) from .network files.
* A new tiny daemon "systemd-importd" has been added that can
download container images in tar, raw, qcow2 or dkr formats,
and make them available locally in /var/lib/machines, so
that they can run as nspawn containers. The daemon can GPG
verify the downloads (not supported for dkr, since it has no
provisions for verifying downloads). It will transparently
decompress bz2, xz, gzip compressed downloads if necessary,
and restore sparse files on disk. The daemon uses privilege
separation to ensure the actual download logic runs with
fewer privileges than the daemon itself. machinectl has
gained new commands "pull-tar", "pull-raw" and "pull-dkr" to
make the functionality of importd available to the
user. With this in place the Fedora and Ubuntu "Cloud"
images can be downloaded and booted as containers unmodified
(the Fedora images lack the appropriate GPG signature files
currently, so they cannot be verified, but this will change
soon, hopefully). Note that downloading images is currently
only fully supported on btrfs.
* machinectl is now able to list container images found in
/var/lib/machines, along with some metadata about sizes of
disk and similar. If the directory is located on btrfs and
quota is enabled, this includes quota display. A new command
"image-status" has been added that shows additional
information about images.
* machinectl is now able to clone container images
efficiently, if the underlying file system (btrfs) supports
it, with the new "machinectl clone" command. It also
gained commands for renaming and removing images, as well as
marking them read-only or read-write (supported also on
legacy file systems).
* networkd gained support for collecting LLDP network
announcements, from hardware that supports this. This is
shown in networkctl output.
* systemd-run gained support for a new -t (--pty) switch for
invoking a binary on a pty whose input and output is
connected to the invoking terminal. This allows executing
processes as system services while interactively
communicating with them via the terminal. Most interestingly
this is supported across container boundaries. Invoking
"systemd-run -t /bin/bash" is an alternative to running a
full login session, the difference being that the former
will not register a session, nor go through the PAM session
setup.
* tmpfiles gained support for a new "v" line type for creating
btrfs subvolumes. If the underlying file system is a legacy
file system, this automatically degrades to creating a
normal directory. Among others /var/lib/machines is now
created like this at boot, should it be missing.
* The directory /var/lib/containers/ has been deprecated and
been replaced by /var/lib/machines. The term "machines" has
been used in the systemd context as generic term for both
VMs and containers, and hence appears more appropriate for
this, as the directory can also contain raw images bootable
via qemu/kvm.
* systemd-nspawn when invoked with -M but without --directory=
or --image= is now capable of searching for the container
root directory, subvolume or disk image automatically, in
/var/lib/machines. systemd-nspawn@.service has been updated
to make use of this, thus allowing it to be used for raw
disk images, too.
* A new machines.target unit has been introduced that is
supposed to group all containers/VMs invoked as services on
the system. systemd-nspawn@.service has been updated to
integrate with that.
* machinectl gained a new "start" command, for invoking a
container as a service. "machinectl start foo" is mostly
equivalent to "systemctl start systemd-nspawn@foo.service",
but handles escaping in a nicer way.
* systemd-nspawn will now mount most of the cgroupfs tree
read-only into each container, with the exception of the
container's own subtree in the name=systemd hierarchy.
* journald now sets the special FS_NOCOW file flag for its
journal files. This should improve performance on btrfs, by
avoiding heavy fragmentation when journald's write-pattern
is used on COW file systems. It degrades btrfs' data
integrity guarantees for the files to the same levels as for
ext3/ext4 however. This should be OK though as journald does
its own data integrity checks and all its objects are
checksummed on disk. Also, journald should handle btrfs disk
full events a lot more gracefully now, by processing SIGBUS
errors, and not relying on fallocate() anymore.
* When journald detects that journal files it is writing to
have been deleted it will immediately start new journal
files.
* systemd now provides a way to store file descriptors
per-service in PID 1. This is useful for daemons to ensure
that fds they require are not lost during a daemon
restart. The fds are passed to the daemon on the next
invocation in the same way socket activation fds are
passed. This is now used by journald to ensure that the
various sockets connected to all the system's stdout/stderr
are not lost when journald is restarted. File descriptors
may be stored in PID 1 via the sd_pid_notify_with_fds() API,
an extension to sd_notify(). Note that a limit is enforced
on the number of fds a service can store in PID 1, and it
defaults to 0, so that no fds may be stored, unless this is
explicitly turned on.
* The default TERM variable to use for units connected to a
terminal, when no other value is explicitly is set is now
vt220 rather than vt102. This should be fairly safe still,
but allows PgUp/PgDn work.
* The /etc/crypttab option header= as known from Debian is now
supported.
* "loginctl user-status" and "loginctl session-status" will
now show the last 10 lines of log messages of the
user/session following the status output. Similar,
"machinectl status" will show the last 10 log lines
associated with a virtual machine or container
service. (Note that this is usually not the log messages
done in the VM/container itself, but simply what the
container manager logs. For nspawn this includes all console
output however.)
* "loginctl session-status" without further argument will now
show the status of the session of the caller. Similar,
"lock-session", "unlock-session", "activate",
"enable-linger", "disable-linger" may now be called without
session/user parameter in which case they apply to the
caller's session/user.
* An X11 session scriptlet is now shipped that uploads
$DISPLAY and $XAUTHORITY into the environment of the systemd
--user daemon if a session begins. This should improve
compatibility with X11 enabled applications run as systemd
user services.
* Generators are now subject to masking via /etc and /run, the
same way as unit files.
* networkd .network files gained support for configuring
per-link IPv4/IPv6 packet forwarding as well as IPv4
masquerading. This is by default turned on for veth links to
containers, as registered by systemd-nspawn. This means that
nspawn containers run with --network-veth will now get
automatic routed access to the host's networks without any
further configuration or setup, as long as networkd runs on
the host.
* systemd-nspawn gained the --port= (-p) switch to expose TCP
or UDP posts of a container on the host. With this in place
it is possible to run containers with private veth links
(--network-veth), and have their functionality exposed on
the host as if their services were running directly on the
host.
* systemd-nspawn's --network-veth switch now gained a short
version "-n", since with the changes above it is now truly
useful out-of-the-box. The systemd-nspawn@.service has been
updated to make use of it too by default.
* systemd-nspawn will now maintain a per-image R/W lock, to
ensure that the same image is not started more than once
writable. (It's OK to run an image multiple times
simultaneously in read-only mode.)
* systemd-nspawn's --image= option is now capable of
dissecting and booting MBR and GPT disk images that contain
only a single active Linux partition. Previously it
supported only GPT disk images with proper GPT type
IDs. This allows running cloud images from major
distributions directly with systemd-nspawn, without
modification.
* In addition to collecting mouse dpi data in the udev
hardware database, there's now support for collecting angle
information for mouse scroll wheels. The database is
supposed to guarantee similar scrolling behavior on mice
that it knows about. There's also support for collecting
information about Touchpad types.
* udev's input_id built-in will now also collect touch screen
dimension data and attach it to probed devices.
* /etc/os-release gained support for a Distribution Privacy
Policy link field.
* networkd gained support for creating "ipvlan", "gretap",
"ip6gre", "ip6gretap" and "ip6tnl" network devices.
* systemd-tmpfiles gained support for "a" lines for setting
ACLs on files.
* systemd-nspawn will now mount /tmp in the container to
tmpfs, automatically.
* systemd now exposes the memory.usage_in_bytes cgroup
attribute and shows it for each service in the "systemctl
status" output, if available.
* When the user presses Ctrl-Alt-Del more than 7x within 2s an
immediate reboot is triggered. This useful if shutdown is
hung and is unable to complete, to expedite the
operation. Note that this kind of reboot will still unmount
all file systems, and hence should not result in fsck being
run on next reboot.
* A .device unit for an optical block device will now be
considered active only when a medium is in the drive. Also,
mount units are now bound to their backing devices thus
triggering automatic unmounting when devices become
unavailable. With this in place systemd will now
automatically unmount left-over mounts when a CD-ROM is
ejected or an USB stick is yanked from the system.
* networkd-wait-online now has support for waiting for
specific interfaces only (with globbing), and for giving up
after a configurable timeout.
* networkd now exits when idle. It will be automatically
restarted as soon as interfaces show up, are removed or
change state. networkd will stay around as long as there is
at least one DHCP state machine or similar around, that keep
it non-idle.
* networkd may now configure IPv6 link-local addressing in
addition to IPv4 link-local addressing.
* The IPv6 "token" for use in SLAAC may now be configured for
each .network interface in networkd.
* Routes configured with networkd may now be assigned a scope
in .network files.
* networkd's [Match] sections now support globbing and lists
of multiple space-separated matches per item.
Contributions from: Alban Crequy, Alin Rauta, Andrey Chaser,
Bastien Nocera, Bruno Bottazzini, Carlos Garnacho, Carlos
Morata Castillo, Chris Atkinson, Chris J. Arges, Christian
Kirbach, Christian Seiler, Christoph Brill, Colin Guthrie,
Colin Walters, Cristian Rodríguez, Daniele Medri, Daniel Mack,
Dave Reisner, David Herrmann, Djalal Harouni, Erik Auerswald,
Filipe Brandenburger, Frank Theile, Gabor Kelemen, Gabriel de
Perthuis, Harald Hoyer, Hui Wang, Ivan Shapovalov, Jan
Engelhardt, Jan Synacek, Jay Faulkner, Johannes Hölzl, Jonas
Ådahl, Jonathan Boulle, Josef Andersson, Kay Sievers, Ken
Werner, Lennart Poettering, Lucas De Marchi, Lukas Märdian,
Lukas Nykryn, Lukasz Skalski, Luke Shumaker, Mantas Mikulėnas,
Manuel Mendez, Marcel Holtmann, Marc Schmitzer, Marko
Myllynen, Martin Pitt, Maxim Mikityanskiy, Michael Biebl,
Michael Marineau, Michael Olbrich, Michal Schmidt, Mindaugas
Baranauskas, Moez Bouhlel, Naveen Kumar, Patrik Flykt, Paul
Martin, Peter Hutterer, Peter Mattern, Philippe De Swert,
Piotr Drąg, Rafael Ferreira, Rami Rosen, Robert Milasan, Ronny
Chevalier, Sangjung Woo, Sebastien Bacher, Sergey Ptashnick,
Shawn Landden, Stéphane Graber, Susant Sahani, Sylvain
Plantefève, Thomas Hindoe Paaboel Andersen, Tim JP, Tom
Gundersen, Topi Miettinen, Torstein Husebø, Umut Tezduyar
Lindskog, Veres Lajos, Vincent Batts, WaLyong Cho, Wieland
Hoffmann, Zbigniew Jędrzejewski-Szmek
— Berlin, 2015-02-16
CHANGES WITH 218:
* When querying unit file enablement status (for example via
"systemctl is-enabled"), a new state "indirect" is now known
which indicates that a unit might not be enabled itself, but
another unit listed in its Also= setting might be.
* Similar to the various existing ConditionXYZ= settings for
units, there are now matching AssertXYZ= settings. While
failing conditions cause a unit to be skipped, but its job
to succeed, failing assertions declared like this will cause
a unit start operation and its job to fail.
* hostnamed now knows a new chassis type "embedded".
* systemctl gained a new "edit" command. When used on a unit
file, this allows extending unit files with .d/ drop-in
configuration snippets or editing the full file (after
copying it from /usr/lib to /etc). This will invoke the
user's editor (as configured with $EDITOR), and reload the
modified configuration after editing.
* "systemctl status" now shows the suggested enablement state
for a unit, as declared in the (usually vendor-supplied)
system preset files.
* nss-myhostname will now resolve the single-label host name
"gateway" to the locally configured default IP routing
gateways, ordered by their metrics. This assigns a stable
name to the used gateways, regardless which ones are
currently configured. Note that the name will only be
resolved after all other name sources (if nss-myhostname is
configured properly) and should hence not negatively impact
systems that use the single-label host name "gateway" in
other contexts.
* systemd-inhibit now allows filtering by mode when listing
inhibitors.
* Scope and service units gained a new "Delegate" boolean
property, which, when set, allows processes running inside the
unit to further partition resources. This is primarily
useful for systemd user instances as well as container
managers.
* journald will now pick up audit messages directly from
the kernel, and log them like any other log message. The
audit fields are split up and fully indexed. This means that
journalctl in many ways is now a (nicer!) alternative to
ausearch, the traditional audit client. Note that this
implements only a minimal audit client. If you want the
special audit modes like reboot-on-log-overflow, please use
the traditional auditd instead, which can be used in
parallel to journald.
* The ConditionSecurity= unit file option now understands the
special string "audit" to check whether auditing is
available.
* journalctl gained two new commands --vacuum-size= and
--vacuum-time= to delete old journal files until the
remaining ones take up no more than the specified size on disk,
or are not older than the specified time.
* A new, native PPPoE library has been added to sd-network,
systemd's library of light-weight networking protocols. This
library will be used in a future version of networkd to
enable PPPoE communication without an external pppd daemon.
* The busctl tool now understands a new "capture" verb that
works similar to "monitor", but writes a packet capture
trace to STDOUT that can be redirected to a file which is
compatible with libcap's capture file format. This can then
be loaded in Wireshark and similar tools to inspect bus
communication.
* The busctl tool now understands a new "tree" verb that shows
the object trees of a specific service on the bus, or of all
services.
* The busctl tool now understands a new "introspect" verb that
shows all interfaces and members of objects on the bus,
including their signature and values. This is particularly
useful to get more information about bus objects shown by
the new "busctl tree" command.
* The busctl tool now understands new verbs "call",
"set-property" and "get-property" for invoking bus method
calls, setting and getting bus object properties in a
friendly way.
* busctl gained a new --augment-creds= argument that controls
whether the tool shall augment credential information it
gets from the bus with data from /proc, in a possibly
race-ful way.
* nspawn's --link-journal= switch gained two new values
"try-guest" and "try-host" that work like "guest" and
"host", but do not fail if the host has no persistent
journalling enabled. -j is now equivalent to
--link-journal=try-guest.
* macvlan network devices created by nspawn will now have
stable MAC addresses.
* A new SmackProcessLabel= unit setting has been added, which
controls the SMACK security label processes forked off by
the respective unit shall use.
* If compiled with --enable-xkbcommon, systemd-localed will
verify x11 keymap settings by compiling the given keymap. It
will spew out warnings if the compilation fails. This
requires libxkbcommon to be installed.
* When a coredump is collected, a larger number of metadata
fields is now collected and included in the journal records
created for it. More specifically, control group membership,
environment variables, memory maps, working directory,
chroot directory, /proc/$PID/status, and a list of open file
descriptors is now stored in the log entry.
* The udev hwdb now contains DPI information for mice. For
details see:
http://who-t.blogspot.de/2014/12/building-a-dpi-database-for-mice.html
* All systemd programs that read standalone configuration
files in /etc now also support a corresponding series of
.conf.d configuration directories in /etc/, /run/,
/usr/local/lib/, /usr/lib/, and (if configured with
--enable-split-usr) /lib/. In particular, the following
configuration files now have corresponding configuration
directories: system.conf user.conf, logind.conf,
journald.conf, sleep.conf, bootchart.conf, coredump.conf,
resolved.conf, timesyncd.conf, journal-remote.conf, and
journal-upload.conf. Note that distributions should use the
configuration directories in /usr/lib/; the directories in
/etc/ are reserved for the system administrator.
* systemd-rfkill will no longer take the rfkill device name
into account when storing rfkill state on disk, as the name
might be dynamically assigned and not stable. Instead, the
ID_PATH udev variable combined with the rfkill type (wlan,
bluetooth, ...) is used.
* A new service systemd-machine-id-commit.service has been
added. When used on systems where /etc is read-only during
boot, and /etc/machine-id is not initialized (but an empty
file), this service will copy the temporary machine ID
created as replacement into /etc after the system is fully
booted up. This is useful for systems that are freshly
installed with a non-initialized machine ID, but should get
a fixed machine ID for subsequent boots.
* networkd's .netdev files now provide a large set of
configuration parameters for VXLAN devices. Similarly, the
bridge port cost parameter is now configurable in .network
files. There's also new support for configuring IP source
routing. networkd .link files gained support for a new
OriginalName= match that is useful to match against the
original interface name the kernel assigned. .network files
may include MTU= and MACAddress= fields for altering the MTU
and MAC address while being connected to a specific network
interface.
* The LUKS logic gained supported for configuring
UUID-specific key files. There's also new support for naming
LUKS device from the kernel command line, using the new
luks.name= argument.
* Timer units may now be transiently created via the bus API
(this was previously already available for scope and service
units). In addition it is now possible to create multiple
transient units at the same time with a single bus call. The
"systemd-run" tool has been updated to make use of this for
running commands on a specified time, in at(1)-style.
* tmpfiles gained support for "t" lines, for assigning
extended attributes to files. Among other uses this may be
used to assign SMACK labels to files.
Contributions from: Alin Rauta, Alison Chaiken, Andrej
Manduch, Bastien Nocera, Chris Atkinson, Chris Leech, Chris
Mayo, Colin Guthrie, Colin Walters, Cristian Rodríguez,
Daniele Medri, Daniel Mack, Dan Williams, Dan Winship, Dave
Reisner, David Herrmann, Didier Roche, Felipe Sateler, Gavin
Li, Hans de Goede, Harald Hoyer, Iago López Galeiras, Ivan
Shapovalov, Jakub Filak, Jan Janssen, Jan Synacek, Joe
Lawrence, Josh Triplett, Kay Sievers, Lennart Poettering,
Lukas Nykryn, Łukasz Stelmach, Maciej Wereski, Mantas
Mikulėnas, Marcel Holtmann, Martin Pitt, Maurizio Lombardi,
Michael Biebl, Michael Chapman, Michael Marineau, Michal
Schmidt, Michal Sekletar, Olivier Brunel, Patrik Flykt, Peter
Hutterer, Przemyslaw Kedzierski, Rami Rosen, Ray Strode,
Richard Schütz, Richard W.M. Jones, Ronny Chevalier, Ross
Lagerwall, Sean Young, Stanisław Pitucha, Susant Sahani,
Thomas Haller, Thomas Hindoe Paaboel Andersen, Tom Gundersen,
Torstein Husebø, Umut Tezduyar Lindskog, Vicente Olivert
Riera, WaLyong Cho, Wesley Dawson, Zbigniew Jędrzejewski-Szmek
— Berlin, 2014-12-10
CHANGES WITH 217:
* journalctl gained the new options -t/--identifier= to match
on the syslog identifier (aka "tag"), as well as --utc to
show log timestamps in the UTC timezone. journalctl now also
accepts -n/--lines=all to disable line capping in a pager.
* journalctl gained a new switch, --flush, that synchronously
flushes logs from /run/log/journal to /var/log/journal if
persistent storage is enabled. systemd-journal-flush.service
now waits until the operation is complete.
* Services can notify the manager before they start a reload
(by sending RELOADING=1) or shutdown (by sending
STOPPING=1). This allows the manager to track and show the
internal state of daemons and closes a race condition when
the process is still running but has closed its D-Bus
connection.
* Services with Type=oneshot do not have to have any ExecStart
commands anymore.
* User units are now loaded also from
$XDG_RUNTIME_DIR/systemd/user/. This is similar to the
/run/systemd/user directory that was already previously
supported, but is under the control of the user.
* Job timeouts (i.e. time-outs on the time a job that is
queued stays in the run queue) can now optionally result in
immediate reboot or power-off actions (JobTimeoutAction= and
JobTimeoutRebootArgument=). This is useful on ".target"
units, to limit the maximum time a target remains
undispatched in the run queue, and to trigger an emergency
operation in such a case. This is now used by default to
turn off the system if boot-up (as defined by everything in
basic.target) hangs and does not complete for at least
15min. Also, if power-off or reboot hang for at least 30min
an immediate power-off/reboot operation is triggered. This
functionality is particularly useful to increase reliability
on embedded devices, but also on laptops which might
accidentally get powered on when carried in a backpack and
whose boot stays stuck in a hard disk encryption passphrase
question.
* systemd-logind can be configured to also handle lid switch
events even when the machine is docked or multiple displays
are attached (HandleLidSwitchDocked= option).
* A helper binary and a service have been added which can be
used to resume from hibernation in the initramfs. A
generator will parse the resume= option on the kernel
command line to trigger resume.
* A user console daemon systemd-consoled has been
added. Currently, it is a preview, and will so far open a
single terminal on each session of the user marked as
Desktop=systemd-console.
* Route metrics can be specified for DHCP routes added by
systemd-networkd.
* The SELinux context of socket-activated services can be set
from the information provided by the networking stack
(SELinuxContextFromNet= option).
* Userspace firmware loading support has been removed and
the minimum supported kernel version is thus bumped to 3.7.
* Timeout for udev workers has been increased from 1 to 3
minutes, but a warning will be printed after 1 minute to
help diagnose kernel modules that take a long time to load.
* Udev rules can now remove tags on devices with TAG-="foobar".
* systemd's readahead implementation has been removed. In many
circumstances it didn't give expected benefits even for
rotational disk drives and was becoming less relevant in the
age of SSDs. As none of the developers has been using
rotating media anymore, and nobody stepped up to actively
maintain this component of systemd it has now been removed.
* Swap units can use Options= to specify discard options.
Discard options specified for swaps in /etc/fstab are now
respected.
* Docker containers are now detected as a separate type of
virtualization.
* The Password Agent protocol gained support for queries where
the user input is shown, useful e.g. for user names.
systemd-ask-password gained a new --echo option to turn that
on.
* The default sysctl.d/ snippets will now set:
net.core.default_qdisc = fq_codel
This selects Fair Queuing Controlled Delay as the default
queuing discipline for network interfaces. fq_codel helps
fight the network bufferbloat problem. It is believed to be
a good default with no tuning required for most workloads.
Downstream distributions may override this choice. On 10Gbit
servers that do not do forwarding, "fq" may perform better.
Systems without a good clocksource should use "pfifo_fast".
* If kdbus is enabled during build a new option BusPolicy= is
available for service units, that allows locking all service
processes into a stricter bus policy, in order to limit
access to various bus services, or even hide most of them
from the service's view entirely.
* networkctl will now show the .network and .link file
networkd has applied to a specific interface.
* sd-login gained a new API call sd_session_get_desktop() to
query which desktop environment has been selected for a
session.
* UNIX utmp support is now compile-time optional to support
legacy-free systems.
* systemctl gained two new commands "add-wants" and
"add-requires" for pulling in units from specific targets
easily.
* If the word "rescue" is specified on the kernel command line
the system will now boot into rescue mode (aka
rescue.target), which was previously available only by
specifying "1" or "systemd.unit=rescue.target" on the kernel
command line. This new kernel command line option nicely
mirrors the already existing "emergency" kernel command line
option.
* New kernel command line options mount.usr=, mount.usrflags=,
mount.usrfstype= have been added that match root=, rootflags=,
rootfstype= but allow mounting a specific file system to
/usr.
* The $NOTIFY_SOCKET is now also passed to control processes of
services, not only the main process.
* This version reenables support for fsck's -l switch. This
means at least version v2.25 of util-linux is required for
operation, otherwise dead-locks on device nodes may
occur. Again: you need to update util-linux to at least
v2.25 when updating systemd to v217.
* The "multi-seat-x" tool has been removed from systemd, as
its functionality has been integrated into X servers 1.16,
and the tool is hence redundant. It is recommended to update
display managers invoking this tool to simply invoke X
directly from now on, again.
* Support for the new ALLOW_INTERACTIVE_AUTHORIZATION D-Bus
message flag has been added for all of systemd's PolicyKit
authenticated method calls has been added. In particular
this now allows optional interactive authorization via
PolicyKit for many of PID1's privileged operations such as
unit file enabling and disabling.
* "udevadm hwdb --update" learnt a new switch "--usr" for
placing the rebuilt hardware database in /usr instead of
/etc. When used only hardware database entries stored in
/usr will be used, and any user database entries in /etc are
ignored. This functionality is useful for vendors to ship a
pre-built database on systems where local configuration is
unnecessary or unlikely.
* Calendar time specifications in .timer units now also
understand the strings "semi-annually", "quarterly" and
"minutely" as shortcuts (in addition to the preexisting
"anually", "hourly", ...).
* systemd-tmpfiles will now correctly create files in /dev
at boot which are marked for creation only at boot. It is
recommended to always create static device nodes with 'c!'
and 'b!', so that they are created only at boot and not
overwritten at runtime.
* When the watchdog logic is used for a service (WatchdogSec=)
and the watchdog timeout is hit the service will now be
terminated with SIGABRT (instead of just SIGTERM), in order
to make sure a proper coredump and backtrace is
generated. This ensures that hanging services will result in
similar coredump/backtrace behaviour as services that hit a
segmentation fault.
Contributions from: Andreas Henriksson, Andrei Borzenkov,
Angus Gibson, Ansgar Burchardt, Ben Wolsieffer, Brandon L.
Black, Christian Hesse, Cristian Rodríguez, Daniel Buch,
Daniele Medri, Daniel Mack, Dan Williams, Dave Reisner, David
Herrmann, David Sommerseth, David Strauss, Emil Renner
Berthing, Eric Cook, Evangelos Foutras, Filipe Brandenburger,
Gustavo Sverzut Barbieri, Hans de Goede, Harald Hoyer, Hristo
Venev, Hugo Grostabussiat, Ivan Shapovalov, Jan Janssen, Jan
Synacek, Jonathan Liu, Juho Son, Karel Zak, Kay Sievers, Klaus
Purer, Koen Kooi, Lennart Poettering, Lukas Nykryn, Lukasz
Skalski, Łukasz Stelmach, Mantas Mikulėnas, Marcel Holtmann,
Marius Tessmann, Marko Myllynen, Martin Pitt, Michael Biebl,
Michael Marineau, Michael Olbrich, Michael Scherer, Michal
Schmidt, Michal Sekletar, Miroslav Lichvar, Patrik Flykt,
Philippe De Swert, Piotr Drąg, Rahul Sundaram, Richard
Weinberger, Robert Milasan, Ronny Chevalier, Ruben Kerkhof,
Santiago Vila, Sergey Ptashnick, Simon McVittie, Sjoerd
Simons, Stefan Brüns, Steven Allen, Steven Noonan, Susant
Sahani, Sylvain Plantefève, Thomas Hindoe Paaboel Andersen,
Timofey Titovets, Tobias Hunger, Tom Gundersen, Torstein
Husebø, Umut Tezduyar Lindskog, WaLyong Cho, Zbigniew
Jędrzejewski-Szmek
— Berlin, 2014-10-28
CHANGES WITH 216:
* timedated no longer reads NTP implementation unit names from
/usr/lib/systemd/ntp-units.d/*.list. Alternative NTP
implementations should add a
Conflicts=systemd-timesyncd.service
to their unit files to take over and replace systemd's NTP
default functionality.
* systemd-sysusers gained a new line type "r" for configuring
which UID/GID ranges to allocate system users/groups
from. Lines of type "u" may now add an additional column
that specifies the home directory for the system user to be
created. Also, systemd-sysusers may now optionally read user
information from STDIN instead of a file. This is useful for
invoking it from RPM preinst scriptlets that need to create
users before the first RPM file is installed since these
files might need to be owned by them. A new
%sysusers_create_inline RPM macro has been introduced to do
just that. systemd-sysusers now updates the shadow files as
well as the user/group databases, which should enhance
compatibility with certain tools like grpck.
* A number of bus APIs of PID 1 now optionally consult
PolicyKit to permit access for otherwise unprivileged
clients under certain conditions. Note that this currently
doesn't support interactive authentication yet, but this is
expected to be added eventually, too.
* /etc/machine-info now has new fields for configuring the
deployment environment of the machine, as well as the
location of the machine. hostnamectl has been updated with
new command to update these fields.
* systemd-timesyncd has been updated to automatically acquire
NTP server information from systemd-networkd, which might
have been discovered via DHCP.
* systemd-resolved now includes a caching DNS stub resolver
and a complete LLMNR name resolution implementation. A new
NSS module "nss-resolve" has been added which can be used
instead of glibc's own "nss-dns" to resolve hostnames via
systemd-resolved. Hostnames, addresses and arbitrary RRs may
be resolved via systemd-resolved D-Bus APIs. In contrast to
the glibc internal resolver systemd-resolved is aware of
multi-homed system, and keeps DNS server and caches separate
and per-interface. Queries are sent simultaneously on all
interfaces that have DNS servers configured, in order to
properly handle VPNs and local LANs which might resolve
separate sets of domain names. systemd-resolved may acquire
DNS server information from systemd-networkd automatically,
which in turn might have discovered them via DHCP. A tool
"systemd-resolve-host" has been added that may be used to
query the DNS logic in resolved. systemd-resolved implements
IDNA and automatically uses IDNA or UTF-8 encoding depending
on whether classic DNS or LLMNR is used as transport. In the
next releases we intend to add a DNSSEC and mDNS/DNS-SD
implementation to systemd-resolved.
* A new NSS module nss-mymachines has been added, that
automatically resolves the names of all local registered
containers to their respective IP addresses.
* A new client tool "networkctl" for systemd-networkd has been
added. It currently is entirely passive and will query
networking configuration from udev, rtnetlink and networkd,
and present it to the user in a very friendly
way. Eventually, we hope to extend it to become a full
control utility for networkd.
* .socket units gained a new DeferAcceptSec= setting that
controls the kernels' TCP_DEFER_ACCEPT sockopt for
TCP. Similarly, support for controlling TCP keep-alive
settings has been added (KeepAliveTimeSec=,
KeepAliveIntervalSec=, KeepAliveProbes=). Also, support for
turning off Nagle's algorithm on TCP has been added
(NoDelay=).
* logind learned a new session type "web", for use in projects
like Cockpit which register web clients as PAM sessions.
* timer units with at least one OnCalendar= setting will now
be started only after timer-sync.target has been
reached. This way they will not elapse before the system
clock has been corrected by a local NTP client or
similar. This is particular useful on RTC-less embedded
machines, that come up with an invalid system clock.
* systemd-nspawn's --network-veth= switch should now result in
stable MAC addresses for both the outer and the inner side
of the link.
* systemd-nspawn gained a new --volatile= switch for running
container instances with /etc or /var unpopulated.
* The kdbus client code has been updated to use the new Linux
3.17 memfd subsystem instead of the old kdbus-specific one.
* systemd-networkd's DHCP client and server now support
FORCERENEW. There are also new configuration options to
configure the vendor client identifier and broadcast mode
for DHCP.
* systemd will no longer inform the kernel about the current
timezone, as this is necessarily incorrect and racy as the
kernel has no understanding of DST and similar
concepts. This hence means FAT timestamps will be always
considered UTC, similar to what Android is already
doing. Also, when the RTC is configured to the local time
(rather than UTC) systemd will never synchronize back to it,
as this might confuse Windows at a later boot.
* systemd-analyze gained a new command "verify" for offline
validation of unit files.
* systemd-networkd gained support for a couple of additional
settings for bonding networking setups. Also, the metric for
statically configured routes may now be configured. For
network interfaces where this is appropriate the peer IP
address may now be configured.
* systemd-networkd's DHCP client will no longer request
broadcasting by default, as this tripped up some networks.
For hardware where broadcast is required the feature should
be switched back on using RequestBroadcast=yes.
* systemd-networkd will now set up IPv4LL addresses (when
enabled) even if DHCP is configured successfully.
* udev will now default to respect network device names given
by the kernel when the kernel indicates that these are
predictable. This behavior can be tweaked by changing
NamePolicy= in the relevant .link file.
* A new library systemd-terminal has been added that
implements full TTY stream parsing and rendering. This
library is supposed to be used later on for implementing a
full userspace VT subsystem, replacing the current kernel
implementation.
* A new tool systemd-journal-upload has been added to push
journal data to a remote system running
systemd-journal-remote.
* journald will no longer forward all local data to another
running syslog daemon. This change has been made because
rsyslog (which appears to be the most commonly used syslog
implementation these days) no longer makes use of this, and
instead pulls the data out of the journal on its own. Since
forwarding the messages to a non-existent syslog server is
more expensive than we assumed we have now turned this
off. If you run a syslog server that is not a recent rsyslog
version, you have to turn this option on again
(ForwardToSyslog= in journald.conf).
* journald now optionally supports the LZ4 compressor for
larger journal fields. This compressor should perform much
better than XZ which was the previous default.
* machinectl now shows the IP addresses of local containers,
if it knows them, plus the interface name of the container.
* A new tool "systemd-escape" has been added that makes it
easy to escape strings to build unit names and similar.
* sd_notify() messages may now include a new ERRNO= field
which is parsed and collected by systemd and shown among the
"systemctl status" output for a service.
* A new component "systemd-firstboot" has been added that
queries the most basic systemd information (timezone,
hostname, root password) interactively on first
boot. Alternatively it may also be used to provision these
things offline on OS images installed into directories.
* The default sysctl.d/ snippets will now set
net.ipv4.conf.default.promote_secondaries=1
This has the benefit of no flushing secondary IP addresses
when primary addresses are removed.
Contributions from: Ansgar Burchardt, Bastien Nocera, Colin
Walters, Dan Dedrick, Daniel Buch, Daniel Korostil, Daniel
Mack, Dan Williams, Dave Reisner, David Herrmann, Denis
Kenzior, Eelco Dolstra, Eric Cook, Hannes Reinecke, Harald
Hoyer, Hong Shick Pak, Hui Wang, Jean-André Santoni, Jóhann
B. Guðmundsson, Jon Severinsson, Karel Zak, Kay Sievers, Kevin
Wells, Lennart Poettering, Lukas Nykryn, Mantas Mikulėnas,
Marc-Antoine Perennou, Martin Pitt, Michael Biebl, Michael
Marineau, Michael Olbrich, Michal Schmidt, Michal Sekletar,
Miguel Angel Ajo, Mike Gilbert, Olivier Brunel, Robert
Schiele, Ronny Chevalier, Simon McVittie, Sjoerd Simons, Stef
Walter, Steven Noonan, Susant Sahani, Tanu Kaskinen, Thomas
Blume, Thomas Hindoe Paaboel Andersen, Timofey Titovets,
Tobias Geerinckx-Rice, Tomasz Torcz, Tom Gundersen, Umut
Tezduyar Lindskog, Zbigniew Jędrzejewski-Szmek
— Berlin, 2014-08-19
CHANGES WITH 215:
* A new tool systemd-sysusers has been added. This tool
creates system users and groups in /etc/passwd and
/etc/group, based on static declarative system user/group
definitions in /usr/lib/sysusers.d/. This is useful to
enable factory resets and volatile systems that boot up with
an empty /etc directory, and thus need system users and
groups created during early boot. systemd now also ships
with two default sysusers.d/ files for the most basic
users and groups systemd and the core operating system
require.
* A new tmpfiles snippet has been added that rebuilds the
essential files in /etc on boot, should they be missing.
* A directive for ensuring automatic clean-up of
/var/cache/man/ has been removed from the default
configuration. This line should now be shipped by the man
implementation. The necessary change has been made to the
man-db implementation. Note that you need to update your man
implementation to one that ships this line, otherwise no
automatic clean-up of /var/cache/man will take place.
* A new condition ConditionNeedsUpdate= has been added that
may conditionalize services to only run when /etc or /var
are "older" than the vendor operating system resources in
/usr. This is useful for reconstructing or updating /etc
after an offline update of /usr or a factory reset, on the
next reboot. Services that want to run once after such an
update or reset should use this condition and order
themselves before the new systemd-update-done.service, which
will mark the two directories as fully updated. A number of
service files have been added making use of this, to rebuild
the udev hardware database, the journald message catalog and
dynamic loader cache (ldconfig). The systemd-sysusers tool
described above also makes use of this now. With this in
place it is now possible to start up a minimal operating
system with /etc empty cleanly. For more information on the
concepts involved see this recent blog story:
http://0pointer.de/blog/projects/stateless.html
* A new system group "input" has been introduced, and all
input device nodes get this group assigned. This is useful
for system-level software to get access to input devices. It
complements what is already done for "audio" and "video".
* systemd-networkd learnt minimal DHCPv4 server support in
addition to the existing DHCPv4 client support. It also
learnt DHCPv6 client and IPv6 Router Solicitation client
support. The DHCPv4 client gained support for static routes
passed in from the server. Note that the [DHCPv4] section
known in older systemd-networkd versions has been renamed to
[DHCP] and is now also used by the DHCPv6 client. Existing
.network files using settings of this section should be
updated, though compatibility is maintained. Optionally, the
client hostname may now be sent to the DHCP server.
* networkd gained support for vxlan virtual networks as well
as tun/tap and dummy devices.
* networkd gained support for automatic allocation of address
ranges for interfaces from a system-wide pool of
addresses. This is useful for dynamically managing a large
number of interfaces with a single network configuration
file. In particular this is useful to easily assign
appropriate IP addresses to the veth links of a large number
of nspawn instances.
* RPM macros for processing sysusers, sysctl and binfmt
drop-in snippets at package installation time have been
added.
* The /etc/os-release file should now be placed in
/usr/lib/os-release. The old location is automatically
created as symlink. /usr/lib is the more appropriate
location of this file, since it shall actually describe the
vendor operating system shipped in /usr, and not the
configuration stored in /etc.
* .mount units gained a new boolean SloppyOptions= setting
that maps to mount(8)'s -s option which enables permissive
parsing of unknown mount options.
* tmpfiles learnt a new "L+" directive which creates a symlink
but (unlike "L") deletes a pre-existing file first, should
it already exist and not already be the correct
symlink. Similarly, "b+", "c+" and "p+" directives have been
added as well, which create block and character devices, as
well as fifos in the filesystem, possibly removing any
pre-existing files of different types.
* For tmpfiles' "L", "L+", "C" and "C+" directives the final
'argument' field (which so far specified the source to
symlink/copy the files from) is now optional. If omitted the
same file os copied from /usr/share/factory/ suffixed by the
full destination path. This is useful for populating /etc
with essential files, by copying them from vendor defaults
shipped in /usr/share/factory/etc.
* A new command "systemctl preset-all" has been added that
applies the service preset settings to all installed unit
files. A new switch --preset-mode= has been added that
controls whether only enable or only disable operations
shall be executed.
* A new command "systemctl is-system-running" has been added
that allows checking the overall state of the system, for
example whether it is fully up and running.
* When the system boots up with an empty /etc, the equivalent
to "systemctl preset-all" is executed during early boot, to
make sure all default services are enabled after a factory
reset.
* systemd now contains a minimal preset file that enables the
most basic services systemd ships by default.
* Unit files' [Install] section gained a new DefaultInstance=
field for defining the default instance to create if a
template unit is enabled with no instance specified.
* A new passive target cryptsetup-pre.target has been added
that may be used by services that need to make they run and
finish before the first LUKS cryptographic device is set up.
* The /dev/loop-control and /dev/btrfs-control device nodes
are now owned by the "disk" group by default, opening up
access to this group.
* systemd-coredump will now automatically generate a
stack trace of all core dumps taking place on the system,
based on elfutils' libdw library. This stack trace is logged
to the journal.
* systemd-coredump may now optionally store coredumps directly
on disk (in /var/lib/systemd/coredump, possibly compressed),
instead of storing them unconditionally in the journal. This
mode is the new default. A new configuration file
/etc/systemd/coredump.conf has been added to configure this
and other parameters of systemd-coredump.
* coredumpctl gained a new "info" verb to show details about a
specific coredump. A new switch "-1" has also been added
that makes sure to only show information about the most
recent entry instead of all entries. Also, as the tool is
generally useful now the "systemd-" prefix of the binary
name has been removed. Distributions that want to maintain
compatibility with the old name should add a symlink from
the old name to the new name.
* journald's SplitMode= now defaults to "uid". This makes sure
that unprivileged users can access their own coredumps with
coredumpctl without restrictions.
* New kernel command line options "systemd.wants=" (for
pulling an additional unit during boot), "systemd.mask="
(for masking a specific unit for the boot), and
"systemd.debug-shell" (for enabling the debug shell on tty9)
have been added. This is implemented in the new generator
"systemd-debug-generator".
* systemd-nspawn will now by default filter a couple of
syscalls for containers, among them those required for
kernel module loading, direct x86 IO port access, swap
management, and kexec. Most importantly though
open_by_handle_at() is now prohibited for containers,
closing a hole similar to a recently discussed vulnerability
in docker regarding access to files on file hierarchies the
container should normally not have access to. Note that, for
nspawn, we generally make no security claims anyway (and
this is explicitly documented in the man page), so this is
just a fix for one of the most obvious problems.
* A new man page file-hierarchy(7) has been added that
contains a minimized, modernized version of the file system
layout systemd expects, similar in style to the FHS
specification or hier(5). A new tool systemd-path(1) has
been added to query many of these paths for the local
machine and user.
* Automatic time-based clean-up of $XDG_RUNTIME_DIR is no
longer done. Since the directory now has a per-user size
limit, and is cleaned on logout this appears unnecessary,
in particular since this now brings the lifecycle of this
directory closer in line with how IPC objects are handled.
* systemd.pc now exports a number of additional directories,
including $libdir (which is useful to identify the library
path for the primary architecture of the system), and a
couple of drop-in directories.
* udev's predictable network interface names now use the dev_port
sysfs attribute, introduced in linux 3.15 instead of dev_id to
distinguish between ports of the same PCI function. dev_id should
only be used for ports using the same HW address, hence the need
for dev_port.
* machined has been updated to export the OS version of a
container (read from /etc/os-release and
/usr/lib/os-release) on the bus. This is now shown in
"machinectl status" for a machine.
* A new service setting RestartForceExitStatus= has been
added. If configured to a set of exit signals or process
return values, the service will be restarted when the main
daemon process exits with any of them, regardless of the
Restart= setting.
* systemctl's -H switch for connecting to remote systemd
machines has been extended so that it may be used to
directly connect to a specific container on the
host. "systemctl -H root@foobar:waldi" will now connect as
user "root" to host "foobar", and then proceed directly to
the container named "waldi". Note that currently you have to
authenticate as user "root" for this to work, as entering
containers is a privileged operation.
Contributions from: Andreas Henriksson, Benjamin Steinwender,
Carl Schaefer, Christian Hesse, Colin Ian King, Cristian
Rodríguez, Daniel Mack, Dave Reisner, David Herrmann, Eugene
Yakubovich, Filipe Brandenburger, Frederic Crozat, Hristo
Venev, Jan Engelhardt, Jonathan Boulle, Kay Sievers, Lennart
Poettering, Luke Shumaker, Mantas Mikulėnas, Marc-Antoine
Perennou, Marcel Holtmann, Michael Marineau, Michael Olbrich,
Michał Bartoszkiewicz, Michal Sekletar, Patrik Flykt, Ronan Le
Martret, Ronny Chevalier, Ruediger Oertel, Steven Noonan,
Susant Sahani, Thadeu Lima de Souza Cascardo, Thomas Hindoe
Paaboel Andersen, Tom Gundersen, Tom Hirst, Umut Tezduyar
Lindskog, Uoti Urpala, Zbigniew Jędrzejewski-Szmek
— Berlin, 2014-07-03
CHANGES WITH 214:
* As an experimental feature, udev now tries to lock the
disk device node (flock(LOCK_SH|LOCK_NB)) while it
executes events for the disk or any of its partitions.
Applications like partitioning programs can lock the
disk device node (flock(LOCK_EX)) and claim temporary
device ownership that way; udev will entirely skip all event
handling for this disk and its partitions. If the disk
was opened for writing, the close will trigger a partition
table rescan in udev's "watch" facility, and if needed
synthesize "change" events for the disk and all its partitions.
This is now unconditionally enabled, and if it turns out to
cause major problems, we might turn it on only for specific
devices, or might need to disable it entirely. Device Mapper
devices are excluded from this logic.
* We temporarily dropped the "-l" switch for fsck invocations,
since they collide with the flock() logic above. util-linux
upstream has been changed already to avoid this conflict,
and we will readd "-l" as soon as util-linux with this
change has been released.
* The dependency on libattr has been removed. Since a long
time, the extended attribute calls have moved to glibc, and
libattr is thus unnecessary.
* Virtualization detection works without privileges now. This
means the systemd-detect-virt binary no longer requires
CAP_SYS_PTRACE file capabilities, and our daemons can run
with fewer privileges.
* systemd-networkd now runs under its own "systemd-network"
user. It retains the CAP_NET_ADMIN, CAP_NET_BIND_SERVICE,
CAP_NET_BROADCAST, CAP_NET_RAW capabilities though, but
loses the ability to write to files owned by root this way.
* Similarly, systemd-resolved now runs under its own
"systemd-resolve" user with no capabilities remaining.
* Similarly, systemd-bus-proxyd now runs under its own
"systemd-bus-proxy" user with only CAP_IPC_OWNER remaining.
* systemd-networkd gained support for setting up "veth"
virtual Ethernet devices for container connectivity, as well
as GRE and VTI tunnels.
* systemd-networkd will no longer automatically attempt to
manually load kernel modules necessary for certain tunnel
transports. Instead, it is assumed the kernel loads them
automatically when required. This only works correctly on
very new kernels. On older kernels, please consider adding
the kernel modules to /etc/modules-load.d/ as a work-around.
* The resolv.conf file systemd-resolved generates has been
moved to /run/systemd/resolve/. If you have a symlink from
/etc/resolv.conf, it might be necessary to correct it.
* Two new service settings, ProtectHome= and ProtectSystem=,
have been added. When enabled, they will make the user data
(such as /home) inaccessible or read-only and the system
(such as /usr) read-only, for specific services. This allows
very light-weight per-service sandboxing to avoid
modifications of user data or system files from
services. These two new switches have been enabled for all
of systemd's long-running services, where appropriate.
* Socket units gained new SocketUser= and SocketGroup=
settings to set the owner user and group of AF_UNIX sockets
and FIFOs in the file system.
* Socket units gained a new RemoveOnStop= setting. If enabled,
all FIFOS and sockets in the file system will be removed
when the specific socket unit is stopped.
* Socket units gained a new Symlinks= setting. It takes a list
of symlinks to create to file system sockets or FIFOs
created by the specific Unix sockets. This is useful to
manage symlinks to socket nodes with the same life-cycle as
the socket itself.
* The /dev/log socket and /dev/initctl FIFO have been moved to
/run, and have been replaced by symlinks. This allows
connecting to these facilities even if PrivateDevices=yes is
used for a service (which makes /dev/log itself unavailable,
but /run is left). This also has the benefit of ensuring
that /dev only contains device nodes, directories and
symlinks, and nothing else.
* sd-daemon gained two new calls sd_pid_notify() and
sd_pid_notifyf(). They are similar to sd_notify() and
sd_notifyf(), but allow overriding of the source PID of
notification messages if permissions permit this. This is
useful to send notify messages on behalf of a different
process (for example, the parent process). The
systemd-notify tool has been updated to make use of this
when sending messages (so that notification messages now
originate from the shell script invoking systemd-notify and
not the systemd-notify process itself. This should minimize
a race where systemd fails to associate notification
messages to services when the originating process already
vanished.
* A new "on-abnormal" setting for Restart= has been added. If
set, it will result in automatic restarts on all "abnormal"
reasons for a process to exit, which includes unclean
signals, core dumps, timeouts and watchdog timeouts, but
does not include clean and unclean exit codes or clean
signals. Restart=on-abnormal is an alternative for
Restart=on-failure for services that shall be able to
terminate and avoid restarts on certain errors, by
indicating so with an unclean exit code. Restart=on-failure
or Restart=on-abnormal is now the recommended setting for
all long-running services.
* If the InaccessibleDirectories= service setting points to a
mount point (or if there are any submounts contained within
it), it is now attempted to completely unmount it, to make
the file systems truly unavailable for the respective
service.
* The ReadOnlyDirectories= service setting and
systemd-nspawn's --read-only parameter are now recursively
applied to all submounts, too.
* Mount units may now be created transiently via the bus APIs.
* The support for SysV and LSB init scripts has been removed
from the systemd daemon itself. Instead, it is now
implemented as a generator that creates native systemd units
from these scripts when needed. This enables us to remove a
substantial amount of legacy code from PID 1, following the
fact that many distributions only ship a very small number
of LSB/SysV init scripts nowadays.
* Privileged Xen (dom0) domains are not considered
virtualization anymore by the virtualization detection
logic. After all, they generally have unrestricted access to
the hardware and usually are used to manage the unprivileged
(domU) domains.
* systemd-tmpfiles gained a new "C" line type, for copying
files or entire directories.
* systemd-tmpfiles "m" lines are now fully equivalent to "z"
lines. So far, they have been non-globbing versions of the
latter, and have thus been redundant. In future, it is
recommended to only use "z". "m" has hence been removed
from the documentation, even though it stays supported.
* A tmpfiles snippet to recreate the most basic structure in
/var has been added. This is enough to create the /var/run →
/run symlink and create a couple of structural
directories. This allows systems to boot up with an empty or
volatile /var. Of course, while with this change, the core OS
now is capable with dealing with a volatile /var, not all
user services are ready for it. However, we hope that sooner
or later, many service daemons will be changed upstream so
that they are able to automatically create their necessary
directories in /var at boot, should they be missing. This is
the first step to allow state-less systems that only require
the vendor image for /usr to boot.
* systemd-nspawn has gained a new --tmpfs= switch to mount an
empty tmpfs instance to a specific directory. This is
particularly useful for making use of the automatic
reconstruction of /var (see above), by passing --tmpfs=/var.
* Access modes specified in tmpfiles snippets may now be
prefixed with "~", which indicates that they shall be masked
by whether the existing file or directory is currently
writable, readable or executable at all. Also, if specified,
the sgid/suid/sticky bits will be masked for all
non-directories.
* A new passive target unit "network-pre.target" has been
added which is useful for services that shall run before any
network is configured, for example firewall scripts.
* The "floppy" group that previously owned the /dev/fd*
devices is no longer used. The "disk" group is now used
instead. Distributions should probably deprecate usage of
this group.
Contributions from: Camilo Aguilar, Christian Hesse, Colin Ian
King, Cristian Rodríguez, Daniel Buch, Dave Reisner, David
Strauss, Denis Tikhomirov, John, Jonathan Liu, Kay Sievers,
Lennart Poettering, Mantas Mikulėnas, Mark Eichin, Ronny
Chevalier, Susant Sahani, Thomas Blume, Thomas Hindoe Paaboel
Andersen, Tom Gundersen, Umut Tezduyar Lindskog, Zbigniew
Jędrzejewski-Szmek
— Berlin, 2014-06-11
CHANGES WITH 213:
* A new "systemd-timesyncd" daemon has been added for
synchronizing the system clock across the network. It
implements an SNTP client. In contrast to NTP
implementations such as chrony or the NTP reference server,
this only implements a client side, and does not bother with
the full NTP complexity, focusing only on querying time from
one remote server and synchronizing the local clock to
it. Unless you intend to serve NTP to networked clients or
want to connect to local hardware clocks, this simple NTP
client should be more than appropriate for most
installations. The daemon runs with minimal privileges, and
has been hooked up with networkd to only operate when
network connectivity is available. The daemon saves the
current clock to disk every time a new NTP sync has been
acquired, and uses this to possibly correct the system clock
early at bootup, in order to accommodate for systems that
lack an RTC such as the Raspberry Pi and embedded devices,
and to make sure that time monotonically progresses on these
systems, even if it is not always correct. To make use of
this daemon, a new system user and group "systemd-timesync"
needs to be created on installation of systemd.
* The queue "seqnum" interface of libudev has been disabled, as
it was generally incompatible with device namespacing as
sequence numbers of devices go "missing" if the devices are
part of a different namespace.
* "systemctl list-timers" and "systemctl list-sockets" gained
a --recursive switch for showing units of these types also
for all local containers, similar in style to the already
supported --recursive switch for "systemctl list-units".
* A new RebootArgument= setting has been added for service
units, which may be used to specify a kernel reboot argument
to use when triggering reboots with StartLimitAction=.
* A new FailureAction= setting has been added for service
units which may be used to specify an operation to trigger
when a service fails. This works similarly to
StartLimitAction=, but unlike it, controls what is done
immediately rather than only after several attempts to
restart the service in question.
* hostnamed got updated to also expose the kernel name,
release, and version on the bus. This is useful for
executing commands like hostnamectl with the -H switch.
systemd-analyze makes use of this to properly display
details when running non-locally.
* The bootchart tool can now show cgroup information in the
graphs it generates.
* The CFS CPU quota cgroup attribute is now exposed for
services. The new CPUQuota= switch has been added for this
which takes a percentage value. Setting this will have the
result that a service may never get more CPU time than the
specified percentage, even if the machine is otherwise idle.
* systemd-networkd learned IPIP and SIT tunnel support.
* LSB init scripts exposing a dependency on $network will now
get a dependency on network-online.target rather than simply
network.target. This should bring LSB handling closer to
what it was on SysV systems.
* A new fsck.repair= kernel option has been added to control
how fsck shall deal with unclean file systems at boot.
* The (.ini) configuration file parser will now silently
ignore sections whose name begins with "X-". This may be
used to maintain application-specific extension sections in unit
files.
* machined gained a new API to query the IP addresses of
registered containers. "machinectl status" has been updated
to show these addresses in its output.
* A new call sd_uid_get_display() has been added to the
sd-login APIs for querying the "primary" session of a
user. The "primary" session of the user is elected from the
user's sessions and generally a graphical session is
preferred over a text one.
* A minimal systemd-resolved daemon has been added. It
currently simply acts as a companion to systemd-networkd and
manages resolv.conf based on per-interface DNS
configuration, possibly supplied via DHCP. In the long run
we hope to extend this into a local DNSSEC enabled DNS and
mDNS cache.
* The systemd-networkd-wait-online tool is now enabled by
default. It will delay network-online.target until a network
connection has been configured. The tool primarily integrates
with networkd, but will also make a best effort to make sense
of network configuration performed in some other way.
* Two new service options StartupCPUShares= and
StartupBlockIOWeight= have been added that work similarly to
CPUShares= and BlockIOWeight= however only apply during
system startup. This is useful to prioritize certain services
differently during bootup than during normal runtime.
* hostnamed has been changed to prefer the statically
configured hostname in /etc/hostname (unless set to
'localhost' or empty) over any dynamic one supplied by
dhcp. With this change, the rules for picking the hostname
match more closely the rules of other configuration settings
where the local administrator's configuration in /etc always
overrides any other settings.
Contributions fron: Ali H. Caliskan, Alison Chaiken, Bas van
den Berg, Brandon Philips, Cristian Rodríguez, Daniel Buch,
Dan Kilman, Dave Reisner, David Härdeman, David Herrmann,
David Strauss, Dimitris Spingos, Djalal Harouni, Eelco
Dolstra, Evan Nemerson, Florian Albrechtskirchinger, Greg
Kroah-Hartman, Harald Hoyer, Holger Hans Peter Freyther, Jan
Engelhardt, Jani Nikula, Jason St. John, Jeffrey Clark,
Jonathan Boulle, Kay Sievers, Lennart Poettering, Lukas
Nykryn, Lukasz Skalski, Łukasz Stelmach, Mantas Mikulėnas,
Marcel Holtmann, Martin Pitt, Matthew Monaco, Michael
Marineau, Michael Olbrich, Michal Sekletar, Mike Gilbert, Nis
Martensen, Patrik Flykt, Philip Lorenz, poma, Ray Strode,
Reyad Attiyat, Robert Milasan, Scott Thrasher, Stef Walter,
Steven Siloti, Susant Sahani, Tanu Kaskinen, Thomas Bächler,
Thomas Hindoe Paaboel Andersen, Tom Gundersen, Umut Tezduyar
Lindskog, WaLyong Cho, Will Woods, Zbigniew
Jędrzejewski-Szmek
— Beijing, 2014-05-28
CHANGES WITH 212:
* When restoring the screen brightness at boot, stay away from
the darkest setting or from the lowest 5% of the available
range, depending on which is the larger value of both. This
should effectively protect the user from rebooting into a
black screen, should the brightness have been set to minimum
by accident.
* sd-login gained a new sd_machine_get_class() call to
determine the class ("vm" or "container") of a machine
registered with machined.
* sd-login gained new calls
sd_peer_get_{session,owner_uid,unit,user_unit,slice,machine_name}(),
to query the identity of the peer of a local AF_UNIX
connection. They operate similarly to their sd_pid_get_xyz()
counterparts.
* PID 1 will now maintain a system-wide system state engine
with the states "starting", "running", "degraded",
"maintenance", "stopping". These states are bound to system
startup, normal runtime, runtime with at least one failed
service, rescue/emergency mode and system shutdown. This
state is shown in the "systemctl status" output when no unit
name is passed. It is useful to determine system state, in
particularly when doing so for many systems or containers at
once.
* A new command "list-machines" has been added to "systemctl"
that lists all local OS containers and shows their system
state (see above), if systemd runs inside of them.