]> git.ipfire.org Git - thirdparty/systemd.git/blame - NEWS
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
test-network: update comment about status of kernel regression
[thirdparty/systemd.git] / NEWS
CommitLineData
d657c51f 1systemd System and Service Manager
220a21d3 2
a3680a45 3CHANGES WITH 256-rc3:
880eaa3a
LB		 4
5 Announcements of Future Feature Removals and Incompatible Changes:
6
cb6e59bf
LP		 7 * Support for automatic flushing of the nscd user/group database caches
8 will be dropped in a future release.
d44934f3 9
6b19d5f0 10 * Support for cgroup v1 ('legacy' and 'hybrid' hierarchies) is now
e91db737
ZJS		 11 considered obsolete and systemd by default will refuse to boot under
12 it. To forcibly reenable cgroup v1 support,
13 SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 must be set on kernel command
14 line. The meson option 'default-hierarchy=' is also deprecated, i.e.
15 only cgroup v2 ('unified' hierarchy) can be selected as build-time
16 default.
17
75e4b277
LB		 18 * Support for System V service scripts is deprecated and will be
19 removed in a future release. Please make sure to update your software
20 *now* to include a native systemd unit file instead of a legacy
21 System V script to retain compatibility with future systemd releases.
22
23 * Support for the SystemdOptions EFI variable is deprecated.
24 'bootctl systemd-efi-options' will emit a warning when used. It seems
25 that this feature is little-used and it is better to use alternative
26 approaches like credentials and confexts. The plan is to drop support
27 altogether at a later point, but this might be revisited based on
28 user feedback.
29
30 * systemd-run's switch --expand-environment= which currently is disabled
31 by default when combined with --scope, will be changed in a future
32 release to be enabled by default.
33
e91db737
ZJS		 34 * Previously, systemd-networkd did not explicitly remove any bridge
35 VLAN IDs assigned on bridge master and ports. Since version 256, if a
36 .network file for an interface has at least one valid setting in the
37 [BridgeVLAN] section, then all assigned VLAN IDs on the interface
38 that are not configured in the .network file are removed.
03a46b5e 39
485f5148
YW		 40 * IPForward= setting in .network file is deprecated and replaced with
41 IPv4Forwarding= and IPv6Forwarding= settings. These new settings are
42 supported both in .network file and networkd.conf. If specified in a
43 .network file, they control corresponding per-link settings. If
44 specified in networkd.conf, they control corresponding global
45 settings. Note, previously IPv6SendRA= and IPMasquerade= implied
46 IPForward=, but now they imply the new per-link settings. One of the
47 simplest ways to migrate configurations, that worked as a router with
48 the previous version, is enabling both IPv4Forwarding= and
49 IPv6Forwarding= in networkd.conf. See systemd.network(5) and
50 networkd.conf(5) for more details.
51
76c883d3 52 * systemd-gpt-auto-generator will stop generating units for ESP or
cb6e59bf
LP		 53 XBOOTLDR partitions if it finds mount entries for or below the /boot/
54 or /efi/ hierarchies in /etc/fstab. This is to prevent the generator
55 from interfering with systems where the ESP is explicitly configured
56 to be mounted at some path, for example /boot/efi/ (this type of
2e8e26c3 57 setup is obsolete, but still commonly found).
76c883d3 58
91448cf0
AV		 59 * The behavior of systemd-sleep and systemd-homed has been updated to
60 freeze user sessions when entering the various sleep modes or when
61 locking a homed-managed home area. This is known to cause issues with
62 the proprietary NVIDIA drivers. Packagers of the NVIDIA proprietary
63 drivers may want to add drop-in configuration files that set
64 SYSTEMD_SLEEP_FREEZE_USER_SESSION=false for systemd-suspend.service
65 and related services, and SYSTEMD_HOME_LOCK_FREEZE_SESSION=false for
66 systemd-homed.service.
67
cb6e59bf
LP		 68 * systemd-tmpfiles and systemd-sysusers, when given a relative
69 configuration file path (with at least one directory separator '/'),
70 will open the file directly, instead of searching for the given
71 partial path in the standard locations. The old mode wasn't useful
72 because tmpfiles.d/ and sysusers.d/ configuration has a flat
73 structure with no subdirectories under the standard locations and
74 this change makes it easier to work with local files with those
75 tools.
e91db737
ZJS		 76
77 * systemd-tmpfiles now properly applies nested configuration to 'R' and
cb6e59bf
LP		 78 'D' stanzas. For example, with the combination of 'R /foo' and 'x
79 /foo/bar', /foo/bar will now be excluded from removal.
e91db737 80
7a66f215
DDM		 81 * systemd.crash_reboot and related settings are deprecated in favor of
82 systemd.crash_action=.
83
e91db737
ZJS		 84 General Changes and New Features:
85
cb6e59bf
LP		 86 * Various programs will now attempt to load the main configuration file
87 from locations below /usr/lib/, /usr/local/lib/, and /run/, not just
88 below /etc/. For example, systemd-logind will look for
89 /etc/systemd/logind.conf, /run/systemd/logind.conf,
90 /usr/local/lib/systemd/logind.conf, and /usr/lib/systemd/logind.conf,
91 and use the first file that is found. This means that the search
92 logic for the main config file and for drop-ins is now the same.
e91db737 93
36c0109b
MY		 94 Similarly, kernel-install will look for the config files in
95 /usr/lib/kernel/ and the other search locations, and now also
96 supports drop-ins.
e91db737
ZJS		 97
98 systemd-udevd now supports drop-ins for udev.conf.
99
100 * A new 'systemd-vpick' binary has been added. It implements the new
cb6e59bf 101 vpick protocol, where a "*.v/" directory may contain multiple files
36c0109b
MY		 102 which have versions (following the UAPI version format specification)
103 embedded in the file name. The files are ordered by version and
104 the newest one is selected.
e91db737 105
a3d04419
LP		 106 systemd-nspawn --image=/--directory=, systemd-dissect,
107 systemd-portabled, and the RootDirectory=, RootImage=,
108 ExtensionImages=, and ExtensionDirectories= settings for units now
109 support the vpick protocol and allow the latest version to be
110 selected automatically if a "*.v/" directory is specified as the
111 source.
cb6e59bf 112
2e8e26c3 113 * Encrypted service credentials can now be made accessible to
36c0109b
MY		 114 unprivileged users. systemd-creds gained new options --user/--uid=
115 for encrypting/decrypting a credential for a specific user.
e91db737 116
28ec5829
JB		 117 * New command-line tool 'importctl' to download, import, and export
118 disk images via systemd-importd is added with the following verbs:
e91db737 119 pull-tar, pull-raw, import-tar, import-raw, import-fs, export-tar,
2e8e26c3
ZJS		 120 export-raw, list-transfers, and cancel-transfer. This functionality
121 was previously available in "machinectl", where it was used
122 exclusively for machine images. The new "importctl" generalizes this
123 for sysext, confext, and portable service images.
e91db737 124
a3d04419
LP		 125 * The systemd sources may now be compiled cleanly with all OpenSSL 3.0
126 deprecations removed, including the OpenSSL engine logic turned off.
127
cb6e59bf 128 Service Management:
e91db737 129
cb6e59bf
LP		 130 * New system manager setting ProtectSystem= has been added. It is
131 analogous to the unit setting, but applies to the whole system. It is
132 enabled by default in the initrd.
e91db737 133
509871e6 134 Note that this means that code executed in the initrd cannot naively
d4e9be97 135 expect to be able to write to /usr/ during boot. This affects
509871e6 136 dracut <= 101, which wrote "hooks" to /lib/dracut/hooks/. See
d4e9be97
ZJS		 137 https://github.com/dracut-ng/dracut-ng/commit/a45048b80c27ee5a45a380.
138
e91db737 139 * New unit setting WantsMountsFor= has been added. It is analogous to
2e8e26c3
ZJS		 140 RequiresMountsFor=, but creates a Wants= dependency instead of
141 Requires=. This new logic is now used in various places where mounts
142 were added as dependencies for other settings (WorkingDirectory=-…,
e91db737
ZJS		 143 PrivateTmp=yes, cryptsetup lines with 'nofail').
144
145 * New unit setting MemoryZSwapWriteback= can be used to control the new
146 memory.zswap.writeback cgroup knob added in kernel 6.8.
147
148 * The manager gained a org.freedesktop.systemd1.StartAuxiliaryScope()
cb6e59bf 149 D-Bus method to devolve some processes from a service into a new
2e8e26c3
ZJS		 150 scope. This new scope will remain running, even when the original
151 service unit is restarted or stopped. This allows a service unit to
152 split out some worker processes which need to continue running.
153 Control group properties of the new scope are copied from the
154 originating unit, so various limits are retained.
e91db737
ZJS		 155
156 * Units now expose properties EffectiveMemoryMax=,
157 EffectiveMemoryHigh=, and EffectiveTasksMax=, which report the
158 most stringent limit systemd is aware of for the given unit.
159
cb6e59bf
LP		 160 * A new unit file specifier %D expands to $XDG_DATA_HOME (for user
161 services) or /usr/share/ (for system services).
e91db737
ZJS		 162
163 * AllowedCPUs= now supports specifier expansion.
164
0867b87a 165 * What= setting in .mount and .swap units now accepts fstab-style
e91db737
ZJS		 166 identifiers, for example UUID=… or LABEL=….
167
168 * RestrictNetworkInterfaces= now supports alternative network interface
169 names.
170
171 * PAMName= now implies SetLoginEnvironment=yes.
172
e91db737
ZJS		 173 * systemd.firstboot=no can be used on the kernel command-line to
174 disable interactive queries, but allow other first boot configuration
175 to happen based on credentials.
176
cb6e59bf
LP		 177 * The system's hostname can be configured via the systemd.hostname
178 system credential.
179
180 * The systemd binary will no longer chainload sysvinit's "telinit"
2e8e26c3
ZJS		 181 binary when called under the init/telinit name on a system that isn't
182 booted with systemd. This previously has been supported to make sure
183 a distribution that has both init systems installed can reasonably
184 switch from one to the other via a simple reboot. Distributions
185 apparently have lost interest in this, and the functionality has not
186 been supported on the primary distribution this was still intended
c309b9e9 187 for a long time, and hence has been removed now.
2e8e26c3
ZJS		 188
189 * A new concept called "capsules" has been introduced. "Capsules" wrap
190 additional per-user service managers, whose users are transient and
191 are only defined as long as the service manager is running. (This is
192 implemented via DynamicUser=1), allowing a user manager to be used to
193 manager a group of processes without needing to create an actual user
194 account. These service managers run with home directories of
195 /var/lib/capsules/<capsule-name> and can contain regular services and
196 other units. A capsule is started via a simple "systemctl start
197 capsule@<name>.service". See the capsule@.service(5) man page for
198 further details.
199
200 Various systemd tools (including, and most importantly, systemctl and
201 systemd-run) have been updated to interact with capsules via the new
cb6e59bf
LP		 202 "--capsule="/"-C" switch.
203
204 * .socket units gained a new setting PassFileDescriptorsToExec=, taking
f95f39a4 205 a boolean value. If set to true the file descriptors the socket unit
cb6e59bf
LP		 206 encapsulates are passed to the ExecStartPost=, ExecStopPre=,
207 ExecStopPost= using the usual $LISTEN_FDS interface. This may be used
208 for doing additional initializations on the sockets once they are
2e8e26c3
ZJS		 209 allocated. (For example, to install an additional eBPF program on
210 them).
cb6e59bf
LP		 211
212 * The .socket setting MaxConnectionsPerSource= (which so far put a
213 limit on concurrent connections per IP in Accept=yes socket units),
214 now also has an effect on AF_UNIX sockets: it will put a limit on the
215 number of simultaneous connections from the same source UID (as
216 determined via SO_PEERCRED). This is useful for implementing IPC
217 services in a simple Accept=yes mode.
218
f95f39a4 219 * The service manager will now maintain a counter of soft reboot cycles
2e8e26c3 220 the system went through. It may be queried via the D-Bus APIs.
cb6e59bf
LP		 221
222 * systemd's execution logic now supports the new pidfd_spawn() API
223 introduced by glibc 2.39, which allows us to invoke a subprocess in a
224 target cgroup and get a pidfd back in a single operation.
225
2e8e26c3 226 * systemd/PID 1 will now send an additional sd_notify() message to its
cb6e59bf
LP		 227 supervising VMM or container manager reporting the selected hostname
228 ("X_SYSTEMD_HOSTNAME=") and machine ID ("X_SYSTEMD_MACHINE_ID=") at
229 boot. Moreover, the service manager will send additional sd_notify()
230 messages ("X_SYSTEMD_UNIT_ACTIVE=") whenever a target unit is
231 reached. This can be used by VMMs/container managers to schedule
232 access to the system precisely. For example, the moment a system
233 reports "ssh-access.target" being reached a VMM/container manager
234 knows it can now connect to the system via SSH. Finally, a new
235 sd_notify() message ("X_SYSTEMD_SIGNALS_LEVEL=2") is sent the moment
2e8e26c3
ZJS		 236 PID 1 has successfully completed installation of its various UNIX
237 process signal handlers (i.e. the moment where SIGRTMIN+4 sent to
238 PID 1 will start to have the effect of shutting down the system
a3d04419
LP		 239 cleanly). X_SYSTEMD_SHUTDOWN= is sent shortly before the system shuts
240 down, and carries a string identifying the type of shutdown,
241 i.e. "poweroff", "halt", "reboot". X_SYSTEMD_REBOOT_PARAMETER= is
242 sent at the same time and carries the string passed to "systemctl
243 --reboot-argument=" if there was one.
cb6e59bf 244
3c1d1ca1
LP		 245 * New D-Bus properties ExecMainHandoffTimestamp and
246 ExecMainHandoffTimestampMonotonic are now published by services
247 units. This timestamp is taken as the very last operation before
248 handing off control to invoked binaries. This information is
249 available for other unit types that fork off processes (i.e. mount,
250 swap, socket units), but currently only via "systemd-analyze dump".
825dc2f3 251
a3d04419
LP		 252 * An additional timestamp is now taken by the service manager when a
253 system shutdown operation is initiated. It can be queried via D-Bus
254 during the shutdown phase. It's passed to the following service
255 manager invocation on soft reboots, which will then use it to log the
256 overall "grey-out" time of the soft reboot operation, i.e. the time
257 when the shutdown began until the system is fully up again.
258
259 * "systemctl status" will now display the invocation ID in its usual
260 output, i.e. the 128bit ID uniquely assigned to the current runtime
261 cycle of the unit. The ID has been supported for a long time, but is
262 now more prominently displayed, as it is a very useful handle to a
263 specific invocation of a service.
264
265 * systemd now generates a new "taint" string "unmerged-bin" for systems
266 that have /usr/bin/ and /usr/sbin/ separate. It's generally
267 recommended to make the latter a symlink to the former these days.
268
7a66f215
DDM		 269 * A new systemd.crash_action= kernel command line option has been added
270 that configures what to do after the system manager (PID 1) crashes.
271 This can also be configured through CrashAction= in systemd.conf.
272
6be4dab0
DDM		 273 * "systemctl kill" now supports --wait which will make the command wait
274 until the signalled services terminate.
275
36c0109b 276 Journal:
e91db737
ZJS		 277
278 * systemd-journald can now forward journal entries to a socket
279 (AF_INET, AF_INET6, AF_UNIX, or AF_VSOCK). The socket can be
5535a948
SL		 280 specified in journald.conf via a new option ForwardToSocket= or via
281 the 'journald.forward_to_socket' credential. Log records are sent in
cb6e59bf
LP		 282 the Journal Export Format. A related setting MaxLevelSocket= has been
283 added to control the maximum log levels for the messages sent to this
284 socket.
e91db737 285
123450e5
DDM		 286 * systemd-journald now also reads the journal.storage credential when
287 determining where to store journal files.
288
e91db737
ZJS		 289 * systemd-vmspawn gained a new --forward-journal= option to forward the
290 virtual machine's journal entries to the host. This is done over a
291 AF_VSOCK socket, i.e. it does not require networking in the guest.
292
293 * journalctl gained option '-i' as a shortcut for --file=.
294
295 * journalctl gained a new -T/--exclude-identifier= option to filter
296 out certain syslog identifiers.
297
298 * journalctl gained a new --list-namespaces option.
299
cb6e59bf
LP		 300 * systemd-journal-remote now also accepts AF_VSOCK and AF_UNIX sockets
301 (so it can be used to receive entries forwarded by systemd-journald).
302
e91db737 303 * systemd-journal-gatewayd allows restricting the time range of
cb6e59bf
LP		 304 retrieved entries with a new "realtime=[<since>]:[<until>]" URL
305 parameter.
306
36c0109b
MY		 307 * systemd-cat gained a new option --namespace= to specify the target
308 journal namespace to which the output shall be connected.
309
cb6e59bf 310 * systemd-bsod gained a new option --tty= to specify the output TTY
e91db737
ZJS		 311
312 Device Management:
313
36c0109b 314 * /dev/ now contains symlinks that combine by-path and by-{label,uuid}
e91db737 315 information:
cb6e59bf
LP		 316
317 /dev/disk/by-path/<path>/by-<label|uuid|…>/<label|uuid|…>
318
e91db737
ZJS		 319 This allows distinguishing partitions with identical contents on
320 multiple storage devices. This is useful, for example, when copying
321 raw disk contents between devices.
322
cb6e59bf
LP		 323 * systemd-udevd now creates persistent /dev/media/by-path/ symlinks for
324 media controllers. For example, the uvcvideo driver may create
325 /dev/media0 which will be linked as
e91db737
ZJS		 326 /dev/media/by-path/pci-0000:04:00.3-usb-0:1:1.0-media-controller.
327
89ca92db
MY		 328 * A new unit systemd-udev-load-credentials.service has been added
329 to pick up udev.conf drop-ins and udev rules from credentials.
330
e91db737
ZJS		 331 * An allowlist/denylist may be specified to filter which sysfs
332 attributes are used when crafting network interface names. Those
cb6e59bf 333 lists are stored as hwdb entries
e91db737
ZJS		 334 ID_NET_NAME_ALLOW_<sysfsattr>=0|1
335 and
336 ID_NET_NAME_ALLOW=0|1.
cb6e59bf 337
e91db737
ZJS		 338 The goal is to avoid unexpected changes to interface names when the
339 kernel is updated and new sysfs attributes become visible.
340
341 * A new unit tpm2.target has been added to provide a synchronization
cb6e59bf
LP		 342 point for units which expect the TPM hardware to be available. A new
343 generator "systemd-tpm2-generator" has been added that will insert
344 this target whenever it detects that the firmware has initialized a
345 TPM, but Linux hasn't loaded a driver for it yet.
e91db737
ZJS		 346
347 * systemd-backlight now properly supports numbered devices which the
348 kernel creates to avoid collisions in the leds subsystem.
349
cb6e59bf 350 * systemd-hwdb update operation can be disabled with a new environment
e91db737
ZJS		 351 variable SYSTEMD_HWDB_UPDATE_BYPASS=1.
352
cb6e59bf 353 systemd-hostnamed:
e91db737 354
cb6e59bf
LP		 355 * systemd-hostnamed now exposes the machine ID and boot ID via
356 D-Bus. It also exposes the hosts AF_VSOCK CID, if available.
e91db737 357
cb6e59bf 358 * systemd-hostnamed now provides a basic Varlink interface.
e91db737 359
cb6e59bf 360 * systemd-hostnamed exports the full data in os-release(5) and
e91db737
ZJS		 361 machine-info(5) via D-Bus and Varlink.
362
cb6e59bf
LP		 363 * hostnamectl now shows the system's product UUID and hardware serial
364 number if known.
365
b4959550
RB		 366 Network Management:
367
cb6e59bf 368 * systemd-networkd now provides a basic Varlink interface.
e91db737 369
cb6e59bf
LP		 370 * systemd-networkd's ARP proxy support gained a new option to configure
371 a private VLAN variant of the proxy ARP supported by the kernel under
372 the name IPv4ProxyARPPrivateVLAN=.
b4959550 373
e91db737 374 * systemd-networkd now exports the NamespaceId and NamespaceNSID
cb6e59bf
LP		 375 properties via D-Bus and Varlink. (which expose the inode and NSID of
376 the network namespace the networkd instance manages)
e91db737
ZJS		 377
378 * systemd-networkd now supports IPv6RetransmissionTimeSec= and
379 UseRetransmissionTime= settings in .network files to configure
380 retransmission time for IPv6 neighbor solicitation messages.
381
cb6e59bf
LP		 382 * networkctl gained new verbs 'mask' and 'unmask' for masking networkd
383 configuration files such as .network files.
e91db737
ZJS		 384
385 * 'networkctl edit --runtime' allows editing volatile configuration
386 under /run/systemd/network/.
387
388 * The implementation behind TTLPropagate= network setting has been
389 removed and the setting is now ignored.
390
89ca92db
MY		 391 * systemd-network-generator will now pick up .netdev/.link/.network/
392 networkd.conf configuration from system credentials.
e91db737 393
cb6e59bf 394 * systemd-networkd will now pick up wireguard secrets from
e91db737
ZJS		 395 credentials.
396
cb6e59bf
LP		 397 * systemd-networkd's Varlink API now supports enumerating LLDP peers.
398
399 * .link files now support new Property=, ImportProperty=,
400 UnsetProperty= fields for setting udev properties on a link.
401
402 * The various .link files that systemd ships for interfaces that are
403 supposed to be managed by systemd-networkd only now carry a
404 ID_NET_MANAGED_BY=io.systemd.Network udev property ensuring that
405 other network management solutions honouring this udev property do
406 not come into conflict with networkd, trying to manage these
407 interfaces.
408
409 * .link files now support a new ReceivePacketSteeringCPUMask= setting
410 for configuring which CPUs to steer incoming packets to.
411
a3d04419
LP		 412 * The [Network] section in .network files gained a new setting
413 UseDomains=, which is a single generic knob for controlling the
414 settings of the same name in the [DHCPv4], [DHCPv6] and
415 [IPv6AcceptRA].
416
417 * The 99-default.link file we ship by default (that defines the policy
418 for all network devices to which no other .link file applies) now
419 lists "mac" among AlternativeNamesPolicy=. This means that network
420 interfaces will now by default gain an additional MAC-address based
421 alternative device name. (i.e. enx…)
422
cb6e59bf 423 systemd-nspawn:
e91db737
ZJS		 424
425 * systemd-nspawn now provides a /run/systemd/nspawn/unix-export/
426 directory where the container payload can expose AF_UNIX sockets to
c309b9e9 427 allow them to be accessed from outside.
e91db737 428
cb6e59bf
LP		 429 * systemd-nspawn will tint the terminal background for containers in a
430 blueish color. This can be controller with the new --background=
5387e4c8 431 switch or the new $SYSTEMD_TINT_BACKGROUND environment variable.
e91db737 432
cb6e59bf 433 * systemd-nspawn gained support for the 'owneridmap' option for --bind=
e91db737
ZJS		 434 mounts to map the target directory owner from inside the container to
435 the owner of the directory bound from the host filesystem.
436
36c0109b
MY		 437 * systemd-nspawn now supports moving Wi-Fi network devices into a
438 container, just like other network interfaces.
e91db737 439
cb6e59bf 440 systemd-resolved:
e91db737 441
cb6e59bf
LP		 442 * systemd-resolved now reads RFC 8914 EDE error codes provided by
443 upstream DNS services.
e91db737
ZJS		 444
445 * systemd-resolved and resolvectl now support RFC 9460 SVCB and HTTPS
cb6e59bf 446 records, as well as RFC 2915 NAPTR records.
e91db737
ZJS		 447
448 * resolvectl gained a new option --relax-single-label= to allow
cb6e59bf
LP		 449 querying single-label hostnames via unicast DNS on a per-query basis.
450
451 * systemd-resolved's Varlink IPC interface now supports resolving
452 DNS-SD services as well as an API for resolving raw DNS RRs.
453
454 * systemd-resolved's .dnssd DNS_SD service description files now
455 support DNS-SD "subtypes" via the new SubType= setting.
456
457 * systemd-resolved's configuration may now be reloaded without
458 restarting the service. (i.e. "systemctl reload systemd-resolved" is
459 now supported)
460
461 SSH Integration:
462
463 * An sshd config drop-in to allow ssh keys acquired via userdbctl (for
464 example expose by homed accounts) to be used for authorization of
465 incoming SSH connections.
466
467 * A small new unit generator "systemd-ssh-generator" has been added. It
468 checks if the sshd binary is installed. If so, it binds it via
469 per-connection socket activation to various sockets depending on the
470 execution context:
471
472 • If the system is run in a VM providing AF_VSOCK support, it
473 automatically binds sshd to AF_VSOCK port 22.
474
475 • If the system is invoked as a full-OS container and the container
476 manager pre-mounts a directory /run/host/unix-export/, it will
477 bind sshd to an AF_UNIX socket /run/host/unix-export/ssh. The
478 idea is the container manager bind mounts the directory to an
479 appropriate place on the host as well, so that the AF_UNIX socket
480 may be used to easily connect from the host to the container.
481
482 • sshd is also bound to an AF_UNIX socket
483 /run/ssh-unix-local/socket, which may be to use ssh/sftp in a
484 "sudo"-like fashion to access resources of other local users.
485
486 • Via the kernel command line option "systemd.ssh_listen=" and the
487 system credential "ssh.listen" sshd may be bound to additional,
488 explicitly configured options, including AF_INET/AF_INET6 ports.
489
490 In particular the first two mechanisms should make dealing with local
491 VMs and full OS containers a lot easier, as SSH connections will
492 *just* *work* from the host – even if no networking is available
493 whatsoever.
494
495 systemd-ssh-generator optionally generates a per-connection
496 socket activation service file wrapping sshd. This is only done if
497 the distribution does not provide one on its own under the name
498 "sshd@.service". The generated unit only works correctly if the SSH
499 privilege separation ("privsep") directory exists. Unfortunately
500 distributions vary wildly where they place this directory. An
501 incomprehensive list:
502
503 • /usr/share/empty.sshd/ (new fedora)
504 • /var/empty/
505 • /var/empty/sshd/
506 • /run/sshd/ (debian/ubuntu?)
507
508 If the SSH privsep directory is placed below /var/ or /run/ care
509 needs to be taken that the directory is created automatically at boot
510 if needed, since these directories possibly or always come up
511 empty. This can be done via a tmpfiles.d/ drop-in. You may use the
512 "sshdprivsepdir" meson option provided by systemd to configure the
513 directory, in case you want systemd to create the directory as needed
514 automatically, if your distribution does not cover this natively.
515
516 Recommendations to distributions, in order to make things just work:
517
518 • Please provide a per-connection SSH service file under the name
519 "sshd@.service".
520
521 • Please move the SSH privsep dir into /usr/ (so that it is truly
522 immutable on image-based operating systems, is strictly under
523 package manager control, and never requires recreation if the
524 system boots up with an empty /run/ or /var/).
e91db737 525
cb6e59bf
LP		 526 • As an extension of this: please consider following Fedora's lead
527 here, and use /usr/share/empty.sshd/ to minimize needless
528 differences between distributions.
529
530 • If your distribution insists on placing the directory in /var/ or
531 /run/ then please at least provide a tmpfiles.d/ drop-in to
532 recreate it automatically at boot, so that the sshd binary just
533 works, regardless in which context it is called.
534
535 * A small tool "systemd-ssh-proxy" has been added, which is supposed to
536 act as counterpart to "systemd-ssh-generator". It's a small plug-in
537 for the SSH client (via ProxyCommand/ProxyUseFdpass) to allow it to
538 connect to AF_VSOCK or AF_UNIX sockets. Example: "ssh vsock/4711"
539 connects to a local VM with cid 4711, or "ssh
540 unix/run/ssh-unix-local/socket" to connect to the local host via the
541 AF_UNIX socket /run/ssh-unix-local/socket.
542
543 systemd-boot and systemd-stub and Related Tools:
e91db737
ZJS		 544
545 * TPM 1.2 PCR measurement support has been removed from systemd-stub.
28ec5829
JB		 546 TPM 1.2 is obsolete and – due to the (by today's standards) weak
547 cryptographic algorithms it only supports – does not actually provide
e91db737
ZJS		 548 the security benefits it's supposed to provide. Given that the rest
549 of systemd's codebase never supported TPM 1.2, the support has now
550 been removed from systemd-stub as well.
551
cb6e59bf
LP		 552 * systemd-stub will now measure its payload via the new EFI
553 Confidential Computing APIs (CC), in addition to the pre-existing
554 measurements to TPM.
555
556 * confexts are loaded by systemd-stub from the ESP as well.
e91db737 557
e91db737
ZJS		 558 * kernel-install gained support for --root= for the 'list' verb.
559
cb6e59bf
LP		 560 * bootctl now provides a basic Varlink interface and can be run as a
561 daemon via a template unit.
562
563 * systemd-measure gained new options --certificate=, --private-key=,
564 and --private-key-source= to allow using OpenSSL's "engines" or
565 "providers" as the signing mechanism to use when creating signed
566 TPM2 PCR measurement values.
e91db737
ZJS		 567
568 * ukify gained support for signing of PCR signatures via OpenSSL's
569 engines and providers.
570
571 * ukify now supports zboot kernels.
572
cb6e59bf
LP		 573 * systemd-boot now supports passing additional kernel command line
574 switches to invoked kernels via an SMBIOS Type #11 string
575 "io.systemd.boot.kernel-cmdline-extra". This is similar to the
576 pre-existing support for this in systemd-stub, but also applies to
577 Type #1 Boot Loader Specification Entries.
578
579 * systemd-boot's automatic SecureBoot enrollment support gained support
580 for enrolling "dbx" too (Previously, only db/KEK/PK enrollment was
5387e4c8 581 supported). It also now supports UEFI "Custom" and "Audit" modes.
cb6e59bf 582
bb4525c8
LP		 583 * The pcrlock policy is saved in an unencrypted credential file
584 "pcrlock.<entry-token>.cred" under XBOOTLDR/ESP in the
585 /loader/credentials/ directory. It will be picked up at boot by
586 systemd-stub and passed to the initrd, where it can be used to unlock
587 the root file system.
588
589 * systemd-pcrlock gained an --entry-token= option to configure the
590 entry-token.
591
592 * systemd-pcrlock now provides a basic Varlink interface and can be run
593 as a daemon via a template unit.
594
595 * systemd-pcrlock's TPM nvindex access policy has been modified, this
596 means that previous pcrlock policies stored in nvindexes are
597 invalidated. They must be removed (systemd-pcrlock remove-policy) and
598 recreated (systemd-pcrlock make-policy). For the time being
599 systemd-pcrlock remains an experimental feature, but it is expected
600 to become stable in the next release, i.e. v257.
601
602 * systemd-pcrlock's --recovery-pin= switch now takes three values:
603 "hide", "show", "query". If "show" is selected the automatically
604 generated recovery PIN is shown to the user. If "query" is selected
605 then the PIN is queried from the user.
606
a3d04419
LP		 607 * sd-stub gained support for the new ".ucode" PE section in UKIs, that
608 may contain CPU microcode data. When control is handed over to the
609 Linux kernel this data is prepended to the set of initrds passed.
610
cb6e59bf 611 systemd-run/run0:
e91db737 612
7aed4343 613 * systemd-run is now a multi-call binary. When invoked as 'run0', it
e91db737 614 provides as interface similar to 'sudo', with all arguments starting
cb6e59bf
LP		 615 at the first non-option parameter being treated the command to invoke
616 as root. Unlike 'sudo' and similar tools, it does not make use of
617 setuid binaries or other privilege escalation methods, but instead
df81883a
LB		 618 runs the specified command as a transient unit, which is started by
619 the system service manager, so privileges are dropped, rather than
cb6e59bf
LP		 620 gained, thus implementing a much more robust and safe security
621 model. As usual, authorization is managed via Polkit.
622
623 * systemd-run/run0 will now tint the terminal background on supported
624 terminals: in a reddish tone when invoking a root service, in a
f95f39a4 625 yellowish tone otherwise. This may be controlled and turned off via
5387e4c8
LB		 626 the new --background= switch or the new $SYSTEMD_TINT_BACKGROUND
627 environment variable.
e91db737
ZJS		 628
629 * systemd-run gained a new option '--ignore-failure' to suppress
630 command failures.
631
cb6e59bf
LP		 632 Command-line tools:
633
e91db737 634 * 'systemctl edit --stdin' allows creation of unit files and drop-ins
28ec5829 635 with contents supplied via standard input. This is useful when creating
db319cb4 636 configuration programmatically; the tool takes care of figuring out
e91db737
ZJS		 637 the file name, creating any directories, and reloading the manager
638 afterwards.
639
640 * 'systemctl disable --now' and 'systemctl mask --now' now work
641 correctly with template units.
642
643 * 'systemd-analyze architectures' lists known CPU architectures.
644
645 * 'systemd-analyze --json=…' is supported for 'architectures',
646 'capability', 'exit-status'.
647
648 * 'systemd-tmpfiles --purge' will purge (remove) all files and
649 directories created via tmpfiles.d configuration.
650
651 * systemd-id128 gained new options --no-pager, --no-legend, and
652 -j/--json=.
653
654 * hostnamectl gained '-j' as shortcut for '--json=pretty' or
655 '--json=short'.
656
657 * loginctl now supports -j/--json=.
658
659 * resolvectl now supports -j/--json= for --type=.
660
cb6e59bf
LP		 661 * systemd-tmpfiles gained a new option --dry-run to print what would be
662 done without actually taking action.
663
664 * varlinkctl gained a new --collect switch to collect all responses of
665 a method call that supports multiple replies and turns it into a
666 single JSON array.
667
668 * systemd-dissect gained a new --make-archive option to generate an
669 archive file (tar.gz and similar) from a disk image.
670
671 systemd-vmspawn:
672
e91db737
ZJS		 673 * systemd-vmspawn gained a new --firmware= option to configure or list
674 firmware definitions for Qemu, a new --tpm= option to enable or
675 disable the use of a software TPM, a new --linux= option to specify a
676 kernel binary for direct kernel boot, a new --initrd= option to
677 specify an initrd for direct kernel boot, a new -D/--directory option
678 to use a plain directory as the root file system, a new
679 --private-users option similar to the one in systemd-nspawn, new
680 options --bind= and --bind-ro= to bind part of the host's file system
681 hierarchy into the guest, a new --extra-drive= option to attach
682 additional storage, and -n/--network-tap/--network-user-mode to
683 configure networking.
684
685 * A new systemd-vmspawn@.service can be used to launch systemd-vmspawn
686 as a service.
687
cb6e59bf
LP		 688 * systemd-vmspawn gained the new --console= and --background= switches
689 that control how to interact with the VM. As before, by default an
690 interactive terminal interface is provided, but now with a background
691 tinted with a greenish hue.
e91db737 692
cb6e59bf
LP		 693 * systemd-vmspawn can now register its VMs with systemd-machined,
694 controlled via the --register= switch.
e91db737 695
cb6e59bf
LP		 696 * machinectl's start command (and related) can now invoke images either
697 as containers via `systemd-nspawn` (switch is --runner=nspawn, the
698 default) or as VMs via `systemd-vmspawn` (switch is --runner=vmspawn,
699 or short -V).
e91db737 700
cb6e59bf
LP		 701 * systemd-vmspawn now supports two switches --pass-ssh-key= and
702 --ssh-key-type= to optionally set up transient SSH keys to pass to the
703 invoked VMs in order to be able to SSH into them once booted.
704
cefbfd3f 705 * systemd-vmspawn will now enable various "HyperV enlightenments" and
8653ef5c
LP		 706 the "VM Generation ID" on the VMs.
707
708 * A new environment variable $SYSTEMD_VMSPAWN_QEMU_EXTRA may carry
709 additional qemu command line options to pass to qemu.
710
5387e4c8
LB		 711 * systemd-machined gained a new GetMachineSSHInfo() D-Bus method that is
712 used by systemd-vmspawn to fetch the information needed to ssh into the
713 machine.
714
715 * systemd-machined gained a new Varlink interface that is used by
716 systemd-vmspawn to register machines with additional information and
717 metadata.
718
cb6e59bf 719 systemd-repart:
e91db737
ZJS		 720
721 * systemd-repart gained new options --generate-fstab= and
cb6e59bf
LP		 722 --generate-crypttab= to write out fstab and crypttab files matching the
723 generated partitions.
e91db737 724
28ec5829 725 * systemd-repart gained a new option --private-key-source= to allow
df81883a
LB		 726 using OpenSSL's "engines" or "providers" as the signing mechanism to
727 use when creating verity signature partitions.
e91db737 728
cb6e59bf
LP		 729 * systemd-repart gained a new DefaultSubvolume= setting in repart.d/
730 drop-ins that allow configuring the default btrfs subvolume for newly
731 formatted btrfs file systems.
e91db737
ZJS		 732
733 Libraries:
734
cb6e59bf 735 * libsystemd gained new call sd_bus_creds_new_from_pidfd() to get a
e91db737
ZJS		 736 credentials object for a pidfd and sd_bus_creds_get_pidfd_dup() to
737 retrieve the pidfd from a credentials object.
738
cb6e59bf
LP		 739 * sd-bus' credentials logic will now also acquire peer's UNIX group
740 lists and peer's pidfd if supported and requested.
741
e91db737
ZJS		 742 * RPM macro %_kernel_install_dir has been added with the path
743 to the directory for kernel-install plugins.
744
cb6e59bf
LP		 745 * The liblz4, libzstd, liblzma, libkmod, libgcrypt dependencies have
746 been changed from regular shared library dependencies into dlopen()
747 based ones.
e91db737 748
d4e9be97
ZJS		 749 Note that this means that those libraries might not be automatically
750 pulled in when ELF dependencies are resolved. In particular lack of
509871e6 751 libkmod might cause problems with boot. This affects dracut <= 101,
d4e9be97
ZJS		 752 see https://github.com/dracut-ng/dracut-ng/commit/04b362d713235459cf.
753
5387e4c8
LB		 754 * systemd ELF binaries that use libraries via dlopen() are now built with
755 a new ELF header note section, following a new specification defined at
756 docs/ELF_DLOPEN_METADATA.md, that provides information about which
757 sonames are loaded and used if found at runtime. This allows tools and
758 packagers to programmatically discover the list of optional
759 dependencies used by all systemd ELF binaries. A parser with packaging
760 integration tools is available at
761 https://github.com/systemd/package-notes
762
cb6e59bf
LP		 763 * The sd-journal API gained a new call
764 sd_journal_stream_fd_with_namespace() which is just like
765 sd_journal_stream_fd() but creates a log stream targeted at a
36c0109b 766 specific log namespace.
e91db737 767
8653ef5c
LP		 768 * The sd-id128 API gained a new API call
769 sd_id128_get_invocation_app_specific() for acquiring an app-specific
770 ID that is derived from the service invocation ID.
771
a3d04419
LP		 772 * The sd-event API gained a new API call
773 sd_event_source_get_inotify_path() that returns the file system path
774 an inotify event source was created for.
775
cb6e59bf 776 systemd-cryptsetup/systemd-cryptenroll:
e91db737 777
6645dc05
LP		 778 * The device node argument to systemd-cryptenroll is now optional. If
779 omitted it will be derived automatically from the backing block
780 device of /var/ (which quite likely is the same as the root file
781 system, hence effectively means if you don't specify things otherwise
782 the tool will now default to enrolling a key into the root file
783 system's LUKS device).
784
df81883a 785 * systemd-cryptenroll can now enroll directly with a PKCS11 public key
e91db737
ZJS		 786 (instead of a certificate).
787
cb6e59bf
LP		 788 * systemd-cryptsetup/systemd-cryptenroll now may lock a disk against a
789 PKCS#11 provided EC key (before it only supported RSA).
e91db737
ZJS		 790
791 * systemd-cryptsetup gained support for crypttab option
cb6e59bf 792 link-volume-key= to link the volume key into the kernel keyring when
e91db737
ZJS		 793 the volume is opened.
794
cb6e59bf
LP		 795 * systemd-cryptenroll will no longer enable Dictionary Attack
796 Protection (i.e. turn on NO_DA) for TPM enrollments that do not
797 involve a PIN. DA should not be necessary in that case (since key
798 entropy is high enough to make this unnecessary), but risks
799 accidental lock-out in case of unexpected PCR changes.
800
801 * systemd-cryptenroll now supports enrolling a new slot while unlocking
802 the old slot via TPM2 (previously unlocking only worked via password
803 or FIDO2).
804
805 Documentation:
09e99a41 806
e91db737
ZJS		 807 * The remaining documentation that was on
808 https://freedesktop.org/wiki/Software/systemd/ has been moved to
cb6e59bf 809 https://systemd.io/.
e91db737 810
cb6e59bf
LP		 811 * A new text describing the VM integration interfaces of systemd has
812 been added:
13fc754d 813
cb6e59bf 814 https://systemd.io/VM_INTERFACE
5360b10f 815
a3d04419
LP		 816 * The sd_notify() man page has gained examples with C and Python code
817 that shows how to implement the interface in those languages without
818 involving libsystemd.
5360b10f 819
cb6e59bf 820 systemd-homed, systemd-logind, systemd-userdbd:
5360b10f 821
cb6e59bf
LP		 822 * systemd-homed now supports unlocking of home directories when logging
823 in via SSH. Previously home directories needed to be unlocked before
824 an SSH login is attempted.
5360b10f 825
cb6e59bf
LP		 826 * JSON User Records have been extended with a separate public storage
827 area called "User Record Blob Directories". This is intended to store
828 the user's background image, avatar picture, and other similar items
829 which are too large to fit into the User Record itself.
5360b10f 830
cb6e59bf
LP		 831 systemd-homed, userdbctl, and homectl gained support for blob
832 directories. homectl gained --avatar= and --login-background= to
833 control two specific items of the blob directories.
5360b10f 834
cb6e59bf
LP		 835 * A new "additionalLanguages" field has been added to JSON user records
836 (as supported by systemd-homed and systemd-userdbd), which is closely
837 related to the pre-existing "preferredLanguage", and allows
838 specifying multiple additional languages for the user account. It is
839 used to initialize the $LANGUAGES environment variable when used.
5360b10f 840
cb6e59bf
LP		 841 * A new pair of "preferredSessionType" and "preferredSessionLauncher"
842 fields have been added to JSON user records, that may be used to
843 control which kind of desktop session to preferable activate on
844 logins of the user.
5360b10f 845
cb6e59bf
LP		 846 * homectl gained a new verb 'firstboot', and a new
847 systemd-homed-firstboot.service unit uses this verb to create users
848 in a first boot environment, either from system credentials or by
849 querying interactively.
5360b10f 850
cb6e59bf
LP		 851 * systemd-logind now supports a new "background-light" session class
852 which does not pull in the user@.service unit. This is intended in
853 particular for lighter weight per-user cron jobs which do require any
854 per-user service manager to be around.
5360b10f 855
cb6e59bf
LP		 856 * The per-user service manager will now be tracked as a distinct "manager"
857 session type among logind sessions of each user.
5360b10f 858
cb6e59bf
LP		 859 * homectl now supports an --offline mode, by which certain account
860 properties can be changed without unlocking the home directory.
5360b10f 861
cb6e59bf
LP		 862 * systemd-logind gained a new
863 org.freedesktop.login1.Manager.ListSessionsEx() method that provides
864 additional metadata compared to ListSessions(). loginctl makes use of
865 this to list additional fields in list-sessions.
5360b10f 866
cb6e59bf
LP		 867 * systemd-logind gained a new org.freedesktop.login1.Manager.Sleep()
868 method that automatically redirects to SuspendThenHibernate(),
869 Suspend(), HybridSleep(), or Hibernate(), depending on what is
870 supported and configured, a new configuration setting SleepOperation=,
871 and an accompanying helper method
872 org.freedesktop.login1.Manager.CanSleep() and property
873 org.freedesktop.login1.Manager.SleepOperation.
5360b10f 874
cb6e59bf
LP		 875 'systemctl sleep' calls the new method to automatically put the
876 machine to sleep in the most appropriate way.
877
878 Credential Management:
879
880 * systemd-creds now provides a Varlink IPC API for encrypting and
881 decrypting credentials.
882
883 * systemd-creds' "tpm2-absent" key selection has been renamed to
f4d0061c 884 "null", since that's what it actually does: "encrypt" and "sign"
cb6e59bf
LP		 885 with a fixed null key. --with-key=null should only be used in very
886 specific cases, as it provides zero integrity or confidentiality
887 protections. (i.e. it's only safe to use as fallback in environments
888 lacking both a TPM and access to the root fs to use the host
889 encryption key, or when integrity is provided some other way.)
890
891 * systemd-creds gained a new switch --allow-null. If specified, the
892 "decrypt" verb will decode encrypted credentials that use the "null"
893 key (by default this is refused, since using the "null" key defeats
894 the authenticated encryption normally done).
895
896 Suspend & Hibernate:
897
898 * The sleep.conf configuration file gained a new MemorySleepMode=
899 setting for configuring the sleep mode in more detail.
900
901 * A tiny new service systemd-hibernate-clear.service has been added
902 which clears hibernation information from the HibernateLocation EFI
f4d0061c
MY		 903 variable, in case the resume device is gone. Normally, this variable
904 is supposed to be cleaned up by the code that initiates the resume
905 from hibernation image. But when the device is missing and that code
906 doesn't run, this service will now do the necessary work, ensuring
907 that no outdated hibernation image information remains on subsequent
908 boots.
cb6e59bf
LP		 909
910 Unprivileged User Namespaces & Mounts:
911
912 * A small new service systemd-nsresourced.service has been added. It
913 provides a Varlink IPC API that assigns a free, transiently allocated
914 64K UID/GID range to an uninitialized user namespace a client
915 provides. It may be used to implement unprivileged container managers
916 and other programs that need dynamic user ID ranges. It also provides
917 interfaces to then delegate mount file descriptors, control groups
918 and network interfaces to user namespaces set up this way.
919
36c0109b 920 * A small new service systemd-mountfsd.service has been added. It
f95f39a4 921 provides a Varlink IPC API for mounting DDI images, and returning a set
cb6e59bf
LP		 922 of mount file descriptors for it. If a user namespace fd is provided
923 as input, then the mounts are registered with the user namespace. To
924 ensure trust in the image it must provide Verity information (or
925 alternatively interactive polkit authentication is required).
926
927 * The systemd-dissect tool now can access DDIs fully unprivileged by
f4d0061c 928 using systemd-nsresourced/systemd-mountfsd.
cb6e59bf
LP		 929
930 * If the service manager runs unprivileged (i.e. systemd --user) it now
931 supports RootImage= for accessing DDI images, also implemented via
f4d0061c 932 the systemd-nsresourced/systemd-mountfsd.
cb6e59bf
LP		 933
934 * systemd-nspawn may now operate without privileges, if a suitable DDI
935 is provided via --image=, again implemented via
f4d0061c 936 systemd-nsresourced/systemd-mountfsd.
cb6e59bf
LP		 937
938 Other:
939
940 * timedatectl and machinectl gained option '-P', an alias for
941 '--value --property=…'.
942
943 * Various tools that pretty-print config files will now highlight
944 configuration directives.
945
946 * varlinkctl gained support for the "ssh:" transport. This requires
947 OpenSSH 9.4 or newer.
948
949 * systemd-sysext gained support for enabling system extensions in
950 mutable fashion, where a writeable upperdir is stored under
951 /var/lib/extensions.mutable/, and a new --mutable= option to
952 configure this behaviour. An "ephemeral" mode is not also supported
953 where the mutable layer is configured to be a tmpfs that is
954 automatically released when the system extensions are reattached.
955
956 * Coredumps are now retained for two weeks by default (instead of three
957 days, as before).
958
959 * portablectl --copy= parameter gained a new 'mixed' argument, that will
960 result in resources owned by the OS (e.g.: portable profiles) to be linked
961 but resources owned by the portable image (e.g.: the unit files and the
962 images themselves) to be copied.
963
964 * systemd will now register MIME types for various of its file types
965 (e.g. journal files, DDIs, encrypted credentials …) via the XDG
966 shared-mime-info infrastructure. (Files of these types will thus be
967 recognized as their own thing in desktop file managers such as GNOME
968 Files.)
969
970 * systemd-dissect will now show the detected sector size of a given DDI
971 in its default output.
972
973 * systemd-portabled now generates recognizable structured log messages
974 whenever a portable service is attached or detached.
975
976 * Verity signature checking in userspace (i.e. checking against
977 /etc/verity.d/ keys) when activating DDIs can now be turned on/off
978 via a kernel command line option systemd.allow_userspace_verity= and
979 an environment variable SYSTEMD_ALLOW_USERSPACE_VERITY=.
980
981 * ext4/xfs file system quota handling has been reworked, so that
982 quotacheck and quotaon are now invoked as per-file-system templated
983 services (as opposed to single system-wide singletons), similar in
984 style to the fsck, growfs, pcrfs logic. This means file systems with
985 quota enabled can now be reasonably enabled at runtime of the system,
986 not just at boot.
987
988 * "systemd-analyze dot" will now also show BindsTo= dependencies.
989
990 * systemd-debug-generator gained the ability add in arbitrary units
991 based on them being passed in via system credentials.
992
993 * A new kernel command-line option systemd.default_debug_tty= can be
994 used to specify the TTY for the debug shell, independently of
995 enabling or disabling it.
5360b10f 996
a3d04419
LP		 997 * portablectl gained a new --clean switch that clears a portable
998 service's data (cache, logs, state, runtime, fdstore) when detaching
999 it.
1000
54300d42
LB		 1001 Contributions from: A S Alam, AKHIL KUMAR,
1002 Abraham Samuel Adekunle, Adrian Vovk, Adrian Wannenmacher,
1003 Alan Liang, Alberto Planas, Alexander Zavyalov, Anders Jonsson,
1004 Andika Triwidada, Andres Beltran, Andrew Sayers,
1005 Antonio Alvarez Feijoo, Arthur Zamarin, Artur Pak, AtariDreams,
1006 Benjamin Franzke, Bernhard M. Wiedemann, Black-Hole1, Bryan Jacobs,
1007 Burak Gerz, Carlos Garnacho, Chandra Pratap, Chris Simons,
ca8fc4c2
LB		 1008 Christian Göttsche, Christian Wesselhoeft, Clayton Craft,
1009 Colin Geniet, Colin Walters, Colin Watson, Costa Tsaousis,
1010 Cristian Rodríguez, Daan De Meyer, Damien Challet, Dan Streetman,
1011 Daniele Medri, David Tardon, David Venhoek, Diego Viola,
1012 Dionna Amalie Glaze, Dmitry Konishchev, Dmitry V. Levin,
07341fda
LP		 1013 Edson Juliano Drosdeck, Eisuke Kawashima, Eli Schwartz,
1014 Emanuele Giuseppe Esposito, Eric Daigle, Evgeny Vereshchagin,
ca8fc4c2
LB		 1015 Felix Riemann, Fernando Fernandez Mancera, Florian Fainelli,
1016 Florian Schmaus, Franck Bui, Frantisek Sumsal, Friedrich Altheide,
3bc0e89a
LB		 1017 Gabríel Arthúr Pétursson, Gaël Donval, Georges Basile Stavracas Neto,
1018 Gerd Hoffmann, GNOME Foundation, Guido Leenders,
361c721d 1019 Guilhem Lettron, Göran Uddeborg, Hans de Goede, Harald Brinkmann,
3bc0e89a
LB		 1020 Heinrich Schuchardt, Helmut Grohne, Henry Li, Holger Assmann,
1021 Ivan Kruglov, Ivan Shapovalov, Jakub Sitnicki, James Muir,
1022 Jan Engelhardt, Jan Macku, Jarne Förster, Jeff King,
1023 Jian-Hong Pan, JmbFountain, Joakim Nohlgård, Jonathan Conder,
1024 Julius Alexandre, Jörg Behrmann, Kai Lueke, Kamil Szczęk,
1025 KayJay7, Keian, Kirk, Kristian Klausen, Krzesimir Nowak,
1026 Lars Ellenberg, Lennart Poettering, Luca Boccassi, Lucas Salles,
1027 Ludwig Nussel, Lukáš Nykrýn, Luna Jernberg, Luxiter,
1028 Maanya Goenka, Maciej S. Szmigiero, Mariano Giménez,
1029 Markus Merklinger, Martin Ivicic, Martin Srebotnjak,
1030 Martin Trigaux, Martin Wilck, Mathias Lang, Matt Layher,
1031 Matt Muggeridge, Matteo Croce, Matthias Lisin, Max Gautier,
1032 Max Staudt, MaxHearnden, Michael Biebl, Michal Koutný,
1033 Michal Sekletár, Michał Kopeć, Mike Gilbert, Mike Yuan,
1034 Mikko Ylinen, MkfsSion, Moritz Sanft, MrSmör, Nandakumar Raghavan,
1035 Nick Cao, Nick Rosbrook, Nicolas Bouchinet, Norbert Lange,
1036 Ole Peder Brandtzæg, Ondrej Kozina, Oğuz Ersen,
ca8fc4c2
LB		 1037 Pablo Méndez Hernández, Pierre GRASSER, Piotr Drąg, QuonXF,
1038 Radoslav Kolev, Rafaël Kooi, Raito Bezarius, Rasmus Villemoes,
1039 Reid Wahl, Renjaya Raga Zenta, Richard Maw, Roland Hieber,
1040 Ronan Pigott, Rose, Ross Burton, Saliba-san, Sam Leonard,
1041 Samuel BF, Sarvajith Adyanthaya, Scrambled 777,
1042 Sebastian Pucilowski, Sergei Zhmylev, Sergey A, Shulhan,
1043 SidhuRupinder, Simon Fowler, Skia, Sludge, Stuart Hayhurst,
1044 Susant Sahani, Takashi Sakamoto, Temuri Doghonadze, Thayne McCombs,
1045 Thilo Fromm, Thomas Blume, Timo Rothenpieler, TobiPeterG,
1046 Tobias Fleig, Tomáš Pecka, Topi Miettinen, Tycho Andersen,
1047 Unique-Usman, Usman Akinyemi, Vasiliy Kovalev, Vasiliy Stelmachenok,
1048 Vishal Chillara Srinivas, Vitaly Kuznetsov, Vito Caputo,
1049 Vladimir Stoiakin, Werner Sembach, Will Springer, Winterhuman,
1050 Xiaotian Wu, Yu Watanabe, Yuri Chornoivan,
1051 Zbigniew Jędrzejewski-Szmek, Zmyeir, anphir, aslepykh, chenjiayi,
3bc0e89a
LB		 1052 cpackham-atlnz, cunshunxia, djantti, drewbug, hfavisado, hulkoba,
1053 hydrargyrum, ksaleem, mburucuyapy, medusalix, mille-feuille, mkubiak,
1054 mooo, msizanoen, networkException, nl6720, r-vdp, runiq,
1055 sam-leonard-ct, samuelvw01, sharad3001, spdfnet, sushmbha, wangyuhang,
1056 zeroskyx, zzywysm, İ. Ensar Gülşen, Łukasz Stelmach,
1057 Štěpán Němec, 我超厉害, 김인수
07341fda 1058
a3680a45 1059 — Edinburgh, 2024-05-22
07341fda 1060
db11bab3 1061CHANGES WITH 255:
c405b91f
LB		 1062
1063 Announcements of Future Feature Removals and Incompatible Changes:
1064
1065 * Support for split-usr (/usr/ mounted separately during late boot,
1066 instead of being mounted by the initrd before switching to the rootfs)
1067 and unmerged-usr (parallel directories /bin/ and /usr/bin/, /lib/ and
1068 /usr/lib/, …) has been removed. For more details, see:
1069 https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html
1070
1071 * We intend to remove cgroup v1 support from a systemd release after
1072 the end of 2023. If you run services that make explicit use of
1073 cgroup v1 features (i.e. the "legacy hierarchy" with separate
1074 hierarchies for each controller), please implement compatibility with
1075 cgroup v2 (i.e. the "unified hierarchy") sooner rather than later.
1076 Most of Linux userspace has been ported over already.
1077
1078 * Support for System V service scripts is now deprecated and will be
1079 removed in a future release. Please make sure to update your software
1080 *now* to include a native systemd unit file instead of a legacy
1081 System V script to retain compatibility with future systemd releases.
1082
1083 * Support for the SystemdOptions EFI variable is deprecated.
1084 'bootctl systemd-efi-options' will emit a warning when used. It seems
1085 that this feature is little-used and it is better to use alternative
1086 approaches like credentials and confexts. The plan is to drop support
1087 altogether at a later point, but this might be revisited based on
1088 user feedback.
1089
1090 * systemd-run's switch --expand-environment= which currently is disabled
1091 by default when combined with --scope, will be changed in a future
1092 release to be enabled by default.
1093
fcdd21ec 1094 * "systemctl switch-root" is now restricted to initrd transitions only.
4da159bc 1095
427ddaf6
ZJS		 1096 Transitions between real systems should be done with
1097 "systemctl soft-reboot" instead.
1098
1099 * The "ip=off" and "ip=none" kernel command line options interpreted by
c24a8c6b 1100 systemd-network-generator will now result in IPv6RA + link-local
427ddaf6 1101 addressing being disabled, too. Previously DHCP was turned off, but
c24a8c6b
LP		 1102 IPv6RA and IPv6 link-local addressing was left enabled.
1103
f456764c
LB		 1104 * The NAMING_BRIDGE_MULTIFUNCTION_SLOT naming scheme has been deprecated
1105 and is now disabled.
1106
ce3eccd8
LB		 1107 * SuspendMode=, HibernateState= and HybridSleepState= in the [Sleep]
1108 section of systemd-sleep.conf are now deprecated and have no effect.
1109 They did not (and could not) take any value other than the respective
1110 default. HybridSleepMode= is also deprecated, and will now always use
1111 the 'suspend' disk mode.
1112
f456764c
LB		 1113 Service Manager:
1114
c2322b48
LP		 1115 * The way services are spawned has been overhauled. Previously, a
1116 process was forked that shared all of the manager's memory (via
427ddaf6 1117 copy-on-write) while doing all the required setup (e.g.: mount
c2322b48
LP		 1118 namespaces, CGroup configuration, etc.) before exec'ing the target
1119 executable. This was problematic for various reasons: several glibc
1120 APIs were called that are not supposed to be used after a fork but
1121 before an exec, copy-on-write meant that if either process (the
1122 manager or the child) touched a memory page a copy was triggered, and
1123 also the memory footprint of the child process was that of the
427ddaf6 1124 manager, but with the memory limits of the service. From this version
c2322b48 1125 onward, the new process is spawned using CLONE_VM and CLONE_VFORK
427ddaf6 1126 semantics via posix_spawn(3), and it immediately execs a new internal
c2322b48
LP		 1127 binary, systemd-executor, that receives the configuration to apply
1128 via memfd, and sets up the process before exec'ing the target
054042f8
LB		 1129 executable. The systemd-executor binary is pinned by file descriptor
1130 by each manager instance (system and users), and the reference is
1131 updated on daemon-reexec - it is thus important to reexec all running
1132 manager instances when the systemd-executor and/or libsystemd*
1133 libraries are updated on the filesystem.
f456764c 1134
c2322b48
LP		 1135 * Most of the internal process tracking is being changed to use PIDFDs
1136 instead of PIDs when the kernel supports it, to improve robustness
1137 and reliability.
f456764c 1138
427ddaf6
ZJS		 1139 * A new option SurviveFinalKillSignal= can be used to configure the
1140 unit to be skipped in the final SIGTERM/SIGKILL spree on shutdown.
1141 This is part of the required configuration to let a unit's processes
1142 survive a soft-reboot operation.
f456764c 1143
c2322b48
LP		 1144 * System extension images (sysext) can now set
1145 EXTENSION_RELOAD_MANAGER=1 in their extension-release files to
1146 automatically reload the service manager (PID 1) when
1147 merging/refreshing/unmerging on boot. Generally, while this can be
1148 used to ship services in system extension images it's recommended to
1149 do that via portable services instead.
f456764c
LB		 1150
1151 * The ExtensionImages= and ExtensionDirectories= options now support
1152 confexts images/directories.
1153
427ddaf6
ZJS		 1154 * A new option NFTSet= provides a method for integrating dynamic cgroup
1155 IDs into firewall rules with NFT sets. The benefit of using this
1156 setting is to be able to use control group as a selector in firewall
1157 rules easily and this in turn allows more fine grained filtering.
1158 Also, NFT rules for cgroup matching use numeric cgroup IDs, which
1159 change every time a service is restarted, making them hard to use in
1160 systemd environment.
f456764c 1161
c2322b48
LP		 1162 * A new option CoredumpReceive= can be set for service and scope units,
1163 together with Delegate=yes, to make systemd-coredump on the host
427ddaf6
ZJS		 1164 forward core files from processes crashing inside the delegated
1165 CGroup subtree to systemd-coredump running in the container. This new
1166 option is by default used by systemd-nspawn containers that use the
1167 "--boot" switch.
f456764c
LB		 1168
1169 * A new ConditionSecurity=measured-uki option is now available, to ensure
1170 a unit can only run when the system has been booted from a measured UKI.
1171
1172 * MemoryAvailable= now considers physical memory if there are no CGroup
1173 memory limits set anywhere in the tree.
1174
1175 * The $USER environment variable is now always set for services, while
1176 previously it was only set if User= was specified. A new option
1177 SetLoginEnvironment= is now supported to determine whether to also set
427ddaf6 1178 $HOME, $LOGNAME, and $SHELL.
f456764c 1179
c2322b48
LP		 1180 * Socket units now support a new pair of
1181 PollLimitBurst=/PollLimitInterval= options to configure a limit on
1182 how often polling events on the file descriptors backing this unit
1183 will be considered within a time window.
f456764c 1184
427ddaf6 1185 * Scope units can now be created using PIDFDs instead of PIDs to select
f456764c
LB		 1186 the processes they should include.
1187
c2322b48
LP		 1188 * Sending SIGRTMIN+18 with 0x500 as sigqueue() value will now cause the
1189 manager to dump the list of currently pending jobs.
f456764c 1190
427ddaf6
ZJS		 1191 * If the kernel supports MOVE_MOUNT_BENEATH, the systemctl and
1192 machinectl bind and mount-image verbs will now cause the new mount to
1193 replace the old mount (if any), instead of overmounting it.
f456764c 1194
feed2910 1195 * Units now have MemoryPeak, MemorySwapPeak, MemorySwapCurrent and
b0f96596
LP		 1196 MemoryZSwapCurrent properties, which respectively contain the values
1197 of the cgroup v2's memory.peak, memory.swap.peak, memory.swap.current
7ba8260c 1198 and memory.zswap.current properties. This information is also shown in
b0f96596 1199 "systemctl status" output, if available.
6c71db76 1200
f456764c
LB		 1201 TPM2 Support + Disk Encryption & Authentication:
1202
c2322b48
LP		 1203 * systemd-cryptenroll now allows specifying a PCR bank and explicit hash
1204 value in the --tpm2-pcrs= option.
f456764c 1205
b0f96596
LP		 1206 * systemd-cryptenroll now allows specifying a TPM2 key handle (nv
1207 index) to be used instead of the default SRK via the new
1208 --tpm2-seal-key-handle= option.
f456764c 1209
b0f96596
LP		 1210 * systemd-cryptenroll now allows TPM2 enrollment using only a TPM2
1211 public key (in TPM2B_PUBLIC format) – without access to the TPM2
1212 device itself – which enables offline sealing of LUKS images for a
1213 specific TPM2 chip, as long as the SRK public key is known. Pass the
1214 public to the tool via the new --tpm2-device-key= switch.
feed2910 1215
f456764c
LB		 1216 * systemd-cryptsetup is now installed in /usr/bin/ and is no longer an
1217 internal-only executable.
1218
1219 * The TPM2 Storage Root Key will now be set up, if not already present,
b0f96596
LP		 1220 by a new systemd-tpm2-setup.service early boot service. The SRK will
1221 be stored in PEM format and TPM2_PUBLIC format (the latter is useful
1222 for systemd-cryptenroll --tpm2-device-key=, as mentioned above) for
1223 easier access. A new "srk" verb has been added to systemd-analyze to
1224 allow extracting it on demand if it is already set up.
f456764c 1225
c2322b48
LP		 1226 * The internal systemd-pcrphase executable has been renamed to
1227 systemd-pcrextend.
f456764c 1228
c2322b48
LP		 1229 * The systemd-pcrextend tool gained a new --pcr= switch to override
1230 which PCR to measure into.
1231
1232 * systemd-pcrextend now exposes a Varlink interface at
1233 io.systemd.PCRExtend that can be used to do measurements and event
1234 logging on demand.
f456764c
LB		 1235
1236 * TPM measurements are now also written to an event log at
c2322b48
LP		 1237 /run/log/systemd/tpm2-measure.log, using a derivative of the TCG
1238 Canonical Event Log format. Previously we'd only log them to the
1239 journal, where they however were subject to rotation and similar.
f456764c 1240
c5c5f0fe 1241 * A new component "systemd-pcrlock" has been added that allows managing
7eff3e2c 1242 local TPM2 PCR policies for PCRs 0-7 and similar, which are hard to
c5c5f0fe
LP		 1243 predict by the OS vendor because of the inherently local nature of
1244 what measurements they contain, such as firmware versions of the
1245 system and extension cards and suchlike. pcrlock can predict PCR
1246 measurements ahead of time based on various inputs, such as the local
1247 TPM2 event log, GPT partition tables, PE binaries, UKI kernels, and
1248 various other things. It can then pre-calculate a TPM2 policy from
1249 this, which it stores in an TPM2 NV index. TPM2 objects (such as disk
1250 encryption keys) can be locked against this NV index, so that they
1251 are locked against a specific combination of system firmware and
1252 state. Alternatives for each component are supported to allowlist
1253 multiple kernel versions or boot loader version simultaneously
1254 without losing access to the disk encryption keys. The tool can also
837667a1
ZJS		 1255 be used to analyze and validate the local TPM2 event log.
1256 systemd-cryptsetup, systemd-cryptenroll, systemd-repart have all been
1257 updated to support such policies. There's currently no support for
1258 locking the system's root disk against a pcrlock policy, this will be
1259 added soon. Moreover, it is currently not possible to combine a
1260 pcrlock policy with a signed PCR policy. This component is
0e5f89b5 1261 experimental and its public interface is subject to change.
c5c5f0fe 1262
f456764c
LB		 1263 systemd-boot, systemd-stub, ukify, bootctl, kernel-install:
1264
f456764c
LB		 1265 * bootctl will now show whether the system was booted from a UKI in its
1266 status output.
1267
1268 * systemd-boot and systemd-stub now use different project keys in their
1269 respective SBAT sections, so that they can be revoked individually if
1270 needed.
1271
1272 * systemd-boot will no longer load unverified Devicetree blobs when UEFI
1273 SecureBoot is enabled. For more details see:
1274 https://github.com/systemd/systemd/security/advisories/GHSA-6m6p-rjcq-334c
1275
c2322b48
LP		 1276 * systemd-boot gained new hotkeys to reboot and power off the system
1277 from the boot menu ("B" and "O"). If the "auto-poweroff" and
1278 "auto-reboot" options in loader.conf are set these entries are also
1279 shown as menu items (which is useful on devices lacking a regular
1280 keyboard).
f456764c 1281
c2322b48 1282 * systemd-boot gained a new configuration value "menu-disabled" for the
f456764c
LB		 1283 set-timeout option, to allow completely disabling the boot menu,
1284 including the hotkey.
1285
7eff3e2c
ZJS		 1286 * systemd-boot will now measure the content of loader.conf in TPM2
1287 PCR 5.
f456764c 1288
c2322b48 1289 * systemd-stub will now concatenate the content of all kernel
7eff3e2c 1290 command-line addons before measuring them in TPM2 PCR 12, in a single
c2322b48 1291 measurement, instead of measuring them individually.
f456764c 1292
c2322b48
LP		 1293 * systemd-stub will now measure and load Devicetree Blob addons, which
1294 are searched and loaded following the same model as the existing
1295 kernel command-line addons.
f456764c
LB		 1296
1297 * systemd-stub will now ignore unauthenticated kernel command line options
1298 passed from systemd-boot when running inside Confidential VMs with UEFI
1299 SecureBoot enabled.
1300
feed2910
LB		 1301 * systemd-stub will now load a Devicetree blob even if the firmware did
1302 not load any beforehand (e.g.: for ACPI systems).
1303
427ddaf6
ZJS		 1304 * ukify is no longer considered experimental, and now ships in /usr/bin/.
1305
1306 * ukify gained a new verb inspect to describe the sections of a UKI and
1307 print the contents of the well-known sections.
1308
111df871 1309 * ukify gained a new verb genkey to generate a set of key pairs for
427ddaf6
ZJS		 1310 signing UKIs and their PCR data.
1311
1312 * The 90-loaderentry kernel-install hook now supports installing device
1313 trees.
1314
7eff3e2c
ZJS		 1315 * kernel-install now supports the --json=, --root=, --image=, and
1316 --image-policy= options for the inspect verb.
feed2910 1317
b0f96596
LP		 1318 * kernel-install now supports new list and add-all verbs. The former
1319 lists all installed kernel images (if those are available in
1320 /usr/lib/modules/). The latter will install all the kernels it can
1321 find to the ESP.
feed2910 1322
f456764c
LB		 1323 systemd-repart:
1324
427ddaf6
ZJS		 1325 * A new option --copy-from= has been added that synthesizes partition
1326 definitions from the given image, which are then applied by the
1327 systemd-repart algorithm.
f456764c 1328
68a5300f 1329 * A new option --copy-source= has been added, which can be used to specify
f456764c
LB		 1330 a directory to which CopyFiles= is considered relative to.
1331
427ddaf6
ZJS		 1332 * New --make-ddi=confext, --make-ddi=sysext, and --make-ddi=portable
1333 options have been added to make it easier to generate these types of
1334 DDIs, without having to provide repart.d definitions for them.
f456764c 1335
c2322b48
LP		 1336 * The dm-verity salt and UUID will now be derived from the specified
1337 seed value.
f456764c
LB		 1338
1339 * New VerityDataBlockSizeBytes= and VerityHashBlockSizeBytes= can now be
c2322b48 1340 configured in repart.d/ configuration files.
f456764c 1341
c2322b48 1342 * A new Subvolumes= setting is now supported in repart.d/ configuration
f456764c
LB		 1343 files, to indicate which directories in the target partition should be
1344 btrfs subvolumes.
1345
b0f96596
LP		 1346 * A new --tpm2-device-key= option can be used to lock a disk against a
1347 specific TPM2 public key. This matches the same switch the
1348 systemd-cryptenroll tool now supports (see above).
feed2910 1349
f456764c
LB		 1350 Journal:
1351
68a5300f 1352 * The journalctl --lines= parameter now accepts +N to show the oldest N
f456764c
LB		 1353 entries instead of the newest.
1354
feed2910
LB		 1355 * journald now ensures that sealing happens once per epoch, and sets a
1356 new compatibility flag to distinguish old journal files that were
1357 created before this change, for backward compatibility.
1358
7a05926f
YW		 1359 Device Management:
1360
1361 * udev will now create symlinks to loopback block devices in the
1362 /dev/disk/by-loop-ref/ directory that are based on the .lo_file_name
1363 string field selected during allocation. The systemd-dissect tool and
427ddaf6
ZJS		 1364 the util-linux losetup command now supports a complementing new switch
1365 --loop-ref= for selecting the string. This means a loopback block
1366 device may now be allocated under a caller-chosen reference and can
1367 subsequently be referenced without first having to look up the block
1368 device name the caller ended up with.
7a05926f
YW		 1369
1370 * udev also creates symlinks to loopback block devices in the
1371 /dev/disk/by-loop-inode/ directory based on the .st_dev/st_ino fields
1372 of the inode attached to the loopback block device. This means that
1373 attaching a file to a loopback device will implicitly make a handle
1374 available to be found via that file's inode information.
1375
c2322b48 1376 * udevadm info gained support for JSON output via a new --json= flag, and
f456764c
LB		 1377 for filtering output using the same mechanism that udevadm trigger
1378 already implements.
1379
64f2cf77
ZJS		 1380 * The predictable network interface naming logic is extended to include
1381 the SR-IOV-R "representor" information in network interface names.
1382 This feature was intended for v254, but even though the code was
1383 merged, the part that actually enabled the feature was forgotten.
1384 It is now enabled by default and is part of the new "v255" naming
1385 scheme.
1386
c2322b48
LP		 1387 * A new hwdb/rules file has been added that sets the
1388 ID_NET_AUTO_LINK_LOCAL_ONLY=1 udev property on all network interfaces
1389 that should usually only be configured with link-local addressing
1390 (IPv4LL + IPv6LL), i.e. for PC-to-PC cables ("laplink") or
1391 Thunderbolt networking. systemd-networkd and NetworkManager (soon)
1392 will make use of this information to apply an appropriate network
1393 configuration by default.
1394
1395 * The ID_NET_DRIVER property on network interfaces is now set
1396 relatively early in the udev rule set so that other rules may rely on
1397 its use. This is implemented in a new "net-driver" udev built-in.
1398
c57ff623
YW		 1399 Network Management:
1400
1401 * The "duid-only" option for DHCPv4 client's ClientIdentifier= setting
1402 is now dropped, as it never worked, hence it should not be used by
1403 anyone.
1404
427ddaf6
ZJS		 1405 * The 'prefixstable' ipv6 address generation mode now considers the SSID
1406 when generating stable addresses, so that a different stable address
1407 is used when roaming between wireless networks. If you already use
1408 'prefixstable' addresses with wireless networks, the stable address
1409 will be changed by the update.
06960d17 1410
427ddaf6 1411 * The DHCPv4 client gained a RapidCommit option, true by default, which
808b65a0
RP		 1412 enables RFC4039 Rapid Commit behavior to obtain a lease in a
1413 simplified 2-message exchange instead of the typical 4-message
427ddaf6 1414 exchange, if also supported by the DHCP server.
808b65a0 1415
f456764c 1416 * The DHCPv4 client gained new InitialCongestionWindow= and
c57ff623 1417 InitialAdvertisedReceiveWindow= options for route configurations.
f456764c
LB		 1418
1419 * The DHCPv4 client gained a new RequestAddress= option that allows
1420 to send a preferred IP address in the initial DHCPDISCOVER message.
1421
c57ff623
YW		 1422 * The DHCPv4 server and client gained support for IPv6-only mode
1423 (RFC8925).
1424
68a5300f 1425 * The SendHostname= and Hostname= options are now available for the
427ddaf6 1426 DHCPv6 client, independently of the DHCPv4= option, so that these
b90480c8
RP		 1427 configuration values can be set independently for each client.
1428
f456764c
LB		 1429 * The DHCPv4 and DHCPv6 client state can now be queried via D-Bus,
1430 including lease information.
1431
c57ff623 1432 * The DHCPv6 client can now be configured to use a custom DUID type.
f456764c 1433
c57ff623
YW		 1434 * .network files gained a new IPv4ReversePathFilter= setting in the
1435 [Network] section, to control sysctl's rp_filter setting.
f456764c 1436
c57ff623
YW		 1437 * .network files gaiend a new HopLimit= setting in the [Route] section,
1438 to configure a per-route hop limit.
f456764c 1439
c57ff623
YW		 1440 * .network files gained a new TCPRetransmissionTimeoutSec= setting in
1441 the [Route] section, to configure a per-route TCP retransmission
1442 timeout.
f456764c 1443
68a5300f 1444 * A new directive NFTSet= provides a method for integrating network
f456764c
LB		 1445 configuration into firewall rules with NFT sets. The benefit of using
1446 this setting is that static network configuration or dynamically
1447 obtained network addresses can be used in firewall rules with the
1448 indirection of NFT set types.
1449
f456764c 1450 * The [IPv6AcceptRA] section supports the following new options:
427ddaf6 1451 UsePREF64=, UseHopLimit=, UseICMP6RateLimit=, and NFTSet=.
f456764c
LB		 1452
1453 * The [IPv6SendRA] section supports the following new options:
427ddaf6 1454 RetransmitSec=, HopLimit=, HomeAgent=, HomeAgentLifetimeSec=, and
f456764c
LB		 1455 HomeAgentPreference=.
1456
c57ff623
YW		 1457 * A new [IPv6PREF64Prefix] set of options, containing Prefix= and
1458 LifetimeSec=, has been introduced to append pref64 options in router
1459 advertisements (RFC8781).
1460
f456764c 1461 * The network generator now configures the interfaces with only
427ddaf6 1462 link-local addressing if "ip=link-local" is specified on the kernel
f456764c
LB		 1463 command line.
1464
08752450
YW		 1465 * The prefix of the configuration files generated by the network
1466 generator from the kernel command line is now prefixed with '70-',
1467 to make them have higher precedence over the default configuration
1468 files.
1469
28a8aac7
LB		 1470 * Added a new -Ddefault-network=BOOL meson option, that causes more
1471 .network files to be installed as enabled by default. These configuration
1472 files will which match generic setups, e.g. 89-ethernet.network matches
1473 all Ethernet interfaces and enables both DHCPv4 and DHCPv6 clients.
08752450 1474
c2322b48
LP		 1475 * If a ID_NET_MANAGED_BY= udev property is set on a network device and
1476 it is any other string than "io.systemd.Network" then networkd will
1477 not manage this device. This may be used to allow multiple network
1478 management services to run in parallel and assign ownership of
1479 specific devices explicitly. NetworkManager will soon implement a
1480 similar logic.
f456764c 1481
c2322b48 1482 systemctl:
f456764c
LB		 1483
1484 * systemctl is-failed now checks the system state if no unit is
1485 specified.
1486
427ddaf6
ZJS		 1487 * systemctl will now automatically soft-reboot if a new root file system
1488 is found under /run/nextroot/ when a reboot operation is invoked.
f456764c 1489
c2322b48 1490 Login management:
f456764c 1491
427ddaf6 1492 * Wall messages now work even when utmp support is disabled, using
f456764c
LB		 1493 systemd-logind to query the necessary information.
1494
1495 * systemd-logind now sends a new PrepareForShutdownWithMetadata D-Bus
427ddaf6
ZJS		 1496 signal before shutdown/reboot/soft-reboot that includes additional
1497 information compared to the PrepareForShutdown signal. Currently the
1498 additional information is the type of operation that is about to be
1499 executed.
f456764c 1500
c2322b48
LP		 1501 Hibernation & Suspend:
1502
1503 * The kernel and OS versions will no longer be checked on resume from
1504 hibernation.
1505
1506 * Hibernation into swap files backed by btrfs are now
1507 supported. (Previously this was supported only for other file
1508 systems.)
1509
1510 Other:
1511
0e5f89b5
LB		 1512 * A new systemd-vmspawn tool has been added, that aims to provide for VMs
1513 the same interfaces and functionality that systemd-nspawn provides for
1514 containers. For now it supports QEMU as a backend, and exposes some of
1515 its options to the user. This component is experimental and its public
1516 interface is subject to change.
bf88d041 1517
c2322b48
LP		 1518 * "systemd-analyze plot" has gained tooltips on each unit name with
1519 related-unit information in its svg output, such as Before=,
1520 Requires=, and similar properties.
1521
1522 * A new varlinkctl tool has been added to allow interfacing with
1523 Varlink services, and introspection has been added to all such
48696c2d
LB		 1524 services. This component is experimental and its public interface is
1525 subject to change.
c2322b48
LP		 1526
1527 * systemd-sysext and systemd-confext now expose a Varlink service
1528 at io.systemd.sysext.
1529
d8e7e1b2
LB		 1530 * portable services now accept confexts as extensions.
1531
f456764c
LB		 1532 * systemd-sysupdate now accepts directories in the MatchPattern= option.
1533
f456764c 1534 * systemd-run will now output the invocation ID of the launched
324ec6b5 1535 transient unit and its peak memory usage.
f456764c
LB		 1536
1537 * systemd-analyze, systemd-tmpfiles, systemd-sysusers, systemd-sysctl,
427ddaf6
ZJS		 1538 and systemd-binfmt gained a new --tldr option that can be used instead
1539 of --cat-config to suppress uninteresting configuration lines, such as
1540 comments and whitespace.
f456764c 1541
c2322b48
LP		 1542 * resolvectl gained a new "show-server-state" command that shows
1543 current statistics of the resolver. This is backed by a new
1544 DumpStatistics() Varlink method provided by systemd-resolved.
f456764c
LB		 1545
1546 * systemd-timesyncd will now emit a D-Bus signal when the LinkNTPServers
1547 property changes.
1548
1549 * vconsole now supports KEYMAP=@kernel for preserving the kernel keymap
1550 as-is.
1551
f456764c
LB		 1552 * seccomp now supports the LoongArch64 architecture.
1553
feed2910
LB		 1554 * seccomp may now be enabled for services running as a non-root User=
1555 without NoNewPrivileges=yes.
1556
427ddaf6
ZJS		 1557 * systemd-id128 now supports a new -P option to show only values. The
1558 combination of -P and --app options is also supported.
f456764c 1559
427ddaf6
ZJS		 1560 * A new pam_systemd_loadkey.so PAM module is now available, which will
1561 automatically fetch the passphrase used by cryptsetup to unlock the
1562 root file system and set it as the PAM authtok. This enables, among
1563 other things, configuring auto-unlock of the GNOME Keyring / KDE
1564 Wallet when autologin is configured.
f456764c
LB		 1565
1566 * Many meson options now use the 'feature' type, which means they
1567 take enabled/disabled/auto as values.
1568
427ddaf6 1569 * A new meson option -Dconfigfiledir= can be used to change where
f456764c
LB		 1570 configuration files with default values are installed to.
1571
43fe529e 1572 * Options and verbs in man pages are now tagged with the version they
f456764c
LB		 1573 were first introduced in.
1574
08b939a6
LP		 1575 * A new component "systemd-storagetm" has been added, which exposes all
1576 local block devices as NVMe-TCP devices, fully automatically. It's
1577 hooked into a new target unit storage-target-mode.target that is
1578 suppsoed to be booted into via
1579 rd.systemd.unit=storage-target-mode.target on the kernel command
1580 line. This is intended to be used for installers and debugging to
1581 quickly get access to the local disk. It's inspired by MacOS "target
48696c2d
LB		 1582 disk mode". This component is experimental and its public interface is
1583 subject to change.
08b939a6 1584
c2322b48
LP		 1585 * A new component "systemd-bsod" has been added, which can show logged
1586 error messages full screen, if they have a log level of LOG_EMERG log
48696c2d
LB		 1587 level. This component is experimental and its public interface is
1588 subject to change.
c2322b48
LP		 1589
1590 * The systemd-dissect tool's --with command will now set the
1591 $SYSTEMD_DISSECT_DEVICE environment variable to the block device it
1592 operates on for the invoked process.
1593
1594 * The systemd-mount tool gained a new --tmpfs switch for mounting a new
1595 'tmpfs' instance. This is useful since it does so via .mount units
1596 and thus can be executed remotely or in containers.
1597
1598 * The various tools in systemd that take "verbs" (such as systemctl,
1599 loginctl, machinectl, …) now will suggest a close verb name in case
1600 the user specified an unrecognized one.
1601
1602 * libsystemd now exports a new function sd_id128_get_app_specific()
1603 that generates "app-specific" 128bit IDs from any ID. It's similar to
1604 sd_id128_get_machine_app_specific() and
1605 sd_id128_get_boot_app_specific() but takes the ID to base calculation
1606 on as input. This new functionality is also exposed in the
1607 "systemd-id128" tool where you can now combine --app= with `show`.
1608
1609 * All tools that parse timestamps now can also parse RFC3339 style
1610 timestamps that include the "T" and Z" characters.
1611
a9d942ae 1612 * New documentation has been added:
c2322b48
LP		 1613
1614 https://systemd.io/FILE_DESCRIPTOR_STORE
1615 https://systemd.io/TPM2_PCR_MEASUREMENTS
31a4796e 1616 https://systemd.io/MOUNT_REQUIREMENTS
c2322b48
LP		 1617
1618 * The codebase now recognizes the suffix .confext.raw and .sysext.raw
1619 as alternative to the .raw suffix generally accepted for DDIs. It is
1620 recommended to name configuration extensions and system extensions
1621 with such suffixes, to indicate their purpose in the name.
1622
1623 * The sd-device API gained a new function
1624 sd_device_enumerator_add_match_property_required() which allows
1625 configuring matches on properties that are strictly required. This is
1626 different from the existing sd_device_enumerator_add_match_property()
c309b9e9 1627 matches of which one needs to apply.
c2322b48 1628
e423b40d 1629 * The MAC address the veth side of an nspawn container shall get
c2322b48
LP		 1630 assigned may now be controlled via the $SYSTEMD_NSPAWN_NETWORK_MAC
1631 environment variable.
1632
28a8aac7 1633 * The libiptc dependency is now implemented via dlopen(), so that tools
c2322b48
LP		 1634 such as networkd and nspawn no longer have a hard dependency on the
1635 shared library when compiled with support for libiptc.
1636
a4a047c3
ZJS		 1637 * New rpm macros have been added: %systemd_user_daemon_reexec does
1638 daemon-reexec for all user managers, and %systemd_postun_with_reload
1639 and %systemd_user_postun_with_reload do a reload for system and user
1640 units on upgrades.
1641
feed2910
LB		 1642 * coredumpctl now propagates SIGTERM to the debugger process.
1643
9a848052
LB		 1644 Contributions from: 김인수, Abderrahim Kitouni, Adam Goldman,
1645 Adam Williamson, Alexandre Peixoto Ferreira, Alex Hudspith,
1646 Alvin Alvarado, André Paiusco, Antonio Alvarez Feijoo,
1647 Anton Lundin, Arian van Putten, Arseny Maslennikov, Arthur Shau,
1648 Balázs Úr, beh_10257, Benjamin Peterson, Bertrand Jacquin,
1649 Brian Norris, Charles Lee, Cheng-Chia Tseng, Chris Patterson,
1650 Christian Hergert, Christian Hesse, Christian Kirbach,
1651 Clayton Craft, commondservice, cunshunxia, Curtis Klein, cvlc12,
1652 Daan De Meyer, Daniele Medri, Daniel P. Berrangé, Daniel Rusek,
1653 Daniel Thompson, Dan Nicholson, Dan Streetman, David Rheinsberg,
1654 David Santamaría Rogado, David Tardon, dependabot[bot],
1655 Diego Viola, Dmitry V. Levin, Emanuele Giuseppe Esposito,
1656 Emil Renner Berthing, Emil Velikov, Etienne Dechamps, Fabian Vogt,
1657 felixdoerre, Felix Dörre, Florian Schmaus, Franck Bui,
1658 Frantisek Sumsal, G2-Games, Gioele Barabucci, Hugo Carvalho,
1659 huyubiao, Iago López Galeiras, IllusionMan1212, Jade Lovelace,
1660 janana, Jan Janssen, Jan Kuparinen, Jan Macku, Jeremy Fleischman,
1661 Jin Liu, jjimbo137, Joerg Behrmann, Johannes Segitz, Jordan Rome,
1662 Jordan Williams, Julien Malka, Juno Computers, Khem Raj, khm,
1663 Kingbom Dou, Kiran Vemula, Krzesimir Nowak, Laszlo Gombos,
1664 Lennart Poettering, linuxlion, Luca Boccassi, Lucas Adriano Salles,
1665 Lukas, Lukáš Nykrýn, Maanya Goenka, Maarten, Malte Poll,
1666 Marc Pervaz Boocha, Martin Beneš, Martin Joerg, Martin Wilck,
1667 Mathieu Tortuyaux, Matthias Schiffer, Maxim Mikityanskiy,
1668 Max Kellermann, Michael A Cassaniti, Michael Biebl, Michael Kuhn,
1669 Michael Vasseur, Michal Koutný, Michal Sekletár, Mike Yuan,
60142662 1670 Milton D. Miller II, mordner, msizanoen, NAHO, Nandakumar Raghavan,
9a848052
LB		 1671 Neil Wilson, Nick Rosbrook, Nils K, NRK, Oğuz Ersen,
1672 Omojola Joshua, onenowy, Paul Meyer, Paymon MARANDI, pelaufer,
1673 Peter Hutterer, PhylLu, Pierre GRASSER, Piotr Drąg, Priit Laes,
1674 Rahil Bhimjiani, Raito Bezarius, Raul Cheleguini, Reto Schneider,
e6e335b5
LB		 1675 Richard Maw, Robby Red, RoepLuke, Roland Hieber, Roland Singer,
1676 Ronan Pigott, Sam James, Sam Leonard, Sergey A, Susant Sahani,
1677 Sven Joachim, Tad Fisher, Takashi Sakamoto, Thorsten Kukuk, Tj,
1678 Tomasz Świątek, Topi Miettinen, Valentin David,
1679 Valentin Lefebvre, Victor Westerhuis, Vincent Haupert,
1680 Vishal Chillara Srinivas, Vito Caputo, Warren, Weblate,
1681 Xiaotian Wu, xinpeng wang, Yaron Shahrabani, Yo-Jung Lin,
1682 Yu Watanabe, Zbigniew Jędrzejewski-Szmek, zeroskyx,
9a848052 1683 Дамјан Георгиевски, наб
68ef4c57 1684
db11bab3 1685 — Edinburgh, 2023-12-06
0a917108 1686
994c7978 1687CHANGES WITH 254:
a1012609 1688
b4ff8ba0 1689 Announcements of Future Feature Removals and Incompatible Changes:
1690
d7b3c52c 1691 * The next release (v255) will remove support for split-usr (/usr/
22900fa3
LB		 1692 mounted separately during late boot, instead of being mounted by the
1693 initrd before switching to the rootfs) and unmerged-usr (parallel
33db1b90 1694 directories /bin/ and /usr/bin/, /lib/ and /usr/lib/, …). For more
d7b3c52c 1695 details, see:
22900fa3
LB		 1696 https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html
1697
3e938f1d
LB		 1698 * We intend to remove cgroup v1 support from a systemd release after
1699 the end of 2023. If you run services that make explicit use of
1700 cgroup v1 features (i.e. the "legacy hierarchy" with separate
1701 hierarchies for each controller), please implement compatibility with
1702 cgroup v2 (i.e. the "unified hierarchy") sooner rather than later.
1703 Most of Linux userspace has been ported over already.
b4ff8ba0 1704
7474097d
LP		 1705 * Support for System V service scripts is now deprecated and will be
1706 removed in a future release. Please make sure to update your software
1707 *now* to include a native systemd unit file instead of a legacy
1708 System V script to retain compatibility with future systemd releases.
1709
7e90814f
ZJS		 1710 * Support for the SystemdOptions EFI variable is deprecated.
1711 'bootctl systemd-efi-options' will emit a warning when used. It seems
1712 that this feature is little-used and it is better to use alternative
1713 approaches like credentials and confexts. The plan is to drop support
1714 altogether at a later point, but this might be revisited based on
1715 user feedback.
1716
3e938f1d
LB		 1717 * EnvironmentFile= now treats the line following a comment line
1718 trailing with escape as a non comment line. For details, see:
1719 https://github.com/systemd/systemd/issues/27975
1720
6b2d576f
ED		 1721 * PrivateNetwork=yes and NetworkNamespacePath= now imply
1722 PrivateMounts=yes unless PrivateMounts=no is explicitly specified.
1723
221332ee
ZJS		 1724 * Behaviour of sandboxing options for the per-user service manager
1725 units has changed. They now imply PrivateUsers=yes, which means user
1726 namespaces will be implicitly enabled when a sandboxing option is
b23c7e14 1727 enabled in a user unit. Enabling user namespaces has the drawback
221332ee
ZJS		 1728 that system users will no longer be visible (and processes/files will
1729 appear as owned by 'nobody') in the user unit.
1730
1731 By definition a sandboxed user unit should run with reduced
1732 privileges, so impact should be small. This will remove a great
1733 source of confusion that has been reported by users over the years,
1734 due to how these options require an extra setting to be manually
1735 enabled when used in the per-user service manager, which is not
1736 needed in the system service manager. For more details, see:
e6da1e04
LB		 1737 https://lists.freedesktop.org/archives/systemd-devel/2022-December/048682.html
1738
d0555379
LB		 1739 * systemd-run's switch --expand-environment= which currently is disabled
1740 by default when combined with --scope, will be changed in a future
1741 release to be enabled by default.
1742
d7b3c52c 1743 Security Relevant Changes:
a1012609
LP		 1744
1745 * pam_systemd will now by default pass the CAP_WAKE_ALARM ambient
1746 process capability to invoked session processes of regular users on
1747 local seats (as well as to systemd --user), unless configured
1748 otherwise via data from JSON user records, or via the PAM module's
1749 parameter list. This is useful in order allow desktop tools such as
1750 GNOME's Alarm Clock application to set a timer for
1751 CLOCK_REALTIME_ALARM that wakes up the system when it elapses. A
1752 per-user service unit file may thus use AmbientCapability= to pass
1753 the capability to invoked processes. Note that this capability is
1754 relatively narrow in focus (in particular compared to other process
1755 capabilities such as CAP_SYS_ADMIN) and we already — by default —
1756 permit more impactful operations such as system suspend to local
1757 users.
1758
d7b3c52c
LP		 1759 Service Manager:
1760
e9ae4187
ZJS		 1761 * Memory limits that apply while the unit is activating are now
1762 supported. Previously IO and CPU settings were already supported via
1763 StartupCPUWeight= and similar. The same logic has been added for the
1764 various manager and unit memory settings (DefaultStartupMemoryLow=,
1765 StartupMemoryLow=, StartupMemoryHigh=, StartupMemoryMax=,
1766 StartupMemorySwapMax=, StartupMemoryZSwapMax=).
d7b3c52c
LP		 1767
1768 * The service manager gained support for enqueuing POSIX signals to
1769 services that carry an additional integer value, exposing the
49bf8bd5 1770 sigqueue() system call. This is accessible via new D-Bus calls
221332ee
ZJS		 1771 org.freedesktop.systemd1.Manager.QueueSignalUnit() and
1772 org.freedesktop.systemd1.Unit.QueueSignal(), as well as in systemctl
1773 via the new --kill-value= option.
d7b3c52c
LP		 1774
1775 * systemctl gained a new "list-paths" verb, which shows all currently
221332ee 1776 active .path units, similarly to how "systemctl list-timers" shows
d7b3c52c
LP		 1777 active timers, and "systemctl list-sockets" shows active sockets.
1778
d7b3c52c
LP		 1779 * systemctl gained a new --when= switch which is honoured by the various
1780 forms of shutdown (i.e. reboot, kexec, poweroff, halt) and allows
1781 scheduling these operations by time, similar in fashion to how this
1782 has been supported by SysV shutdown.
1783
221332ee
ZJS		 1784 * If MemoryDenyWriteExecute= is enabled for a service and the kernel
1785 supports the new PR_SET_MDWE prctl() call, it is used instead of the
1786 seccomp()-based system call filter to achieve the same effect.
1787
d7b3c52c
LP		 1788 * A new set of kernel command line options is now understood:
1789 systemd.tty.term.<name>=, systemd.tty.rows.<name>=,
1790 systemd.tty.columns.<name>= allow configuring the TTY type and
b1ee7474
LB		 1791 dimensions for the tty specified via <name>. When systemd invokes a
1792 service on a tty (via TTYName=) it will look for these and configure
221332ee 1793 the TTY accordingly. This is particularly useful in VM environments
d7b3c52c
LP		 1794 to propagate host terminal settings into the appropriate TTYs of the
1795 guest.
1796
1797 * A new RootEphemeral= setting is now understood in service units. It
1798 takes a boolean argument. If enabled for services that use RootImage=
1799 or RootDirectory= an ephemeral copy of the disk image or directory
1800 tree is made when the service is started. It is removed automatically
08423f6d 1801 when the service is stopped. That ephemeral copy is made using
dc3b5e04 1802 btrfs/xfs reflinks or btrfs snapshots, if available.
d7b3c52c
LP		 1803
1804 * The service activation logic gained new settings RestartSteps= and
221332ee 1805 RestartMaxDelaySec= which allow exponentially-growing restart
d7b3c52c
LP		 1806 intervals for Restart=.
1807
305bea82
LB		 1808 * The service activation logic gained a new setting RestartMode= which
1809 can be set to 'direct' to skip the inactive/failed states when
1810 restarting, so that dependent units are not notified until the service
1811 converges to a final (successful or failed) state. For example, this
1812 means that OnSuccess=/OnFailure= units will not be triggered until the
1813 service state has converged.
1814
d7b3c52c
LP		 1815 * PID 1 will now automatically load the virtio_console kernel module
1816 during early initialization if running in a suitable VM. This is done
1817 so that early-boot logging can be written to the console if available.
1818
221332ee
ZJS		 1819 * Similarly, virtio-vsock support is loaded early in suitable VM
1820 environments. PID 1 will send sd_notify() notifications via AF_VSOCK
1821 to the VMM if configured, thus loading this early is beneficial.
d7b3c52c
LP		 1822
1823 * A new verb "fdstore" has been added to systemd-analyze to show the
1824 current contents of the file descriptor store of a unit. This is
1825 backed by a new D-Bus call DumpUnitFileDescriptorStore() provided by
1826 the service manager.
1827
1828 * The service manager will now set a new $FDSTORE environment variable
1829 when invoking processes for services that have the file descriptor
1830 store enabled.
1831
1832 * A new service option FileDescriptorStorePreserve= has been added that
55e40b0b
ZJS		 1833 allows tuning the lifecycle of the per-service file descriptor store.
1834 If set to "yes", the entries in the fd store are retained even after
1835 the service has been fully stopped.
d7b3c52c
LP		 1836
1837 * The "systemctl clean" command may now be used to clear the fdstore of
1838 a service.
1839
d7b3c52c 1840 * Unit *.preset files gained a new directive "ignore", in addition to
221332ee
ZJS		 1841 the existing "enable" and "disable". As the name suggests, matching
1842 units are left unchanged, i.e. neither enabled nor disabled.
d7b3c52c
LP		 1843
1844 * Service units gained a new setting DelegateSubgroup=. It takes the
1845 name of a sub-cgroup to place any processes the service manager forks
1846 off in. Previously, the service manager would place all service
221332ee
ZJS		 1847 processes directly in the top-level cgroup it created for the
1848 service. This usually meant that main process in a service with
1849 delegation enabled would first have to create a subgroup and move
1850 itself down into it, in order to not conflict with the "no processes
1851 in inner cgroups" rule of cgroup v2. With this option, this step is
1852 now handled by PID 1.
1853
1854 * The service manager will now look for .upholds/ directories,
1855 similarly to the existing support for .wants/ and .requires/
1856 directories. Symlinks in this directory result in Upholds=
1857 dependencies.
1858
1859 The [Install] section of unit files gained support for a new
1860 UpheldBy= directive to generate .upholds/ symlinks automatically when
1861 a unit is enabled.
d7b3c52c
LP		 1862
1863 * The service manager now supports a new kernel command line option
1864 systemd.default_device_timeout_sec=, which may be used to override
1865 the default timeout for .device units.
1866
221332ee
ZJS		 1867 * A new "soft-reboot" mechanism has been added to the service manager.
1868 A "soft reboot" is similar to a regular reboot, except that it
1869 affects userspace only: the service manager shuts down any running
d7b3c52c
LP		 1870 services and other units, then optionally switches into a new root
1871 file system (mounted to /run/nextroot/), and then passes control to a
49bf8bd5 1872 systemd instance in the new file system which then starts the system
221332ee
ZJS		 1873 up again. The kernel is not rebooted and neither is the hardware,
1874 firmware or boot loader. This provides a fast, lightweight mechanism
1875 to quickly reset or update userspace, without the latency that a full
d7b3c52c
LP		 1876 system reset involves. Moreover, open file descriptors may be passed
1877 across the soft reboot into the new system where they will be passed
1878 back to the originating services. This allows pinning resources
7f0bf48d 1879 across the reboot, thus minimizing grey-out time further. This new
d7b3c52c
LP		 1880 reboot mechanism is accessible via the new "systemctl soft-reboot"
1881 command.
1882
25c66abb
LB		 1883 * Services using RootDirectory= or RootImage= will now have read-only
1884 access to a copy of the host's os-release file under
1885 /run/host/os-release, which will be kept up-to-date on 'soft-reboot'.
1886 This was already the case for Portable Services, and the feature has
1887 now been extended to all services that do not run off the host's
1888 root filesystem.
1889
221332ee
ZJS		 1890 * A new service setting MemoryKSM= has been added to enable kernel
1891 same-page merging individually for services.
d7b3c52c 1892
08423f6d
LP		 1893 * A new service setting ImportCredentials= has been added that augments
1894 LoadCredential= and LoadCredentialEncrypted= and searches for
1895 credentials to import from the system, and supports globbing.
d7b3c52c 1896
eade959b
LP		 1897 * A new job mode "restart-dependencies" has been added to the service
1898 manager (exposed via systemctl --job-mode=). It is only valid when
1899 used with "start" jobs, and has the effect that the "start" job will
1900 be propagated as "restart" jobs to currently running units that have
1901 a BindsTo= or Requires= dependency on the started unit.
1902
1903 * A new verb "whoami" has been added to "systemctl" which determines as
1904 part of which unit the command is being invoked. It writes the unit
1905 name to standard output. If one or more PIDs are specified reports
1906 the unit names the processes referenced by the PIDs belong to.
1907
1908 * The system and service credential logic has been improved: there's
1909 now a clearly defined place where system provisioning tools running
1910 in the initrd can place credentials that will be imported into the
1911 system's set of credentials during the initrd → host transition: the
1912 /run/credentials/@initrd/ directory. Once the credentials placed
1913 there are imported into the system credential set they are deleted
1914 from this directory, and the directory itself is deleted afterwards
1915 too.
1916
1917 * A new kernel command line option systemd.set_credential_binary= has
1918 been added, that is similar to the pre-existing
1919 systemd.set_credential= but accepts arbitrary binary credential data,
1920 encoded in Base64. Note that the kernel command line is not a
1921 recommend way to transfer credentials into a system, since it is
1922 world-readable from userspace.
1923
1924 * The default machine ID to use may now be configured via the
1925 system.machine_id system credential. It will only be used if no
1926 machine ID was set yet on the host.
1927
1928 * On Linux kernel 6.4 and newer system and service credentials will now
1929 be placed in a tmpfs instance that has the "noswap" mount option
1930 set. Previously, a "ramfs" instance was used. By switching to tmpfs
1931 ACL support and overall size limits can now be enforced, without
1932 compromising on security, as the memory is never paged out either
1933 way.
1934
305bea82
LB		 1935 * The service manager now can detect when it is running in a
1936 'Confidential Virtual Machine', and a corresponding 'cvm' value is now
1937 accepted by ConditionSecurity= for units that want to conditionalize
1938 themselves on this. systemd-detect-virt gained new 'cvm' and
1939 '--list-cvm' switches to respectively perform the detection or list
1940 all known flavours of confidential VM, depending on the vendor. The
1941 manager will publish a 'ConfidentialVirtualization' D-Bus property,
1942 and will also set a SYSTEMD_CONFIDENTIAL_VIRTUALIZATION= environment
1943 variable for unit generators. Finally, udev rules can match on a new
1944 'cvm' key that will be set when in a confidential VM.
d4c124a2
LB		 1945 Additionally, when running in a 'Confidential Virtual Machine', SMBIOS
1946 strings and QEMU's fw_cfg protocol will not be used to import
1947 credentials and kernel command line parameters by the system manager,
1948 systemd-boot and systemd-stub, because the hypervisor is considered
1949 untrusted in this particular setting.
305bea82 1950
d7b3c52c
LP		 1951 Journal:
1952
221332ee
ZJS		 1953 * The sd-journal API gained a new call sd_journal_get_seqnum() to
1954 retrieve the current log record's sequence number and sequence number
1955 ID, which allows applications to order records the same way as
1956 journal does internally. The sequence number is now also exported in
1957 the JSON and "export" output of the journal.
d7b3c52c
LP		 1958
1959 * journalctl gained a new switch --truncate-newline. If specified
1960 multi-line log records will be truncated at the first newline,
221332ee 1961 i.e. only the first line of each log message will be shown.
d7b3c52c 1962
eade959b
LP		 1963 * systemd-journal-upload gained support for --namespace=, similar to
1964 the switch of the same name of journalctl.
1965
d7b3c52c
LP		 1966 systemd-repart:
1967
1968 * systemd-repart's drop-in files gained a new ExcludeFiles= option which
221332ee 1969 may be used to exclude certain files from the effect of CopyFiles=.
d7b3c52c
LP		 1970
1971 * systemd-repart's Verity support now implements the Minimize= setting
1972 to minimize the size of the resulting partition.
1973
1974 * systemd-repart gained a new --offline= switch, which may be used to
1975 control whether images shall be built "online" or "offline",
1976 i.e. whether to make use of kernel facilities such as loopback block
221332ee 1977 devices and device mapper or not.
d7b3c52c
LP		 1978
1979 * If systemd-repart is told to populate a newly created ESP or XBOOTLDR
221332ee
ZJS		 1980 partition with some files, it will now default to VFAT rather than
1981 ext4.
d7b3c52c
LP		 1982
1983 * systemd-repart gained a new --architecture= switch. If specified, the
1984 per-architecture GPT partition types (i.e. the root and /usr/
1985 partitions) configured in the partition drop-in files are
08423f6d
LP		 1986 automatically adjusted to match the specified CPU architecture, in
1987 order to simplify cross-architecture DDI building.
d7b3c52c 1988
739bbc58
LB		 1989 * systemd-repart will now default to a minimum size of 300MB for XFS
1990 filesystems if no size parameter is specified. This matches what the
1991 XFS tools (xfsprogs) can support.
1992
d7b3c52c
LP		 1993 systemd-boot, systemd-stub, ukify, bootctl, kernel-install:
1994
51bb4221
LB		 1995 * gnu-efi is no longer required to build systemd-boot and systemd-stub.
1996 Instead, pyelftools is now needed, and it will be used to perform the
1997 ELF -> PE relocations at build time.
1998
221332ee 1999 * bootctl gained a new switch --print-root-device/-R that prints the
d5163f9c
LP		 2000 block device the root file system is backed by. If specified twice,
2001 it returns the whole disk block device (as opposed to partition block
2002 device) the root file system is on. It's useful for invocations such
2003 as "cfdisk $(bootctl -RR)" to quickly show the partition table of the
2004 running OS.
d7b3c52c
LP		 2005
2006 * systemd-stub will now look for the SMBIOS Type 1 field
2007 "io.systemd.stub.kernel-cmdline-extra" and append its value to the
2008 kernel command line it invokes. This is useful for VMMs such as qemu
2009 to pass additional kernel command lines into the system even when
221332ee 2010 booting via full UEFI. The contents of the field are measured into
7eff3e2c 2011 TPM PCR 12.
d7b3c52c
LP		 2012
2013 * The KERNEL_INSTALL_LAYOUT= setting for kernel-install gained a new
221332ee
ZJS		 2014 value "auto". With this value, a kernel will be automatically
2015 analyzed, and if it qualifies as UKI, it will be installed as if the
2016 setting was to set to "uki", otherwise as "bls".
d7b3c52c
LP		 2017
2018 * systemd-stub can now optionally load UEFI PE "add-on" images that may
2019 contain additional kernel command line information. These "add-ons"
2020 superficially look like a regular UEFI executable, and are expected
2021 to be signed via SecureBoot/shim. However, they do not actually
2022 contain code, but instead a subset of the PE sections that UKIs
2023 support. They are supposed to provide a way to extend UKIs with
2024 additional resources in a secure and authenticated way. Currently,
2025 only the .cmdline PE section may be used in add-ons, in which case
2026 any specified string is appended to the command line embedded into
acf678de
LB		 2027 the UKI itself. A new 'addon<EFI-ARCH>.efi.stub' is now provided that
2028 can be used to trivially create addons, via 'ukify' or 'objcopy'. In
2029 the future we expect other sections to be made extensible like this as
2030 well.
d7b3c52c
LP		 2031
2032 * ukify has been updated to allow building these UEFI PE "add-on"
acf678de 2033 images, using the new 'addon<EFI-ARCH>.efi.stub'.
d7b3c52c 2034
eade959b 2035 * ukify now accepts SBAT information to place in the .sbat PE section
5bc9ea07 2036 of UKIs and addons. If a UKI is built the SBAT information from the
eade959b
LP		 2037 inner kernel is merged with any SBAT information associated with
2038 systemd-stub and the SBAT data specified on the ukify command line.
2039
d7b3c52c 2040 * The kernel-install script has been rewritten in C, and reuses much of
49bf8bd5
JB		 2041 the infrastructure of existing tools such as bootctl. It also gained
2042 --esp-path= and --boot-path= options to override the path to the ESP,
2043 and the $BOOT partition. Options --make-entry-directory= and
2044 --entry-token= have been added as well, similar to bootctl's options
2045 of the same name.
d7b3c52c
LP		 2046
2047 * A new kernel-install plugin 60-ukify has been added which will
5bc9ea07 2048 combine kernel/initrd locally into a UKI and optionally sign them
221332ee
ZJS		 2049 with a local key. This may be used to switch to UKI mode even on
2050 systems where a local kernel or initrd is used. (Typically UKIs are
2051 built and signed by the vendor.)
d7b3c52c 2052
221332ee 2053 * The ukify tool now supports "pesign" in addition to the pre-existing
d7b3c52c
LP		 2054 "sbsign" for signing UKIs.
2055
221332ee
ZJS		 2056 * systemd-measure and systemd-stub now look for the .uname PE section
2057 that should contain the kernel's "uname -r" string.
d7b3c52c 2058
221332ee
ZJS		 2059 * systemd-measure and ukify now calculate expected PCR hashes for a UKI
2060 "offline", i.e. without access to a TPM (physical or
2061 software-emulated).
d7b3c52c
LP		 2062
2063 Memory Pressure & Control:
2064
2065 * The sd-event API gained new calls sd_event_add_memory_pressure(),
2066 sd_event_source_set_memory_pressure_type(),
221332ee
ZJS		 2067 sd_event_source_set_memory_pressure_period() to create and configure
2068 an event source that is called whenever the OS signals memory
2069 pressure. Another call sd_event_trim_memory() is provided that
d7b3c52c 2070 compacts the process' memory use by releasing allocated but unused
198aff76
LB		 2071 malloc() memory back to the kernel. Services can also provide their
2072 own custom callback to do memory trimming. This should improve system
221332ee
ZJS		 2073 behaviour under memory pressure, as on Linux traditionally provided
2074 no mechanism to return process memory back to the kernel if the
2075 kernel was under memory pressure. This makes use of the kernel's PSI
2076 interface. Most long-running services in systemd have been hooked up
2077 with this, and in particular systems with low memory should benefit
2078 from this.
2079
2080 * Service units gained new settings MemoryPressureWatch= and
2081 MemoryPressureThresholdSec= to configure the PSI memory pressure
2082 logic individually. If these options are used, the
d7b3c52c 2083 $MEMORY_PRESSURE_WATCH and $MEMORY_PRESSURE_WRITE environment
49bf8bd5
JB		 2084 variables will be set for the invoked processes to inform them about
2085 the requested memory pressure behaviour. (This is used by the
2086 aforementioned sd-events API additions, if set.)
d7b3c52c
LP		 2087
2088 * systemd-analyze gained a new "malloc" verb that shows the output
2089 generated by glibc's malloc_info() on services that support it. Right
221332ee
ZJS		 2090 now, only the service manager has been updated accordingly. This
2091 call requires privileges.
d7b3c52c
LP		 2092
2093 User & Session Management:
2094
221332ee
ZJS		 2095 * The sd-login API gained a new call sd_session_get_username() to
2096 return the user name of the owner of a login session. It also gained
2097 a new call sd_session_get_start_time() to retrieve the time the login
2098 session started. A new call sd_session_get_leader() has been added to
2099 return the PID of the "leader" process of a session. A new call
2100 sd_uid_get_login_time() returns the time since the specified user has
2101 most recently been continuously logged in with at least one session.
d7b3c52c
LP		 2102
2103 * JSON user records gained a new set of fields capabilityAmbientSet and
2104 capabilityBoundingSet which contain a list of POSIX capabilities to
2105 set for the logged in users in the ambient and bounding sets,
2106 respectively. homectl gained the ability to configure these two sets
2107 for users via --capability-bounding-set=/--capability-ambient-set=.
2108
2109 * pam_systemd learnt two new module options
221332ee
ZJS		 2110 default-capability-bounding-set= and default-capability-ambient-set=,
2111 which configure the default bounding sets for users as they are
2112 logging in, if the JSON user record doesn't specify this explicitly
2113 (see above). The built-in default for the ambient set now contains
2114 the CAP_WAKE_ALARM, thus allowing regular users who may log in
2115 locally to resume from a system suspend via a timer.
d7b3c52c 2116
49bf8bd5 2117 * The Session D-Bus objects systemd-logind gained a new SetTTY() method
221332ee
ZJS		 2118 call to update the TTY of a session after it has been allocated. This
2119 is useful for SSH sessions which are typically allocated first, and
2120 for which a TTY is added later.
d7b3c52c
LP		 2121
2122 * The sd-login API gained a new call sd_pid_notifyf_with_fds() which
2123 combines the various other sd_pid_notify() flavours into one: takes a
2124 format string, an overriding PID, and a set of file descriptors to
221332ee
ZJS		 2125 send. It also gained a new call sd_pid_notify_barrier() call which is
2126 equivalent to sd_notify_barrier() but allows the originating PID to
2127 be specified.
d7b3c52c
LP		 2128
2129 * "loginctl list-users" and "loginctl list-sessions" will now show the
2130 state of each logged in user/session in their tabular output. It will
2131 also show the current idle state of sessions.
2132
2133 DDIs:
2134
2135 * systemd-dissect will now show the intended CPU architecture of an
2136 inspected DDI.
2137
2138 * systemd-dissect will now install itself as mount helper for the "ddi"
2139 pseudo-file system type. This means you may now mount DDIs directly
2140 via /bin/mount or /etc/fstab, making full use of embedded Verity
221332ee
ZJS		 2141 information and all other DDI features.
2142
2143 Example: mount -t ddi myimage.raw /some/where
d7b3c52c 2144
221332ee
ZJS		 2145 * The systemd-dissect tool gained the new switches --attach/--detach to
2146 attach/detach a DDI to a loopback block device without mounting it.
2147 It will automatically derive the right sector size from the image
2148 and set up Verity and similar, but not mount the file systems in it.
d7b3c52c 2149
221332ee
ZJS		 2150 * When systemd-gpt-auto-generator or the DDI mounting logic mount an
2151 ESP or XBOOTLDR partition the MS_NOSYMFOLLOW mount option is now
2152 implied. Given that these file systems are typically untrusted, this
2153 should make mounting them automatically have less of a security
2154 impact.
d7b3c52c
LP		 2155
2156 * All tools that parse DDIs (such as systemd-nspawn, systemd-dissect,
2157 systemd-tmpfiles, …) now understand a new switch --image-policy= which
2158 takes a string encoding image dissection policy. With this mechanism
2159 automatic discovery and use of specific partition types and the
2160 cryptographic requirements on the partitions (Verity, LUKS, …) can be
2161 restricted, permitting better control of the exposed attack surfaces
2162 when mounting disk images. systemd-gpt-auto-generator will honour such
2163 an image policy too, configurable via the systemd.image_policy= kernel
2164 command line option. Unit files gained the RootImagePolicy=,
2165 MountImagePolicy= and ExtensionImagePolicy= to configure the same for
2166 disk images a service runs off.
2167
221332ee
ZJS		 2168 * systemd-analyze gained a new verb "image-policy" to validate and
2169 parse image policy strings.
d7b3c52c 2170
221332ee
ZJS		 2171 * systemd-dissect gained support for a new --validate switch to
2172 superficially validate DDI structure, and check whether a specific
2173 image policy allows the DDI.
d7b3c52c 2174
305bea82
LB		 2175 * systemd-dissect gained support for a new --mtree-hash switch to
2176 optionally disable calculating mtree hashes, which can be slow on
2177 large images.
2178
2179 * systemd-dissect --copy-to, --copy-from, --list and --mtree switches
2180 are now able to operate on directories too, other than images.
2181
d7b3c52c
LP		 2182 Network Management:
2183
2184 * networkd's GENEVE support as gained a new .network option
2185 InheritInnerProtocol=.
2186
eade959b
LP		 2187 * The [Tunnel] section in .netdev files has gained a new setting
2188 IgnoreDontFragment for controlling the IPv4 "DF" flag of datagrams.
2189
2190 * A new global IPv6PrivacyExtensions= setting has been added that
2191 selects the default value of the per-network setting of the same
2192 name.
2193
64f2cf77
ZJS		 2194 * The predictable network interface naming logic was extended to
2195 include SR-IOV-R "representor" information in network interface
2196 names. Unfortunately, this feature was not enabled by default and can
2197 only be enabled at compilation time by setting
2198 -Ddefault-net-naming-scheme=v254.
eade959b
LP		 2199
2200 * The DHCPv4 + DHCPv6 + IPv6 RA logic in networkd gained support for
2201 the RFC8910 captive portal option.
2202
d7b3c52c
LP		 2203 Device Management:
2204
2205 * udevadm gained the new "verify" verb for validating udev rules files
2206 offline.
2207
d7b3c52c
LP		 2208 * udev gained a new tool "iocost" that can be used to configure QoS IO
2209 cost data based on hwdb information onto suitable block devices. Also
2210 see https://github.com/iocost-benchmark/iocost-benchmarks.
2211
2212 TPM2 Support + Disk Encryption & Authentication:
2213
2214 * systemd-cryptenroll/systemd-cryptsetup will now install a TPM2 SRK
b1ee7474 2215 ("Storage Root Key") as first step in the TPM2, and then use that
d7b3c52c
LP		 2216 for binding FDE to, if TPM2 support is used. This matches
2217 recommendations of TCG (see
2218 https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-v2.0-Provisioning-Guidance-Published-v1r1.pdf)
2219
2220 * systemd-cryptenroll and other tools that take TPM2 PCR parameters now
2221 understand textual identifiers for these PCRs.
2222
2223 * systemd-veritysetup + /etc/veritytab gained support for a series of
2224 new options: hash-offset=, superblock=, format=, data-block-size=,
2225 hash-block-size=, data-blocks=, salt=, uuid=, hash=, fec-device=,
2226 fec-offset=, fec-roots= to configure various aspects of a Verity
2227 volume.
2228
2229 * systemd-cryptsetup + /etc/crypttab gained support for a new
2230 veracrypt-pim= option for setting the Personal Iteration Multiplier
2231 of veracrypt volumes.
2232
2233 * systemd-integritysetup + /etc/integritytab gained support for a new
2234 mode= setting for controlling the dm-integrity mode (journal, bitmap,
2235 direct) for the volume.
2236
005bfe4e
LP		 2237 * systemd-analyze gained a new verb "pcrs" that shows the known TPM PCR
2238 registers, their symbolic names and current values.
2239
d7b3c52c
LP		 2240 systemd-tmpfiles:
2241
2242 * The ACL support in tmpfiles.d/ has been updated: if an uppercase "X"
2243 access right is specified this is equivalent to "x" but only if the
2244 inode in question already has the executable bit set for at least
2245 some user/group. Otherwise the "x" bit will be turned off.
2246
2247 * tmpfiles.d/'s C line type now understands a new modifier "+": a line
2248 with C+ will result in a "merge" copy, i.e. all files of the source
2249 tree are copied into the target tree, even if that tree already
2250 exists, resulting in a combined tree of files already present in the
2251 target tree and those copied in.
2252
2253 * systemd-tmpfiles gained a new --graceful switch. If specified lines
2254 with unknown users/groups will silently be skipped.
2255
2256 systemd-notify:
2257
2258 * systemd-notify gained two new options --fd= and --fdname= for sending
2259 arbitrary file descriptors to the service manager (while specifying an
2260 explicit name for it).
2261
2262 * systemd-notify gained a new --exec switch, which makes it execute the
2263 specified command line after sending the requested messages. This is
2264 useful for sending out READY=1 first, and then continuing invocation
2265 without changing process ID, so that the tool can be nicely used
ffe7ddb9 2266 within an ExecStart= line of a unit file that uses Type=notify.
d7b3c52c
LP		 2267
2268 sd-event + sd-bus APIs:
2269
2270 * The sd-event API gained a new call sd_event_source_leave_ratelimit()
2271 which may be used to explicitly end a rate-limit state an event
2272 source might be in, resetting all rate limiting counters.
2273
2274 * When the sd-bus library is used to make connections to AF_UNIX D-Bus
221332ee
ZJS		 2275 sockets, it will now encode the "description" set via
2276 sd_bus_set_description() into the source socket address. It will also
d7b3c52c
LP		 2277 look for this information when accepting a connection. This is useful
2278 to track individual D-Bus connections on a D-Bus broker for debug
2279 purposes.
2280
2281 systemd-resolved:
2282
2283 * systemd-resolved gained a new resolved.conf setting
2284 StateRetentionSec= which may be used to retain cached DNS records
2285 even after their nominal TTL, and use them in case upstream DNS
c23b07df 2286 servers cannot be reached. This can be used to make name resolution
221332ee 2287 more resilient in case of network problems.
d7b3c52c 2288
221332ee 2289 * resolvectl gained a new verb "show-cache" to show the current cache
627cdcc7 2290 contents of systemd-resolved. This verb communicates with the
221332ee 2291 systemd-resolved daemon and requires privileges.
d7b3c52c
LP		 2292
2293 Other:
2294
6e522aa3
LB		 2295 * Meson >= 0.60.0 is now required to build systemd.
2296
d7b3c52c 2297 * The default keymap to apply may now be chosen at build-time via the
221332ee 2298 new -Ddefault-keymap= meson option.
d7b3c52c
LP		 2299
2300 * Most of systemd's long-running services now have a generic handler of
2301 the SIGRTMIN+18 signal handler which executes various operations
2302 depending on the sigqueue() parameter sent along. For example, values
2303 0x100…0x107 allow changing the maximum log level of such
2304 services. 0x200…0x203 allow changing the log target of such
221332ee
ZJS		 2305 services. 0x300 make the services trim their memory similarly to the
2306 automatic PSI-triggered action, see above. 0x301 make the services
d7b3c52c
LP		 2307 output their malloc_info() data to the logs.
2308
2309 * machinectl gained new "edit" and "cat" verbs for editing .nspawn
221332ee
ZJS		 2310 files, inspired by systemctl's verbs of the same name which edit unit
2311 files. Similarly, networkctl gained the same verbs for editing
d7b3c52c
LP		 2312 .network, .netdev, .link files.
2313
2314 * A new syscall filter group "@sandbox" has been added that contains
2315 syscalls for sandboxing system calls such as those for seccomp and
2316 Landlock.
2317
2318 * New documentation has been added:
2319
2320 https://systemd.io/COREDUMP
2321 https://systemd.io/MEMORY_PRESSURE
eade959b 2322 smbios-type-11(7)
d7b3c52c 2323
221332ee
ZJS		 2324 * systemd-firstboot gained a new --reset option. If specified, the
2325 settings in /etc/ it knows how to initialize are reset.
d7b3c52c 2326
221332ee
ZJS		 2327 * systemd-sysext is now a multi-call binary and is also installed under
2328 the systemd-confext alias name (via a symlink). When invoked that way
2329 it will operate on /etc/ instead of /usr/ + /opt/. It thus becomes a
d7b3c52c
LP		 2330 powerful, atomic, secure configuration management of sorts, that
2331 locally can merge configuration from multiple confext configuration
2332 images into a single immutable tree.
2333
2334 * The --network-macvlan=, --network-ipvlan=, --network-interface=
2335 switches of systemd-nspawn may now optionally take the intended
2336 network interface inside the container.
2337
2338 * All our programs will now send an sd_notify() message with their exit
2339 status in the EXIT_STATUS= field when exiting, using the usual
2340 protocol, including PID 1. This is useful for VMMs and container
2341 managers to collect an exit status from a system as it shuts down, as
2342 set via "systemctl exit …". This is particularly useful in test cases
2343 and similar, as invocations via a VM can now nicely propagate an exit
2344 status to the host, similar to local processes.
2345
2346 * systemd-run gained a new switch --expand-environment=no to disable
49bf8bd5 2347 server-side environment variable expansion in specified command
d0555379
LB		 2348 lines. Expansion defaults to enabled for all execution types except
2349 --scope, where it defaults to off (and prints a warning) for backward
b77ff21a
ZJS		 2350 compatibility reasons. --scope will be flipped to enabled by default
2351 too in a future release. If you are using --scope and passing a '$'
d0555379
LB		 2352 character in the payload you should start explicitly using
2353 --expand-environment=yes/no according to the use case.
d7b3c52c 2354
221332ee 2355 * The systemd-system-update-generator has been updated to also look for
d7b3c52c
LP		 2356 the special flag file /etc/system-update in addition to the existing
2357 support for /system-update to decide whether to enter system update
2358 mode.
2359
08423f6d 2360 * The /dev/hugepages/ file system is now mounted with nosuid + nodev
d7b3c52c
LP		 2361 mount options by default.
2362
2363 * systemd-fstab-generator now understands two new kernel command line
221332ee 2364 options systemd.mount-extra= and systemd.swap-extra=, which configure
aca7c096
LB		 2365 additional mounts or swaps in a format similar to /etc/fstab. 'fsck'
2366 will be ran on these block devices, like it already happens for
2367 'root='. It also now supports the new fstab.extra and
2368 fstab.extra.initrd credentials that may contain additional /etc/fstab
2369 lines to apply at boot.
eade959b
LP		 2370
2371 * systemd-getty-generator now understands two new credentials
2372 getty.ttys.container and getty.ttys.serial. These credentials may
2373 contain a list of TTY devices – one per line – to instantiate
2374 container-getty@.service and serial-getty@.service on.
d7b3c52c 2375
3e6b25eb
LB		 2376 * The getty/serial-getty/container-getty units now import the 'agetty.*'
2377 and 'login.*' credentials, which are consumed by the 'login' and
2378 'agetty' programs starting from util-linux v2.40.
2379
49bf8bd5 2380 * systemd-sysupdate's sysupdate.d/ drop-ins gained a new setting
d7b3c52c
LP		 2381 PathRelativeTo=, which can be set to "esp", "xbootldr", "boot", in
2382 which case the Path= setting is taken relative to the ESP or XBOOTLDR
2383 partitions, rather than the system's root directory /. The relevant
2384 directories are automatically discovered.
2385
2386 * The systemd-ac-power tool gained a new switch --low, which reports
2387 whether the battery charge is considered "low", similar to how the
2388 s2h suspend logic checks this state to decide whether to enter system
2389 suspend or hibernation.
2390
221332ee
ZJS		 2391 * The /etc/os-release file can now have two new optional fields
2392 VENDOR_NAME= and VENDOR_URL= to carry information about the vendor of
2393 the OS.
d7b3c52c 2394
221332ee
ZJS		 2395 * When the system hibernates, information about the device and offset
2396 used is now written to a non-volatile EFI variable. On next boot the
2397 system will attempt to resume from the location indicated in this EFI
2398 variable. This should make hibernation a lot more robust, while
d7b3c52c 2399 requiring no manual configuration of the resume location.
b0f02185 2400
08423f6d
LP		 2401 * The $XDG_STATE_HOME environment variable (added in more recent
2402 versions of the XDG basedir specification) is now honoured to
2403 implement the StateDirectory= setting in user services.
2404
2405 * A new component "systemd-battery-check" has been added. It may run
2406 during early boot (usually in the initrd), and checks the battery
2407 charge level of the system. In case the charge level is very low the
2408 user is notified (graphically via Plymouth – if available – as well
2409 as in text form on the console), and the system is turned off after a
7cfef4bb 2410 10s delay. The feature can be disabled by passing
78266a54 2411 systemd.battery_check=0 through the kernel command line.
08423f6d 2412
305bea82 2413 * The 'passwdqc' library is now supported as an alternative to the
ffe7ddb9 2414 'pwquality' library and can be selected at build time.
305bea82 2415
eade959b
LP		 2416 Contributions from: 김인수, 07416, Addison Snelling, Adrian Vovk,
2417 Aidan Dang, Alexander Krabler, Alfred Klomp, Anatoli Babenia,
6f19cce9
LB		 2418 Andrei Stepanov, Andrew Baxter, Antonio Alvarez Feijoo,
2419 Arian van Putten, Arthur Shau, A S Alam,
2420 Asier Sarasua Garmendia, Balló György, Bastien Nocera,
eade959b
LP		 2421 Benjamin Herrenschmidt, Benjamin Raison, Bill Peterson,
2422 Brad Fitzpatrick, Brett Holman, bri, Chen Qi, Chitoku,
205c1da0
LB		 2423 Christian Hesse, Christoph Anton Mitterer, Christopher Gurnee,
2424 Colin Walters, Cornelius Hoffmann, Cristian Rodríguez, cunshunxia,
2425 cvlc12, Cyril Roelandt, Daan De Meyer, Daniele Medri,
0b5e5e4c 2426 Daniel P. Berrangé, Daniel Rusek, Dan Streetman, David Edmundson,
6f19cce9 2427 David Schroeder, David Tardon, dependabot[bot],
eade959b
LP		 2428 Dimitri John Ledkov, Dmitrii Fomchenkov, Dmitry V. Levin, dmkUK,
2429 Dominique Martinet, don bright, drosdeck, Edson Juliano Drosdeck,
6f19cce9 2430 Egor Ignatov, EinBaum, Emanuele Giuseppe Esposito, Eric Curtin,
063e0279
LB		 2431 Erik Sjölund, Evgeny Vereshchagin, Florian Klink, Franck Bui,
2432 François Rigault, Fran Diéguez, Franklin Yu, Frantisek Sumsal,
2433 Fuminobu TAKEYAMA, Gaël PORTAY, Gerd Hoffmann, Gertalitec,
2434 Gibeom Gwon, Gustavo Noronha Silva, Hannu Lounento,
2435 Hans de Goede, Haochen Tong, HATAYAMA Daisuke, Henrik Holst,
2436 Hoe Hao Cheng, Igor Tsiglyar, Ivan Vecera, James Hilliard,
2437 Jan Engelhardt, Jan Janssen, Jan Luebbe, Jan Macku, Janne Sirén,
2438 jcg, Jeidnx, Joan Bruguera, Joerg Behrmann, jonathanmetzman,
2439 Jordan Rome, Josef Miegl, Joshua Goins, Joyce, Joyce Brum,
2440 Juno Computers, Kai Lueke, Kevin P. Fleming, Kiran Vemula, Klaus,
2441 Klaus Zipfel, Lawrence Thorpe, Lennart Poettering, licunlong,
2442 Lily Foster, Luca Boccassi, Ludwig Nussel, Luna Jernberg,
2443 maanyagoenka, Maanya Goenka, Maksim Kliazovich, Malte Poll,
2444 Marko Korhonen, Masatake YAMATO, Mateusz Poliwczak, Matt Johnston,
2445 Miao Wang, Micah Abbott, Michael A Cassaniti, Michal Koutný,
0b5e5e4c
LB		 2446 Michal Sekletár, Mike Yuan, mooo, Morten Linderud, msizanoen,
2447 Nick Rosbrook, nikstur, Olivier Gayot, Omojola Joshua,
2448 Paolo Velati, Paul Barker, Pavel Borecki, Petr Menšík,
6f19cce9 2449 Philipp Kern, Philip Withnall, Piotr Drąg, Quintin Hill,
eade959b 2450 Rene Hollander, Richard Phibel, Robert Meijers, Robert Scheck,
205c1da0
LB		 2451 Roger Gammans, Romain Geissler, Ronan Pigott, Russell Harmon,
2452 saikat0511, Samanta Navarro, Sam James, Sam Morris,
2453 Simon Braunschmidt, Sjoerd Simons, Sorah Fukumori,
2454 Stanislaw Gruszka, Stefan Roesch, Steven Luo, Steve Ramage,
2455 Susant Sahani, taniishkaaa, Tanishka, Temuri Doghonadze,
2456 Thierry Martin, Thomas Blume, Thomas Genty, Thomas Weißschuh,
2457 Thorsten Kukuk, Times-Z, Tobias Powalowski, tofylion,
2458 Topi Miettinen, Uwe Kleine-König, Velislav Ivanov,
2459 Vitaly Kuznetsov, Vít Zikmund, Weblate, Will Fancher,
2460 William Roberts, Winterhuman, Wolfgang Müller, Xeonacid,
2461 Xiaotian Wu, Xi Ruoyao, Yuri Chornoivan, Yu Watanabe, Yuxiang Zhu,
6f19cce9
LB		 2462 Zbigniew Jędrzejewski-Szmek, zhmylove, ZjYwMj,
2463 Дамјан Георгиевски, наб
eade959b 2464
994c7978 2465 — Edinburgh, 2023-07-28
eade959b 2466
477fdc5a 2467CHANGES WITH 253:
1d679b20 2468
70879f6c
LB		 2469 Announcements of Future Feature Removals and Incompatible Changes:
2470
2471 * We intend to remove cgroup v1 support from systemd release after the
2472 end of 2023. If you run services that make explicit use of cgroup v1
2473 features (i.e. the "legacy hierarchy" with separate hierarchies for
2474 each controller), please implement compatibility with cgroup v2 (i.e.
2475 the "unified hierarchy") sooner rather than later. Most of Linux
2476 userspace has been ported over already.
2477
2478 * We intend to remove support for split-usr (/usr mounted separately
2479 during boot) and unmerged-usr (parallel directories /bin and
2480 /usr/bin, /lib and /usr/lib, etc). This will happen in the second
2481 half of 2023, in the first release that falls into that time window.
2482 For more details, see:
2483 https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html
2484
318c2578
LB		 2485 * We intend to change behaviour w.r.t. units of the per-user service
2486 manager and sandboxing options, so that they work without having to
2487 manually enable PrivateUsers= as well, which is not required for
2488 system units. To make this work, we will implicitly enable user
2489 namespaces (PrivateUsers=yes) when a sandboxing option is enabled in a
2490 user unit. The drawback is that system users will no longer be visible
2491 (and appear as 'nobody') to the user unit when a sandboxing option is
2492 enabled. By definition a sandboxed user unit should run with reduced
2493 privileges, so impact should be small. This will remove a great source
2494 of confusion that has been reported by users over the years, due to
2495 how these options require an extra setting to be manually enabled when
2496 used in the per-user service manager, as opposed as to the system
2497 service manager. We plan to enable this change in the next release
2498 later this year. For more details, see:
2499 https://lists.freedesktop.org/archives/systemd-devel/2022-December/048682.html
2500
1ee3720e 2501 Deprecations and incompatible changes:
3b288a2d 2502
1ee3720e
LP		 2503 * systemctl will now warn when invoked without /proc/ mounted
2504 (e.g. when invoked after chroot() into an directory tree without the
2505 API mount points like /proc/ being set up.) Operation in such an
2506 environment is not fully supported.
3b288a2d 2507
621f7615
ZJS		 2508 * The return value of 'systemctl is-active|is-enabled|is-failed' for
2509 unknown units is changed: previously 1 or 3 were returned, but now 4
2510 (EXIT_PROGRAM_OR_SERVICES_STATUS_UNKNOWN) is used as documented.
2511
3b288a2d
ZJS		 2512 * 'udevadm hwdb' subcommand is deprecated and will emit a warning.
2513 systemd-hwdb (added in 2014) should be used instead.
2514
1ee3720e 2515 * 'bootctl --json' now outputs a single JSON array, instead of a stream
3b288a2d
ZJS		 2516 of newline-separated JSON objects.
2517
1ee3720e
LP		 2518 * Udev rules in 60-evdev.rules have been changed to load hwdb
2519 properties for all modalias patterns. Previously only the first
2520 matching pattern was used. This could change what properties are
2521 assigned if the user has more and less specific patterns that could
2522 match the same device, but it is expected that the change will have
2523 no effect for most users.
3b288a2d 2524
621f7615
ZJS		 2525 * systemd-networkd-wait-online exits successfully when all interfaces
2526 are ready or unmanaged. Previously, if neither '--any' nor
2527 '--interface=' options were used, at least one interface had to be in
ecf4be29
ZJS		 2528 configured state. This change allows the case where systemd-networkd
2529 is enabled, but no interfaces are configured, to be handled
621f7615
ZJS		 2530 gracefully. It may occur in particular when a different network
2531 manager is also enabled and used.
2532
2533 * Some compatibility helpers were dropped: EmergencyAction= in the user
7eff3e2c 2534 manager, as well as measuring kernel command line into PCR 8 in
1ee3720e
LP		 2535 systemd-stub, along with the -Defi-tpm-pcr-compat compile-time
2536 option.
621f7615 2537
1ee3720e
LP		 2538 * The '-Dupdate-helper-user-timeout=' build-time option has been
2539 renamed to '-Dupdate-helper-user-timeout-sec=', and now takes an
2540 integer as parameter instead of a string.
b67ea78f 2541
f9fdbd54
LP		 2542 * The DDI image dissection logic (which backs RootImage= in service
2543 unit files, the --image= switch in various tools such as
2544 systemd-nspawn, as well as systemd-dissect) will now only mount file
2545 systems of types btrfs, ext4, xfs, erofs, squashfs, vfat. This list
bbcce4f8 2546 can be overridden via the $SYSTEMD_DISSECT_FILE_SYSTEMS environment
f9fdbd54
LP		 2547 variable. These file systems are fairly well supported and maintained
2548 in current kernels, while others are usually more niche, exotic or
2549 legacy and thus typically do not receive the same level of security
2550 support and fixes.
2551
729045ff
YW		 2552 * The default per-link multicast DNS mode is changed to "yes"
2553 (that was previously "no"). As the default global multicast DNS mode
2554 has been "yes" (but can be changed by the build option), now the
2555 multicast DNS is enabled on all links by default. You can disable the
2556 multicast DNS on all links by setting MulticastDNS= in resolved.conf,
2557 or on an interface by calling "resolvectl mdns INTERFACE no".
2558
3b288a2d
ZJS		 2559 New components:
2560
621f7615
ZJS		 2561 * A tool 'ukify' tool to build, measure, and sign Unified Kernel Images
2562 (UKIs) has been added. This replaces functionality provided by
1ee3720e
LP		 2563 'dracut --uefi' and extends it with automatic calculation of PE file
2564 offsets, insertion of signed PCR policies generated by
2565 systemd-measure, support for initrd concatenation, signing of the
2566 embedded Linux image and the combined image with sbsign, and
2567 heuristics to autodetect the kernel uname and verify the splash
2568 image.
621f7615
ZJS		 2569
2570 Changes in systemd and units:
3b288a2d 2571
1ee3720e 2572 * A new service type Type=notify-reload is defined. When such a unit is
f9fdbd54
LP		 2573 reloaded a UNIX process signal (typically SIGHUP) is sent to the main
2574 service process. The manager will then wait until it receives a
2575 "RELOADING=1" followed by a "READY=1" notification from the unit as
2576 response (via sd_notify()). Otherwise, this type is the same as
2577 Type=notify. A new setting ReloadSignal= may be used to change the
2578 signal to send from the default of SIGHUP.
621f7615
ZJS		 2579
2580 user@.service, systemd-networkd.service, systemd-udevd.service, and
1ee3720e
LP		 2581 systemd-logind have been updated to this type.
2582
2583 * Initrd environments which are not on a pure memory file system (e.g.
2584 overlayfs combination as opposed to tmpfs) are now supported. With
2585 this change, during the initrd → host transition ("switch root")
ecf4be29 2586 systemd will erase all files of the initrd only when the initrd is
1ee3720e
LP		 2587 backed by a memory file system such as tmpfs.
2588
2589 * New per-unit MemoryZSwapMax= option has been added to configure
2590 memory.zswap.max cgroup properties (the maximum amount of zswap
2591 used).
2592
2593 * A new LogFilterPatterns= option has been added for units. It may be
2594 used to specify accept/deny regular expressions for log messages
2595 generated by the unit, that shall be enforced by systemd-journald.
621f7615 2596 Rejected messages are neither stored in the journal nor forwarded.
1ee3720e 2597 This option may be used to suppress noisy or uninteresting messages
621f7615
ZJS		 2598 from units.
2599
2600 * The manager has a new
1ee3720e
LP		 2601 org.freedesktop.systemd1.Manager.GetUnitByPIDFD() D-Bus method to
2602 query process ownership via a PIDFD, which is more resilient against
2603 PID recycling issues.
621f7615 2604
3b288a2d 2605 * Scope units now support OOMPolicy=. Login session scopes default to
621f7615 2606 OOMPolicy=continue, allowing login scopes to survive the OOM killer
3b288a2d
ZJS		 2607 terminating some processes in the scope.
2608
2609 * systemd-fstab-generator now supports x-systemd.makefs option for
1ee3720e 2610 /sysroot/ (in the initrd).
3b288a2d 2611
621f7615
ZJS		 2612 * The maximum rate at which daemon reloads are executed can now be
2613 limited with the new ReloadLimitIntervalSec=/ReloadLimitBurst=
2614 options. (Or the equivalent on the kernel command line:
ecf4be29 2615 systemd.reload_limit_interval_sec=/systemd.reload_limit_burst=). In
1ee3720e
LP		 2616 addition, systemd now logs the originating unit and PID when a reload
2617 request is received over D-Bus.
2618
2619 * When enabling a swap device systemd will now reinitialize the device
2620 when the page size of the swap space does not match the page size of
f5ebd2ef
LB		 2621 the running kernel. Note that this requires the 'swapon' utility to
2622 provide the '--fixpgsz' option, as implemented by util-linux, and it
2623 is not supported by busybox at the time of writing.
1ee3720e
LP		 2624
2625 * systemd now executes generator programs in a mount namespace
2626 "sandbox" with most of the file system read-only and write access
2627 restricted to the output directories, and with a temporary /tmp/
2628 mount provided. This provides a safeguard against programming errors
2629 in the generators, but also fixes here-docs in shells, which
2630 previously didn't work in early boot when /tmp/ wasn't available
2631 yet. (This feature has no security implications, because the code is
2632 still privileged and can trivially exit the sandbox.)
2633
30fd9a2d 2634 * The system manager will now parse a new "vmm.notify_socket"
1ee3720e 2635 system credential, which may be supplied to a VM via SMBIOS. If
ecf4be29
ZJS		 2636 found, the manager will send a "READY=1" notification on the
2637 specified socket after boot is complete. This allows readiness
2638 notification to be sent from a VM guest to the VM host over a VSOCK
2639 socket.
621f7615
ZJS		 2640
2641 * The sample PAM configuration file for systemd-user@.service now
2642 includes a call to pam_namespace. This puts children of user@.service
2643 in the expected namespace. (Many distributions replace their file
2644 with something custom, so this change has limited effect.)
2645
1ee3720e 2646 * A new environment variable $SYSTEMD_DEFAULT_MOUNT_RATE_LIMIT_BURST
30fd9a2d 2647 can be used to override the mount units burst late limit for
ecf4be29
ZJS		 2648 parsing '/proc/self/mountinfo', which was introduced in v249.
2649 Defaults to 5.
be551917 2650
1ee3720e 2651 * Drop-ins for init.scope changing control group resource limits are
be551917
LB		 2652 now applied, while they were previously ignored.
2653
b67ea78f
LB		 2654 * New build-time configuration options '-Ddefault-timeout-sec=' and
2655 '-Ddefault-user-timeout-sec=' have been added, to let distributions
2656 choose the default timeout for starting/stopping/aborting system and
2657 user units respectively.
2658
f9fdbd54
LP		 2659 * Service units gained a new setting OpenFile= which may be used to
2660 open arbitrary files in the file system (or connect to arbitrary
2661 AF_UNIX sockets in the file system), and pass the open file
2662 descriptor to the invoked process via the usual file descriptor
2663 passing protocol. This is useful to give unprivileged services access
2664 to select files which have restrictive access modes that would
2665 normally not allow this. It's also useful in case RootDirectory= or
2666 RootImage= is used to allow access to files from the host environment
2667 (which is after all not visible from the service if these two options
2668 are used.)
2669
3b288a2d
ZJS		 2670 Changes in udev:
2671
2672 * The new net naming scheme "v253" has been introduced. In the new
2673 scheme, ID_NET_NAME_PATH is also set for USB devices not connected via
621f7615 2674 a PCI bus. This extends the coverage of predictable interface names
3b288a2d
ZJS		 2675 in some embedded systems.
2676
2677 The "amba" bus path is now included in ID_NET_NAME_PATH, resulting in
2678 a more informative path on some embedded systems.
2679
1ee3720e 2680 * Partition block devices will now also get symlinks in
621f7615
ZJS		 2681 /dev/disk/by-diskseq/<seq>-part<n>, which may be used to reference
2682 block device nodes via the kernel's "diskseq" value. Previously those
2683 symlinks were only created for the main block device.
2684
2685 * A new operator '-=' is supported for SYMLINK variables. This allows
2686 symlinks to be unconfigured even if an earlier rule added them.
1d679b20 2687
621f7615
ZJS		 2688 * 'udevadm --trigger --settle' now also works for network devices
2689 that are being renamed.
1d679b20 2690
621f7615 2691 Changes in sd-boot, bootctl, and the Boot Loader Specification:
1d679b20 2692
621f7615
ZJS		 2693 * systemd-boot now passes its random seed directly to the kernel's RNG
2694 via the LINUX_EFI_RANDOM_SEED_TABLE_GUID configuration table, which
2695 means the RNG gets seeded very early in boot before userspace has
2696 started.
1d679b20 2697
1ee3720e
LP		 2698 * systemd-boot will pass a disk-backed random seed – even when secure
2699 boot is enabled – if it can additionally get a random seed from EFI
2700 itself (via EFI's RNG protocol), or a prior seed in
2701 LINUX_EFI_RANDOM_SEED_TABLE_GUID from a preceding bootloader.
1d679b20 2702
621f7615 2703 * systemd-boot-system-token.service was renamed to
1ee3720e
LP		 2704 systemd-boot-random-seed.service and extended to always save a random
2705 seed to ESP on every boot when a compatible boot loader is used. This
2706 allows a refreshed random seed to be used in the boot loader.
da403fd3 2707
621f7615
ZJS		 2708 * systemd-boot handles various seed inputs using a domain- and
2709 field-separated hashing scheme.
da403fd3 2710
621f7615
ZJS		 2711 * systemd-boot's 'random-seed-mode' option has been removed. A system
2712 token is now always required to be present for random seeds to be
2713 used.
da403fd3 2714
1ee3720e
LP		 2715 * systemd-boot now supports being loaded from other locations than the
2716 ESP, for example for direct kernel boot under QEMU or when embedded
2717 into the firmware.
3b288a2d 2718
1ee3720e
LP		 2719 * systemd-boot now parses SMBIOS information to detect
2720 virtualization. This information is used to skip some warnings which
2721 are not useful in a VM and to conditionalize other aspects of
2722 behaviour.
621f7615 2723
b67ea78f
LB		 2724 * systemd-boot now supports a new 'if-safe' mode that will perform UEFI
2725 Secure Boot automated certificate enrollment from the ESP only if it
1ee3720e
LP		 2726 is considered 'safe' to do so. At the moment 'safe' means running in
2727 a virtual machine.
b67ea78f 2728
621f7615 2729 * systemd-stub now processes random seeds in the same way as
1ee3720e
LP		 2730 systemd-boot already does, in case a unified kernel image is being
2731 used from a different bootloader than systemd-boot, or without any
2732 boot load at all.
621f7615
ZJS		 2733
2734 * bootctl will now generate a system token on all EFI systems, even
2735 virtualized ones, and is activated in the case that the system token
2736 is missing from either sd-boot and sd-stub booted systems.
2737
2738 * bootctl now implements two new verbs: 'kernel-identify' prints the
1ee3720e
LP		 2739 type of a kernel image file, and 'kernel-inspect' provides
2740 information about the embedded command line and kernel version of
2741 UKIs.
621f7615
ZJS		 2742
2743 * bootctl now honours $KERNEL_INSTALL_CONF_ROOT with the same meaning
2744 as for kernel-install.
2745
f9fdbd54
LP		 2746 * The JSON output of "bootctl list" will now contain two more fields:
2747 isDefault and isSelected are boolean fields set to true on the
2748 default and currently booted boot menu entries.
2749
2750 * bootctl gained a new verb "unlink" for removing a boot loader entry
2751 type #1 file from disk in a safe and robust way.
2752
2753 * bootctl also gained a new verb "cleanup" that automatically removes
2754 all files from the ESP's and XBOOTLDR's "entry-token" directory, that
2755 is not referenced anymore by any installed Type #1 boot loader
bbcce4f8 2756 specification entry. This is particularly useful in environments where
f9fdbd54
LP		 2757 a large number of entries reference the same or partly the same
2758 resources (for example, for snapshot-based setups).
2759
3b288a2d
ZJS		 2760 Changes in kernel-install:
2761
1ee3720e
LP		 2762 * A new "installation layout" can be configured as layout=uki. With
2763 this setting, a Boot Loader Specification Type#1 entry will not be
33db1b90 2764 created. Instead, a new kernel-install plugin 90-uki-copy.install
1ee3720e
LP		 2765 will copy any .efi files from the staging area into the boot
2766 partition. A plugin to generate the UKI .efi file must be provided
2767 separately.
3b288a2d 2768
31853609
MY		 2769 Changes in systemctl:
2770
3b288a2d
ZJS		 2771 * 'systemctl reboot' has dropped support for accepting a positional
2772 argument as the argument to the reboot(2) syscall. Please use the
1ee3720e 2773 --reboot-argument= option instead.
3b288a2d 2774
1ee3720e
LP		 2775 * 'systemctl disable' will now warn when called on units without
2776 install information. A new --no-warn option has been added that
2777 silences this warning.
3b288a2d 2778
621f7615 2779 * New option '--drop-in=' can be used to tell 'systemctl edit' the name
1ee3720e
LP		 2780 of the drop-in to edit. (Previously, 'override.conf' was always
2781 used.)
621f7615
ZJS		 2782
2783 * 'systemctl list-dependencies' now respects --type= and --state=.
2784
1ee3720e 2785 * 'systemctl kexec' now supports XEN VMM environments.
3b288a2d 2786
f9fdbd54
LP		 2787 * 'systemctl edit' will now tell the invoked editor to jump into the
2788 first line with actual unit file data, skipping over synthesized
2789 comments.
2790
3b288a2d
ZJS		 2791 Changes in systemd-networkd and related tools:
2792
c9720268 2793 * The [DHCPv4] section in .network file gained new SocketPriority=
1ee3720e
LP		 2794 setting that assigns the Linux socket priority used by the DHCPv4 raw
2795 socket. This may be used in conjunction with the
2796 EgressQOSMaps=setting in [VLAN] section of .netdev file to send the
2797 desired ethernet 802.1Q frame priority for DHCPv4 initial
2798 packets. This cannot be achieved with netfilter mangle tables because
2799 of the raw socket bypass.
2800
2801 * The [DHCPv4] and [IPv6AcceptRA] sections in .network file gained a
2802 new QuickAck= boolean setting that enables the TCP quick ACK mode for
2803 the routes configured by the acquired DHCPv4 lease or received router
1d00da37
YW		 2804 advertisements (RAs).
2805
3b288a2d
ZJS		 2806 * The RouteMetric= option (for DHCPv4, DHCPv6, and IPv6 advertised
2807 routes) now accepts three values, for high, medium, and low preference
2808 of the router (which can be set with the RouterPreference=) setting.
2809
1ee3720e
LP		 2810 * systemd-networkd-wait-online now supports matching via alternative
2811 interface names.
3b288a2d 2812
b895aa5f 2813 * The [DHCPv6] section in .network file gained new SendRelease=
2814 setting which enables the DHCPv6 client to send release when
2815 it stops. This is the analog of the [DHCPv4] SendRelease= setting.
2816 It is enabled by default.
2817
58058629
YW		 2818 * If the Address= setting in [Network] or [Address] sections in .network
2819 specified without its prefix length, then now systemd-networkd assumes
2820 /32 for IPv4 or /128 for IPv6 addresses.
2821
621f7615
ZJS		 2822 * networkctl shows network and link file dropins in status output.
2823
3b288a2d
ZJS		 2824 Changes in systemd-dissect:
2825
75438b2a 2826 * systemd-dissect gained a new option --list, to print the paths of
1ee3720e 2827 all files and directories in a DDI.
3b288a2d 2828
1ee3720e
LP		 2829 * systemd-dissect gained a new option --mtree, to generate a file
2830 manifest compatible with BSD mtree(5) of a DDI
3b288a2d 2831
1ee3720e
LP		 2832 * systemd-dissect gained a new option --with, to execute a command with
2833 the specified DDI temporarily mounted and used as working
2834 directory. This is for example useful to convert a DDI to "tar"
2835 simply by running it within a "systemd-dissect --with" invocation.
3b288a2d
ZJS		 2836
2837 * systemd-dissect gained a new option --discover, to search for
1ee3720e
LP		 2838 Discoverable Disk Images (DDIs) in well-known directories of the
2839 system. This will list machine, portable service and system extension
2840 disk images.
3b288a2d
ZJS		 2841
2842 * systemd-dissect now understands 2nd stage initrd images stored as a
2843 Discoverable Disk Image (DDI).
2844
f9fdbd54
LP		 2845 * systemd-dissect will now display the main UUID of GPT DDIs (i.e. the
2846 disk UUID stored in the GPT header) among the other data it can show.
2847
2848 * systemd-dissect gained a new --in-memory switch to operate on an
2849 in-memory copy of the specified DDI file. This is useful to access a
2850 DDI with write access without persisting any changes. It's also
2851 useful for accessing a DDI without keeping the originating file
2852 system busy.
2853
2854 * The DDI dissection logic will now automatically detect the intended
2855 sector size of disk images stored in files, based on the GPT
2856 partition table arrangement. Loopback block devices for such DDIs
2857 will then be configured automatically for the right sector size. This
2858 is useful to make dealing with modern 4K sector size DDIs fully
2859 automatic. The systemd-dissect tool will now show the detected sector
2860 size among the other DDI information in its output.
2861
3b288a2d
ZJS		 2862 Changes in systemd-repart:
2863
621f7615
ZJS		 2864 * systemd-repart gained new options --include-partitions= and
2865 --exclude-partitions= to filter operation on partitions by type UUID.
3b288a2d
ZJS		 2866 This allows systemd-repart to be used to build images in which the
2867 type of one partition is set based on the contents of another
2868 partition (for example when the boot partition shall include a verity
2869 hash of the root partition).
2870
621f7615
ZJS		 2871 * systemd-repart also gained a --defer-partitions= option that is
2872 similar to --exclude-partitions=, but the size of the partition is
1ee3720e
LP		 2873 still taken into account when sizing partitions, but without
2874 populating it.
621f7615
ZJS		 2875
2876 * systemd-repart gained a new --sector-size= option to specify what
2877 sector size should be used when an image is created.
2878
1ee3720e
LP		 2879 * systemd-repart now supports generating erofs file systems via
2880 CopyFiles= (a read-only file system similar to squashfs).
3b288a2d 2881
621f7615
ZJS		 2882 * The Minimize= option was extended to accept "best" (which means the
2883 most minimal image possible, but may require multiple attempts) and
2884 "guess" (which means a reasonably small image).
2885
f9fdbd54
LP		 2886 * The systemd-growfs binary now comes with a regular unit file template
2887 systemd-growfs@.service which can be instantiated directly for any
2888 desired file system. (Previously, the unit was generated dynamically
2889 by various generators, but no regular unit file template was
2890 available.)
2891
621f7615
ZJS		 2892 Changes in journal tools:
2893
2894 * Various systemd tools will append extra fields to log messages when
2895 in debug mode, or when SYSTEMD_ENABLE_LOG_CONTEXT=1 is set. Currently
2896 this includes information about D-Bus messages when sd-bus is used,
2897 e.g. DBUS_SENDER=, DBUS_DESTINATION=, and DBUS_PATH=, and information
2898 about devices when sd-device is used, e.g. DEVNAME= and DRIVER=.
2899 Details of what is logged and when are subject to change.
2900
1ee3720e
LP		 2901 * The systemd-journald-audit.socket can now be disabled via the usual
2902 "systemctl disable" mechanism to stop collection of audit
2903 messages. Please note that it is not enabled statically anymore and
2904 must be handled by the preset/enablement logic in package
2905 installation scripts.
621f7615
ZJS		 2906
2907 * New options MaxUse=, KeepFree=, MaxFileSize=, and MaxFiles= can
2908 be used to curtail disk use by systemd-journal-remote. This is
2909 similar to the options supported by systemd-journald.
2910
2911 Changes in systemd-cryptenroll, systemd-cryptsetup, and related
1ee3720e 2912 components:
621f7615 2913
1ee3720e
LP		 2914 * When enrolling new keys systemd-cryptenroll now supports unlocking
2915 via FIDO2 tokens (option --unlock-fido2-device=). Previously, a
2916 password was strictly required to be specified.
621f7615 2917
ad901df9
PC		 2918 * systemd-cryptsetup now supports pre-flight requests for FIDO2 tokens
2919 (except for tokens with user verification, UV) to identify tokens
2920 before authentication. Multiple FIDO2 tokens can now be enrolled at
2921 the same time, and systemd-cryptsetup will automatically select one
2922 that corresponds to one of the available LUKS key slots.
2923
1ee3720e
LP		 2924 * systemd-cryptsetup now supports new options tpm2-measure-bank= and
2925 tpm2-measure-pcr= in crypttab(5). These allow specifying the TPM2 PCR
f9fdbd54
LP		 2926 bank and number into which the volume key should be measured. This is
2927 automatically enabled for the encrypted root volume discovered and
2928 activated by systemd-gpt-auto-generator.
621f7615 2929
4a20ad15 2930 * systemd-gpt-auto-generator mounts the ESP and XBOOTLDR partitions with
621f7615
ZJS		 2931 "noexec,nosuid,nodev".
2932
f9fdbd54
LP		 2933 * systemd-gpt-auto-generator will now honour the rootfstype= and
2934 rootflags= kernel command line switches for root file systems it
2935 discovers, to match behaviour in case an explicit root fs is
2936 specified via root=.
2937
621f7615 2938 * systemd-pcrphase gained new options --machine-id and --file-system=
7eff3e2c
ZJS		 2939 to measure the machine-id and mount point information into PCR 15.
2940 New service unit files systemd-pcrmachine.service and
1ee3720e
LP		 2941 systemd-pcrfs@.service have been added that invoke the tool with
2942 these switches during early boot.
621f7615 2943
f9fdbd54
LP		 2944 * systemd-pcrphase gained a --graceful switch will make it exit cleanly
2945 with a success exit code even if no TPM device is detected.
2946
621f7615
ZJS		 2947 * systemd-cryptenroll now stores the user-supplied PIN with a salt,
2948 making it harder to brute-force.
2949
2950 Changes in other tools:
3b288a2d
ZJS		 2951
2952 * systemd-homed gained support for luksPbkdfForceIterations (the
2953 intended number of iterations for the PBKDF operation on LUKS).
2954
621f7615
ZJS		 2955 * Environment variables $SYSTEMD_HOME_MKFS_OPTIONS_BTRFS,
2956 $SYSTEMD_HOME_MKFS_OPTIONS_EXT4, and $SYSTEMD_HOME_MKFS_OPTIONS_XFS
1ee3720e 2957 may now be used to specify additional arguments for mkfs when
621f7615 2958 systemd-homed formats a file system.
3b288a2d 2959
621f7615 2960 * systemd-hostnamed now exports the contents of
3b288a2d
ZJS		 2961 /sys/class/dmi/id/bios_vendor and /sys/class/dmi/id/bios_date via two
2962 new D-Bus properties: FirmwareVendor and FirmwareDate. This allows
2963 unprivileged code to access those values.
2964
621f7615 2965 systemd-hostnamed also exports the SUPPORT_END= field from
1ee3720e 2966 os-release(5) as OperatingSystemSupportEnd. hostnamectl make uses of
621f7615
ZJS		 2967 this to show the status of the installed system.
2968
2969 * systemd-measure gained an --append= option to sign multiple phase
2970 paths with different signing keys. This allows secrets to be
2971 accessible only in certain parts of the boot sequence. Note that
2972 'ukify' provides similar functionality in a more accessible form.
2973
2974 * systemd-timesyncd will now write a structured log message with
2975 MESSAGE_ID set to SD_MESSAGE_TIME_BUMP when it bumps the clock based
1ee3720e 2976 on a on-disk timestamp, similarly to what it did when reaching
621f7615
ZJS		 2977 synchronization via NTP.
2978
1ee3720e
LP		 2979 * systemd-timesyncd will now update the on-disk timestamp file on each
2980 boot at least once, making it more likely that the system time
2981 increases in subsequent boots.
621f7615 2982
1ee3720e 2983 * systemd-vconsole-setup gained support for system/service credentials:
621f7615
ZJS		 2984 vconsole.keymap/vconsole.keymap_toggle and
2985 vconsole.font/vconsole.font_map/vconsole.font_unimap are analogous
2986 the similarly-named options in vconsole.conf.
2987
2988 * systemd-localed will now save the XKB keyboard configuration to
2989 /etc/vconsole.conf, and also read it from there with a higher
2990 preference than the /etc/X11/xorg.conf.d/00-keyboard.conf config
2991 file. Previously, this information was stored in the former file in
2992 converted form, and only in latter file in the original form. Tools
2993 which want to access keyboard configuration can now do so from a
2994 standard location.
2995
2996 * systemd-resolved gained support for configuring the nameservers and
2997 search domains via kernel command line (nameserver=, domain=) and
2998 credentials (network.dns, network.search_domains).
2999
f9fdbd54
LP		 3000 * systemd-resolved will now synthesize host names for the DNS stub
3001 addresses it supports. Specifically when "_localdnsstub" is resolved,
3002 127.0.0.53 is returned, and if "_localdnsproxy" is resolved
3003 127.0.0.54 is returned.
3004
621f7615
ZJS		 3005 * systemd-notify will now send a "RELOADING=1" notification when called
3006 with --reloading, and "STOPPING=1" when called with --stopping. This
3007 can be used to implement notifications from units where it's easier
3008 to call a program than to use the sd-daemon library.
3009
f9fdbd54
LP		 3010 * systemd-analyze's 'plot' command can now output its information in
3011 JSON, controlled via the --json= switch. Also, new --table, and
3012 --no-legend options have been added.
621f7615
ZJS		 3013
3014 * 'machinectl enable' will now automatically enable machines.target
3015 unit in addition to adding the machine unit to the target.
3016
3017 Similarly, 'machinectl start|stop' gained a --now option to enable or
3018 disable the machine unit when starting or stopping it.
3019
1ee3720e 3020 * systemd-sysusers will now create /etc/ if it is missing.
b67ea78f
LB		 3021
3022 * systemd-sleep 'HibernateDelaySec=' setting is changed back to
3023 pre-v252's behaviour, and a new 'SuspendEstimationSec=' setting is
3024 added to provide the new initial value for the new automated battery
3025 estimation functionality. If 'HibernateDelaySec=' is set to any value,
3026 the automated estimate (and thus the automated hibernation on low
3027 battery to avoid data loss) functionality will be disabled.
3028
3029 * Default tmpfiles.d/ configuration will now automatically create
3030 credentials storage directory '/etc/credstore/' with the appropriate,
3031 secure permissions. If '/run/credstore/' exists, its permissions will
3032 be fixed too in case they are not correct.
3033
3b288a2d
ZJS		 3034 Changes in libsystemd and shared code:
3035
3036 * sd-bus gained new convenience functions sd_bus_emit_signal_to(),
3037 sd_bus_emit_signal_tov(), and sd_bus_message_new_signal_to().
3038
621f7615 3039 * sd-id128 functions now return -EUCLEAN (instead of -EIO) when the
da890466 3040 128-bit ID in files such as /etc/machine-id has an invalid
1ee3720e
LP		 3041 format. They also accept NULL as output parameter in more places,
3042 which is useful when the caller only wants to validate the inputs and
3043 does not need the output value.
621f7615
ZJS		 3044
3045 * sd-login gained new functions sd_pidfd_get_session(),
3046 sd_pidfd_get_owner_uid(), sd_pidfd_get_unit(),
3047 sd_pidfd_get_user_unit(), sd_pidfd_get_slice(),
3048 sd_pidfd_get_user_slice(), sd_pidfd_get_machine_name(), and
3049 sd_pidfd_get_cgroup(), that are analogous to sd_pid_get_*(),
3050 but accept a PIDFD instead of a PID.
3051
3052 * sd-path (and systemd-path) now export four new paths:
3053 SD_PATH_SYSTEMD_SYSTEM_ENVIRONMENT_GENERATOR,
3054 SD_PATH_SYSTEMD_USER_ENVIRONMENT_GENERATOR,
3055 SD_PATH_SYSTEMD_SEARCH_SYSTEM_ENVIRONMENT_GENERATOR, and
3056 SD_PATH_SYSTEMD_SEARCH_USER_ENVIRONMENT_GENERATOR,
3057
f9fdbd54
LP		 3058 * sd_notify() now supports AF_VSOCK as transport for notification
3059 messages (in addition to the existing AF_UNIX support). This is
3060 enabled if $NOTIFY_SOCKET is set in a "vsock:CID:port" format.
be551917 3061
1ee3720e 3062 * Detection of chroot() environments now works if /proc/ is not
33db1b90 3063 mounted. This affects systemd-detect-virt --chroot, but also means
1ee3720e
LP		 3064 that systemd tools will silently skip various operations in such an
3065 environment.
3b288a2d 3066
8ad6e519 3067 * "Lockheed Martin Hardened Security for Intel Processors" (HS SRE)
3b288a2d
ZJS		 3068 virtualization is now detected.
3069
3070 Changes in the build system:
3071
f9fdbd54
LP		 3072 * Standalone variants of systemd-repart and systemd-shutdown may now be
3073 built (if -Dstandalone=true).
3b288a2d 3074
1ee3720e
LP		 3075 * systemd-ac-power has been moved from /usr/lib/ to /usr/bin/, to, for
3076 example, allow scripts to conditionalize execution on AC power
3077 supply.
3b288a2d 3078
621f7615
ZJS		 3079 * The libp11kit library is now loaded through dlopen(3).
3080
3b288a2d
ZJS		 3081 Changes in the documentation:
3082
3083 * Specifications that are not closely tied to systemd have moved to
bdc11d26 3084 https://uapi-group.org/specifications/: the Boot Loader Specification
3b288a2d
ZJS		 3085 and the Discoverable Partitions Specification.
3086
8ca20dfa
LB		 3087 Contributions from: 김인수, 13r0ck, Aidan Dang, Alberto Planas,
3088 Alvin Šipraga, Andika Triwidada, AndyChi, angus-p, Anita Zhang,
aff998ae
LB		 3089 Antonio Alvarez Feijoo, Arsen Arsenović, asavah, Benjamin Fogle,
3090 Benjamin Tissoires, berenddeschouwer, BerndAdameit,
3091 Bernd Steinhauser, blutch112, cake03, Callum Farmer, Carlo Teubner,
3092 Charles Hardin, chris, Christian Brauner, Christian Göttsche,
3093 Cristian Rodríguez, Daan De Meyer, Dan Streetman, DaPigGuy,
4142ea8d
LB		 3094 Darrell Kavanagh, David Tardon, dependabot[bot], Dirk Su,
3095 Dmitry V. Levin, drosdeck, Edson Juliano Drosdeck, edupont,
3096 Eric DeVolder, Erik Moqvist, Evgeny Vereshchagin, Fabian Gurtner,
3097 Felix Riemann, Franck Bui, Frantisek Sumsal, Geert Lorang,
8ca20dfa 3098 Gerd Hoffmann, Gio, Hannoskaj, Hans de Goede, Hugo Carvalho,
aff998ae
LB		 3099 igo95862, Ilya Leoshkevich, Ivan Shapovalov, Jacek Migacz,
3100 Jade Lovelace, Jan Engelhardt, Jan Janssen, Jan Macku, January,
1233a7cf
LB		 3101 Jason A. Donenfeld, jcg, Jean-Tiare Le Bigot, Jelle van der Waa,
3102 Jeremy Linton, Jian Zhang, Jiayi Chen, Jia Zhang, Joerg Behrmann,
3103 Jörg Thalheim, Joshua Goins, joshuazivkovic, Joshua Zivkovic,
3104 Kai-Chuan Hsieh, Khem Raj, Koba Ko, Lennart Poettering, lichao,
3105 Li kunyu, Luca Boccassi, Luca BRUNO, Ludwig Nussel,
3106 Łukasz Stelmach, Lycowolf, marcel151, Marcus Schäfer, Marek Vasut,
3107 Mark Laws, Michael Biebl, Michał Kotyla, Michal Koutný,
3108 Michal Sekletár, Mike Gilbert, Mike Yuan, MkfsSion, ml,
3109 msizanoen1, mvzlb, MVZ Ludwigsburg, Neil Moore, Nick Rosbrook,
3110 noodlejetski, Pasha Vorobyev, Peter Cai, p-fpv, Phaedrus Leeds,
3111 Philipp Jungkamp, Quentin Deslandes, Raul Tambre, Ray Strode,
8ca20dfa 3112 reuben olinsky, Richard E. van der Luit, Richard Phibel,
aff998ae 3113 Ricky Tigg, Robin Humble, rogg, Rudi Heitbaum, Sam James,
4142ea8d
LB		 3114 Samuel Cabrero, Samuel Thibault, Siddhesh Poyarekar, Simon Brand,
3115 Space Meyer, Spindle Security, Steve Ramage, Takashi Sakamoto,
3116 Thomas Haller, Tonći Galić, Topi Miettinen, Torsten Hilbrich,
aff998ae
LB		 3117 Tuetuopay, uerdogan, Ulrich Ölmann, Valentin David,
3118 Vitaly Kuznetsov, Vito Caputo, Waltibaba, Will Fancher,
3119 William Roberts, wouter bolsterlee, Youfu Zhang, Yu Watanabe,
8ca20dfa
LB		 3120 Zbigniew Jędrzejewski-Szmek, Дамјан Георгиевски,
3121 наб
31853609 3122
477fdc5a 3123 — Warsaw, 2023-02-15
903dd65b 3124
e8dc5276 3125CHANGES WITH 252 🎃:
b98445cd 3126
02380e19 3127 Announcements of Future Feature Removals:
b98445cd 3128
02380e19
ZJS		 3129 * We intend to remove cgroup v1 support from systemd release after the
3130 end of 2023. If you run services that make explicit use of cgroup v1
3131 features (i.e. the "legacy hierarchy" with separate hierarchies for
3132 each controller), please implement compatibility with cgroup v2 (i.e.
3133 the "unified hierarchy") sooner rather than later. Most of Linux
b98445cd
LP		 3134 userspace has been ported over already.
3135
02380e19
ZJS		 3136 * We intend to remove support for split-usr (/usr mounted separately
3137 during boot) and unmerged-usr (parallel directories /bin and
3138 /usr/bin, /lib and /usr/lib, etc). This will happen in the second
3139 half of 2023, in the first release that falls into that time window.
3140 For more details, see:
f77c0840
LB		 3141 https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html
3142
10736074
LP		 3143 Compatibility Breaks:
3144
02380e19
ZJS		 3145 * ConditionKernelVersion= checks that use the '=' or '!=' operators
3146 will now do simple string comparisons (instead of version comparisons
3ff1721c 3147 à la stverscmp()). Version comparisons are still done for the
02380e19
ZJS		 3148 ordering operators '<', '>', '<=', '>='. Moreover, if no operator is
3149 specified, a shell-style glob match is now done. This creates a minor
3150 incompatibility compared to older systemd versions when the '*', '?',
3151 '[', ']' characters are used, as these will now match as shell globs
3152 instead of literally. Given that kernel version strings typically do
3153 not include these characters we expect little breakage through this
3154 change.
3155
3156 * The service manager will now read the SELinux label used for SELinux
3157 access checks from the unit file at the time it loads the file.
3158 Previously, the label would be read at the moment of the access
3159 check, which was problematic since at that time the unit file might
3160 already have been updated or removed.
a0769ee4 3161
10736074 3162 New Features:
e49d111b 3163
8d3b7d2f
ZJS		 3164 * systemd-measure is a new tool for calculating and signing expected
3165 TPM2 PCR values for a given unified kernel image (UKI) booted via
3166 sd-stub. The public key used for the signature and the signed
3167 expected PCR information can be embedded inside the UKI. This
3168 information can be extracted from the UKI by external tools and code
3169 in the image itself and is made available to userspace in the booted
3170 kernel.
25d615eb 3171
8d3b7d2f 3172 systemd-cryptsetup, systemd-cryptenroll, and systemd-creds have been
25d615eb 3173 updated to make use of this information if available in the booted
29818c4e 3174 kernel: when locking an encrypted volume/credential to the TPM
8d3b7d2f
ZJS		 3175 systemd-cryptenroll/systemd-creds will use the public key to bind the
3176 volume/credential to any kernel that carries PCR information signed
3177 by the same key pair. When unlocking such volumes/credentials
3178 systemd-cryptsetup/systemd-creds will use the signature embedded in
3179 the booted UKI to gain access.
25d615eb
LP		 3180
3181 Binding TPM-based disk encryption to public keys/signatures of PCR
3182 values — instead of literal PCR values — addresses the inherent
3183 "brittleness" of traditional PCR-bound TPM disk encryption schemes:
29818c4e
LP		 3184 disks remain accessible even if the UKI is updated, without any TPM
3185 specific preparation during the OS update — as long as each UKI
3186 carries the necessary PCR signature information.
3187
3188 Net effect: if you boot a properly prepared kernel, TPM-bound disk
3189 encryption now defaults to be locked to kernels which carry PCR
8d3b7d2f
ZJS		 3190 signatures from the same key pair. Example: if a hypothetical distro
3191 FooOS prepares its UKIs like this, TPM-based disk encryption is now –
3192 by default – bound to only FooOS kernels, and encrypted volumes bound
3193 to the TPM cannot be unlocked on kernels from other sources. (But do
3194 note this behaviour requires preparation/enabling in the UKI, and of
3195 course users can always enroll non-TPM ways to unlock the volume.)
a0769ee4 3196
9ca1efbc 3197 * systemd-pcrphase is a new tool that is invoked at six places during
7eff3e2c 3198 system runtime, and measures additional words into TPM2 PCR 11, to
a0769ee4 3199 mark milestones of the boot process. This allows binding access to
02380e19 3200 specific TPM2-encrypted secrets to specific phases of the boot
29818c4e 3201 process. (Example: LUKS2 disk encryption key only accessible in the
02380e19 3202 initrd, but not later.)
e49d111b 3203
02380e19 3204 Changes in systemd itself, i.e. the manager and units
e49d111b 3205
a0769ee4
LP		 3206 * The cpu controller is delegated to user manager units by default, and
3207 CPUWeight= settings are applied to the top-level user slice units
3208 (app.slice, background.slice, session.slice). This provides a degree
3209 of resource isolation between different user services competing for
3210 the CPU.
e49d111b
ZJS		 3211
3212 * Systemd can optionally do a full preset in the "first boot" condition
3213 (instead of just enable-only). This behaviour is controlled by the
02380e19 3214 compile-time option -Dfirst-boot-full-preset. Right now it defaults
e49d111b
ZJS		 3215 to 'false', but the plan is to switch it to 'true' for the subsequent
3216 release.
3217
9ca1efbc
ZJS		 3218 * Drop-ins are now allowed for transient units too.
3219
e49d111b 3220 * Systemd will set the taint flag 'support-ended' if it detects that
02380e19
ZJS		 3221 the OS image is past its end-of-support date. This date is declared
3222 in a new /etc/os-release field SUPPORT_END= described below.
e49d111b 3223
a0769ee4 3224 * Two new settings ConditionCredential= and AssertCredential= can be
4db5c45d
LP		 3225 used to skip or fail units if a certain system credential is not
3226 provided.
e49d111b 3227
02380e19 3228 * ConditionMemory= accepts size suffixes (K, M, G, T, …).
e49d111b 3229
a0769ee4
LP		 3230 * DefaultSmackProcessLabel= can be used in system.conf and user.conf to
3231 specify the SMACK security label to use when not specified in a unit
3232 file.
e49d111b 3233
02380e19
ZJS		 3234 * DefaultDeviceTimeoutSec= can be used in system.conf and user.conf to
3235 specify the default timeout when waiting for device units to
3236 activate.
e49d111b 3237
a0769ee4
LP		 3238 * C.UTF-8 is used as the default locale if nothing else has been
3239 configured.
e49d111b 3240
02380e19
ZJS		 3241 * [Condition|Assert]Firmware= have been extended to support certain
3242 SMBIOS fields. For example
3243
3244 ConditionFirmware=smbios-field(board_name = "Custom Board")
3245
3246 conditionalizes the unit to run only when
3247 /sys/class/dmi/id/board_name contains "Custom Board" (without the
a0769ee4 3248 quotes).
bf07a125 3249
f77c0840 3250 * ConditionFirstBoot= now correctly evaluates as true only during the
02380e19
ZJS		 3251 boot phase of the first boot. A unit executed later, after booting
3252 has completed, will no longer evaluate this condition as true.
f77c0840
LB		 3253
3254 * Socket units will now create sockets in the SELinuxContext= of the
3255 associated service unit, if any.
3256
a0769ee4 3257 * Boot phase transitions (start initrd → exit initrd → boot complete →
7eff3e2c 3258 shutdown) will be measured into TPM2 PCR 11, so that secrets can be
02380e19 3259 bound to a specific runtime phase. E.g.: a LUKS encryption key can be
f77c0840
LB		 3260 unsealed only in the initrd.
3261
a0769ee4
LP		 3262 * Service credentials (i.e. SetCredential=/LoadCredential=/…) will now
3263 also be provided to ExecStartPre= processes.
f77c0840 3264
02380e19
ZJS		 3265 * Various units are now correctly ordered against
3266 initrd-switch-root.target where previously a conflict without
3267 ordering was configured. A stop job for those units would be queued,
3268 but without the ordering it could be executed only after
3269 initrd-switch-root.service, leading to units not being restarted in
3270 the host system as expected.
f77c0840
LB		 3271
3272 * In order to fully support the IPMI watchdog driver, which has not yet
a0769ee4
LP		 3273 been ported to the new common watchdog device interface,
3274 /dev/watchdog0 will be tried first and systemd will silently fallback
3275 to /dev/watchdog if it is not found.
f77c0840 3276
3af9dc77
LB		 3277 * New watchdog-related D-Bus properties are now published by systemd:
3278 WatchdogDevice, WatchdogLastPingTimestamp,
3279 WatchdogLastPingTimestampMonotonic.
f77c0840 3280
02380e19
ZJS		 3281 * At shutdown, API virtual files systems (proc, sys, etc.) will be
3282 unmounted lazily.
043ba6a1 3283
02380e19
ZJS		 3284 * At shutdown, systemd will now log about processes blocking unmounting
3285 of file systems.
a0769ee4 3286
043ba6a1 3287 * A new meson build option 'clock-valid-range-usec-max' was added to
a0769ee4 3288 allow disabling system time correction if RTC returns a timestamp far
043ba6a1
LB		 3289 in the future.
3290
167420a3
LB		 3291 * Propagated restart jobs will no longer be discarded while a unit is
3292 activating.
043ba6a1 3293
a0769ee4
LP		 3294 * PID 1 will now import system credentials from SMBIOS Type 11 fields
3295 ("OEM vendor strings"), in addition to qemu_fwcfg. This provides a
02380e19
ZJS		 3296 simple, fast and generic path for supplying credentials to a VM,
3297 without involving external tools such as cloud-init/ignition.
a0769ee4
LP		 3298
3299 * The CPUWeight= setting of unit files now accepts a new special value
3300 "idle", which configures "idle" level scheduling for the unit.
3301
3302 * Service processes that are activated due to a .timer or .path unit
3303 triggering will now receive information about this via environment
02380e19
ZJS		 3304 variables. Note that this is information is lossy, as activation
3305 might be coalesced and only one of the activating triggers will be
3306 reported. This is hence more suited for debugging or tracing rather
3307 than for behaviour decisions.
a0769ee4 3308
9ca1efbc
ZJS		 3309 * The riscv_flush_icache(2) system call has been added to the list of
3310 system calls allowed by default when SystemCallFilter= is used.
3311
3312 * The selinux context derived from the target executable, instead of
3313 'init_t' used for the manager itself, is now used when creating
3314 listening sockets for units that specify SELinuxContextFromNet=yes.
3315
e49d111b
ZJS		 3316 Changes in sd-boot, bootctl, and the Boot Loader Specification:
3317
3318 * The Boot Loader Specification has been cleaned up and clarified.
3319 Various corner cases in version string comparisons have been fixed
3320 (e.g. comparisons for empty strings). Boot counting is now part of
3321 the main specification.
3322
7eff3e2c
ZJS		 3323 * New PCRs measurements are performed during boot: PCR 11 for the
3324 kernel+initrd combo, PCR 13 for any sysext images. If a measurement
a0769ee4
LP		 3325 took place this is now reported to userspace via the new
3326 StubPcrKernelImage and StubPcrInitRDSysExts EFI variables.
3327
02380e19 3328 * As before, systemd-stub will measure kernel parameters and system
7eff3e2c 3329 credentials into PCR 12. It will now report this fact via the
a0769ee4 3330 StubPcrKernelParameters EFI variable to userspace.
e49d111b 3331
a0769ee4
LP		 3332 * The UEFI monotonic boot counter is now included in the updated random
3333 seed file maintained by sd-boot, providing some additional entropy.
e49d111b 3334
9ca1efbc
ZJS		 3335 * sd-stub will use LoadImage/StartImage to execute the kernel, instead
3336 of arranging the image manually and jumping to the kernel entry
3337 point. sd-stub also installs a temporary UEFI SecurityOverride to
3338 allow the (unsigned) nested image to be booted. This is safe because
3339 the outer (signed) stub+kernel binary must have been verified before
3340 the stub was executed.
3341
e49d111b 3342 * Booting in EFI mixed mode (a 64-bit kernel over 32-bit UEFI firmware)
a0769ee4 3343 is now supported by sd-boot.
e49d111b 3344
a0769ee4
LP		 3345 * bootctl gained a bunch of new options: --all-architectures to install
3346 binaries for all supported EFI architectures, --root= and --image=
3347 options to operate on a directory or disk image, and
3348 --install-source= to specify the source for binaries to install,
3349 --efi-boot-option-description= to control the name of the boot entry.
e49d111b
ZJS		 3350
3351 * The sd-boot stub exports a StubFeatures flag, which is used by
3352 bootctl to show features supported by the stub that was used to boot.
3353
6e50cf38
JJ		 3354 * The PE section offsets that are used by tools that assemble unified
3355 kernel images have historically been hard-coded. This may lead to
3356 overlapping PE sections which may break on boot. The UKI will now try
3357 to detect and warn about this.
3358
3359 Any tools that assemble UKIs must update to calculate these offsets
3360 dynamically. Future sd-stub versions may use offsets that will not
3361 work with the currently used set of hard-coded offsets!
f77c0840 3362
a0769ee4
LP		 3363 * sd-stub now accepts (and passes to the initrd and then to the full
3364 OS) new PE sections '.pcrsig' and '.pcrkey' that can be used to embed
02380e19
ZJS		 3365 signatures of expected PCR values, to allow sealing secrets via the
3366 TPM2 against pre-calculated PCR measurements.
f77c0840 3367
e49d111b
ZJS		 3368 Changes in the hardware database:
3369
a0769ee4 3370 * 'systemd-hwdb query' now supports the --root= option.
e49d111b
ZJS		 3371
3372 Changes in systemctl:
3373
a0769ee4 3374 * systemctl now supports --state= and --type= options for the 'show'
e49d111b
ZJS		 3375 and 'status' verbs.
3376
3377 * systemctl gained a new verb 'list-automounts' to list automount
3378 points.
3379
a0769ee4
LP		 3380 * systemctl gained support for a new --image= switch to be able to
3381 operate on the specified disk image (similar to the existing --root=
3382 which operates relative to some directory).
3383
e49d111b
ZJS		 3384 Changes in systemd-networkd:
3385
3386 * networkd can set Linux NetLabel labels for integration with the
3387 network control in security modules via a new NetLabel= option.
3388
e49d111b
ZJS		 3389 * The RapidCommit= is (re-)introduced to enable faster configuration
3390 via DHCPv6 (RFC 3315).
3391
f77c0840
LB		 3392 * networkd gained a new option TCPCongestionControlAlgorithm= that
3393 allows setting a per-route TCP algorithm.
3394
043ba6a1
LB		 3395 * networkd gained a new option KeepFileDescriptor= to allow keeping a
3396 reference (file descriptor) open on TUN/TAP interfaces, which is
3397 useful to avoid link flaps while the underlying service providing the
3398 interface is being serviced.
3399
ea3e581d
LB		 3400 * RouteTable= now also accepts route table names.
3401
e49d111b
ZJS		 3402 Changes in systemd-nspawn:
3403
3404 * The --bind= and --overlay= options now support relative paths.
3405
3af9dc77 3406 * The --bind= option now supports a 'rootidmap' value, which will
f77c0840
LB		 3407 use id-mapped mounts to map the root user inside the container to the
3408 owner of the mounted directory on the host.
e49d111b 3409
9ca1efbc
ZJS		 3410 Changes in systemd-resolved:
3411
3412 * systemd-resolved now persists DNSOverTLS in its state file too. This
3413 fixes a problem when used in combination with NetworkManager, which
3414 sends the setting only once, causing it to be lost if resolved was
3415 restarted at any point.
3416
68a5300f 3417 * systemd-resolved now exposes a Varlink socket at
9ca1efbc
ZJS		 3418 /run/systemd/resolve/io.systemd.Resolve.Monitor, accessible only for
3419 root. Processed DNS requests in a JSON format will be published to
3420 any clients connected to this socket.
3421
3422 resolvectl gained a 'monitor' verb to make use of this.
3423
3424 * systemd-resolved now treats unsupported DNSSEC algorithms as INSECURE
3425 instead of returning SERVFAIL, as per RFC:
3426 https://datatracker.ietf.org/doc/html/rfc6840#section-5.2
3427
3428 * OpenSSL is the default crypto backend for systemd-resolved. (gnutls
3429 is still supported.)
3430
f77c0840 3431 Changes in libsystemd and other libraries:
e49d111b 3432
a0769ee4
LP		 3433 * libsystemd now exports sd_bus_error_setfv() (a convenience function
3434 for setting bus errors), sd_id128_string_equal (a convenience
da890466 3435 function for 128-bit ID string comparisons), and
a0769ee4
LP		 3436 sd_bus_message_read_strv_extend() (a function to incrementally read
3437 string arrays).
e49d111b 3438
a0769ee4
LP		 3439 * libsystemd now exports sd_device_get_child_first()/_next() as a
3440 high-level interface for enumerating child devices. It also supports
3441 sd_device_new_child() for opening a child device given a device
3442 object.
f77c0840 3443
a0769ee4 3444 * libsystemd now exports sd_device_monitor_set()/get_description()
9ca1efbc 3445 which allow setting a custom description that will be used in log
a0769ee4 3446 messages by sd_device_monitor*.
46c41ade 3447
e49d111b
ZJS		 3448 * Private shared libraries (libsystemd-shared-nnn.so,
3449 libsystemd-core-nnn.so) are now installed into arch-specific
3450 directories to allow multi-arch installs.
3451
f77c0840
LB		 3452 * A new sd-gpt.h header is now published, listing GUIDs from the
3453 Discoverable Partitions specification. For more details see:
3454 https://systemd.io/DISCOVERABLE_PARTITIONS/
3455
a0769ee4
LP		 3456 * A new function sd_hwdb_new_from_path() has been added to open a hwdb
3457 database given an explicit path to the file.
3458
3459 * The signal number argument to sd_event_add_signal() now can now be
02380e19
ZJS		 3460 ORed with the SD_EVENT_SIGNAL_PROCMASK flag, causing sigprocmask() to
3461 be automatically invoked to block the specified signal. This is
3462 useful to simplify invocations as the caller doesn't have to do this
3463 manually.
a0769ee4
LP		 3464
3465 * A new convenience call sd_event_set_signal_exit() has been added to
02380e19 3466 sd-event to set up signal handling so that the event loop
a0769ee4
LP		 3467 automatically terminates cleanly on SIGTERM/SIGINT.
3468
e49d111b
ZJS		 3469 Changes in other components:
3470
02380e19
ZJS		 3471 * systemd-sysusers, systemd-tmpfiles, and systemd-sysctl configuration
3472 can now be provided via the credential mechanism.
e49d111b 3473
9ca1efbc
ZJS		 3474 * systemd-analyze gained a new verb 'compare-versions' that implements
3475 comparisons for versions strings (similarly to 'rpmdev-vercmp' and
3476 'dpkg --compare-versions').
3477
3478 * 'systemd-analyze dump' is extended to accept glob patterns for unit
3479 names to limit the output to matching units.
3480
02380e19
ZJS		 3481 * tmpfiles.d/ lines can read file contents to write from a credential.
3482 The new modifier char '^' is used to specify that the argument is a
3483 credential name. This mechanism is used to automatically populate
a0769ee4 3484 /etc/motd, /etc/issue, and /etc/hosts from credentials.
e49d111b 3485
a0769ee4
LP		 3486 * tmpfiles.d/ may now be configured to avoid changing uid/gid/mode of
3487 an inode if the specification is prefixed with ':' and the inode
3488 already exists.
f77c0840 3489
02380e19
ZJS		 3490 * Default tmpfiles.d/ configuration now carries a line to automatically
3491 use an 'ssh.authorized_keys.root' credential if provided to set up
a0769ee4 3492 the SSH authorized_keys file for the root user.
f77c0840 3493
a0769ee4
LP		 3494 * systemd-tmpfiles will now gracefully handle absent source of "C" copy
3495 lines.
3496
02380e19
ZJS		 3497 * tmpfiles.d/ F/w lines now optionally permit encoding of the payload
3498 in base64. This is useful to write arbitrary binary data into files.
f77c0840 3499
e49d111b 3500 * The pkgconfig and rpm macros files now export the directory for user
02380e19 3501 units as 'user_tmpfiles_dir' and '%_user_tmpfilesdir'.
e49d111b 3502
02380e19
ZJS		 3503 * Detection of Apple Virtualization and detection of Parallels and
3504 KubeVirt virtualization on non-x86 archs have been added.
e49d111b
ZJS		 3505
3506 * os-release gained a new field SUPPORT_END=YYYY-MM-DD to inform the
3507 user when their system will become unsupported.
3508
3509 * When performing suspend-then-hibernate, the system will estimate the
02380e19
ZJS		 3510 discharge rate and use that to set the delay until hibernation and
3511 hibernate immediately instead of suspending when running from a
e49d111b
ZJS		 3512 battery and the capacity is below 5%.
3513
a0769ee4 3514 * systemd-sysctl gained a --strict option to fail when a sysctl
e49d111b
ZJS		 3515 setting is unknown to the kernel.
3516
a0769ee4 3517 * machinectl supports --force for the 'copy-to' and 'copy-from'
e49d111b
ZJS		 3518 verbs.
3519
9ca1efbc
ZJS		 3520 * coredumpctl gained the --root and --image options to look for journal
3521 files under the specified root directory, image, or block device.
e49d111b 3522
02380e19
ZJS		 3523 * 'journalctl -o' and similar commands now implement a new output mode
3524 "short-delta". It is similar to "short-monotonic", but also shows the
3525 time delta between subsequent messages.
893bcd3d 3526
02380e19
ZJS		 3527 * journalctl now respects the --quiet flag when verifying consistency
3528 of journal files.
f77c0840 3529
02380e19
ZJS		 3530 * Journal log messages gained a new implicit field _RUNTIME_SCOPE= that
3531 will indicate whether a message was logged in the 'initrd' phase or
3532 in the 'system' phase of the boot process.
f77c0840 3533
02380e19
ZJS		 3534 * Journal files gained a new compatibility flag
3535 'HEADER_INCOMPATIBLE_COMPACT'. Files with this flag implement changes
3536 to the storage format that allow reducing size on disk. As with other
3537 compatibility flags, older journalctl versions will not be able to
3538 read journal files using this new format. The environment variable
3539 'SYSTEMD_JOURNAL_COMPACT=0' can be passed to systemd-journald to
3540 disable this functionality. It is enabled by default.
7dbbb393 3541
a0769ee4
LP		 3542 * systemd-run's --working-directory= switch now works when used in
3543 combination with --scope.
f77c0840 3544
9ca1efbc
ZJS		 3545 * portablectl gained a --force flag to skip certain sanity checks. This
3546 is implemented using new flags accepted by systemd-portabled for the
3547 *WithExtensions() D-Bus methods: SD_SYSTEMD_PORTABLE_FORCE_ATTACH
3548 flag now means that the attach/detach checks whether the units are
3549 already present and running will be skipped. Similarly,
3550 SD_SYSTEMD_PORTABLE_FORCE_SYSEXT flag means that the check whether
3551 image name matches the name declared inside of the image will be
3552 skipped. Callers must be sure to do those checks themselves if
3553 appropriate.
f77c0840 3554
043ba6a1
LB		 3555 * systemd-portabled will now use the original filename to check
3556 extension-release.NAME for correctness, in case it is passed a
3557 symlink.
3558
46c41ade
LB		 3559 * systemd-portabled now uses PrivateTmp=yes in the 'trusted' profile
3560 too.
3561
a0769ee4
LP		 3562 * sysext's extension-release files now support '_any' as a special
3563 value for the ID= field, to allow distribution-independent extensions
3564 (e.g.: fully statically compiled binaries, scripts). It also gained
3565 support for a new ARCHITECTURE= field that may be used to explicitly
3566 restrict an image to hosts of a specific architecture.
043ba6a1 3567
02380e19
ZJS		 3568 * systemd-repart now supports creating squashfs partitions. This
3569 requires mksquashfs from squashfs-tools.
f77c0840 3570
02380e19 3571 * systemd-repart gained a --split flag to also generate split
a0769ee4 3572 artifacts, i.e. a separate file for each partition. This is useful in
766c1eae 3573 conjunction with systemd-sysupdate or other tools, or to generate
a0769ee4 3574 split dm-verity artifacts.
f77c0840
LB		 3575
3576 * systemd-repart is now able to generate dm-verity partitions, including
3577 signatures.
3578
02380e19
ZJS		 3579 * systemd-repart can now set a partition UUID to zero, allowing it to
3580 be filled in later, such as when using verity partitions.
f77c0840 3581
46c41ade
LB		 3582 * systemd-repart now supports drop-ins for its configuration files.
3583
02380e19 3584 * Package metadata logged by systemd-coredump in the system journal is
f77c0840
LB		 3585 now more compact.
3586
3587 * xdg-autostart-service now expands 'tilde' characters in Exec lines.
3588
3589 * systemd-oomd now automatically links against libatomic, if available.
3590
46c41ade
LB		 3591 * systemd-oomd now sends out a 'Killed' D-Bus signal when a cgroup is
3592 killed.
3593
3594 * scope units now also provide oom-kill status.
3595
a0769ee4
LP		 3596 * systemd-pstore will now try to load only the efi_pstore kernel module
3597 before running, ensuring that pstore can be used.
f77c0840 3598
46c41ade
LB		 3599 * systemd-logind gained a new StopIdleSessionSec= option to stop an idle
3600 session after a preconfigure timeout.
f77c0840
LB		 3601
3602 * systemd-homed will now wait up to 30 seconds for workers to terminate,
3603 rather than indefinitely.
3604
7dbbb393
LB		 3605 * homectl gained a new '--luks-sector-size=' flag that allows users to
3606 select the preferred LUKS sector size. Must be a power of 2 between 512
3607 and 4096. systemd-userdbd records gained a corresponding field.
3608
f77c0840
LB		 3609 * systemd-sysusers will now respect the 'SOURCE_DATE_EPOCH' environment
3610 variable when generating the 'sp_lstchg' field, to ensure an image
3611 build can be reproducible.
3612
02380e19 3613 * 'udevadm wait' will now listen to kernel uevents too when called with
a0769ee4
LP		 3614 --initialized=no.
3615
3616 * When naming network devices udev will now consult the Devicetree
3617 "alias" fields for the device.
f77c0840 3618
9ca1efbc
ZJS		 3619 * systemd-udev will now create infiniband/by-path and
3620 infiniband/by-ibdev links for Infiniband verbs devices.
3621
ea3e581d
LB		 3622 * systemd-udev-trigger.service will now also prioritize input devices.
3623
a0769ee4
LP		 3624 * ConditionACPower= and systemd-ac-power will now assume the system is
3625 running on AC power if no battery can be found.
46c41ade 3626
f77c0840
LB		 3627 * All features and tools using the TPM2 will now communicate with it
3628 using a bind key. Beforehand, the tpm2 support used encrypted sessions
3629 by creating a primary key that was used to encrypt traffic. This
3630 creates a problem as the key created for encrypting the traffic could
3631 be faked by an active interposer on the bus. In cases when a pin is
3632 used, a bind key will be used. The pin is used as the auth value for
3633 the seal key, aka the disk encryption key, and that auth value will be
3634 used in the session establishment. An attacker would need the pin
3635 value to create the secure session and thus an active interposer
02380e19 3636 without the pin cannot interpose on TPM2 traffic.
f77c0840 3637
043ba6a1 3638 * systemd-growfs no longer requires udev to run.
f77c0840 3639
46c41ade
LB		 3640 * systemd-backlight now will better support systems with multiple
3641 graphic cards.
3642
3643 * systemd-cryptsetup's keyfile-timeout= option now also works when a
3644 device is used as a keyfile.
3645
a0769ee4
LP		 3646 * systemd-cryptenroll gained a new --unlock-key-file= option to get the
3647 unlocking key from a key file (instead of prompting the user). Note
3648 that this is the key for unlocking the volume in order to be able to
3649 enroll a new key, but it is not the key that is enrolled.
46c41ade 3650
a0769ee4
LP		 3651 * systemd-dissect gained a new --umount switch that will safely and
3652 synchronously unmount all partitions of an image previously mounted
02380e19 3653 with 'systemd-dissect --mount'.
46c41ade
LB		 3654
3655 * When using gcrypt, all systemd tools and services will now configure
02380e19 3656 it to prefer the OS random number generator if present.
46c41ade 3657
ea3e581d
LB		 3658 * All example code shipped with documentation has been relicensed from CC0
3659 to MIT-0.
3660
3661 * Unit tests will no longer fail when running on a system without
3662 /etc/machine-id.
3663
e49d111b
ZJS		 3664 Experimental features:
3665
f77c0840
LB		 3666 * BPF programs can now be compiled with bpf-gcc (requires libbpf >= 1.0
3667 and bpftool >= 7.0).
e49d111b
ZJS		 3668
3669 * sd-boot can automatically enroll SecureBoot keys from files found on
3670 the ESP. This enrollment can be either automatic ('force' mode) or
a0769ee4
LP		 3671 controlled by the user ('manual' mode). It is sufficient to place the
3672 SecureBoot keys in the right place in the ESP and they will be picked
3673 up by sd-boot and shown in the boot menu.
3674
9ca1efbc
ZJS		 3675 * The mkosi config in systemd gained support for automatically
3676 compiling a kernel with the configuration appropriate for testing
3677 systemd. This may be useful when developing or testing systemd in
3678 tandem with the kernel.
3679
9ca1efbc
ZJS		 3680 Contributions from: 김인수, Adam Williamson, adrian5, Aidan Dang,
3681 Akihiko Odaki, Alban Bedel, Albert Mikaelyan, Aleksey Vasenev,
fa9b3a5f 3682 Alexander Graf, Alexander Shopov, Alexander Wilson,
f3e70c8a
LB		 3683 Alper Nebi Yasak, anarcat, Anders Jonsson, Andre Kalb,
3684 Andrew Stone, Andrey Albershteyn, Anita Zhang, Ansgar Burchardt,
fa9b3a5f
LB		 3685 Antonio Alvarez Feijoo, Arnaud Ferraris, Aryan singh, asavah,
3686 Avamander, Avram Lubkin, Balázs Meskó, Bastien Nocera,
3687 Benjamin Franzke, BerndAdameit, bin456789, Celeste Liu,
3688 Chih-Hsuan Yen, Christian Brauner, Christian Göttsche,
3689 Christian Hesse, Clyde Byrd III, codefiles, Colin Walters,
3690 Cristian Rodríguez, Daan De Meyer, Daniel Braunwarth,
3691 Daniel Rusek, Dan Streetman, Darsey Litzenberger, David Edmundson,
9ca1efbc
ZJS		 3692 David Jaša, David Rheinsberg, David Seifert, David Tardon,
3693 dependabot[bot], Devendra Tewari, Dominique Martinet, drosdeck,
3694 Edson Juliano Drosdeck, Eduard Tolosa, eggfly, Einsler Lee,
3695 Elias Probst, Eli Schwartz, Evgeny Vereshchagin, exploide, Fei Li,
3696 Foster Snowhill, Franck Bui, Frank Dana, Frantisek Sumsal,
fa9b3a5f
LB		 3697 Gerd Hoffmann, Gio, Goffredo Baroncelli, gtwang01,
3698 Guillaume W. Bres, H A, Hans de Goede, Heinrich Schuchardt,
3699 Hugo Carvalho, i-do-cpp, igo95862, j00512545, Jacek Migacz,
3700 Jade Bilkey, James Hilliard, Jan B, Janis Goldschmidt,
3701 Jan Janssen, Jan Kuparinen, Jan Luebbe, Jan Macku,
3702 Jason A. Donenfeld, Javkhlanbayar Khongorzul, Jeremy Soller,
3703 JeroenHD, jiangchuangang, João Loureiro,
f3e70c8a
LB		 3704 Joaquín Ignacio Aramendía, Jochen Sprickerhof,
3705 Johannes Schauer Marin Rodrigues, Jonas Kümmerlin,
3706 Jonas Witschel, Jonathan Kang, Jonathan Lebon, Joost Heitbrink,
3707 Jörg Thalheim, josh-gordon-fb, Joyce, Kai Lueke, lastkrick,
3708 Lennart Poettering, Leon M. George, licunlong, Li kunyu,
9ca1efbc
ZJS		 3709 LockBlock-dev, Loïc Collignon, Lubomir Rintel, Luca Boccassi,
3710 Luca BRUNO, Ludwig Nussel, Łukasz Stelmach, Maccraft123,
3711 Marc Kleine-Budde, Marius Vollmer, Martin Wilck, matoro,
3712 Matthias Lisin, Max Gautier, Maxim Mikityanskiy, Michael Biebl,
3713 Michal Koutný, Michal Sekletár, Michal Stanke, Mike Gilbert,
fa9b3a5f 3714 Mitchell Freiderich, msizanoen1, Nick Rosbrook, nl6720, Oğuz Ersen,
f3e70c8a
LB		 3715 Oleg Solovyov, Olga Smirnova, Pablo Ceballos, Pavel Zhukov,
3716 Phaedrus Leeds, Philipp Gortan, Piotr Drąg, Pyfisch,
3717 Quentin Deslandes, Rahil Bhimjiani, Rene Hollander, Richard Huang,
3718 Richard Phibel, Rudi Heitbaum, Sam James, Sarah Brofeldt,
3719 Sean Anderson, Sebastian Scheibner, Shreenidhi Shedi,
3720 Sonali Srivastava, Steve Ramage, Suraj Krishnan, Swapnil Devesh,
3721 Takashi Sakamoto, Ted X. Toth, Temuri Doghonadze, Thomas Blume,
3722 Thomas Haller, Thomas Hebb, Tomáš Hnyk, Tomasz Paweł Gajc,
3723 Topi Miettinen, Ulrich Ölmann, undef, Uriel Corfa,
3724 Victor Westerhuis, Vincent Dagonneau, Vishal Chillara Srinivas,
3725 Vito Caputo, Weblate, Wenchao Hao, William Roberts, williamsumendap,
3726 wineway, xiaoyang, Yuri Chornoivan, Yu Watanabe,
3727 Zbigniew Jędrzejewski-Szmek, Zhaofeng Li, наб
23992ce1 3728
e8dc5276 3729 – The Great Beyond, 2022-10-31 👻
e49d111b 3730
73849408 3731CHANGES WITH 251:
00b29ca1
ZJS		 3732
3733 Backwards-incompatible changes:
3734
61ade257 3735 * The minimum kernel version required has been bumped from 3.13 to 4.15,
b586cbde
LB		 3736 and CLOCK_BOOTTIME is now assumed to always exist.
3737
7503fbd4 3738 * C11 with GNU extensions (aka "gnu11") is now used to build our
8c70e802 3739 components. Public API headers are still restricted to ISO C89.
7503fbd4 3740
00b29ca1
ZJS		 3741 * In v250, a systemd-networkd feature that automatically configures
3742 routes to addresses specified in AllowedIPs= was added and enabled by
3743 default. However, this causes network connectivity issues in many
3744 existing setups. Hence, it has been disabled by default since
3745 systemd-stable 250.3. The feature can still be used by explicitly
3746 configuring RouteTable= setting in .netdev files.
1d2842d1 3747
169bb1de
LB		 3748 * Jobs started via StartUnitWithFlags() will no longer return 'skipped'
3749 when a Condition*= check does not succeed, restoring the JobRemoved
3750 signal to the behaviour it had before v250.
3751
e1f0c136
LP		 3752 * The org.freedesktop.portable1 methods GetMetadataWithExtensions() and
3753 GetImageMetadataWithExtensions() have been fixed to provide an extra
00b29ca1
ZJS		 3754 return parameter, containing the actual extension release metadata.
3755 The current implementation was judged to be broken and unusable, and
3756 thus the usual procedure of adding a new set of methods was skipped,
3757 and backward compatibility broken instead on the assumption that
3758 nobody can be affected given the current state of this interface.
ce3ca32c 3759
65df0ce3
ZJS		 3760 * All kernels supported by systemd mix bytes returned by RDRAND (or
3761 similar) into the entropy pool at early boot. This means that on
3762 those systems, even if /dev/urandom is not yet initialized, it still
3763 returns bytes that are of at least RDRAND quality. For that reason,
3764 we no longer have reason to invoke RDRAND from systemd itself, which
3765 has historically been a source of bugs. Furthermore, kernels ≥5.6
3766 provide the getrandom(GRND_INSECURE) interface for returning random
3767 bytes before the entropy pool is initialized without warning into
3768 kmsg, which is what we attempt to use if available. systemd's direct
3769 usage of RDRAND has been removed. x86 systems ≥Broadwell that are
3770 running an older kernel may experience kmsg warnings that were not
3771 seen with 250. For newer kernels, non-x86 systems, or older x86
3772 systems, there should be no visible changes.
00b29ca1 3773
7eff3e2c
ZJS		 3774 * sd-boot will now measure the kernel command line into TPM PCR 12
3775 rather than PCR 8. This improves usefulness of the measurements on
60f53dd5 3776 systems where sd-boot is chainloaded from Grub. Grub measures all
7eff3e2c
ZJS		 3777 commands its executes into PCR 8, which makes it very hard to use
3778 reasonably, hence separate ourselves from that and use PCR 12
00b29ca1 3779 instead, which is what certain Ubuntu editions already do. To retain
0f6f9dc6 3780 compatibility with systems running older systemd systems a new meson
00b29ca1 3781 option 'efi-tpm-pcr-compat' has been added (which defaults to false).
7eff3e2c
ZJS		 3782 If enabled, the measurement is done twice: into the new-style PCR 12
3783 *and* the old-style PCR 8. It's strongly advised to migrate all users
3784 to PCR 12 for this purpose in the long run, as we intend to remove
ec5e113f 3785 this compatibility feature in two years' time.
00b29ca1
ZJS		 3786
3787 * busctl capture now writes output in the newer pcapng format instead
3788 of pcap.
3789
65df0ce3
ZJS		 3790 * A udev rule that imported hwdb matches for USB devices with lowercase
3791 hexadecimal vendor/product ID digits was added in systemd 250. This
3792 has been reverted, since uppercase hexadecimal digits are supposed to
3793 be used, and we already had a rule with the appropriate match.
00b29ca1
ZJS		 3794
3795 Users might need to adjust their local hwdb entries.
3796
e1f0c136
LP		 3797 * arch_prctl(2) has been moved to the @default set in the syscall filters
3798 (as exposed via the SystemCallFilter= setting in service unit files).
00b29ca1
ZJS		 3799 It is apparently used by the linker now.
3800
eb1446f8
DDM		 3801 * The tmpfiles entries that create the /run/systemd/netif directory and
3802 its subdirectories were moved from tmpfiles.d/systemd.conf to
3803 tmpfiles.d/systemd-network.conf.
3804
3805 Users might need to adjust their files that override tmpfiles.d/systemd.conf
3806 to account for this change.
3807
7f2ec323
LB		 3808 * The requirement for Portable Services images to contain a well-formed
3809 os-release file (i.e.: contain at least an ID field) is now enforced.
3810 This applies to base images and extensions, and also to systemd-sysext.
3811
942473dc 3812 Changes in the Boot Loader Specification, kernel-install and sd-boot:
00b29ca1 3813
5e9c57d2
LP		 3814 * kernel-install's and bootctl's Boot Loader Specification Type #1
3815 entry generation logic has been reworked. The user may now pick
3816 explicitly by which "token" string to name the installation's boot
00b29ca1 3817 entries, via the new /etc/kernel/entry-token file or the new
5e9c57d2
LP		 3818 --entry-token= switch to bootctl. By default — as before — the
3819 entries are named after the local machine ID. However, in "golden
3820 image" environments, where the machine ID shall be initialized on
3821 first boot (as opposed to at installation time before first boot) the
e1f0c136 3822 machine ID will not be available at build time. In this case the
00b29ca1
ZJS		 3823 --entry-token= switch to bootctl (or the /etc/kernel/entry-token
3824 file) may be used to override the "token" for the entries, for
3825 example the IMAGE_ID= or ID= fields from /etc/os-release. This will
3826 make the OS images independent of any machine ID, and ensure that the
3827 images will not carry any identifiable information before first boot,
3828 but on the other hand means that multiple parallel installations of
3829 the very same image on the same disk cannot be supported.
5e9c57d2 3830
00b29ca1
ZJS		 3831 Summary: if you are building golden images that shall acquire
3832 identity information exclusively on first boot, make sure to both
3833 remove /etc/machine-id *and* to write /etc/kernel/entry-token to the
e1f0c136 3834 value of the IMAGE_ID= or ID= field of /etc/os-release or another
00b29ca1 3835 suitable identifier before deploying the image.
deb5c820 3836
00b29ca1 3837 * The Boot Loader Specification has been extended with
e1f0c136
LP		 3838 /loader/entries.srel file located in the EFI System Partition (ESP)
3839 that disambiguates the format of the entries in the /loader/entries/
3840 directory (in order to discern them from incompatible uses of this
3841 directory by other projects). For entries that follow the
3842 Specification, the string "type1" is stored in this file.
3fbd5f20 3843
e1f0c136
LP		 3844 bootctl will now write this file automatically when installing the
3845 systemd-boot boot loader.
00b29ca1
ZJS		 3846
3847 * kernel-install supports a new initrd_generator= setting in
3848 /etc/kernel/install.conf, that is exported as
3849 $KERNEL_INSTALL_INITRD_GENERATOR to kernel-install plugins. This
e1f0c136 3850 allows choosing different initrd generators.
00b29ca1
ZJS		 3851
3852 * kernel-install will now create a "staging area" (an initially-empty
3853 directory to gather files for a Boot Loader Specification Type #1
3854 entry). The path to this directory is exported as
3855 $KERNEL_INSTALL_STAGING_AREA to kernel-install plugins, which should
3856 drop files there instead of writing them directly to the final
3857 location. kernel-install will move them when all files have been
3858 prepared successfully.
429cddba 3859
0c6e746b
YW		 3860 * New option sort-key= has been added to the Boot Loader Specification
3861 to override the sorting order of the entries in the boot menu. It is
3862 read by sd-boot and bootctl, and will be written by kernel-install,
3863 with the default value of IMAGE_ID= or ID= fields from
3864 os-release. Together, this means that on multiboot installations,
3865 entries should be grouped and sorted in a predictable way.
3866
942473dc
ZJS		 3867 * The sort order of boot entries has been updated: entries which have
3868 the new field sort-key= are sorted by it first, and all entries
3869 without it are ordered later. After that, entries are sorted by
3870 version so that newest entries are towards the beginning of the list.
3871
0c6e746b
YW		 3872 * The kernel-install tool gained a new 'inspect' verb which shows the
3873 paths and other settings used.
3874
3875 * sd-boot can now optionally beep when the menu is shown and menu
3876 entries are selected, which can be useful on machines without a
3877 working display. (Controllable via a loader.conf setting.)
3878
3879 * The --make-machine-id-directory= switch to bootctl has been replaced
3880 by --make-entry-directory=, given that the entry directory is not
3881 necessarily named after the machine ID, but after some other suitable
3882 ID as selected via --entry-token= described above. The old name of
3883 the option is still understood to maximize compatibility.
3884
3885 * 'bootctl list' gained support for a new --json= switch to output boot
3886 menu entries in JSON format.
3887
211b564a
ZJS		 3888 * 'bootctl is-installed' now supports the --graceful, and various verbs
3889 omit output with the new option --quiet.
3890
942473dc 3891 Changes in systemd-homed:
0c6e746b 3892
dfdaf9f2
LP		 3893 * Starting with v250 systemd-homed uses UID/GID mapping on the mounts
3894 of activated home directories it manages (if the kernel and selected
3895 file systems support it). So far it mapped three UID ranges: the
3896 range from 0…60000, the user's own UID, and the range 60514…65534,
da890466 3897 leaving everything else unmapped (in other words, the 16-bit UID range
dfdaf9f2 3898 is mapped almost fully, with the exception of the UID subrange used
00b29ca1
ZJS		 3899 for systemd-homed users, with one exception: the user's own UID).
3900 Unmapped UIDs may not be used for file ownership in the home
5cf84d25 3901 directory — any chown() attempts with them will fail. With this
dfdaf9f2
LP		 3902 release a fourth range is added to these mappings:
3903 524288…1879048191. This range is the UID range intended for container
3904 uses, see:
3905
3906 https://systemd.io/UIDS-GIDS
3907
3908 This range may be used for container managers that place container OS
3909 trees in the home directory (which is a questionable approach, for
3910 quota, permission, SUID handling and network file system
3911 compatibility reasons, but nonetheless apparently commonplace). Note
3912 that this mapping is mapped 1:1 in a pass-through fashion, i.e. the
3913 UID assignments from the range are not managed or mapped by
3914 `systemd-homed`, and must be managed with other mechanisms, in the
3915 context of the local system.
3916
3917 Typically, a better approach to user namespacing in relevant
3918 container managers would be to leave container OS trees on disk at
3919 UID offset 0, but then map them to a dynamically allocated runtime
3920 UID range via another UID mount map at container invocation
3921 time. That way user namespace UID ranges become strictly a runtime
3922 concept, and do not leak into persistent file systems, persistent
3923 user databases or persistent configuration, thus greatly simplifying
3924 handling, and improving compatibility with home directories intended
3925 to be portable like the ones managed by systemd-homed.
7e7a9f9c 3926
942473dc 3927 Changes in shared libraries:
00b29ca1
ZJS		 3928
3929 * A new libsystemd-core-<version>.so private shared library is
3930 installed under /usr/lib/systemd/system, mirroring the existing
3931 libsystemd-shared-<version>.so library. This allows the total
e1f0c136 3932 installation size to be reduced by binary code reuse.
00b29ca1 3933
e1f0c136 3934 * The <version> tag used in the name of libsystemd-shared.so and
0f6f9dc6
ZJS		 3935 libsystemd-core.so can be configured via the meson option
3936 'shared-lib-tag'. Distributions may build subsequent versions of the
3937 systemd package with unique tags (e.g. the full package version),
3938 thus allowing multiple installations of those shared libraries to be
3939 available at the same time. This is intended to fix an issue where
3940 programs that link to those libraries would fail to execute because
3941 they were installed earlier or later than the appropriate version of
3942 the library.
00b29ca1 3943
0c6e746b
YW		 3944 * The sd-id128 API gained a new call sd_id128_to_uuid_string() that is
3945 similar to sd_id128_to_string() but formats the ID in RFC 4122 UUID
ec5e113f 3946 format instead of as a simple series of hex characters.
0c6e746b 3947
61ade257
LP		 3948 * The sd-device API gained two new calls sd_device_new_from_devname()
3949 and sd_device_new_from_path() which permit allocating an sd_device
3950 object from a device node name or file system path.
3951
3952 * sd-device also gained a new call sd_device_open() which will open the
3953 device node associated with a device for which an sd_device object
3954 has been allocated. The call is supposed to address races around
3955 device nodes being removed/recycled due to hotplug events, or media
3956 change events: the call checks internally whether the major/minor of
3957 the device node and the "diskseq" (in case of block devices) match
3958 with the metadata loaded in the sd_device object, thus ensuring that
3959 the device once opened really matches the provided sd_device object.
3960
942473dc 3961 Changes in PID1, systemctl, and systemd-oomd:
0c6e746b 3962
a8c122c4
LB		 3963 * A new set of service monitor environment variables will be passed to
3964 OnFailure=/OnSuccess= handlers, but only if exactly one unit lists the
3965 handler unit as OnFailure=/OnSuccess=. The variables are:
3966 $MONITOR_SERVICE_RESULT, $MONITOR_EXIT_CODE, $MONITOR_EXIT_STATUS,
3967 $MONITOR_INVOCATION_ID and $MONITOR_UNIT. For cases when a single
3968 handler needs to watch multiple units, use a templated handler.
3969
e1f0c136
LP		 3970 * A new ExtensionDirectories= setting in service unit files allows
3971 system extensions to be loaded from a directory. (It is similar to
3972 ExtensionImages=, but takes paths to directories, instead of
3973 disk image files.)
00b29ca1 3974
e1f0c136 3975 'portablectl attach --extension=' now also accepts directory paths.
00b29ca1 3976
e1f0c136
LP		 3977 * The user.delegate and user.invocation_id extended attributes on
3978 cgroups are used in addition to trusted.delegate and
3979 trusted.invocation_id. The latter pair requires privileges to set,
3980 but the former doesn't and can be also set by the unprivileged user
3981 manager.
00b29ca1
ZJS		 3982
3983 (Only supported on kernels ≥5.6.)
3984
942473dc
ZJS		 3985 * Units that were killed by systemd-oomd will now have a service result
3986 of 'oom-kill'. The number of times a service was killed is tallied
3987 in the 'user.oomd_ooms' extended attribute.
3988
3989 The OOMPolicy= unit file setting is now also honoured by
3990 systemd-oomd.
3991
e1f0c136
LP		 3992 * In unit files the new %y/%Y specifiers can be used to refer to
3993 normalized unit file path, which is particularly useful for symlinked
3994 unit files.
00b29ca1 3995
d0aba07f 3996 The new %q specifier resolves to the pretty hostname
e1f0c136 3997 (i.e. PRETTY_HOSTNAME= from /etc/machine-info).
00b29ca1 3998
e1f0c136
LP		 3999 The new %d specifier resolves to the credentials directory of a
4000 service (same as $CREDENTIALS_DIRECTORY).
00b29ca1 4001
f72f8021
LB		 4002 * The RootDirectory=, MountAPIVFS=, ExtensionDirectories=,
4003 *Capabilities*=, ProtectHome=, *Directory=, TemporaryFileSystem=,
4004 PrivateTmp=, PrivateDevices=, PrivateNetwork=, NetworkNamespacePath=,
4005 PrivateIPC=, IPCNamespacePath=, PrivateUsers=, ProtectClock=,
4006 ProtectKernelTunables=, ProtectKernelModules=, ProtectKernelLogs=,
4007 MountFlags= service settings now also work in unprivileged user
4008 services, i.e. those run by the user's --user service manager, as long
4009 as user namespaces are enabled on the system.
60a777b5 4010
e1f0c136
LP		 4011 * Services with Restart=always and a failing ExecCondition= will no
4012 longer be restarted, to bring ExecCondition= behaviour in line with
4013 Condition*= settings.
00b29ca1
ZJS		 4014
4015 * LoadCredential= now accepts a directory as the argument; all files
e1f0c136 4016 from the directory will be loaded as credentials.
00b29ca1 4017
60a777b5
LP		 4018 * A new D-Bus property ControlGroupId is now exposed on service units,
4019 that encapsulates the service's numeric cgroup ID that newer kernels
d6297626 4020 assign to each cgroup.
60a777b5 4021
0c6e746b
YW		 4022 * PID 1 gained support for configuring the "pre-timeout" of watchdog
4023 devices and the associated governor, via the new
4024 RuntimeWatchdogPreSec= and RuntimeWatchdogPreGovernor= configuration
4025 options in /etc/systemd/system.conf.
00b29ca1 4026
0c6e746b
YW		 4027 * systemctl's --timestamp= option gained a new choice "unix", to show
4028 timestamp as unix times, i.e. seconds since 1970, Jan 1st.
4029
61ade257
LP		 4030 * A new "taint" flag named "old-kernel" is introduced which is set when
4031 the kernel systemd runs on is older then the current baseline version
4032 (see above). The flag is shown in "systemctl status" output.
4033
4034 * Two additional taint flags "short-uid-range" and "short-gid-range"
4035 have been added as well, which are set when systemd notices it is run
4036 within a userns namespace that does not define the full 0…65535 UID
4037 range
4038
4039 * A new "unmerged-usr" taint flag has been added that is set whenever
4040 running on systems where /bin/ + /sbin/ are *not* symlinks to their
ec5e113f
PL		 4041 counterparts in /usr/, i.e. on systems where the /usr/-merge has not
4042 been completed.
61ade257
LP		 4043
4044 * Generators invoked by PID 1 will now have a couple of useful
4045 environment variables set describing the execution context a
4046 bit. $SYSTEMD_SCOPE encodes whether the generator is called from the
4047 system service manager, or from the per-user service
4048 manager. $SYSTEMD_IN_INITRD encodes whether the generator is invoked
4049 in initrd context or on the host. $SYSTEMD_FIRST_BOOT encodes whether
4050 systemd considers the current boot to be a "first"
4051 boot. $SYSTEMD_VIRTUALIZATION encode whether virtualization is
4052 detected and which type of hypervisor/container
4053 manager. $SYSTEMD_ARCHITECTURE indicates which architecture the
4054 kernel is built for.
4055
be1e6592
LP		 4056 * PID 1 will now automatically pick up system credentials from qemu's
4057 fw_cfg interface, thus allowing passing arbitrary data into VM
4058 systems similar to how this is already supported for passing them
4059 into `systemd-nspawn` containers. Credentials may now also be passed
4060 in via the new kernel command line option `systemd.set_credential=`
4061 (note that kernel command line options are world-readable during
4062 runtime, and only useful for credentials that require no
4063 confidentiality). The credentials that can be passed to unified
4064 kernels that use the `systemd-stub` UEFI stub are now similarly
4065 picked up automatically. Automatic importing of system credentials
4066 this way can be turned off via the new
4067 `systemd.import_credentials=no` kernel command line option.
4068
50db8d97
ZJS		 4069 * LoadCredential= will now automatically look for credentials in the
4070 /etc/credstore/, /run/credstore/, /usr/lib/credstore/ directories if
4071 the argument is not an absolute path. Similarly,
4072 LoadCredentialEncrypted= will check the same directories plus
be1e6592 4073 /etc/credstore.encrypted/, /run/credstore.encrypted/ and
50db8d97
ZJS		 4074 /usr/lib/credstore.encrypted/. The idea is to use those directories
4075 as the system-wide location for credentials that services should pick
4076 up automatically.
be1e6592
LP		 4077
4078 * System and service credentials are described in great detail in a new
4079 document:
4080
4081 https://systemd.io/CREDENTIALS
4082
942473dc 4083 Changes in systemd-journald:
0c6e746b
YW		 4084
4085 * The journal JSON export format has been added to listed of stable
4086 interfaces (https://systemd.io/PORTABILITY_AND_STABILITY/).
4087
4088 * journalctl --list-boots now supports JSON output and the --reverse option.
4089
4090 * Under docs/: JOURNAL_EXPORT_FORMATS was imported from the wiki and
4091 updated, BUILDING_IMAGES is new:
4092
4093 https://systemd.io/JOURNAL_EXPORT_FORMATS
4094 https://systemd.io/BUILDING_IMAGES
4095
942473dc 4096 Changes in udev:
0c6e746b
YW		 4097
4098 * Two new hwdb files have been added. One lists "handhelds" (PDAs,
4099 calculators, etc.), the other AV production devices (DJ tables,
4100 keypads, etc.) that should accessible to the seat owner user by
4101 default.
4102
4103 * udevadm trigger gained a new --prioritized-subsystem= option to
4104 process certain subsystems (and all their parent devices) earlier.
4105
4106 systemd-udev-trigger.service now uses this new option to trigger
4107 block and TPM devices first, hopefully making the boot a bit faster.
4108
4109 * udevadm trigger now implements --type=all, --initialized-match,
4110 --initialized-nomatch to trigger both subsystems and devices, only
4111 already-initialized devices, and only devices which haven't been
4112 initialized yet, respectively.
4113
61ade257
LP		 4114 * udevadm gained a new "wait" command for safely waiting for a specific
4115 device to show up in the udev device database. This is useful in
4116 scripts that asynchronously allocate a block device (e.g. through
4117 repartitioning, or allocating a loopback device or similar) and need
4118 to synchronize on the creation to complete.
4119
4120 * udevadm gained a new "lock" command for locking one or more block
4121 devices while formatting it or writing a partition table to it. It is
4122 an implementation of https://systemd.io/BLOCK_DEVICE_LOCKING and
4123 usable in scripts dealing with block devices.
4124
4125 * udevadm info will show a couple of additional device fields in its
4126 output, and will not apply a limited set of coloring to line types.
4127
4128 * udevadm info --tree will now show a tree of objects (i.e. devices and
4129 suchlike) in the /sys/ hierarchy.
4130
4131 * Block devices will now get a new set of device symlinks in
4132 /dev/disk/by-diskseq/<nr>, which may be used to reference block
4133 device nodes via the kernel's "diskseq" value. Note that this does
4134 not guarantee that opening a device by a symlink like this will
4135 guarantee that the opened device actually matches the specified
4136 diskseq value. To be safe against races, the actual diskseq value of
4137 the opened device (BLKGETDISKSEQ ioctl()) must still be compred with
4138 the one in the symlink path.
4139
0c6e746b 4140 * .link files gained support for setting MDI/MID-X on a link.
60a777b5 4141
00b29ca1
ZJS		 4142 * .link files gained support for [Match] Firmware= setting to match on
4143 the device firmware description string. By mistake, it was previously
4144 only supported in .network files.
4145
0c6e746b
YW		 4146 * .link files gained support for [Link] SR-IOVVirtualFunctions= setting
4147 and [SR-IOV] section to configure SR-IOV virtual functions.
4148
942473dc 4149 Changes in systemd-networkd:
0c6e746b
YW		 4150
4151 * The default scope for unicast routes configured through [Route]
4152 section is changed to "link", to make the behavior consistent with
4153 "ip route" command. The manual configuration of [Route] Scope= is
4154 still honored.
4155
4156 * A new unit systemd-networkd-wait-online@<interface>.service has been
4157 added that can be used to wait for a specific network interface to be
4158 up.
4159
4160 * systemd-networkd gained a new [Bridge] Isolated=true|false setting
4161 that configures the eponymous kernel attribute on the bridge.
4162
4163 * .netdev files now can be used to create virtual WLAN devices, and
4164 configure various settings on them, via the [WLAN] section.
4165
00b29ca1
ZJS		 4166 * .link/.network files gained support for [Match] Kind= setting to match
4167 on device kind ("bond", "bridge", "gre", "tun", "veth", etc.)
4168
4169 This value is also shown by 'networkctl status'.
4170
0c6e746b
YW		 4171 * The Local= setting in .netdev files for various virtual network
4172 devices gained support for specifying, in addition to the network
4173 address, the name of a local interface which must have the specified
4174 address.
60a777b5 4175
0c6e746b
YW		 4176 * systemd-networkd gained a new [Tunnel] External= setting in .netdev
4177 files, to configure tunnels in external mode (a.k.a. collect metadata
4178 mode).
4179
4180 * [Network] L2TP= setting was removed. Please use interface specifier in
4181 Local= setting in .netdev files of corresponding L2TP interface.
00b29ca1
ZJS		 4182
4183 * New [DHCPServer] BootServerName=, BootServerAddress=, and
4184 BootFilename= settings can be used to configure the server address,
4185 server name, and file name sent in the DHCP packet (e.g. to configure
4186 PXE boot).
4187
942473dc 4188 Changes in systemd-resolved:
00b29ca1 4189
0c6e746b
YW		 4190 * systemd-resolved is started earlier (in sysinit.target), so it
4191 available earlier and will also be started in the initrd if installed
4192 there.
e1f0c136 4193
942473dc 4194 Changes in disk encryption:
00b29ca1 4195
0c6e746b
YW		 4196 * systemd-cryptenroll can now control whether to require the user to
4197 enter a PIN when using TPM-based unlocking of a volume via the new
4198 --tpm2-with-pin= option.
60a777b5 4199
0c6e746b 4200 Option tpm2-pin= can be used in /etc/crypttab.
60a777b5 4201
0c6e746b
YW		 4202 * When unlocking devices via TPM, TPM2 parameter encryption is now
4203 used, to ensure that communication between CPU and discrete TPM chips
4204 cannot be eavesdropped to acquire disk encryption keys.
60a777b5 4205
61ade257
LP		 4206 * A new switch --fido2-credential-algorithm= has been added to
4207 systemd-cryptenroll allowing selection of the credential algorithm to
4208 use when binding encryption to FIDO2 tokens.
4209
942473dc 4210 Changes in systemd-hostnamed:
60a777b5 4211
0c6e746b
YW		 4212 * HARDWARE_VENDOR= and HARDWARE_MODEL= can be set in /etc/machine-info
4213 to override the values gleaned from the hwdb.
4214
4215 * A ID_CHASSIS property can be set in the hwdb (for the DMI device
4216 /sys/class/dmi/id) to override the chassis that is reported by
4217 hostnamed.
4218
4219 * hostnamed's D-Bus interface gained a new method GetHardwareSerial()
61ade257
LP		 4220 for reading the hardware serial number, as reportd by DMI. It also
4221 exposes a new method D-Bus property FirmwareVersion that encode the
4222 firmware version of the system.
0c6e746b 4223
942473dc 4224 Changes in other components:
0c6e746b
YW		 4225
4226 * /etc/locale.conf is now populated through tmpfiles.d factory /etc/
4227 handling with the values that were configured during systemd build
4228 (if /etc/locale.conf has not been created through some other
4229 mechanism). This means that /etc/locale.conf should always have
4230 reasonable contents and we avoid a potential mismatch in defaults.
4231
4232 * The userdbctl tool will now show UID range information as part of the
4233 list of known users.
60a777b5 4234
942473dc
ZJS		 4235 * A new build-time configuration setting default-user-shell= can be
4236 used to set the default shell for user records and nspawn shell
30fd9a2d 4237 invocations (instead of the default /bin/bash).
942473dc 4238
61ade257
LP		 4239 * systemd-timesyncd now provides a D-Bus API for receiving NTP server
4240 information dynamically at runtime via IPC.
4241
4242 * The systemd-creds tool gained a new "has-tpm2" verb, which reports
4243 whether a functioning TPM2 infrastructure is available, i.e. if
4244 firmware, kernel driver and systemd all have TPM2 support enabled and
4245 a device found.
4246
4247 * The systemd-creds tool gained support for generating encrypted
4248 credentials that are using an empty encryption key. While this
4249 provides no integrity nor confidentiality it's useful to implement
4250 codeflows that work the same on TPM-ful and TPM2-less systems. The
4251 service manager will only accept credentials "encrypted" that way if
4252 a TPM2 device cannot be detected, to ensure that credentials
4253 "encrypted" like that cannot be used to trick TPM2 systems.
4254
211b564a
ZJS		 4255 * When deciding whether to colorize output, all systemd programs now
4256 also check $COLORTERM (in addition to $NO_COLOR, $SYSTEMD_COLORS, and
4257 $TERM).
4258
7f2ec323
LB		 4259 * Meson's new install_tag feature is now in use for several components,
4260 allowing to build and install select binaries only: pam, nss, devel
4261 (pkg-config files), systemd-boot, libsystemd, libudev. Example:
4262 $ meson build systemd-boot
4263 $ meson install --tags systemd-boot --no-rebuild
4264 https://mesonbuild.com/Installing.html#installation-tags
4265
4266 * A new build configuration option has been added, to allow selecting the
4267 default compression algorithm used by systemd-journald and systemd-coredump.
4268 This allows to build-in support for decompressing all supported formats,
4269 but choose a specific one for compression. E.g.:
4270 $ meson -Ddefault-compression=xz
4271
00b29ca1
ZJS		 4272 Experimental features:
4273
4274 * sd-boot gained a new *experimental* setting "reboot-for-bitlocker" in
4275 loader.conf that implements booting Microsoft Windows from the
4276 sd-boot in a way that first reboots the system, to reset the TPM
4277 PCRs. This improves compatibility with BitLocker's TPM use, as the
4278 PCRs will only record the Windows boot process, and not sd-boot
4279 itself, thus retaining the PCR measurements not involving sd-boot.
4280 Note that this feature is experimental for now, and is likely going
4281 to be generalized and renamed in a future release, without retaining
4282 compatibility with the current implementation.
4283
4284 * A new systemd-sysupdate component has been added that automatically
4285 discovers, downloads, and installs A/B-style updates for the host
4286 installation itself, or container images, portable service images,
4287 and other assets. See the new systemd-sysupdate man page for updates.
ffa047a0 4288
73849408 4289 Contributions from: 4piu, Adam Williamson, adrian5, Albert Brox,
0950eee5
LB		 4290 AlexCatze, Alex Henrie, Alfonso Sánchez-Beato, Alice S,
4291 Alvin Šipraga, amarjargal, Amarjargal, Andrea Pappacoda,
4292 Andreas Rammhold, Andy Chi, Anita Zhang, Antonio Alvarez Feijoo,
4293 Arfrever Frehtes Taifersar Arahesis, ash, Bastien Nocera, Be,
410b996a
LB		 4294 bearhoney, Ben Efros, Benjamin Berg, Benjamin Franzke,
4295 Brett Holman, Christian Brauner, Clyde Byrd III, Curtis Klein,
4296 Daan De Meyer, Daniele Medri, Daniel Mack, Danilo Krummrich,
4297 David, David Bond, Davide Cavalca, David Tardon, davijosw,
4298 dependabot[bot], Donald Chan, Dorian Clay, Eduard Tolosa,
4299 Elias Probst, Eli Schwartz, Erik Sjölund, Evgeny Vereshchagin,
4300 Federico Ceratto, Franck Bui, Frantisek Sumsal, Gaël PORTAY,
4301 Georges Basile Stavracas Neto, Gibeom Gwon, Goffredo Baroncelli,
4302 Grigori Goronzy, Hans de Goede, Heiko Becker, Hugo Carvalho,
4303 Jakob Lell, James Hilliard, Jan Janssen, Jason A. Donenfeld,
4304 Joan Bruguera, Joerie de Gram, Josh Triplett, Julia Kartseva,
4305 Kazuo Moriwaka, Khem Raj, ksa678491784, Lance, Lan Tian,
4306 Laura Barcziova, Lennart Poettering, Leviticoh, licunlong,
4307 Lidong Zhong, lincoln auster, Lubomir Rintel, Luca Boccassi,
4308 Luca BRUNO, lucagoc, Ludwig Nussel, Marcel Hellwig, march1993,
4309 Marco Scardovi, Mario Limonciello, Mariusz Tkaczyk,
4310 Markus Weippert, Martin, Martin Liska, Martin Wilck, Matija Skala,
0950eee5
LB		 4311 Matthew Blythe, Matthias Lisin, Matthijs van Duin, Matt Walton,
4312 Max Gautier, Michael Biebl, Michael Olbrich, Michal Koutný,
4313 Michal Sekletár, Mike Gilbert, MkfsSion, Morten Linderud,
410b996a
LB		 4314 Nick Rosbrook, Nikolai Grigoriev, Nikolai Kostrigin,
4315 Nishal Kulkarni, Noel Kuntze, Pablo Ceballos, Peter Hutterer,
4316 Peter Morrow, Pigmy-penguin, Piotr Drąg, prumian, Richard Neill,
211b564a
ZJS		 4317 Rike-Benjamin Schuppner, rodin-ia, Romain Naour, Ruben Kerkhof,
4318 Ryan Hendrickson, Santa Wiryaman, Sebastian Pucilowski, Seth Falco,
0950eee5
LB		 4319 Simon Ellmann, Sonali Srivastava, Stefan Seering,
4320 Stephen Hemminger, tawefogo, techtino, Temuri Doghonadze,
4321 Thomas Batten, Thomas Haller, Thomas Weißschuh, Tobias Stoeckmann,
410b996a
LB		 4322 Tomasz Pala, Tyson Whitehead, Vishal Chillara Srinivas,
4323 Vivien Didelot, w30023233, wangyuhang, Weblate, Xiaotian Wu,
4324 yangmingtai, YmrDtnJu, Yonathan Randolph, Yutsuten, Yu Watanabe,
73849408
ZJS		 4325 Zbigniew Jędrzejewski-Szmek, наб
4326
7f2ec323 4327 — Edinburgh, 2022-05-21
bbfabc44 4328
a420d717 4329CHANGES WITH 250:
195d181c 4330
dcdc652f
ZJS		 4331 * Support for encrypted and authenticated credentials has been added.
4332 This extends the credential logic introduced with v247 to support
4333 non-interactive symmetric encryption and authentication, based on a
4334 key that is stored on the /var/ file system or in the TPM2 chip (if
4335 available), or the combination of both (by default if a TPM2 chip
4336 exists the combination is used, otherwise the /var/ key only). The
4337 credentials are automatically decrypted at the moment a service is
4338 started, and are made accessible to the service itself in unencrypted
4339 form. A new tool 'systemd-creds' encrypts credentials for this
4340 purpose, and two new service file settings LoadCredentialEncrypted=
4341 and SetCredentialEncrypted= configure such credentials.
4342
4343 This feature is useful to store sensitive material such as SSL
4344 certificates, passwords and similar securely at rest and only decrypt
4345 them when needed, and in a way that is tied to the local OS
4346 installation or hardware.
195d181c
LP		 4347
4348 * systemd-gpt-auto-generator can now automatically set up discoverable
4349 LUKS2 encrypted swap partitions.
4350
dcdc652f
ZJS		 4351 * The GPT Discoverable Partitions Specification has been substantially
4352 extended with support for root and /usr/ partitions for the majority
4353 of architectures systemd supports. This includes platforms that do
4354 not natively support UEFI, because even though GPT is specified under
4355 UEFI umbrella, it is useful on other systems too. Specifically,
195d181c 4356 systemd-nspawn, systemd-sysext, systemd-gpt-auto-generator and
dcdc652f
ZJS		 4357 Portable Services use the concept without requiring UEFI.
4358
4359 * The GPT Discoverable Partitions Specifications has been extended with
4360 a new set of partitions that may carry PKCS#7 signatures for Verity
4361 partitions, encoded in a simple JSON format. This implements a simple
4362 mechanism for building disk images that are fully authenticated and
4363 can be tested against a set of cryptographic certificates. This is
4364 now implemented for the various systemd tools that can operate with
4365 disk images, such as systemd-nspawn, systemd-sysext, systemd-dissect,
4366 Portable services/RootImage=, systemd-tmpfiles, and systemd-sysusers.
4367 The PKCS#7 signatures are passed to the kernel (where they are
195d181c
LP		 4368 checked against certificates from the kernel keyring), or can be
4369 verified against certificates provided in userspace (via a simple
4370 drop-in file mechanism).
4371
4372 * systemd-dissect's inspection logic will now report for which uses a
4373 disk image is intended. Specifically, it will display whether an
4374 image is suitable for booting on UEFI or in a container (using
4375 systemd-nspawn's --image= switch), whether it can be used as portable
4376 service, or attached as system extension.
4377
4378 * The system-extension.d/ drop-in files now support a new field
4379 SYSEXT_SCOPE= that may encode which purpose a system extension image
4380 is for: one of "initrd", "system" or "portable". This is useful to
4381 make images more self-descriptive, and to ensure system extensions
4382 cannot be attached in the wrong contexts.
4383
4384 * The os-release file learnt a new PORTABLE_PREFIXES= field which may
4385 be used in portable service images to indicate which unit prefixes
4386 are supported.
4387
4388 * The GPT image dissection logic in systemd-nspawn/systemd-dissect/…
4389 now is able to decode images for non-native architectures as well.
dcdc652f
ZJS		 4390 This allows systemd-nspawn to boot images of non-native architectures
4391 if the corresponding user mode emulator is installed and
4392 systemd-binfmtd is running.
195d181c 4393
dcdc652f 4394 * systemd-logind gained new settings HandlePowerKeyLongPress=,
195d181c
LP		 4395 HandleRebootKeyLongPress=, HandleSuspendKeyLongPress= and
4396 HandleHibernateKeyLongPress= which may be used to configure actions
4397 when the relevant keys are pressed for more than 5s. This is useful
4398 on devices that only have hardware for a subset of these keys. By
4399 default, if the reboot key is pressed long the poweroff operation is
4400 now triggered, and when the suspend key is pressed long the hibernate
4401 operation is triggered. Long pressing the other two keys currently
4402 does not trigger any operation by default.
4403
4404 * When showing unit status updates on the console during boot and
368910b1 4405 shutdown, and a service is slow to start so that the cylon animation
195d181c
LP		 4406 is shown, the most recent sd_notify() STATUS= text is now shown as
4407 well. Services may use this to make the boot/shutdown output easier
4408 to understand, and to indicate what precisely a service that is slow
dcdc652f 4409 to start or stop is waiting for. In particular, the per-user service
195d181c
LP		 4410 manager instance now reports what it is doing and which service it is
4411 waiting for this way to the system service manager.
4412
4413 * The service manager will now re-execute on reception of the
4414 SIGRTMIN+25 signal. It previously already did that on SIGTERM — but
4415 only when running as PID 1. There was no signal to request this when
dcdc652f
ZJS		 4416 running as per-user service manager, i.e. as any other PID than 1.
4417 SIGRTMIN+25 works for both system and user managers.
195d181c
LP		 4418
4419 * The hardware watchdog logic in PID 1 gained support for operating
4420 with the default timeout configured in the hardware, instead of
4421 insisting on re-configuring it. Set RuntimeWatchdogSec=default to
4422 request this behavior.
4423
4424 * A new kernel command line option systemd.watchdog_sec= is now
4425 understood which may be used to override the hardware watchdog
4426 time-out for the boot.
4427
4428 * A new setting DefaultOOMScoreAdjust= is now supported in
942473dc
ZJS		 4429 /etc/systemd/system.conf and /etc/systemd/user.conf. It may be used
4430 to set the default process OOM score adjustment value for processes
4431 started by the service manager. For per-user service managers this
195d181c
LP		 4432 now defaults to 100, but for per-system service managers is left as
4433 is. This means that by default now services forked off the user
4434 service manager are more likely to be killed by the OOM killer than
4435 system services or the managers themselves.
4436
4437 * A new per-service setting RestrictFileSystems= as been added that
dcdc652f
ZJS		 4438 restricts the file systems a service has access to by their type.
4439 This is based on the new BPF LSM of the Linux kernel. It provides an
4440 effective way to make certain API file systems unavailable to
195d181c
LP		 4441 services (and thus minimizing attack surface). A new command
4442 "systemd-analyze filesystems" has been added that lists all known
4443 file system types (and how they are grouped together under useful
4444 group handles).
4445
4446 * Services now support a new setting RestrictNetworkInterfaces= for
4447 restricting access to specific network interfaces.
4448
dcdc652f 4449 * Service unit files gained new settings StartupAllowedCPUs= and
195d181c
LP		 4450 StartupAllowedMemoryNodes=. These are similar to their counterparts
4451 without the "Startup" prefix and apply during the boot process
4452 only. This is useful to improve boot-time behavior of the system and
4453 assign resources differently during boot than during regular
4454 runtime. This is similar to the preexisting StartupCPUWeight=
4455 vs. CPUWeight.
4456
4457 * Related to this: the various StartupXYZ= settings
4458 (i.e. StartupCPUWeight=, StartupAllowedCPUs=, …) are now also applied
4459 during shutdown. The settings not prefixed with "Startup" hence apply
4460 during regular runtime, and those that are prefixed like that apply
4461 during boot and shutdown.
4462
bf71ade8
LB		 4463 * A new per-unit set of conditions/asserts
4464 [Condition|Assert][Memory|CPU|IO]Pressure= have been added to make a
4465 unit skip/fail activation if the system's (or a slice's) memory/cpu/io
4466 pressure is above the configured threshold, using the kernel PSI
dcdc652f 4467 feature. For more details see systemd.unit(5) and
0e685823 4468 https://docs.kernel.org/accounting/psi.html
bf71ade8
LB		 4469
4470 * The combination of ProcSubset=pid and ProtectKernelTunables=yes and/or
4471 ProtectKernelLogs=yes can now be used.
4472
e63fa075 4473 * The default maximum numbers of inodes have been raised from 64k to 1M
bb7031bc 4474 for /dev/, and from 400k to 1M for /tmp/.
bf71ade8 4475
195d181c
LP		 4476 * The per-user service manager learnt support for communicating with
4477 systemd-oomd to acquire OOM kill information.
4478
4479 * A new service setting ExecSearchPath= has been added that allows
dcdc652f
ZJS		 4480 changing the search path for executables for services. It affects
4481 where we look for the binaries specified in ExecStart= and similar,
4482 and the specified directories are also added the $PATH environment
4483 variable passed to invoked processes.
195d181c
LP		 4484
4485 * A new setting RuntimeRandomizedExtraSec= has been added for service
4486 and scope units that allows extending the runtime time-out as
4487 configured by RuntimeMaxSec= with a randomized amount.
4488
4489 * The syntax of the service unit settings RuntimeDirectory=,
4490 StateDirectory=, CacheDirectory=, LogsDirectory= has been extended:
dcdc652f 4491 if the specified value is now suffixed with a colon, followed by
195d181c
LP		 4492 another filename, the latter will be created as symbolic link to the
4493 specified directory. This allows creating these service directories
4494 together with alias symlinks to make them available under multiple
4495 names.
4496
4497 * Service unit files gained two new settings TTYRows=/TTYColumns= for
4498 configuring rows/columns of the TTY device passed to
4499 stdin/stdout/stderr of the service. This is useful to propagate TTY
dcdc652f 4500 dimensions to a virtual machine.
195d181c 4501
dcdc652f
ZJS		 4502 * A new service unit file setting ExitType= has been added that
4503 specifies when to assume a service has exited. By default systemd
4504 only watches the main process of a service. By setting
4505 ExitType=cgroup it can be told to wait for the last process in a
4506 cgroup instead.
195d181c
LP		 4507
4508 * Automount unit files gained a new setting ExtraOptions= that can be
4509 used to configure additional mount options to pass to the kernel when
4510 mounting the autofs instance.
4511
dcdc652f
ZJS		 4512 * "Urlification" (generation of ESC sequences that generate clickable
4513 hyperlinks in modern terminals) may now be turned off altogether
4514 during build-time.
195d181c 4515
616779c3 4516 * Path units gained new TriggerLimitBurst= and TriggerLimitIntervalSec=
28be02e0
ZJS		 4517 settings that default to 200 and 2 s respectively. The ratelimit
4518 ensures that a path unit cannot cause PID1 to busy-loop when it is
4519 trying to trigger a service that is skipped because of a Condition*=
4520 not being satisfied. This matches the configuration and behaviour of
4521 socket units.
616779c3 4522
dcdc652f
ZJS		 4523 * The TPM2/FIDO2/PKCS11 support in systemd-cryptsetup is now also built
4524 as a plug-in for cryptsetup. This means the plain cryptsetup command
4525 may now be used to unlock volumes set up this way.
195d181c
LP		 4526
4527 * The TPM2 logic in cryptsetup will now automatically detect systems
dcdc652f 4528 where the TPM2 chip advertises SHA256 PCR banks but the firmware only
195d181c
LP		 4529 updates the SHA1 banks. In such a case PCR policies will be
4530 automatically bound to the latter, not the former. This makes the PCR
4531 policies reliable, but of course do not provide the same level of
4532 trust as SHA256 banks.
4533
4534 * The TPM2 logic in systemd-cryptsetup/systemd-cryptsetup now supports
4535 RSA primary keys in addition to ECC, improving compatibility with
4536 TPM2 chips that do not support ECC. RSA keys are much slower to use
4537 than ECC, and hence are only used if ECC is not available.
4538
4539 * /etc/crypttab gained support for a new token-timeout= setting for
dcdc652f
ZJS		 4540 encrypted volumes that allows configuration of the maximum time to
4541 wait for PKCS#11/FIDO2 tokens to be plugged in. If the time elapses
4542 the logic will query the user for a regular passphrase/recovery key
195d181c
LP		 4543 instead.
4544
4545 * Support for activating dm-integrity volumes at boot via a new file
dcdc652f
ZJS		 4546 /etc/integritytab and the tool systemd-integritysetup have been
4547 added. This is similar to /etc/crypttab and /etc/veritytab, but deals
4548 with dm-integrity instead of dm-crypt/dm-verity.
195d181c
LP		 4549
4550 * The systemd-veritysetup-generator now understands a new usrhash=
4551 kernel command line option for specifying the Verity root hash for
4552 the partition backing the /usr/ file system. A matching set of
4553 systemd.verity_usr_* kernel command line options has been added as
4554 well. These all work similar to the corresponding options for the
4555 root partition.
4556
4557 * The sd-device API gained a new API call sd_device_get_diskseq() to
4558 return the DISKSEQ property of a device structure. The "disk
4559 sequence" concept is a new feature recently introduced to the Linux
4560 kernel that allows detecting reuse cycles of block devices, i.e. can
4561 be used to recognize when loopback block devices are reused for a
4562 different purpose or CD-ROM drives get their media changed.
4563
4564 * A new unit systemd-boot-update.service has been added. If enabled
4565 (the default) and the sd-boot loader is detected to be installed, it
dcdc652f
ZJS		 4566 is automatically updated to the newest version when out of date. This
4567 is useful to ensure the boot loader remains up-to-date, and updates
4568 automatically propagate from the OS tree in /usr/.
195d181c 4569
bf71ade8
LB		 4570 * sd-boot will now build with SBAT by default in order to facilitate
4571 working with recent versions of Shim that require it to be present.
4572
97b6ed32
ZJS		 4573 * sd-boot can now parse Microsoft Windows' Boot Configuration Data.
4574 This is used to robustly generate boot entry titles for Windows.
4575
195d181c
LP		 4576 * A new generic target unit factory-reset.target has been added. It is
4577 hooked into systemd-logind similar in fashion to
4578 reboot/poweroff/suspend/hibernate, and is supposed to be used to
4579 initiate a factory reset operation. What precisely this operation
4580 entails is up for the implementer to decide, the primary goal of the
4581 new unit is provide a framework where to plug in the implementation
4582 and how to trigger it.
4583
4584 * A new meson build-time option 'clock-valid-range-usec-max' has been
4585 added which takes a time in µs and defaults to 15 years. If the RTC
4586 time is noticed to be more than the specified time ahead of the
4587 built-in epoch of systemd (which by default is the release timestamp
4588 of systemd) it is assumed that the RTC is not working correctly, and
4589 the RTC is reset to the epoch. (It already is reset to the epoch when
4590 noticed to be before it.) This should increase the chance that time
4591 doesn't accidentally jump too far ahead due to faulty hardware or
4592 batteries.
4593
63b7d347
YW		 4594 * A new setting SaveIntervalSec= has been added to systemd-timesyncd,
4595 which may be used to automatically save the current system time to
4596 disk in regular intervals. This is useful to maintain a roughly
4597 monotonic clock even without RTC hardware and with some robustness
4598 against abnormal system shutdown.
4599
195d181c
LP		 4600 * systemd-analyze verify gained support for a pair of new --image= +
4601 --root= switches for verifying units below a specific root
4602 directory/image instead of on the host.
4603
4604 * systemd-analyze verify gained support for verifying unit files under
4605 an explicitly specified unit name, independently of what the filename
4606 actually is.
4607
dcdc652f
ZJS		 4608 * systemd-analyze verify gained a new switch --recursive-errors= which
4609 controls whether to only fail on errors found in the specified units
4610 or recursively any dependent units.
4611
4612 * systemd-analyze security now supports a new --offline mode for
4613 analyzing unit files stored on disk instead of loaded units. It may
4614 be combined with --root=/--image to analyze unit files under a root
4615 directory or disk image. It also learnt a new --threshold= parameter
4616 for specifying an exposure level threshold: if the exposure level
4617 exceeds the specified value the call will fail. It also gained a new
4618 --security-policy= switch for configuring security policies to
4619 enforce on the units. A policy is a JSON file that lists which tests
4620 shall be weighted how much to determine the overall exposure
4621 level. Altogether these new features are useful for fully automatic
4622 analysis and enforcement of security policies on unit files.
4623
4624 * systemd-analyze security gain a new --json= switch for JSON output.
4625
4626 * systemd-analyze learnt a new --quiet switch for reducing
4627 non-essential output. It's honored by the "dot", "syscall-filter",
4628 "filesystems" commands.
4629
bb7031bc 4630 * systemd-analyze security gained a --profile= option that can be used
dcdc652f
ZJS		 4631 to take into account a portable profile when analyzing portable
4632 services, since a lot of the security-related settings are enabled
4633 through them.
4634
4635 * systemd-analyze learnt a new inspect-elf verb that parses ELF core
4636 files, binaries and executables and prints metadata information,
4637 including the build-id and other info described on:
4638 https://systemd.io/COREDUMP_PACKAGE_METADATA/
4639
c0b28d44
YW		 4640 * .network files gained a new UplinkInterface= in the [IPv6SendRA]
4641 section, for automatically propagating DNS settings from other
4642 interfaces.
bf71ade8 4643
c0b28d44
YW		 4644 * The static lease DHCP server logic in systemd-networkd may now serve
4645 IP addresses outside of the configured IP pool range for the server.
97b6ed32 4646
c0b28d44
YW		 4647 * CAN support in systemd-networkd gained four new settings Loopback=,
4648 OneShot=, PresumeAck=, ClassicDataLengthCode= for tweaking CAN
4649 control modes. It gained a number of further settings for tweaking
4650 CAN timing quanta.
bf71ade8 4651
c0b28d44
YW		 4652 * The [CAN] section in .network file gained new TimeQuantaNSec=,
4653 PropagationSegment=, PhaseBufferSegment1=, PhaseBufferSegment2=,
4654 SyncJumpWidth=, DataTimeQuantaNSec=, DataPropagationSegment=,
4655 DataPhaseBufferSegment1=, DataPhaseBufferSegment2=, and
4656 DataSyncJumpWidth= settings to control bit-timing processed by the
4657 CAN interface.
bf71ade8 4658
c0b28d44
YW		 4659 * DHCPv4 client support in systemd-networkd learnt a new Label= option
4660 for configuring the address label to apply to configure IPv4
4661 addresses.
bf71ade8 4662
c0b28d44
YW		 4663 * The [IPv6AcceptRA] section of .network files gained support for a new
4664 UseMTU= setting that may be used to control whether to apply the
4665 announced MTU settings to the local interface.
195d181c 4666
63b7d347
YW		 4667 * The [DHCPv4] section in .network file gained a new Use6RD= boolean
4668 setting to control whether the DHCPv4 client request and process the
4669 DHCP 6RD option.
4670
4671 * The [DHCPv6PrefixDelegation] section in .network file is renamed to
4672 [DHCPPrefixDelegation], as now the prefix delegation is also supported
4673 with DHCPv4 protocol by enabling the Use6RD= setting.
4674
4675 * The [DHCPPrefixDelegation] section in .network file gained a new
4676 setting UplinkInterface= to specify the upstream interface.
4677
4678 * The [DHCPv6] section in .network file gained a new setting
4679 UseDelegatedPrefix= to control whether the delegated prefixes will be
4680 propagated to the downstream interfaces.
195d181c
LP		 4681
4682 * The [IPv6AcceptRA] section of .network files now understands two new
4683 settings UseGateway=/UseRoutePrefix= for explicitly configuring
4684 whether to use the relevant fields from the IPv6 Router Advertisement
4685 records.
4686
8adba772
ZJS		 4687 * The ForceDHCPv6PDOtherInformation= setting in the [DHCPv6] section
4688 has been removed. Please use the WithoutRA= and UseDelegatedPrefix=
63b7d347
YW		 4689 settings in the [DHCPv6] section and the DHCPv6Client= setting in the
4690 [IPv6AcceptRA] section to control when the DHCPv6 client is started
4691 and how the delegated prefixes are handled by the DHCPv6 client.
4692
63b7d347
YW		 4693 * The IPv6Token= section in the [Network] section is deprecated, and
4694 the [IPv6AcceptRA] section gained the Token= setting for its
4695 replacement. The [IPv6Prefix] section also gained the Token= setting.
4696 The Token= setting gained 'eui64' mode to explicitly configure an
4697 address with the EUI64 algorithm based on the interface MAC address.
4698 The 'prefixstable' mode can now optionally take a secret key. The
4699 Token= setting in the [DHCPPrefixDelegation] section now supports all
4700 algorithms supported by the same settings in the other sections.
4701
4702 * The [RoutingPolicyRule] section of .network file gained a new
4703 SuppressInterfaceGroup= setting.
195d181c
LP		 4704
4705 * The IgnoreCarrierLoss= setting in the [Network] section of .network
dcdc652f
ZJS		 4706 files now allows a duration to be specified, controlling how long to
4707 wait before reacting to carrier loss.
195d181c 4708
dcdc652f
ZJS		 4709 * The [DHCPServer] section of .network file gained a new Router=
4710 setting to specify the router address.
11b10922 4711
c0b28d44
YW		 4712 * The [CAKE] section of .network files gained various new settings
4713 AutoRateIngress=, CompensationMode=, FlowIsolationMode=, NAT=,
4714 MPUBytes=, PriorityQueueingPreset=, FirewallMark=, Wash=, SplitGSO=,
4715 and UseRawPacketSize= for configuring CAKE.
4716
4717 * systemd-networkd now ships with new default .network files:
4718 80-container-vb.network which matches host-side network bridge device
4719 created by systemd-nspawn's --network-bridge or --network-zone
4720 switch, and 80-6rd-tunnel.network which matches automatically created
4721 sit tunnel with 6rd prefix when the DHCP 6RD option is received.
4722
4723 * systemd-networkd's handling of Endpoint= resolution for WireGuard
4724 interfaces has been improved.
4725
4726 * systemd-networkd will now automatically configure routes to addresses
4727 specified in AllowedIPs=. This feature can be controlled via
4728 RouteTable= and RouteMetric= settings in [WireGuard] or
4729 [WireGuardPeer] sections.
4730
4731 * systemd-networkd will now once again automatically generate persistent
4732 MAC addresses for batadv and bridge interfaces. Users can disable this
4733 by using MACAddress=none in .netdev files.
4734
4735 * systemd-networkd and systemd-udevd now support IP over InfiniBand
4736 interfaces. The Kind= setting in .netdev file accepts "ipoib". And
4737 systemd.netdev files gained the [IPoIB] section.
4738
78266a54 4739 * systemd-networkd and systemd-udevd now support net.ifname_policy=
c0b28d44
YW		 4740 option on the kernel command-line. This is implemented through the
4741 systemd-network-generator service that automatically generates
4742 appropriate .link, .network, and .netdev files.
4743
4744 * The various systemd-udevd "ethtool" buffer settings now understand
4745 the special value "max" to configure the buffers to the maximum the
4746 hardware supports.
4747
4748 * systemd-udevd's .link files may now configure a large variety of
4749 NIC coalescing settings, plus more hardware offload settings.
4750
4751 * .link files gained a new WakeOnLanPassword= setting in the [Link]
4752 section that allows to specify a WoL "SecureOn" password on hardware
4753 that supports this.
4754
195d181c
LP		 4755 * systemd-nspawn's --setenv= switch now supports an additional syntax:
4756 if only a variable name is specified (i.e. without being suffixed by
4757 a '=' character and a value) the current value of the environment
4758 variable is propagated to the container. e.g. --setenv=FOO will
4759 lookup the current value of $FOO in the environment, and pass it down
4760 to the container. Similar behavior has been added to homectl's,
4761 machinectl's and systemd-run's --setenv= switch.
4762
4763 * systemd-nspawn gained a new switch --suppress-sync= which may be used
4764 to optionally suppress the effect of the sync()/fsync()/fdatasync()
4765 system calls for the container payload. This is useful for build
4766 system environments where safety against abnormal system shutdown is
4767 not essential as all build artifacts can be regenerated any time, but
4768 the performance win is beneficial.
4769
dcdc652f
ZJS		 4770 * systemd-nspawn will now raise the RLIMIT_NOFILE hard limit to the
4771 same value that PID 1 uses for most forked off processes.
195d181c
LP		 4772
4773 * systemd-nspawn's --bind=/--bind-ro= switches now optionally take
4774 uidmap/nouidmap options as last parameter. If "uidmap" is used the
4775 bind mounts are created with UID mapping taking place that ensures
4776 the host's file ownerships are mapped 1:1 to container file
4777 ownerships, even if user namespacing is used. This way
4778 files/directories bound into containers will no longer show up as
dcdc652f 4779 owned by the nobody user as they typically did if no special care was
195d181c
LP		 4780 taken to shift them manually.
4781
4782 * When discovering Windows installations sd-boot will now attempt to
dcdc652f 4783 show the Windows version.
195d181c
LP		 4784
4785 * The color scheme to use in sd-boot may now be configured at
4786 build-time.
4787
195d181c
LP		 4788 * sd-boot gained the ability to change screen resolution during
4789 boot-time, by hitting the "r" key. This will cycle through available
dcdc652f 4790 resolutions and save the last selection.
195d181c
LP		 4791
4792 * sd-boot learnt a new hotkey "f". When pressed the system will enter
4793 firmware setup. This is useful in environments where it is difficult
4794 to hit the right keys early enough to enter the firmware, and works
4795 on any firmware regardless which key it natively uses.
4796
4797 * sd-boot gained support for automatically booting into the menu item
4798 selected on the last boot (using the "@saved" identifier for menu
4799 items).
4800
dcdc652f
ZJS		 4801 * sd-boot gained support for automatically loading all EFI drivers
4802 placed in the /EFI/systemd/drivers/ subdirectory of the EFI System
4803 Partition (ESP). These drivers are loaded before the menu entries are
4804 loaded. This is useful e.g. to load additional file system drivers
4805 for the XBOOTLDR partition.
4806
4807 * systemd-boot will now paint the input cursor on its own instead of
4808 relying on the firmware to do so, increasing compatibility with broken
4809 firmware that doesn't make the cursor reasonably visible.
4810
195d181c
LP		 4811 * sd-boot now embeds a .osrel PE section like we expect from Boot
4812 Loader Specification Type #2 Unified Kernels. This means sd-boot
4813 itself may be used in place of a Type #2 Unified Kernel. This is
4814 useful for debugging purposes as it allows chain-loading one a
4815 (development) sd-boot instance from another.
4816
4817 * sd-boot now supports a new "devicetree" field in Boot Loader
4818 Specification Type #1 entries: if configured the specified device
4819 tree file is installed before the kernel is invoked. This is useful
4820 for installing/applying new devicetree files without updating the
4821 kernel image.
4822
dcdc652f 4823 * Similarly, sd-stub now can read devicetree data from a PE section
195d181c
LP		 4824 ".dtb" and apply it before invoking the kernel.
4825
4826 * sd-stub (the EFI stub that can be glued in front of a Linux kernel)
97b6ed32
ZJS		 4827 gained the ability to pick up credentials and sysext files, wrap them
4828 in a cpio archive, and pass as an additional initrd to the invoked
4829 Linux kernel, in effect placing those files in the /.extra/ directory
4830 of the initrd environment. This is useful to implement trusted initrd
4831 environments which are fully authenticated but still can be extended
4832 (via sysexts) and parameterized (via encrypted/authenticated
4833 credentials, see above).
4834
4835 Credentials can be located next to the kernel image file (credentials
4836 specific to a single boot entry), or in one of the shared directories
4837 (credentials applicable to multiple boot entries).
195d181c
LP		 4838
4839 * sd-stub now comes with a full man page, that explains its feature set
4840 and how to combine a kernel image, an initrd and the stub to build a
4841 complete EFI unified kernel image, implementing Boot Loader
4842 Specification Type #2.
4843
dcdc652f 4844 * sd-stub may now provide the initrd to the executed kernel via the
195d181c
LP		 4845 LINUX_EFI_INITRD_MEDIA_GUID EFI protocol, adding compatibility for
4846 non-x86 architectures.
4847
dcdc652f
ZJS		 4848 * bootctl learnt new set-timeout and set-timeout-oneshot commands that
4849 may be used to set the boot menu time-out of the boot loader (for all
4850 or just the subsequent boot).
195d181c 4851
ffc97a1c
LP		 4852 * bootctl and kernel-install will now read variables
4853 KERNEL_INSTALL_LAYOUT= from /etc/machine-info and layout= from
4854 /etc/kernel/install.conf. When set, it specifies the layout to use
4855 for installation directories on the boot partition, so that tools
4856 don't need to guess it based on the already-existing directories. The
4857 only value that is defined natively is "bls", corresponding to the
4858 layout specified in
c20ecc94
ZJS		 4859 https://systemd.io/BOOT_LOADER_SPECIFICATION/. Plugins for
4860 kernel-install that implement a different layout can declare other
4861 values for this variable.
4862
4863 'bootctl install' will now write KERNEL_INSTALL_LAYOUT=bls, on the
4864 assumption that if the user installed sd-boot to the ESP, they intend
4865 to use the entry layout understood by sd-boot. It'll also write
4866 KERNEL_INSTALL_MACHINE_ID= if it creates any directories using the ID
4867 (and it wasn't specified in the config file yet). Similarly,
4868 kernel-install will now write KERNEL_INSTALL_MACHINE_ID= (if it
4869 wasn't specified in the config file yet). Effectively, those changes
4870 mean that the machine-id used for boot loader entry installation is
4871 "frozen" upon first use and becomes independent of the actual
4872 machine-id.
4873
4874 Configuring KERNEL_INSTALL_MACHINE_ID fixes the following problem:
4875 images created for distribution ("golden images") are built with no
4876 machine-id, so that a unique machine-id can be created on the first
4877 boot. But those images may contain boot loader entries with the
4878 machine-id used during build included in paths. Using a "frozen"
4879 value allows unambiguously identifying entries that match the
4880 specific installation, while still permitting parallel installations
4881 without conflict.
4882
4883 Configuring KERNEL_INSTALL_LAYOUT obviates the need for
4884 kernel-install to guess the installation layout. This fixes the
4885 problem where a (possibly empty) directory in the boot partition is
4886 created from a different layout causing kernel-install plugins to
4887 assume the wrong layout. A particular example of how this may happen
4888 is the grub2 package in Fedora which includes directories under /boot
4889 directly in its file list. Various other packages pull in grub2 as a
4890 dependency, so it may be installed even if unused, breaking
4891 installations that use the bls layout.
4892
97b6ed32
ZJS		 4893 * bootctl and systemd-bless-boot can now be linked statically.
4894
195d181c 4895 * systemd-sysext now optionally doesn't insist on extension-release.d/
dcdc652f 4896 files being placed in the image under the image's file name. If the
195d181c 4897 file system xattr user.extension-release.strict is set on the
dcdc652f 4898 extension release file, it is accepted regardless of its name. This
195d181c
LP		 4899 relaxes security restrictions a bit, as system extension may be
4900 attached under a wrong name this way.
4901
4902 * udevadm's test-builtin command learnt a new --action= switch for
4903 testing the built-in with the specified action (in place of the
dcdc652f 4904 default 'add').
195d181c
LP		 4905
4906 * udevadm info gained new switches --property=/--value for showing only
4907 specific udev properties/values instead of all.
4908
4909 * A new hwdb database has been added that contains matches for various
4910 types of signal analyzers (protocol analyzers, logic analyzers,
4911 oscilloscopes, multimeters, bench power supplies, etc.) that should
4912 be accessible to regular users.
4913
4914 * A new hwdb database entry has been added that carries information
dcdc652f
ZJS		 4915 about types of cameras (regular or infrared), and in which direction
4916 they point (front or back).
195d181c 4917
11b10922
LB		 4918 * A new rule to allow console users access to rfkill by default has been
4919 added to hwdb.
4920
97b6ed32
ZJS		 4921 * Device nodes for the Software Guard eXtension enclaves (sgx_vepc) are
4922 now also owned by the system group "sgx".
4923
195d181c 4924 * A new build-time meson option "extra-net-naming-schemes=" has been
30fd9a2d 4925 added to define additional naming schemes for udev's network
dcdc652f
ZJS		 4926 interface naming logic. This is useful for enterprise distributions
4927 and similar which want to pin the schemes of certain distribution
4928 releases under a specific name and previously had to patch the
4929 sources to introduce new named schemes.
195d181c
LP		 4930
4931 * The predictable naming logic for network interfaces has been extended
4932 to generate stable names from Xen netfront device information.
4933
4934 * hostnamed's chassis property can now be sourced from chassis-type
dcdc652f 4935 field encoded in devicetree (in addition to the existing DMI
195d181c
LP		 4936 support).
4937
dcdc652f 4938 * systemd-cgls now optionally displays cgroup IDs and extended
195d181c
LP		 4939 attributes for each cgroup. (Controllable via the new --xattr= +
4940 --cgroup-id= switches.)
4941
4942 * coredumpctl gained a new --all switch for operating on all
4943 Journal files instead of just the local ones.
4944
bf71ade8
LB		 4945 * systemd-coredump will now use libdw/libelf via dlopen() rather than
4946 directly linking, allowing users to easily opt-out of backtrace/metadata
4947 analysis of core files, and reduce image sizes when this is not needed.
4948
4949 * systemd-coredump will now analyze core files with libdw/libelf in a
4950 forked, sandboxed process.
4951
195d181c
LP		 4952 * systemd-homed will now try to unmount an activate home area in
4953 regular intervals once the user logged out fully. Previously this was
4954 attempted exactly once but if the home directory was busy for some
4955 reason it was not tried again.
4956
dcdc652f 4957 * systemd-homed's LUKS2 home area backend will now create a BSD file
195d181c 4958 system lock on the image file while the home area is active
dcdc652f 4959 (i.e. mounted). If a home area is found to be locked, logins are
195d181c
LP		 4960 politely refused. This should improve behavior when using home areas
4961 images that are accessible via the network from multiple clients, and
4962 reduce the chance of accidental file system corruption in that case.
4963
4964 * Optionally, systemd-homed will now drop the kernel buffer cache once
dcdc652f 4965 a user has fully logged out, configurable via the new --drop-caches=
195d181c
LP		 4966 homectl switch.
4967
dcdc652f
ZJS		 4968 * systemd-homed now makes use of UID mapped mounts for the home areas.
4969 If the kernel and used file system support it, files are now
195d181c
LP		 4970 internally owned by the "nobody" user (i.e. the user typically used
4971 for indicating "this ownership is not mapped"), and dynamically
4972 mapped to the UID used locally on the system via the UID mapping
4973 mount logic of recent kernels. This makes migrating home areas
dcdc652f
ZJS		 4974 between different systems cheaper because recursively chown()ing file
4975 system trees is no longer necessary.
195d181c
LP		 4976
4977 * systemd-homed's CIFS backend now optionally supports CIFS service
4978 names with a directory suffix, in order to place home directories in
4979 a subdirectory of a CIFS share, instead of the top-level directory.
4980
4981 * systemd-homed's CIFS backend gained support for specifying additional
4982 mount options in the JSON user record (cifsExtraMountOptions field,
4983 and --cifs-extra-mount-options= homectl switch). This is for example
4984 useful for configuring mount options such as "noserverino" that some
dcdc652f
ZJS		 4985 SMB3 services require (use that to run a homed home directory from a
4986 FritzBox SMB3 share this way).
195d181c
LP		 4987
4988 * systemd-homed will now default to btrfs' zstd compression for home
dcdc652f
ZJS		 4989 areas. This is inspired by Fedora's recent decision to switch to zstd
4990 by default.
195d181c
LP		 4991
4992 * Additional mount options to use when mounting the file system of
4993 LUKS2 volumes in systemd-homed has been added. Via the
4994 $SYSTEMD_HOME_MOUNT_OPTIONS_BTRFS, $SYSTEMD_HOME_MOUNT_OPTIONS_EXT4,
4995 $SYSTEMD_HOME_MOUNT_OPTIONS_XFS environment variables to
4996 systemd-homed or via the luksExtraMountOptions user record JSON
4997 property. (Exposed via homectl --luks-extra-mount-options)
4998
4999 * homectl's resize command now takes the special size specifications
5000 "min" and "max" to shrink/grow the home area to the minimum/maximum
5001 size possible, taking disk usage/space constraints and file system
5002 limitations into account. Resizing is now generally graceful: the
5003 logic will try to get as close to the specified size as possible, but
5004 not consider it a failure if the request couldn't be fulfilled
5005 precisely.
5006
5007 * systemd-homed gained the ability to automatically shrink home areas
5008 on logout to their minimal size and grow them again on next
dcdc652f
ZJS		 5009 login. This ensures that while inactive, a home area only takes up
5010 the minimal space necessary, but once activated, it provides
5011 sufficient space for the user's needs. This behavior is only
5012 supported if btrfs is used as file system inside the home area
5013 (because only for btrfs online growing/shrinking is implemented in
5014 the kernel). This behavior is now enabled by default, but may be
5015 controlled via the new --auto-resize-mode= setting of homectl.
195d181c
LP		 5016
5017 * systemd-homed gained support for automatically re-balancing free disk
5018 space among active home areas, in case the LUKS2 backends are used,
5019 and no explicit disk size was requested. This way disk space is
5020 automatically managed and home areas resized in regular intervals and
5021 manual resizing when disk space becomes scarce should not be
5022 necessary anymore. This behavior is only supported if btrfs is used
5023 within the home areas (as only then online shrinking and growing is
5024 supported), and may be configured via the new rebalanceWeight JSON
5025 user record field (as exposed via the new --rebalance-weight= homectl
5026 setting). Re-balancing is mostly automatic, but can also be requested
5027 explicitly via "homectl rebalance", which is synchronous, and thus
dcdc652f 5028 may be used to wait until the rebalance run is complete.
195d181c
LP		 5029
5030 * userdbctl gained a --json= switch for configured the JSON formatting
5031 to use when outputting user or group records.
5032
5033 * userdbctl gained a new --multiplexer= switch for explicitly
5034 configuring whether to use the systemd-userdbd server side user
5035 record resolution logic.
5036
5037 * userdbctl's ssh-authorized-keys command learnt a new --chain switch,
5038 for chaining up another command to execute after completing the
5039 look-up. Since the OpenSSH's AuthorizedKeysCommand only allows
dcdc652f
ZJS		 5040 configuration of a single command to invoke, this maybe used to
5041 invoke multiple: first userdbctl's own implementation, and then any
5042 other also configured in the command line.
195d181c
LP		 5043
5044 * The sd-event API gained a new function sd_event_add_inotify_fd() that
5045 is similar to sd_event_add_inotify() but accepts a file descriptor
5046 instead of a path in the file system for referencing the inode to
5047 watch.
5048
5049 * The sd-event API gained a new function
5050 sd_event_source_set_ratelimit_expire_callback() that may be used to
5051 define a callback function that is called whenever an event source
5052 leaves the rate limiting phase.
5053
5054 * New documentation has been added explaining which steps are necessary
5055 to port systemd to a new architecture:
5056
5057 https://systemd.io/PORTING_TO_NEW_ARCHITECTURES
5058
5059 * The x-systemd.makefs option in /etc/fstab now explicitly supports
dcdc652f 5060 ext2, ext3, and f2fs file systems.
195d181c 5061
97b6ed32
ZJS		 5062 * Mount units and units generated from /etc/fstab entries with 'noauto'
5063 are now ordered the same as other units. Effectively, they will be
5064 started earlier (if something actually pulled them in) and stopped
5065 later, similarly to normal mount units that are part of
b0b1edc2 5066 fs-local.target. This change should be invisible to users, but
97b6ed32
ZJS		 5067 should prevent those units from being stopped too early during
5068 shutdown.
5069
195d181c
LP		 5070 * The systemd-getty-generator now honors a new kernel command line
5071 argument systemd.getty_auto= and a new environment variable
5072 $SYSTEMD_GETTY_AUTO that allows turning it off at boot. This is for
dcdc652f 5073 example useful to turn off gettys inside of containers or similar
195d181c
LP		 5074 environments.
5075
5076 * systemd-resolved now listens on a second DNS stub address: 127.0.0.54
5077 (in addition to 127.0.0.53, as before). If DNS requests are sent to
5078 this address they are propagated in "bypass" mode only, i.e. are
5079 almost not processed locally, but mostly forwarded as-is to the
5080 current upstream DNS servers. This provides a stable DNS server
5081 address that proxies all requests dynamically to the right upstream
5082 DNS servers even if these dynamically change. This stub does not do
5083 mDNS/LLMNR resolution. However, it will translate look-ups to
5084 DNS-over-TLS if necessary. This new stub is particularly useful in
5085 container/VM environments, or for tethering setups: use DNAT to
5086 redirect traffic to any IP address to this stub.
5087
bf71ade8
LB		 5088 * systemd-importd now honors new environment variables
5089 $SYSTEMD_IMPORT_BTRFS_SUBVOL, $SYSTEMD_IMPORT_BTRFS_QUOTA,
5090 $SYSTEMD_IMPORT_SYNC, which may be used disable btrfs subvolume
5091 generation, btrfs quota setup and disk synchronization.
5092
5093 * systemd-importd and systemd-resolved can now be optionally built with
5094 OpenSSL instead of libgcrypt.
5095
5096 * systemd-repart no longer requires OpenSSL.
5097
dcdc652f
ZJS		 5098 * systemd-sysusers will no longer create the redundant 'nobody' group
5099 by default, as the 'nobody' user is already created with an
5100 appropriate primary group.
bf71ade8
LB		 5101
5102 * If a unit uses RuntimeMaxSec, systemctl show will now display it.
5103
11b10922
LB		 5104 * systemctl show-environment gained support for --output=json.
5105
bf71ade8 5106 * pam_systemd will now first try to use the X11 abstract socket, and
dcdc652f
ZJS		 5107 fallback to the socket file in /tmp/.X11-unix/ only if that does not
5108 work.
11b10922 5109
dcdc652f
ZJS		 5110 * systemd-journald will no longer go back to volatile storage
5111 regardless of configuration when its unit is restarted.
bf71ade8 5112
dcdc652f
ZJS		 5113 * Initial support for the LoongArch architecture has been added (system
5114 call lists, GPT partition table UUIDs, etc).
efeecf40 5115
dcdc652f
ZJS		 5116 * systemd-journald's own logging messages are now also logged to the
5117 journal itself when systemd-journald logs to /dev/kmsg.
6959a051 5118
dcdc652f
ZJS		 5119 * systemd-journald now re-enables COW for archived journal files on
5120 filesystems that support COW. One benefit of this change is that
5121 archived journal files will now get compressed on btrfs filesystems
5122 that have compression enabled.
6959a051 5123
dcdc652f
ZJS		 5124 * systemd-journald now deduplicates fields in a single log message
5125 before adding it to the journal. In archived journal files, it will
5126 also punch holes for unused parts and truncate the file as
5127 appropriate, leading to reductions in disk usage.
6959a051 5128
dcdc652f
ZJS		 5129 * journalctl --verify was extended with more informative error
5130 messages.
6959a051 5131
dcdc652f
ZJS		 5132 * More of sd-journal's functions are now resistant against journal file
5133 corruption.
6959a051 5134
e63fa075
ZJS		 5135 * The shutdown command learnt a new option --show, to display the
5136 scheduled shutdown.
5137
dcdc652f
ZJS		 5138 * A LICENSES/ directory is now included in the git tree. It contains a
5139 README.md file that explains the licenses used by source files in
33db1b90 5140 this repository. It also contains the text of all applicable
dcdc652f 5141 licenses as they appear on spdx.org.
6959a051 5142
97b6ed32
ZJS		 5143 Contributions from: Aakash Singh, acsfer, Adolfo Jayme Barrientos,
5144 Adrian Vovk, Albert Brox, Alberto Mardegan, Alexander Kanavin,
5145 alexlzhu, Alfonso Sánchez-Beato, Alvin Šipraga, Alyssa Ross,
5146 Amir Omidi, Anatol Pomozov, Andika Triwidada, Andreas Rammhold,
5147 Andreas Valder, Andrej Lajovic, Andrew Soutar, Andrew Stone, Andy Chi,
5148 Anita Zhang, Anssi Hannula, Antonio Alvarez Feijoo,
5149 Antony Deepak Thomas, Arnaud Ferraris, Arvid E. Picciani,
5150 Bastien Nocera, Benjamin Berg, Benjamin Herrenschmidt, Ben Stockett,
5151 Bogdan Seniuc, Boqun Feng, Carl Lei, chlorophyll-zz, Chris Packham,
5152 Christian Brauner, Christian Göttsche, Christian Wehrli,
5153 Christoph Anton Mitterer, Cristian Rodríguez, Daan De Meyer,
5154 Daniel Maixner, Dann Frazier, Dan Streetman, Davide Cavalca,
5155 David Seifert, David Tardon, dependabot[bot], Dimitri John Ledkov,
5156 Dimitri Papadopoulos, Dimitry Ishenko, Dmitry Khlebnikov,
5157 Dominique Martinet, duament, Egor, Egor Ignatov, Emil Renner Berthing,
5158 Emily Gonyer, Ettore Atalan, Evgeny Vereshchagin, Florian Klink,
5159 Franck Bui, Frantisek Sumsal, Geass-LL, Gibeom Gwon, GnunuX,
5160 Gogo Gogsi, gregzuro, Greg Zuro, Gustavo Costa, Hans de Goede,
484abbe6
ZJS		 5161 Hela Basa, Henri Chain, hikigaya58, Hugo Carvalho,
5162 Hugo Osvaldo Barrera, Iago Lopez Galeiras, Iago López Galeiras,
97b6ed32
ZJS		 5163 I-dont-need-name, igo95862, Jack Dähn, James Hilliard, Jan Janssen,
5164 Jan Kuparinen, Jan Macku, Jan Palus, Jarkko Sakkinen, Jayce Fayne,
5165 jiangchuangang, jlempen, John Lindgren, Jonas Dreßler, Jonas Jelten,
5166 Jonas Witschel, Joris Hartog, José Expósito, Julia Kartseva,
5167 Kai-Heng Feng, Kai Wohlfahrt, Kay Siver Bø, KennthStailey,
5168 Kevin Kuehler, Kevin Orr, Khem Raj, Kristian Klausen, Kyle Laker,
5169 lainahai, LaserEyess, Lennart Poettering, Lia Lenckowski, longpanda,
5170 Luca Boccassi, Luca BRUNO, Ludwig Nussel, Lukas Senionis,
5171 Maanya Goenka, Maciek Borzecki, Marcel Menzel, Marco Scardovi,
5172 Marcus Harrison, Mark Boudreau, Matthijs van Duin, Mauricio Vásquez,
5173 Maxime de Roucy, Max Resch, MertsA, Michael Biebl, Michael Catanzaro,
5174 Michal Koutný, Michal Sekletár, Miika Karanki, Mike Gilbert,
5175 Milo Turner, ml, monosans, Nacho Barrientos, nassir90, Nishal Kulkarni,
e63fa075 5176 nl6720, Ondrej Kozina, Paulo Neves, Pavel Březina, pedro martelletto,
484abbe6 5177 Peter Hutterer, Peter Morrow, Piotr Drąg, Rasmus Villemoes, ratijas,
97b6ed32 5178 Raul Tambre, rene, Riccardo Schirone, Robert-L-Turner, Robert Scheck,
6e6dc095
YW		 5179 Ross Jennings, saikat0511, Scott Lamb, Scott Worley,
5180 Sergei Trofimovich, Sho Iizuka, Slava Bacherikov, Slimane Selyan Amiri,
5181 StefanBruens, Steven Siloti, svonohr, Taiki Sugawara, Takashi Sakamoto,
5182 Takuro Onoue, Thomas Blume, Thomas Haller, Thomas Mühlbacher,
5183 Tianlu Shao, Toke Høiland-Jørgensen, Tom Yan, Tony Asleson,
5184 Topi Miettinen, Ulrich Ölmann, Urs Ritzmann, Vincent Bernat,
5185 Vito Caputo, Vladimir Panteleev, WANG Xuerui, Wind/owZ, Wu Xiaotian,
5186 xdavidwu, Xiaotian Wu, xujing, yangmingtai, Yao Wei, Yao Wei (魏銘廷),
5187 Yegor Alexeyev, Yu Watanabe, Zbigniew Jędrzejewski-Szmek,
5188 Дамјан Георгиевски, наб
5189
5190 — Warsaw, 2021-12-23
484abbe6 5191
e7fbba56 5192CHANGES WITH 249:
f973aea7
LP		 5193
5194 * When operating on disk images via the --image= switch of various
e7fbba56
LB		 5195 tools (such as systemd-nspawn or systemd-dissect), or when udev finds
5196 no 'root=' parameter on the kernel command line, and multiple
f973aea7 5197 suitable root or /usr/ partitions exist in the image, then a simple
28707969
ZJS		 5198 comparison inspired by strverscmp() is done on the GPT partition
5199 label, and the newest partition is picked. This permits a simple and
5200 generic whole-file-system A/B update logic where new operating system
f973aea7
LP		 5201 versions are dropped into partitions whose label is then updated with
5202 a matching version identifier.
5203
5204 * systemd-sysusers now supports querying the passwords to set for the
5205 users it creates via the "credentials" logic introduced in v247: the
5206 passwd.hashed-password.<user> and passwd.plaintext-password.<user>
5207 credentials are consulted for the password to use (either in UNIX
5208 hashed form, or literally). By default these credentials are inherited
5209 down from PID1 (which in turn imports it from a container manager if
5210 there is one). This permits easy configuration of user passwords
5211 during first boot. Example:
5212
5213 # systemd-nspawn -i foo.raw --volatile=yes --set-credential=passwd.plaintext-password.root:foo
5214
5215 Note that systemd-sysusers operates in purely additive mode: it
5216 executes no operation if the declared users already exist, and hence
5217 doesn't set any passwords as effect of the command line above if the
5218 specified root user exists already in the image. (Note that
5219 --volatile=yes ensures it doesn't, though.)
5220
5221 * systemd-firstboot now also supports querying various system
5222 parameters via the credential subsystems. Thus, as above this may be
5223 used to initialize important system parameters on first boot of
5224 previously unprovisioned images (i.e. images with a mostly empty
5225 /etc/).
5226
66e6128f
LP		 5227 * PID 1 may now show both the unit name and the unit description
5228 strings in its status output during boot. This may be configured with
5229 StatusUnitFormat=combined in system.conf or
5230 systemd.status-unit-format=combined on the kernel command line.
5231
f973aea7
LP		 5232 * The systemd-machine-id-setup tool now supports a --image= switch for
5233 provisioning a machine ID file into an OS disk image, similar to how
5234 --root= operates on an OS file tree. This matches the existing switch
28707969 5235 of the same name for systemd-tmpfiles, systemd-firstboot, and
f973aea7
LP		 5236 systemd-sysusers tools.
5237
28707969
ZJS		 5238 * Similarly, systemd-repart gained support for the --image= switch too.
5239 In combination with the existing --size= option, this makes the tool
5240 particularly useful for easily growing disk images in a single
5241 invocation, following the declarative rules included in the image
5242 itself.
f973aea7
LP		 5243
5244 * systemd-repart's partition configuration files gained support for a
5245 new switch MakeDirectories= which may be used to create arbitrary
5246 directories inside file systems that are created, before registering
28707969
ZJS		 5247 them in the partition table. This is useful in particular for root
5248 partitions to create mount point directories for other partitions
5249 included in the image. For example, a disk image that contains a
5250 root, /home/, and /var/ partitions, may set MakeDirectories=yes to
5251 create /home/ and /var/ as empty directories in the root file system
5601400e
JB		 5252 on its creation, so that the resulting image can be mounted
5253 immediately, even in read-only mode.
28707969
ZJS		 5254
5255 * systemd-repart's CopyBlocks= setting gained support for the special
5256 value "auto". If used, a suitable matching partition on the booted OS
5257 is found as source to copy blocks from. This is useful when
f973aea7 5258 implementing replicating installers, that are booted from one medium
28707969 5259 and then stream their own root partition onto the target medium.
f973aea7
LP		 5260
5261 * systemd-repart's partition configuration files gained support for a
66e6128f
LP		 5262 Flags=, a ReadOnly= and a NoAuto= setting, allowing control of these
5263 GPT partition flags for the created partitions: this is useful for
5264 marking newly created partitions as read-only, or as not being
5265 subject for automatic mounting from creation on.
f973aea7
LP		 5266
5267 * The /etc/os-release file has been extended with two new (optional)
28707969
ZJS		 5268 variables IMAGE_VERSION= and IMAGE_ID=, carrying identity and version
5269 information for OS images that are updated comprehensively and
5270 atomically as one image. Two new specifiers %M, %A now resolve to
5271 these two fields in the various configuration options that resolve
5272 specifiers.
f973aea7
LP		 5273
5274 * portablectl gained a new switch --extension= for enabling portable
5275 service images with extensions that follow the extension image
165c23c6
LB		 5276 concept introduced with v248, and thus allows layering multiple
5277 images when setting up the root filesystem of the service.
f973aea7
LP		 5278
5279 * systemd-coredump will now extract ELF build-id information from
28707969
ZJS		 5280 processes dumping core and include it in the coredump report.
5281 Moreover, it will look for ELF .note.package sections with
5282 distribution packaging meta-information about the crashing process.
5283 This is useful to directly embed the rpm or deb (or any other)
5284 package name and version in ELF files, making it easy to match
5285 coredump reports with the specific package for which the software was
5286 compiled. This is particularly useful on environments with ELF files
5287 from multiple vendors, different distributions and versions, as is
5288 common today in our containerized and sand-boxed world. For further
5289 information, see:
f973aea7
LP		 5290
5291 https://systemd.io/COREDUMP_PACKAGE_METADATA
5292
28707969
ZJS		 5293 * A new udev hardware database has been added for FireWire devices
5294 (IEEE 1394).
f973aea7 5295
14e97d24
ZJS		 5296 * The "net_id" built-in of udev has been updated with three
5297 backwards-incompatible changes:
5298
5299 - PCI hotplug slot names on s390 systems are now parsed as
5300 hexadecimal numbers. They were incorrectly parsed as decimal
5301 previously, or ignored if the name was not a valid decimal
5302 number.
5303
5304 - PCI onboard indices up to 65535 are allowed. Previously, numbers
5305 above 16383 were rejected. This primarily impacts s390 systems,
5306 where values up to 65535 are used.
5307
5308 - Invalid characters in interface names are replaced with "_".
5309
5310 The new version of the net naming scheme is "v249". The previous
78266a54 5311 scheme can be selected via the "net.naming_scheme=v247" kernel
14e97d24
ZJS		 5312 command line parameter.
5313
f973aea7
LP		 5314 * sd-bus' sd_bus_is_ready() and sd_bus_is_open() calls now accept a
5315 NULL bus object, for which they will return false. Or in other words,
5316 an unallocated bus connection is neither ready nor open.
5317
99c2a955 5318 * The sd-device API acquired a new API function
28707969
ZJS		 5319 sd_device_get_usec_initialized() that returns the monotonic time when
5320 the udev device first appeared in the database.
99c2a955
LP		 5321
5322 * sd-device gained a new APIs sd_device_trigger_with_uuid() and
5323 sd_device_get_trigger_uuid(). The former is similar to
5324 sd_device_trigger() but returns a randomly generated UUID that is
5325 associated with the synthetic uevent generated by the call. This UUID
5326 may be read from the sd_device object a monitor eventually receives,
5327 via the sd_device_get_trigger_uuid(). This interface requires kernel
5328 4.13 or above to work, and allows tracking a synthetic uevent through
5329 the entire device management stack. The "udevadm trigger --settle"
5330 logic has been updated to make use of this concept if available to
5331 wait precisely for the uevents it generates. "udevadm trigger" also
5332 gained a new parameter --uuid that prints the UUID for each generated
5333 uevent.
5334
ca1e8584
LP		 5335 * sd-device also gained new APIs sd_device_new_from_ifname() and
5336 sd_device_new_from_ifindex() for allocating an sd-device object for
5337 the specified network interface. The former accepts an interface name
5338 (either a primary or an alternative name), the latter an interface
5339 index.
5340
f973aea7
LP		 5341 * The native Journal protocol has been documented. Clients may talk
5342 this as alternative to the classic BSD syslog protocol for locally
5343 delivering log records to the Journal. The protocol has been stable
5601400e 5344 for a long time and in fact been implemented already in a variety
f973aea7
LP		 5345 of alternative client libraries. This documentation makes the support
5346 for that official:
5347
5348 https://systemd.io/JOURNAL_NATIVE_PROTOCOL
5349
5350 * A new BPFProgram= setting has been added to service files. It may be
5351 set to a path to a loaded kernel BPF program, i.e. a path to a bpffs
5352 file, or a bind mount or symlink to one. This may be used to upload
5353 and manage BPF programs externally and then hook arbitrary systemd
5354 services into them.
5355
5356 * The "home.arpa" domain that has been officially declared as the
5357 choice for domain for local home networks per RFC 8375 has been added
5358 to the default NTA list of resolved, since DNSSEC is generally not
5359 available on private domains.
5360
5361 * The CPUAffinity= setting of unit files now resolves "%" specifiers.
5362
5363 * A new ManageForeignRoutingPolicyRules= setting has been added to
5364 .network files which may be used to exclude foreign-created routing
5365 policy rules from systemd-networkd management.
5366
5367 * systemd-network-wait-online gained two new switches -4 and -6 that
5368 may be used to tweak whether to wait for only IPv4 or only IPv6
5369 connectivity.
5370
5371 * .network files gained a new RequiredFamilyForOnline= setting to
5372 fine-tune whether to require an IPv4 or IPv6 address in order to
5373 consider an interface "online".
5374
99c2a955
LP		 5375 * networkctl will now show an over-all "online" state in the per-link
5376 information.
5377
5378 * In .network files a new OutgoingInterface= setting has been added to
5379 specify the output interface in bridge FDB setups.
5380
566c8176 5381 * In .network files the Multipath group ID may now be configured for
99c2a955 5382 [NextHop] entries, via the new Group= setting.
f973aea7
LP		 5383
5384 * The DHCP server logic configured in .network files gained a new
28707969
ZJS		 5385 setting RelayTarget= that turns the server into a DHCP server relay.
5386 The RelayAgentCircuitId= and RelayAgentRemoteId= settings may be used
5387 to further tweak the DHCP relay behaviour.
f973aea7 5388
28707969
ZJS		 5389 * The DHCP server logic also gained a new ServerAddress= setting in
5390 .network files that explicitly specifies the server IP address to
5391 use. If not specified, the address is determined automatically, as
5392 before.
f973aea7 5393
99c2a955
LP		 5394 * The DHCP server logic in systemd-networkd gained support for static
5395 DHCP leases, configurable via the [DHCPServerStaticLease]
5396 section. This allows explicitly mapping specific MAC addresses to
5397 fixed IP addresses and vice versa.
5398
5399 * The RestrictAddressFamilies= setting in service files now supports a
5400 new special value "none". If specified sockets of all address
5401 families will be made unavailable to services configured that way.
f973aea7
LP		 5402
5403 * systemd-fstab-generator and systemd-repart have been updated to
5404 support booting from disks that carry only a /usr/ partition but no
28707969
ZJS		 5405 root partition yet, and where systemd-repart can add it in on the
5406 first boot. This is useful for implementing systems that ship with a
5407 single /usr/ file system, and whose root file system shall be set up
5408 and formatted on a LUKS-encrypted volume whose key is generated
5409 locally (and possibly enrolled in the TPM) during the first boot.
f973aea7
LP		 5410
5411 * The [Address] section of .network files now accepts a new
5412 RouteMetric= setting that configures the routing metric to use for
28707969
ZJS		 5413 the prefix route created as effect of the address configuration.
5414 Similarly, the [DHCPv6PrefixDelegation] and [IPv6Prefix] sections
5415 gained matching settings for their prefix routes. (The option of the
5416 same name in the [DHCPv6] section is moved to [IPv6AcceptRA], since
5417 it conceptually belongs there; the old option is still understood for
5418 compatibility.)
f973aea7 5419
f973aea7
LP		 5420 * The DHCPv6 IAID and DUID are now explicitly configurable in .network
5421 files.
5422
5423 * A new udev property ID_NET_DHCP_BROADCAST on network interface
28707969 5424 devices is now honoured by systemd-networkd, controlling whether to
f973aea7
LP		 5425 issue DHCP offers via broadcasting. This is used to ensure that s390
5426 layer 3 network interfaces work out-of-the-box with systemd-networkd.
5427
5428 * nss-myhostname and systemd-resolved will now synthesize address
5429 records for a new special hostname "_outbound". The name will always
5430 resolve to the local IP addresses most likely used for outbound
28707969 5431 connections towards the default routes. On multi-homed hosts this is
f973aea7
LP		 5432 useful to have a stable handle referring to "the" local IP address
5433 that matters most, to the point where this is defined.
5434
5435 * The Discoverable Partition Specification has been updated with a new
5601400e
JB		 5436 GPT partition flag "grow-file-system" defined for its partition
5437 types. Whenever partitions with this flag set are automatically
5438 mounted (i.e. via systemd-gpt-auto-generator or the --image= switch
5439 of systemd-nspawn or other tools; and as opposed to explicit mounting
f973aea7 5440 via /etc/fstab), the file system within the partition is
28707969
ZJS		 5441 automatically grown to the full size of the partition. If the file
5442 system size already matches the partition size this flag has no
5443 effect. Previously, this functionality has been available via the
5444 explicit x-systemd.growfs mount option, and this new flag extends
5445 this to automatically discovered mounts. A new GrowFileSystem=
5446 setting has been added to systemd-repart drop-in files that allows
5447 configuring this partition flag. This new flag defaults to on for
5448 partitions automatically created by systemd-repart, except if they
5449 are marked read-only. See the specification for further details:
f973aea7
LP		 5450
5451 https://systemd.io/DISCOVERABLE_PARTITIONS
5452
99c2a955 5453 * .network files gained a new setting RoutesToNTP= in the [DHCPv4]
f973aea7
LP		 5454 section. If enabled (which is the default), and an NTP server address
5455 is acquired through a DHCP lease on this interface an explicit route
5456 to this address is created on this interface to ensure that NTP
5457 traffic to the NTP server acquired on an interface is also routed
4076ad9d 5458 through that interface. The pre-existing RoutesToDNS= setting that
f973aea7
LP		 5459 implements the same for DNS servers is now enabled by default.
5460
5461 * A pair of service settings SocketBindAllow= + SocketBindDeny= have
5462 been added that may be used to restrict the network interfaces
5463 sockets created by the service may be bound to. This is implemented
5464 via BPF.
5465
14e97d24
ZJS		 5466 * A new ConditionFirmware= setting has been added to unit files to
5467 conditionalize on certain firmware features. At the moment it may
5bc9ea07 5468 check whether running on a UEFI system, a device.tree system, or if
14e97d24
ZJS		 5469 the system is compatible with some specified device-tree feature.
5470
5471 * A new ConditionOSRelease= setting has been added to unit files to
5472 check os-release(5) fields. The "=", "!=", "<", "<=", ">=", ">"
5473 operators may be used to check if some field has some specific value
387f6955
YW		 5474 or do an alphanumerical comparison. Equality comparisons are useful
5475 for fields like ID, but relative comparisons for fields like
5476 VERSION_ID or IMAGE_VERSION.
f973aea7
LP		 5477
5478 * hostnamed gained a new Describe() D-Bus method that returns a JSON
5479 serialization of the host data it exposes. This is exposed via
28707969
ZJS		 5480 "hostnamectl --json=" to acquire a host identity description in JSON.
5481 It's our intention to add a similar features to most services and
5482 objects systemd manages, in order to simplify integration with
5483 program code that can consume JSON.
f973aea7 5484
28707969
ZJS		 5485 * Similarly, networkd gained a Describe() method on its Manager and
5486 Link bus objects. This is exposed via "networkctl --json=".
5f94ac54 5487
28707969
ZJS		 5488 * hostnamectl's various "get-xyz"/"set-xyz" verb pairs
5489 (e.g. "hostnamectl get-hostname", "hostnamectl "set-hostname") have
5490 been replaced by a single "xyz" verb (e.g. "hostnamectl hostname")
5491 that is used both to get the value (when no argument is given), and
5492 to set the value (when an argument is specified). The old names
5493 continue to be supported for compatibility.
f973aea7
LP		 5494
5495 * systemd-detect-virt and ConditionVirtualization= are now able to
5496 correctly identify Amazon EC2 environments.
5497
5498 * The LogLevelMax= setting of unit files now applies not only to log
5499 messages generated *by* the service, but also to log messages
5500 generated *about* the service by PID 1. To suppress logs concerning a
5501 specific service comprehensively, set this option to a high log
5502 level.
5503
5504 * bootctl gained support for a new --make-machine-id-directory= switch
5505 that allows precise control on whether to create the top-level
28707969
ZJS		 5506 per-machine directory in the boot partition that typically contains
5507 Type 1 boot loader entries.
f973aea7 5508
5f94ac54
LP		 5509 * During build SBAT data to include in the systemd-boot EFI PE binaries
5510 may be specified now.
5511
5512 * /etc/crypttab learnt a new option "headless". If specified any
5513 requests to query the user interactively for passwords or PINs will
5514 be skipped. This is useful on systems that are headless, i.e. where
5515 an interactive user is generally not present.
5516
00fb6caf
LP		 5517 * /etc/crypttab also learnt a new option "password-echo=" that allows
5518 configuring whether the encryption password prompt shall echo the
5519 typed password and if so, do so literally or via asterisks. (The
5520 default is the same behaviour as before: provide echo feedback via
5521 asterisks.)
5522
5f94ac54
LP		 5523 * FIDO2 support in systemd-cryptenroll/systemd-cryptsetup and
5524 systemd-homed has been updated to allow explicit configuration of the
5525 "user presence" and "user verification" checks, as well as whether a
5526 PIN is required for authentication, via the new switches
5527 --fido2-with-user-presence=, --fido2-with-user-verification=,
5528 --fido2-with-client-pin= to systemd-cryptenroll and homectl. Which
5529 features are available, and may be enabled or disabled depends on the
5530 used FIDO2 token.
5531
5532 * systemd-nspawn's --private-user= switch now accepts the special value
5533 "identity" which configures a user namespacing environment with an
5534 identity mapping of 65535 UIDs. This means the container UID 0 is
5535 mapped to the host UID 0, and the UID 1 to host UID 1. On first look
5536 this doesn't appear to be useful, however it does reduce the attack
5537 surface a bit, since the resulting container will possess process
5538 capabilities only within its namespace and not on the host.
5539
5540 * systemd-nspawn's --private-user-chown switch has been replaced by a
5541 more generic --private-user-ownership= switch that accepts one of
5542 three values: "chown" is equivalent to the old --private-user-chown,
5543 and "off" is equivalent to the absence of the old switch. The value
5544 "map" uses the new UID mapping mounts of Linux 5.12 to map ownership
5545 of files and directories of the underlying image to the chosen UID
5546 range for the container. "auto" is equivalent to "map" if UID mapping
5547 mount are supported, otherwise it is equivalent to "chown". The short
5548 -U switch systemd-nspawn now implies --private-user-ownership=auto
5549 instead of the old --private-user-chown. Effectively this means: if
5550 the backing file system supports UID mapping mounts the feature is
5551 now used by default if -U is used. Generally, it's a good idea to use
5552 UID mapping mounts instead of recursive chown()ing, since it allows
5553 running containers off immutable images (since no modifications of
5554 the images need to take place), and share images between multiple
5555 instances. Moreover, the recursive chown()ing operation is slow and
5556 can be avoided. Conceptually it's also a good thing if transient UID
5557 range uses do not leak into persistent file ownership anymore. TLDR:
5558 finally, the last major drawback of user namespacing has been
5559 removed, and -U should always be used (unless you use btrfs, where
5560 UID mapped mounts do not exist; or your container actually needs
5561 privileges on the host).
5562
5563 * nss-systemd now synthesizes user and group shadow records in addition
5564 to the main user and group records. Thus, hashed passwords managed by
5565 systemd-homed are now accessible via the shadow database.
5566
5567 * The userdb logic (and thus nss-systemd, and so on) now read
5568 additional user/group definitions in JSON format from the drop-in
5569 directories /etc/userdb/, /run/userdb/, /run/host/userdb/ and
5570 /usr/lib/userdb/. This is a simple and powerful mechanism for making
5571 additional users available to the system, with full integration into
5572 NSS including the shadow databases. Since the full JSON user/group
5573 record format is supported this may also be used to define users with
5574 resource management settings and other runtime settings that
5575 pam_systemd and systemd-logind enforce at login.
5576
5577 * The userdbctl tool gained two new switches --with-dropin= and
5578 --with-varlink= which can be used to fine-tune the sources used for
5579 user database lookups.
5580
5581 * systemd-nspawn gained a new switch --bind-user= for binding a host
5582 user account into the container. This does three things: the user's
5583 home directory is bind mounted from the host into the container,
5584 below the /run/userdb/home/ hierarchy. A free UID is picked in the
5585 container, and a user namespacing UID mapping to the host user's UID
5586 installed. And finally, a minimal JSON user and group record (along
5587 with its hashed password) is dropped into /run/host/userdb/. These
5588 records are picked up automatically by the userdb drop-in logic
5589 describe above, and allow the user to login with the same password as
5590 on the host. Effectively this means: if host and container run new
5591 enough systemd versions making a host user available to the container
5592 is trivially simple.
5593
5594 * systemd-journal-gatewayd now supports the switches --user, --system,
5595 --merge, --file= that are equivalent to the same switches of
5596 journalctl, and permit exposing only the specified subset of the
5597 Journal records.
5598
5f94ac54
LP		 5599 * The OnFailure= dependency between units is now augmented with a
5600 implicit reverse dependency OnFailureOf= (this new dependency cannot
5601 be configured directly it's only created as effect of an OnFailure=
5602 dependency in the reverse order — it's visible in "systemctl show"
5603 however). Similar, Slice= now has an reverse dependency SliceOf=,
5604 that is also not configurable directly, but useful to determine all
5605 units that are members of a slice.
5606
5607 * A pair of new dependency types between units PropagatesStopTo= +
5608 StopPropagatedFrom= has been added, that allows propagation of unit
5609 stop events between two units. It operates similar to the existing
5610 PropagatesReloadTo= + ReloadPropagatedFrom= dependencies.
f973aea7 5611
99c2a955
LP		 5612 * A new dependency type OnSuccess= has been added (plus the reverse
5613 dependency OnSuccessOf=, which cannot be configured directly, but
28707969
ZJS		 5614 exists only as effect of the reverse OnSuccess=). It is similar to
5615 OnFailure=, but triggers in the opposite case: when a service exits
99c2a955 5616 cleanly. This allows "chaining up" of services where one or more
28707969 5617 services are started once another service has successfully completed.
99c2a955
LP		 5618
5619 * A new dependency type Upholds= has been added (plus the reverse
28707969
ZJS		 5620 dependency UpheldBy=, which cannot be configured directly, but exists
5621 only as effect of Upholds=). This dependency type is a stronger form
5622 of Wants=: if a unit has an UpHolds= dependency on some other unit
5623 and the former is active then the latter is started whenever it is
5624 found inactive (and no job is queued for it). This is an alternative
5625 to Restart= inside service units, but less configurable, and the
5626 request to uphold a unit is not encoded in the unit itself but in
5627 another unit that intends to uphold it.
99c2a955
LP		 5628
5629 * The systemd-ask-password tool now also supports reading passwords
5630 from the credentials subsystem, via the new --credential= switch.
5631
5632 * The systemd-ask-password tool learnt a new switch --emoji= which may
5633 be used to explicit control whether the lock and key emoji (🔐) is
5634 shown in the password prompt on suitable TTYs.
5635
5636 * The --echo switch of systemd-ask-password now optionally takes a
28707969
ZJS		 5637 parameter that controls character echo. It may either show asterisks
5638 (default, as before), turn echo off entirely, or echo the typed
5639 characters literally.
99c2a955 5640
66e6128f
LP		 5641 * The systemd-ask-password tool also gained a new -n switch for
5642 suppressing output of a trailing newline character when writing the
5643 acquired password to standard output, similar to /bin/echo's -n
5644 switch.
5645
99c2a955
LP		 5646 * New documentation has been added that describes the organization of
5647 the systemd source code tree:
5648
5649 https://systemd.io/ARCHITECTURE
5650
165c23c6
LB		 5651 * Units using ConditionNeedsUpdate= will no longer be activated in
5652 the initrd.
5653
00fb6caf
LP		 5654 * It is now possible to list a template unit in the WantedBy= or
5655 RequiredBy= settings of the [Install] section of another template
5656 unit, which will be instantiated using the same instance name.
165c23c6
LB		 5657
5658 * A new MemoryAvailable property is available for units. If the unit,
0923b425 5659 or the slices it is part of, have a memory limit set via MemoryMax=/
165c23c6 5660 MemoryHigh=, MemoryAvailable will indicate how much more memory the
0923b425 5661 unit can claim before hitting the limits.
165c23c6
LB		 5662
5663 * systemd-coredump will now try to stay below the cgroup memory limit
5664 placed on itself or one of the slices it runs under, if the storage
5665 area for core files (/var/lib/systemd/coredump/) is placed on a tmpfs,
5666 since files written on such filesystems count toward the cgroup memory
5667 limit. If there is not enough available memory in such cases to store
5668 the core file uncompressed, systemd-coredump will skip to compressed
5669 storage directly (if enabled) and it will avoid analyzing the core file
5670 to print backtrace and metadata in the journal.
5671
00fb6caf
LP		 5672 * tmpfiles.d/ drop-ins gained a new '=' modifier to check if the type
5673 of a path matches the configured expectations, and remove it if not.
165c23c6 5674
00fb6caf
LP		 5675 * tmpfiles.d/'s 'Age' now accepts an 'age-by' argument, which allows to
5676 specify which of the several available filesystem timestamps (access
5677 time, birth time, change time, modification time) to look at when
5678 deciding whether a path has aged enough to be cleaned.
165c23c6 5679
00fb6caf
LP		 5680 * A new IPv6StableSecretAddress= setting has been added to .network
5681 files, which takes an IPv6 address to use as secret for IPv6 address
5682 generation.
5683
5684 * The [DHCPServer] logic in .network files gained support for a new
5685 UplinkInterface= setting that permits configuration of the uplink
5686 interface name to propagate DHCP lease information from.
5687
5688 * The WakeOnLan= setting in .link files now accepts a list of flags
5689 instead of a single one, to configure multiple wake-on-LAN policies.
5690
ca1e8584
LP		 5691 * User-space defined tracepoints (USDT) have been added to udev at
5692 strategic locations. This is useful for tracing udev behaviour and
5693 performance with bpftrace and similar tools.
5694
5695 * systemd-journald-upload gained a new NetworkTimeoutSec= option for
5696 setting a network timeout time.
5697
5b8fdb18
LB		 5698 * If a system service is running in a new mount namespace (RootDirectory=
5699 and friends), all file systems will be mounted with MS_NOSUID by
5700 default, unless the system is running with SELinux enabled.
5701
66e6128f
LP		 5702 * When enumerating time zones the timedatectl tool will now consult the
5703 'tzdata.zi' file shipped by the IANA time zone database package, in
5704 addition to 'zone1970.tab', as before. This makes sure time zone
5705 aliases are now correctly supported. Some distributions so far did
5706 not install this additional file, most do however. If you
5707 distribution does not install it yet, it might make sense to change
5708 that.
5709
3c88ade5
KHF		 5710 * Intel HID rfkill event is no longer masked, since it's the only
5711 source of rfkill event on newer HP laptops. To have both backward and
5712 forward compatibility, userspace daemon needs to debounce duplicated
5713 events in a short time window.
5714
b2f0876b 5715 Contributions from: Aakash Singh, adrian5, Albert Brox,
fc4340b0
LB		 5716 Alexander Sverdlin, Alexander Tsoy, Alexey Rubtsov, alexlzhu,
5717 Allen Webb, Alvin Šipraga, Alyssa Ross, Anders Wenhaug,
5718 Andrea Pappacoda, Anita Zhang, asavah, Balint Reczey, Bertrand Jacquin,
5719 borna-blazevic, caoxia2008cxx, Carlo Teubner, Christian Göttsche,
5720 Christian Hesse, Daniel Schaefer, Dan Streetman,
5721 David Santamaría Rogado, David Tardon, Deepak Rawat, dgcampea,
5722 Dimitri John Ledkov, ei-ke, Emilio Herrera, Emil Renner Berthing,
5723 Eric Cook, Flos Lonicerae, Franck Bui, Francois Gervais,
5724 Frantisek Sumsal, Gibeom Gwon, gitm0, Hamish Moffatt, Hans de Goede,
5725 Harsh Barsaiyan, Henri Chain, Hristo Venev, Icenowy Zheng, Igor Zhbanov,
5726 imayoda, Jakub Warczarek, James Buren, Jan Janssen, Jan Macku,
5727 Jan Synacek, Jason Francis, Jayanth Ananthapadmanaban, Jeremy Szu,
5728 Jérôme Carretero, Jesse Stricker, jiangchuangang, Joerg Behrmann,
5729 Jóhann B. Guðmundsson, Jörg Deckert, Jörg Thalheim, Juergen Hoetzel,
5730 Julia Kartseva, Kai-Heng Feng, Khem Raj, KoyamaSohei, laineantti,
5731 Lennart Poettering, LetzteInstanz, Luca Adrian L, Luca Boccassi,
5732 Lucas Magasweran, Mantas Mikulėnas, Marco Antonio Mauro, Mark Wielaard,
5733 Masahiro Matsuya, Matt Johnston, Michael Catanzaro, Michal Koutný,
5734 Michal Sekletár, Mike Crowe, Mike Kazantsev, Milan, milaq,
5735 Miroslav Suchý, Morten Linderud, nerdopolis, nl6720, Noah Meyerhans,
5736 Oleg Popov, Olle Lundberg, Ondrej Kozina, Paweł Marciniak, Perry.Yuan,
5737 Peter Hutterer, Peter Kjellerstedt, Peter Morrow, Phaedrus Leeds,
5738 plattrap, qhill, Raul Tambre, Roman Beranek, Roshan Shariff,
5739 Ryan Hendrickson, Samuel BF, scootergrisen, Sebastian Blunt,
5740 Seong-ho Cho, Sergey Bugaev, Sevan Janiyan, Sibo Dong, simmon,
5741 Simon Watts, Srinidhi Kaushik, Štěpán Němec, Steve Bonds, Susant Sahani,
5742 sverdlin, syyhao1994, Takashi Sakamoto, Topi Miettinen, tramsay,
5743 Trent Piepho, Uwe Kleine-König, Viktor Mihajlovski, Vincent Dechenaux,
5744 Vito Caputo, William A. Kennington III, Yangyang Shen, Yegor Alexeyev,
5745 Yi Gao, Yu Watanabe, Zbigniew Jędrzejewski-Szmek, zsien, наб
6969135f 5746
f6278558 5747 — Edinburgh, 2021-07-07
99c2a955 5748
94293d65
LB		 5749CHANGES WITH 248:
5750
6dd990f3
ZJS		 5751 * A concept of system extension images is introduced. Such images may
5752 be used to extend the /usr/ and /opt/ directory hierarchies at
5753 runtime with additional files (even if the file system is read-only).
5754 When a system extension image is activated, its /usr/ and /opt/
5755 hierarchies and os-release information are combined via overlayfs
5756 with the file system hierarchy of the host OS.
5757
5758 A new systemd-sysext tool can be used to merge, unmerge, list, and
5759 refresh system extension hierarchies. See
5760 https://www.freedesktop.org/software/systemd/man/systemd-sysext.html.
5761
5762 The systemd-sysext.service automatically merges installed system
5763 extensions during boot (before basic.target, but not in very early
5764 boot, since various file systems have to be mounted first).
5765
5766 The SYSEXT_LEVEL= field in os-release(5) may be used to specify the
5767 supported system extension level.
5768
873b5cbd
LB		 5769 * A new ExtensionImages= unit setting can be used to apply the same
5770 system extension image concept from systemd-sysext to the namespaced
5771 file hierarchy of specific services, following the same rules and
5772 constraints.
5773
33e68cce
ZJS		 5774 * Support for a new special "root=tmpfs" kernel command-line option has
5775 been added. When specified, a tmpfs is mounted on /, and mount.usr=
5776 should be used to point to the operating system implementation.
5777
6dd990f3 5778 * A new configuration file /etc/veritytab may be used to configure
2b6a8a4b
LP		 5779 dm-verity integrity protection for block devices. Each line is in the
5780 format "volume-name data-device hash-device roothash options",
5781 similar to /etc/crypttab.
6dd990f3 5782
2b6a8a4b 5783 * A new kernel command-line option systemd.verity.root_options= may be
6dd990f3
ZJS		 5784 used to configure dm-verity behaviour for the root device.
5785
5786 * The key file specified in /etc/crypttab (the third field) may now
1f3315b8
LP		 5787 refer to an AF_UNIX/SOCK_STREAM socket in the file system. The key is
5788 acquired by connecting to that socket and reading from it. This
5789 allows the implementation of a service to provide key information
5790 dynamically, at the moment when it is needed.
6dd990f3 5791
89b6acfd
ZJS		 5792 * When the hostname is set explicitly to "localhost", systemd-hostnamed
5793 will respect this. Previously such a setting would be mostly silently
5794 ignored. The goal is to honour configuration as specified by the
5795 user.
5796
5797 * The fallback hostname that will be used by the system manager and
5798 systemd-hostnamed can now be configured in two new ways: by setting
5799 DEFAULT_HOSTNAME= in os-release(5), or by setting
5800 $SYSTEMD_DEFAULT_HOSTNAME in the environment block. As before, it can
5801 also be configured during compilation. The environment variable is
5802 intended for testing and local overrides, the os-release(5) field is
5803 intended to allow customization by different variants of a
5804 distribution that share the same compiled packages.
5805
5806 * The environment block of the manager itself may be configured through
5807 a new ManagerEnvironment= setting in system.conf or user.conf. This
5808 complements existing ways to set the environment block (the kernel
5809 command line for the system manager, the inherited environment and
5810 user@.service unit file settings for the user manager).
5811
5812 * systemd-hostnamed now exports the default hostname and the source of
5813 the configured hostname ("static", "transient", or "default") as
5814 D-Bus properties.
5815
5816 * systemd-hostnamed now exports the "HardwareVendor" and
5817 "HardwareModel" D-Bus properties, which are supposed to contain a
5818 pair of cleaned up, human readable strings describing the system's
5819 vendor and model. It's typically sourced from the firmware's DMI
5820 tables, but may be augmented from a new hwdb database. hostnamectl
5821 shows this in the status output.
5822
1f3315b8
LP		 5823 * Support has been added to systemd-cryptsetup for extracting the
5824 PKCS#11 token URI and encrypted key from the LUKS2 JSON embedded
5825 metadata header. This allows the information how to open the
5826 encrypted device to be embedded directly in the device and obviates
5827 the need for configuration in an external file.
6dd990f3 5828
1f3315b8 5829 * systemd-cryptsetup gained support for unlocking LUKS2 volumes using
2b6a8a4b
LP		 5830 TPM2 hardware, as well as FIDO2 security tokens (in addition to the
5831 pre-existing support for PKCS#11 security tokens).
6dd990f3 5832
2b6a8a4b
LP		 5833 * systemd-repart may enroll encrypted partitions using TPM2
5834 hardware. This may be useful for example to create an encrypted /var
5835 partition bound to the machine on first boot.
6dd990f3 5836
1f3315b8
LP		 5837 * A new systemd-cryptenroll tool has been added to enroll TPM2, FIDO2
5838 and PKCS#11 security tokens to LUKS volumes, list and destroy
5839 them. See:
5840
dc7e580e 5841 https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html
1f3315b8
LP		 5842
5843 It also supports enrolling "recovery keys" and regular passphrases.
5844
5845 * The libfido2 dependency is now based on dlopen(), so that the library
2b6a8a4b
LP		 5846 is used at runtime when installed, but is not a hard runtime
5847 dependency.
1f3315b8
LP		 5848
5849 * systemd-cryptsetup gained support for two new options in
2b6a8a4b
LP		 5850 /etc/crypttab: "no-write-workqueue" and "no-read-workqueue" which
5851 request synchronous processing of encryption/decryption IO.
6dd990f3 5852
2b6a8a4b
LP		 5853 * The manager may be configured at compile time to use the fexecve()
5854 instead of the execve() system call when spawning processes. Using
5855 fexecve() closes a window between checking the security context of an
5856 executable and spawning it, but unfortunately the kernel displays
5857 stale information in the process' "comm" field, which impacts ps
5858 output and such.
6dd990f3
ZJS		 5859
5860 * The configuration option -Dcompat-gateway-hostname has been dropped.
5861 "_gateway" is now the only supported name.
5862
1f3315b8
LP		 5863 * The ConditionSecurity=tpm2 unit file setting may be used to check if
5864 the system has at least one TPM2 (tpmrm class) device.
6dd990f3 5865
2b6a8a4b
LP		 5866 * A new ConditionCPUFeature= has been added that may be used to
5867 conditionalize units based on CPU features. For example,
5868 ConditionCPUFeature=rdrand will condition a unit so that it is only
5869 run when the system CPU supports the RDRAND opcode.
5870
89b6acfd
ZJS		 5871 * The existing ConditionControlGroupController= setting has been
5872 extended with two new values "v1" and "v2". "v2" means that the
b49bb286 5873 unified v2 cgroup hierarchy is used, and "v1" means that legacy v1
89b6acfd
ZJS		 5874 hierarchy or the hybrid hierarchy are used.
5875
33e68cce
ZJS		 5876 * A new PrivateIPC= setting on a unit file allows executed processes to
5877 be moved into a private IPC namespace, with separate System V IPC
5878 identifiers and POSIX message queues.
5879
5880 A new IPCNamespacePath= allows the unit to be joined to an existing
5881 IPC namespace.
5882
64297c86 5883 * The tables of system calls in seccomp filters are now automatically
6dd990f3
ZJS		 5884 generated from kernel lists exported on
5885 https://fedora.juszkiewicz.com.pl/syscalls.html.
5886
5887 The following architectures should now have complete lists:
5888 alpha, arc, arm64, arm, i386, ia64, m68k, mips64n32, mips64, mipso32,
5889 powerpc, powerpc64, s390, s390x, tilegx, sparc, x86_64, x32.
5890
94293d65 5891 * The MountAPIVFS= service file setting now additionally mounts a tmpfs
6dd990f3
ZJS		 5892 on /run/ if it is not already a mount point. A writable /run/ has
5893 always been a requirement for a functioning system, but this was not
94293d65 5894 guaranteed when using a read-only image.
6dd990f3
ZJS		 5895
5896 Users can always specify BindPaths= or InaccessiblePaths= as
5897 overrides, and they will take precedence. If the host's root mount
5898 point is used, there is no change in behaviour.
5899
5900 * New bind mounts and file system image mounts may be injected into the
5901 mount namespace of a service (without restarting it). This is exposed
9ba008cb
LB		 5902 respectively as 'systemctl bind <unit> <path>…' and
5903 'systemctl mount-image <unit> <image>…'.
6dd990f3 5904
2b6a8a4b 5905 * The StandardOutput= and StandardError= settings can now specify files
6dd990f3
ZJS		 5906 to be truncated for output (as "truncate:<path>").
5907
5908 * The ExecPaths= and NoExecPaths= settings may be used to specify
5909 noexec for parts of the file system.
5910
1f3315b8 5911 * sd-bus has a new function sd_bus_open_user_machine() to open a
6dd990f3 5912 connection to the session bus of a specific user in a local container
2b6a8a4b
LP		 5913 or on the local host. This is exposed in the existing -M switch to
5914 systemctl and similar tools:
1f3315b8
LP		 5915
5916 systemctl --user -M lennart@foobar start foo
5917
5918 This will connect to the user bus of a user "lennart" in container
5919 "foobar". If no container name is specified, the specified user on
5920 the host itself is connected to
5921
5922 systemctl --user -M lennart@ start quux
6dd990f3 5923
6c41cf44
LP		 5924 * sd-bus also gained a convenience function sd_bus_message_send() to
5925 simplify invocations of sd_bus_send(), taking only a single
5926 parameter: the message to send.
1f3315b8
LP		 5927
5928 * sd-event allows rate limits to be set on event sources, for dealing
5929 with high-priority event sources that might starve out others. See
5930 the new man page sd_event_source_set_ratelimit(3) for details.
6dd990f3
ZJS		 5931
5932 * systemd.link files gained a [Link] Promiscuous= switch, which allows
5933 the device to be raised in promiscuous mode.
5934
5935 New [Link] TransmitQueues= and ReceiveQueues= settings allow the
5936 number of TX and RX queues to be configured.
5937
5938 New [Link] TransmitQueueLength= setting allows the size of the TX
5939 queue to be configured.
5940
5941 New [Link] GenericSegmentOffloadMaxBytes= and
5942 GenericSegmentOffloadMaxSegments= allow capping the packet size and
5943 the number of segments accepted in Generic Segment Offload.
5944
33e68cce
ZJS		 5945 * systemd-networkd gained support for the "B.A.T.M.A.N. advanced"
5946 wireless routing protocol that operates on ISO/OSI Layer 2 only and
5947 uses ethernet frames to route/bridge packets. This encompasses a new
5948 "batadv" netdev Type=, a new [BatmanAdvanced] section with a bunch of
5949 new settings in .netdev files, and a new BatmanAdvanced= setting in
5950 .network files.
5951
6dd990f3
ZJS		 5952 * systemd.network files gained a [Network] RouteTable= configuration
5953 switch to select the routing policy table.
5954
5955 systemd.network files gained a [RoutingPolicyRule] Type=
5956 configuration switch (one of "blackhole, "unreachable", "prohibit").
5957
5958 systemd.network files gained a [IPv6AcceptRA] RouteDenyList= and
5959 RouteAllowList= settings to ignore/accept route advertisements from
5960 routers matching specified prefixes. The DenyList= setting has been
5961 renamed to PrefixDenyList= and a new PrefixAllowList= option has been
5962 added.
5963
5964 systemd.network files gained a [DHCPv6] UseAddress= setting to
5965 optionally ignore the address provided in the lease.
5966
5967 systemd.network files gained a [DHCPv6PrefixDelegation]
5968 ManageTemporaryAddress= switch.
5969
33e68cce
ZJS		 5970 systemd.network files gained a new ActivationPolicy= setting which
5971 allows configuring how the UP state of an interface shall be managed,
b480543c 5972 i.e. whether the interface is always upped, always downed, or may be
6d18c13e 5973 upped/downed by the user using "ip link set dev".
1f3315b8 5974
897a2561
ZJS		 5975 * The default for the Broadcast= setting in .network files has slightly
5976 changed: the broadcast address will not be configured for wireguard
5977 devices.
5978
6dd990f3
ZJS		 5979 * systemd.netdev files gained a [VLAN] Protocol=, IngressQOSMaps=,
5980 EgressQOSMaps=, and [MACVLAN] BroadcastMulticastQueueLength=
5981 configuration options for VLAN packet handling.
5982
5983 * udev rules may now set log_level= option. This allows debug logs to
5984 be enabled for select events, e.g. just for a specific subsystem or
5985 even a single device.
5986
5987 * udev now exports the VOLUME_ID, LOGICAL_VOLUME_ID, VOLUME_SET_ID, and
2b6a8a4b
LP		 5988 DATA_PREPARED_ID properties for block devices with ISO9660 file
5989 systems.
6dd990f3 5990
2b6a8a4b
LP		 5991 * udev now exports decoded DMI information about installed memory slots
5992 as device properties under the /sys/class/dmi/id/ pseudo device.
6dd990f3 5993
2b6a8a4b 5994 * /dev/ is not mounted noexec anymore. This didn't provide any
64297c86
TM		 5995 significant security benefits and would conflict with the executable
5996 mappings used with /dev/sgx device nodes. The previous behaviour can
5997 be restored for individual services with NoExecPaths=/dev (or by allow-
5998 listing and excluding /dev from ExecPaths=).
6dd990f3 5999
de0b8991 6000 * Permissions for /dev/vsock are now set to 0o666, and /dev/vhost-vsock
6dd990f3
ZJS		 6001 and /dev/vhost-net are owned by the kvm group.
6002
6003 * The hardware database has been extended with a list of fingerprint
2b6a8a4b
LP		 6004 readers that correctly support USB auto-suspend using data from
6005 libfprint.
6dd990f3
ZJS		 6006
6007 * systemd-resolved can now answer DNSSEC questions through the stub
6008 resolver interface in a way that allows local clients to do DNSSEC
6009 validation themselves. For a question with DO+CD set, it'll proxy the
6010 DNS query and respond with a mostly unmodified packet received from
6011 the upstream server.
6012
1f3315b8
LP		 6013 * systemd-resolved learnt a new boolean option CacheFromLocalhost= in
6014 resolved.conf. If true the service will provide caching even for DNS
6015 lookups made to an upstream DNS server on the 127.0.0.1/::1
6016 addresses. By default (and when the option is false) systemd-resolved
6017 will not cache such lookups, in order to avoid duplicate local
6018 caching, under the assumption the local upstream server caches
6019 anyway.
6020
2b6a8a4b
LP		 6021 * systemd-resolved now implements RFC5001 NSID in its local DNS
6022 stub. This may be used by local clients to determine whether they are
6023 talking to the DNS resolver stub or a different DNS server.
6024
6025 * When resolving host names and other records resolvectl will now
6026 report where the data was acquired from (i.e. the local cache, the
6027 network, locally synthesized, …) and whether the network traffic it
6028 effected was encrypted or not. Moreover the tool acquired a number of
6029 new options --cache=, --synthesize=, --network=, --zone=,
6030 --trust-anchor=, --validate= that take booleans and may be used to
6031 tweak a lookup, i.e. whether it may be answered from cached
6032 information, locally synthesized information, information acquired
6033 through the network, the local mDNS/LLMNR zone, the DNSSEC trust
6034 anchor, and whether DNSSEC validation shall be executed for the
6035 lookup.
6036
9ba008cb 6037 * systemd-nspawn gained a new --ambient-capability= setting
6dd990f3
ZJS		 6038 (AmbientCapability= in .nspawn files) to configure ambient
6039 capabilities passed to the container payload.
6040
6041 * systemd-nspawn gained the ability to configure the firewall using the
1f3315b8 6042 nftables subsystem (in addition to the existing iptables
897a2561 6043 support). Similarly, systemd-networkd's IPMasquerade= option now
2b6a8a4b
LP		 6044 supports nftables as back-end, too. In both cases NAT on IPv6 is now
6045 supported too, in addition to IPv4 (the iptables back-end still is
1f3315b8
LP		 6046 IPv4-only).
6047
897a2561
ZJS		 6048 "IPMasquerade=yes", which was the same as "IPMasquerade=ipv4" before,
6049 retains its meaning, but has been deprecated. Please switch to either
6050 "ivp4" or "both" (if covering IPv6 is desired).
6051
1f3315b8
LP		 6052 * systemd-importd will now download .verity and .roothash.p7s files
6053 along with the machine image (as exposed via machinectl pull-raw).
6dd990f3
ZJS		 6054
6055 * systemd-oomd now gained a new DefaultMemoryPressureDurationSec=
6056 setting to configure the time a unit's cgroup needs to exceed memory
897a2561
ZJS		 6057 pressure limits before action will be taken, and a new
6058 ManagedOOMPreference=none|avoid|omit setting to avoid killing certain
6059 units.
6dd990f3
ZJS		 6060
6061 systemd-oomd is now considered fully supported (the usual
6b5e8240 6062 backwards-compatibility promises apply). Swap is not required for
6dd990f3
ZJS		 6063 operation, but it is still recommended.
6064
6065 * systemd-timesyncd gained a new ConnectionRetrySec= setting which
6066 configures the retry delay when trying to contact servers.
6067
6068 * systemd-stdio-bridge gained --system/--user options to connect to the
6069 system bus (previous default) or the user session bus.
6070
6dd990f3
ZJS		 6071 * systemd-localed may now call locale-gen to generate missing locales
6072 on-demand (UTF-8-only). This improves integration with Debian-based
6073 distributions (Debian/Ubuntu/PureOS/Tanglu/...) and Arch Linux.
6074
1f3315b8
LP		 6075 * systemctl --check-inhibitors=true may now be used to obey inhibitors
6076 even when invoked non-interactively. The old --ignore-inhibitors
6077 switch is now deprecated and replaced by --check-inhibitors=false.
6dd990f3
ZJS		 6078
6079 * systemctl import-environment will now emit a warning when called
6080 without any arguments (i.e. to import the full environment block of
6081 the called program). This command will usually be invoked from a
6082 shell, which means that it'll inherit a bunch of variables which are
6083 specific to that shell, and usually to the TTY the shell is connected
6084 to, and don't have any meaning in the global context of the system or
6085 user service manager. Instead, only specific variables should be
6086 imported into the manager environment block.
6087
6088 Similarly, programs which update the manager environment block by
6089 directly calling the D-Bus API of the manager, should also push
6090 specific variables, and not the full inherited environment.
6091
1f3315b8 6092 * systemctl's status output now shows unit state with a more careful
2b6a8a4b
LP		 6093 choice of Unicode characters: units in maintenance show a "○" symbol
6094 instead of the usual "●", failed units show "×", and services being
6095 reloaded "↻".
1f3315b8 6096
6dd990f3 6097 * coredumpctl gained a --debugger-arguments= switch to pass arguments
2b6a8a4b
LP		 6098 to the debugger. It also gained support for showing coredump info in
6099 a simple JSON format.
6100
6101 * systemctl/loginctl/machinectl's --signal= option now accept a special
6102 value "list", which may be used to show a brief table with known
6103 process signals and their numbers.
6dd990f3
ZJS		 6104
6105 * networkctl now shows the link activation policy in status.
6106
2b6a8a4b 6107 * Various tools gained --pager/--no-pager/--json= switches to
6dd990f3
ZJS		 6108 enable/disable the pager and provide JSON output.
6109
2b6a8a4b
LP		 6110 * Various tools now accept two new values for the SYSTEMD_COLORS
6111 environment variable: "16" and "256", to configure how many terminal
6112 colors are used in output.
6dd990f3 6113
2b6a8a4b
LP		 6114 * less 568 or newer is now required for the auto-paging logic of the
6115 various tools. Hyperlink ANSI sequences in terminal output are now
6116 used even if a pager is used, and older versions of less are not able
6117 to display these sequences correctly. SYSTEMD_URLIFY=0 may be used to
6118 disable this output again.
6dd990f3 6119
2b6a8a4b 6120 * Builds with support for separate / and /usr/ hierarchies ("split-usr"
6dd990f3
ZJS		 6121 builds, non-merged-usr builds) are now officially deprecated. A
6122 warning is emitted during build. Support is slated to be removed in
6123 about a year (when the Debian Bookworm release development starts).
6124
897a2561
ZJS		 6125 * Systems with the legacy cgroup v1 hierarchy are now marked as
6126 "tainted", to make it clearer that using the legacy hierarchy is not
6127 recommended.
6128
33e68cce
ZJS		 6129 * systemd-localed will now refuse to configure a keymap which is not
6130 installed in the file system. This is intended as a bug fix, but
6131 could break cases where systemd-localed was used to configure the
6132 keymap in advanced of it being installed. It is necessary to install
6133 the keymap file first.
6134
2b6a8a4b 6135 * The main git development branch has been renamed to 'main'.
94293d65 6136
26c59e4e
LB		 6137 * mmcblk[0-9]boot[0-9] devices will no longer be probed automatically
6138 for partitions, as in the vast majority of cases they contain none
6139 and are used internally by the bootloader (eg: uboot).
6140
1f3315b8
LP		 6141 * systemd will now set the $SYSTEMD_EXEC_PID environment variable for
6142 spawned processes to the PID of the process itself. This may be used
6143 by programs for detecting whether they were forked off by the service
6144 manager itself or are a process forked off further down the tree.
6145
897a2561
ZJS		 6146 * The sd-device API gained four new calls: sd_device_get_action() to
6147 determine the uevent add/remove/change/… action the device object has
6148 been seen for, sd_device_get_seqno() to determine the uevent sequence
6149 number, sd_device_new_from_stat_rdev() to allocate a new sd_device
6150 object from stat(2) data of a device node, and sd_device_trigger() to
6151 write to the 'uevent' attribute of a device.
2b6a8a4b
LP		 6152
6153 * For most tools the --no-legend= switch has been replaced by
6154 --legend=no and --legend=yes, to force whether tables are shown with
6155 headers/legends.
6156
6157 * Units acquired a new property "Markers" that takes a list of zero,
6158 one or two of the following strings: "needs-reload" and
6159 "needs-restart". These markers may be set via "systemctl
6160 set-property". Once a marker is set, "systemctl reload-or-restart
6161 --marked" may be invoked to execute the operation the units are
6162 marked for. This is useful for package managers that want to mark
6163 units for restart/reload while updating, but effect the actual
6164 operations at a later step at once.
6165
6166 * The sd_bus_message_read_strv() API call of sd-bus may now also be
6167 used to parse arrays of D-Bus signatures and D-Bus paths, in addition
6168 to regular strings.
6169
6170 * bootctl will now report whether the UEFI firmware used a TPM2 device
6171 and measured the boot process into it.
6172
6173 * systemd-tmpfiles learnt support for a new environment variable
6174 $SYSTEMD_TMPFILES_FORCE_SUBVOL which takes a boolean value. If true
6175 the v/q/Q lines in tmpfiles.d/ snippets will create btrfs subvolumes
6176 even if the root fs of the system is not itself a btrfs volume.
6177
6178 * systemd-detect-virt/ConditionVirtualization= will now explicitly
6179 detect Docker/Podman environments where possible. Moreover, they
6180 should be able to generically detect any container manager as long as
6181 it assigns the container a cgroup.
6182
6183 * portablectl gained a new "reattach" verb for detaching/reattaching a
6184 portable service image, useful for updating images on-the-fly.
6185
d94d261c
LP		 6186 * Intel SGX enclave device nodes (which expose a security feature of
6187 newer Intel CPUs) will now be owned by a new system group "sgx".
6188
8ce22551
ZJS		 6189 Contributions from: Adam Nielsen, Adrian Vovk, AJ Jordan, Alan Perry,
6190 Alastair Pharo, Alexander Batischev, Ali Abdallah, Andrew Balmos,
6191 Anita Zhang, Annika Wickert, Ansgar Burchardt, Antonio Terceiro,
6192 Antonius Frie, Ardy, Arian van Putten, Ariel Fermani, Arnaud T,
6193 A S Alam, Bastien Nocera, Benjamin Berg, Benjamin Robin, Björn Daase,
6194 caoxia, Carlo Wood, Charles Lee, ChopperRob, chri2, Christian Ehrhardt,
6195 Christian Hesse, Christopher Obbard, clayton craft, corvusnix, cprn,
6196 Daan De Meyer, Daniele Medri, Daniel Rusek, Dan Sanders, Dan Streetman,
6197 Darren Ng, David Edmundson, David Tardon, Deepak Rawat, Devon Pringle,
6198 Dmitry Borodaenko, dropsignal, Einsler Lee, Endre Szabo,
6199 Evgeny Vereshchagin, Fabian Affolter, Fangrui Song, Felipe Borges,
6200 feliperodriguesfr, Felix Stupp, Florian Hülsmann, Florian Klink,
6201 Florian Westphal, Franck Bui, Frantisek Sumsal, Gablegritule,
6202 Gaël PORTAY, Gaurav, Giedrius Statkevičius, Greg Depoire-Ferrer,
6203 Gustavo Costa, Hans de Goede, Hela Basa, heretoenhance, hide,
6204 Iago López Galeiras, igo95862, Ilya Dmitrichenko, Jameer Pathan,
6205 Jan Tojnar, Jiehong, Jinyuan Si, Joerg Behrmann, John Slade,
6206 Jonathan G. Underwood, Jonathan McDowell, Josh Triplett, Joshua Watt,
6207 Julia Cartwright, Julien Humbert, Kairui Song, Karel Zak,
6208 Kevin Backhouse, Kevin P. Fleming, Khem Raj, Konomi, krissgjeng,
6209 l4gfcm, Lajos Veres, Lennart Poettering, Lincoln Ramsay, Luca Boccassi,
6210 Luca BRUNO, Lucas Werkmeister, Luka Kudra, Luna Jernberg,
6211 Marc-André Lureau, Martin Wilck, Matthias Klumpp, Matt Turner,
6212 Michael Gisbers, Michael Marley, Michael Trapp, Michal Fabik,
6213 Michał Kopeć, Michal Koutný, Michal Sekletár, Michele Guerini Rocco,
6214 Mike Gilbert, milovlad, moson-mo, Nick, nihilix-melix, Oğuz Ersen,
6215 Ondrej Mosnacek, pali, Pavel Hrdina, Pavel Sapezhko, Perry Yuan,
6216 Peter Hutterer, Pierre Dubouilh, Piotr Drąg, Pjotr Vertaalt,
6217 Richard Laager, RussianNeuroMancer, Sam Lunt, Sebastiaan van Stijn,
6218 Sergey Bugaev, shenyangyang4, simmon, Simonas Kazlauskas,
6219 Slimane Selyan Amiri, Stefan Agner, Steve Ramage, Susant Sahani,
6220 Sven Mueller, Tad Fisher, Takashi Iwai, Thomas Haller, Tom Shield,
6221 Topi Miettinen, Torsten Hilbrich, tpgxyz, Tyler Hicks, ulf-f,
6222 Ulrich Ölmann, Vincent Pelletier, Vinnie Magro, Vito Caputo, Vlad,
6223 walbit-de, Whired Planck, wouter bolsterlee, Xℹ Ruoyao, Yangyang Shen,
6224 Yuri Chornoivan, Yu Watanabe, Zach Smith, Zbigniew Jędrzejewski-Szmek,
6225 Zmicer Turok, Дамјан Георгиевски
d94d261c 6226
9ca34cf5 6227 — Berlin, 2021-03-30
60d31370 6228
d0dcf59b 6229CHANGES WITH 247:
bf6e5c57 6230
d90922fb 6231 * KERNEL API INCOMPATIBILITY: Linux 4.14 introduced two new uevents
bf6e5c57
LP		 6232 "bind" and "unbind" to the Linux device model. When this kernel
6233 change was made, systemd-udevd was only minimally updated to handle
6234 and propagate these new event types. The introduction of these new
6235 uevents (which are typically generated for USB devices and devices
6236 needing a firmware upload before being functional) resulted in a
b182195a
ZJS		 6237 number of issues which we so far didn't address. We hoped the kernel
6238 maintainers would themselves address these issues in some form, but
6239 that did not happen. To handle them properly, many (if not most) udev
6240 rules files shipped in various packages need updating, and so do many
6241 programs that monitor or enumerate devices with libudev or sd-device,
6242 or otherwise process uevents. Please note that this incompatibility
6243 is not fault of systemd or udev, but caused by an incompatible kernel
832eedd1 6244 change that happened back in Linux 4.14, but is becoming more and
dc6a3162 6245 more visible as the new uevents are generated by more kernel drivers.
bf6e5c57
LP		 6246
6247 To minimize issues resulting from this kernel change (but not avoid
6248 them entirely) starting with systemd-udevd 247 the udev "tags"
6249 concept (which is a concept for marking and filtering devices during
6250 enumeration and monitoring) has been reworked: udev tags are now
6251 "sticky", meaning that once a tag is assigned to a device it will not
6252 be removed from the device again until the device itself is removed
6253 (i.e. unplugged). This makes sure that any application monitoring
6254 devices that match a specific tag is guaranteed to both see uevents
6255 where the device starts being relevant, and those where it stops
6256 being relevant (the latter now regularly happening due to the new
6257 "unbind" uevent type). The udev tags concept is hence now a concept
6258 tied to a *device* instead of a device *event* — unlike for example
6259 udev properties whose lifecycle (as before) is generally tied to a
6260 device event, meaning that the previously determined properties are
6261 forgotten whenever a new uevent is processed.
6262
6263 With the newly redefined udev tags concept, sometimes it's necessary
6264 to determine which tags are the ones applied by the most recent
6265 uevent/database update, in order to discern them from those
6266 originating from earlier uevents/database updates of the same
6267 device. To accommodate for this a new automatic property CURRENT_TAGS
6268 has been added that works similar to the existing TAGS property but
6269 only lists tags set by the most recent uevent/database
b182195a
ZJS		 6270 update. Similarly, the libudev/sd-device API has been updated with
6271 new functions to enumerate these 'current' tags, in addition to the
bf6e5c57
LP		 6272 existing APIs that now enumerate the 'sticky' ones.
6273
832eedd1 6274 To properly handle "bind"/"unbind" on Linux 4.14 and newer it is
bf6e5c57
LP		 6275 essential that all udev rules files and applications are updated to
6276 handle the new events. Specifically:
6277
6278 • All rule files that currently use a header guard similar to
6279 ACTION!="add|change",GOTO="xyz_end" should be updated to use
6280 ACTION=="remove",GOTO="xyz_end" instead, so that the
6281 properties/tags they add are also applied whenever "bind" (or
6282 "unbind") is seen. (This is most important for all physical device
b182195a
ZJS		 6283 types — those for which "bind" and "unbind" are currently
6284 generated, for all other device types this change is still
bf6e5c57
LP		 6285 recommended but not as important — but certainly prepares for
6286 future kernel uevent type additions).
6287
b182195a 6288 • Similarly, all code monitoring devices that contains an 'if' branch
bf6e5c57
LP		 6289 discerning the "add" + "change" uevent actions from all other
6290 uevents actions (i.e. considering devices only relevant after "add"
6291 or "change", and irrelevant on all other events) should be reworked
6292 to instead negatively check for "remove" only (i.e. considering
6293 devices relevant after all event types, except for "remove", which
6294 invalidates the device). Note that this also means that devices
6295 should be considered relevant on "unbind", even though conceptually
6296 this — in some form — invalidates the device. Since the precise
6297 effect of "unbind" is not generically defined, devices should be
6298 considered relevant even after "unbind", however I/O errors
6299 accessing the device should then be handled gracefully.
6300
6301 • Any code that uses device tags for deciding whether a device is
6302 relevant or not most likely needs to be updated to use the new
6303 udev_device_has_current_tag() API (or sd_device_has_current_tag()
db2db708
LP		 6304 in case sd-device is used), to check whether the tag is set at the
6305 moment an uevent is seen (as opposed to the existing
bf6e5c57
LP		 6306 udev_device_has_tag() API which checks if the tag ever existed on
6307 the device, following the API concept redefinition explained
6308 above).
6309
6310 We are very sorry for this breakage and the requirement to update
6311 packages using these interfaces. We'd again like to underline that
6312 this is not caused by systemd/udev changes, but result of a kernel
6313 behaviour change.
6314
7bfcc0de
LP		 6315 * UPCOMING INCOMPATIBILITY: So far most downstream distribution
6316 packages have not retriggered devices once the udev package (or any
6317 auxiliary package installing additional udev rules) is updated. We
6318 intend to work with major distributions to change this, so that
75271582 6319 "udevadm trigger -c change" is issued on such upgrades, ensuring that
7bfcc0de
LP		 6320 the updated ruleset is applied to the devices already discovered, so
6321 that (asynchronously) after the upgrade completed the udev database
6322 is consistent with the updated rule set. This means udev rules must
6323 be ready to be retriggered with a "change" action any time, and
6324 result in correct and complete udev database entries. While the
6325 majority of udev rule files known to us currently get this right,
6326 some don't. Specifically, there are udev rules files included in
6327 various packages that only set udev properties on the "add" action,
6328 but do not handle the "change" action. If a device matching those
6329 rules is retriggered with the "change" action (as is intended here)
6330 it would suddenly lose the relevant properties. This always has been
48e0abb5
YW		 6331 problematic, but as soon as all udev devices are triggered on relevant
6332 package upgrades this will become particularly so. It is strongly
6333 recommended to fix offending rules so that they can handle a "change"
6334 action at any time, and acquire all necessary udev properties even
6335 then. Or in other words: the header guard mentioned above
6336 (ACTION=="remove",GOTO="xyz_end") is the correct approach to handle
6337 this, as it makes sure rules are rerun on "change" correctly, and
6338 accumulate the correct and complete set of udev properties. udev rule
6339 definitions that cannot handle "change" events being triggered at
6340 arbitrary times should be considered buggy.
7bfcc0de 6341
db2db708 6342 * The MountAPIVFS= service file setting now defaults to on if
b182195a
ZJS		 6343 RootImage= and RootDirectory= are used, which means that with those
6344 two settings /proc/, /sys/ and /dev/ are automatically properly set
6345 up for services. Previous behaviour may be restored by explicitly
6346 setting MountAPIVFS=off.
db2db708 6347
bae66f4b
LP		 6348 * Since PAM 1.2.0 (2015) configuration snippets may be placed in
6349 /usr/lib/pam.d/ in addition to /etc/pam.d/. If a file exists in the
6350 latter it takes precedence over the former, similar to how most of
6351 systemd's own configuration is handled. Given that PAM stack
6352 definitions are primarily put together by OS vendors/distributions
69e3234d 6353 (though possibly overridden by users), this systemd release moves its
bae66f4b
LP		 6354 own PAM stack configuration for the "systemd-user" PAM service (i.e.
6355 for the PAM session invoked by the per-user user@.service instance)
6356 from /etc/pam.d/ to /usr/lib/pam.d/. We recommend moving all
6357 packages' vendor versions of their PAM stack definitions from
6358 /etc/pam.d/ to /usr/lib/pam.d/, but if such OS-wide migration is not
6359 desired the location to which systemd installs its PAM stack
b182195a 6360 configuration may be changed via the -Dpamconfdir Meson option.
bae66f4b 6361
dc6a3162
LP		 6362 * The runtime dependencies on libqrencode, libpcre2, libidn/libidn2,
6363 libpwquality and libcryptsetup have been changed to be based on
6364 dlopen(): instead of regular dynamic library dependencies declared in
6365 the binary ELF headers, these libraries are now loaded on demand
6366 only, if they are available. If the libraries cannot be found the
6367 relevant operations will fail gracefully, or a suitable fallback
6368 logic is chosen. This is supposed to be useful for general purpose
6369 distributions, as it allows minimizing the list of dependencies the
6370 systemd packages pull in, permitting building of more minimal OS
6371 images, while still making use of these "weak" dependencies should
6372 they be installed. Since many package managers automatically
6373 synthesize package dependencies from ELF shared library dependencies,
6374 some additional manual packaging work has to be done now to replace
6375 those (slightly downgraded from "required" to "recommended" or
6376 whatever is conceptually suitable for the package manager). Note that
6377 this change does not alter build-time behaviour: as before the
6378 build-time dependencies have to be installed during build, even if
6379 they now are optional during runtime.
db2db708
LP		 6380
6381 * sd-event.h gained a new call sd_event_add_time_relative() for
6382 installing timers relative to the current time. This is mostly a
6383 convenience wrapper around the pre-existing sd_event_add_time() call
6384 which installs absolute timers.
6385
dc6a3162
LP		 6386 * sd-event event sources may now be placed in a new "exit-on-failure"
6387 mode, which may be controlled via the new
6388 sd_event_source_get_exit_on_failure() and
6389 sd_event_source_set_exit_on_failure() functions. If enabled, any
6390 failure returned by the event source handler functions will result in
6391 exiting the event loop (unlike the default behaviour of just
6392 disabling the event source but continuing with the event loop). This
6393 feature is useful to set for all event sources that define "primary"
6394 program behaviour (where failure should be fatal) in contrast to
6395 "auxiliary" behaviour (where failure should remain local).
6396
6397 * Most event source types sd-event supports now accept a NULL handler
6398 function, in which case the event loop is exited once the event
6399 source is to be dispatched, using the userdata pointer — converted to
6400 a signed integer — as exit code of the event loop. Previously this
6401 was supported for IO and signal event sources already. Exit event
6402 sources still do not support this (simply because it makes little
6403 sense there, as the event loop is already exiting when they are
6404 dispatched).
6405
db2db708
LP		 6406 * A new per-unit setting RootImageOptions= has been added which allows
6407 tweaking the mount options for any file system mounted as effect of
6408 the RootImage= setting.
6409
6410 * Another new per-unit setting MountImages= has been added, that allows
6411 mounting additional disk images into the file system tree accessible
6412 to the service.
6413
6fc5b951 6414 * Timer units gained a new FixedRandomDelay= boolean setting. If
b5e798de
ZJS		 6415 enabled, the random delay configured with RandomizedDelaySec= is
6416 selected in a way that is stable on a given system (though still
6417 different for different units).
6fc5b951
LP		 6418
6419 * Socket units gained a new setting Timestamping= that takes "us", "ns"
6420 or "off". This controls the SO_TIMESTAMP/SO_TIMESTAMPNS socket
6421 options.
6422
b182195a
ZJS		 6423 * systemd-repart now generates JSON output when requested with the new
6424 --json= switch.
db2db708
LP		 6425
6426 * systemd-machined's OpenMachineShell() bus call will now pass
6427 additional policy metadata data fields to the PolicyKit
6428 authentication request.
6429
6430 * systemd-tmpfiles gained a new -E switch, which is equivalent to
6431 --exclude-prefix=/dev --exclude-prefix=/proc --exclude=/run
6432 --exclude=/sys. It's particularly useful in combination with --root=,
6433 when operating on OS trees that do not have any of these four runtime
6434 directories mounted, as this means no files below these subtrees are
6435 created or modified, since those mount points should probably remain
6436 empty.
6437
b182195a
ZJS		 6438 * systemd-tmpfiles gained a new --image= switch which is like --root=,
6439 but takes a disk image instead of a directory as argument. The
6440 specified disk image is mounted inside a temporary mount namespace
6441 and the tmpfiles.d/ drop-ins stored in the image are executed and
6442 applied to the image. systemd-sysusers similarly gained a new
6443 --image= switch, that allows the sysusers.d/ drop-ins stored in the
6444 image to be applied onto the image.
db2db708 6445
b182195a
ZJS		 6446 * Similarly, the journalctl command also gained an --image= switch,
6447 which is a quick one-step solution to look at the log data included
6448 in OS disk images.
db2db708
LP		 6449
6450 * journalctl's --output=cat option (which outputs the log content
6451 without any metadata, just the pure text messages) will now make use
b182195a 6452 of terminal colors when run on a suitable terminal, similarly to the
db2db708
LP		 6453 other output modes.
6454
6455 * JSON group records now support a "description" string that may be
6456 used to add a human-readable textual description to such groups. This
6457 is supposed to match the user's GECOS field which traditionally
6458 didn't have a counterpart for group records.
6459
6460 * The "systemd-dissect" tool that may be used to inspect OS disk images
6461 and that was previously installed to /usr/lib/systemd/ has now been
b182195a 6462 moved to /usr/bin/, reflecting its updated status of an officially
db2db708
LP		 6463 supported tool with a stable interface. It gained support for a new
6464 --mkdir switch which when combined with --mount has the effect of
6465 creating the directory to mount the image to if it is missing
6466 first. It also gained two new commands --copy-from and --copy-to for
6467 copying files and directories in and out of an OS image without the
6468 need to manually mount it. It also acquired support for a new option
b182195a 6469 --json= to generate JSON output when inspecting an OS image.
db2db708
LP		 6470
6471 * The cgroup2 file system is now mounted with the
6472 "memory_recursiveprot" mount option, supported since kernel 5.7. This
6473 means that the MemoryLow= and MemoryMin= unit file settings now apply
6474 recursively to whole subtrees.
6475
6476 * systemd-homed now defaults to using the btrfs file system — if
6477 available — when creating home directories in LUKS volumes. This may
b182195a
ZJS		 6478 be changed with the DefaultFileSystemType= setting in homed.conf.
6479 It's now the default file system in various major distributions and
6480 has the major benefit for homed that it can be grown and shrunk while
6481 mounted, unlike the other contenders ext4 and xfs, which can both be
6482 grown online, but not shrunk (in fact xfs is the technically most
6483 limited option here, as it cannot be shrunk at all).
db2db708
LP		 6484
6485 * JSON user records managed by systemd-homed gained support for
6486 "recovery keys". These are basically secondary passphrases that can
b182195a
ZJS		 6487 unlock user accounts/home directories. They are computer-generated
6488 rather than user-chosen, and typically have greater entropy.
6489 homectl's --recovery-key= option may be used to add a recovery key to
6490 a user account. The generated recovery key is displayed as a QR code,
6491 so that it can be scanned to be kept in a safe place. This feature is
6492 particularly useful in combination with systemd-homed's support for
6493 FIDO2 or PKCS#11 authentication, as a secure fallback in case the
6494 security tokens are lost. Recovery keys may be entered wherever the
6495 system asks for a password.
db2db708
LP		 6496
6497 * systemd-homed now maintains a "dirty" flag for each LUKS encrypted
b182195a 6498 home directory which indicates that a home directory has not been
db2db708
LP		 6499 deactivated cleanly when offline. This flag is useful to identify
6500 home directories for which the offline discard logic did not run when
6501 offlining, and where it would be a good idea to log in again to catch
6502 up.
6503
6504 * systemctl gained a new parameter --timestamp= which may be used to
6505 change the style in which timestamps are output, i.e. whether to show
6506 them in local timezone or UTC, or whether to show µs granularity.
6507
6508 * Alibaba's "pouch" container manager is now detected by
dc6a3162
LP		 6509 systemd-detect-virt, ConditionVirtualization= and similar
6510 constructs. Similar, they now also recognize IBM PowerVM machine
6511 virtualization.
db2db708
LP		 6512
6513 * systemd-nspawn has been reworked to use the /run/host/incoming/ as
6514 place to use for propagating external mounts into the
b182195a
ZJS		 6515 container. Similarly /run/host/notify is now used as the socket path
6516 for container payloads to communicate with the container manager
6517 using sd_notify(). The container manager now uses the
6518 /run/host/inaccessible/ directory to place "inaccessible" file nodes
6519 of all relevant types which may be used by the container payload as
6520 bind mount source to over-mount inodes to make them inaccessible.
6521 /run/host/container-manager will now be initialized with the same
6522 string as the $container environment variable passed to the
6523 container's PID 1. /run/host/container-uuid will be initialized with
6524 the same string as $container_uuid. This means the /run/host/
6525 hierarchy is now the primary way to make host resources available to
6526 the container. The Container Interface documents these new files and
6527 directories:
db2db708
LP		 6528
6529 https://systemd.io/CONTAINER_INTERFACE
6530
6531 * Support for the "ConditionNull=" unit file condition has been
b182195a
ZJS		 6532 deprecated and undocumented for 6 years. systemd started to warn
6533 about its use 1.5 years ago. It has now been removed entirely.
db2db708 6534
db2db708
LP		 6535 * sd-bus.h gained a new API call sd_bus_error_has_names(), which takes
6536 a sd_bus_error struct and a list of error names, and checks if the
6537 error matches one of these names. It's a convenience wrapper that is
6538 useful in cases where multiple errors shall be handled the same way.
6539
6540 * A new system call filter list "@known" has been added, that contains
b182195a 6541 all system calls known at the time systemd was built.
db2db708
LP		 6542
6543 * Behaviour of system call filter allow lists has changed slightly:
387f6955 6544 system calls that are contained in @known will result in EPERM by
db2db708 6545 default, while those not contained in it result in ENOSYS. This
dc6a3162 6546 should improve compatibility because known system calls will thus be
db2db708
LP		 6547 communicated as prohibited, while unknown (and thus newer ones) will
6548 be communicated as not implemented, which hopefully has the greatest
6549 chance of triggering the right fallback code paths in client
6550 applications.
6551
dc6a3162
LP		 6552 * "systemd-analyze syscall-filter" will now show two separate sections
6553 at the bottom of the output: system calls known during systemd build
6554 time but not included in any of the filter groups shown above, and
6555 system calls defined on the local kernel but known during systemd
6556 build time.
6557
6558 * If the $SYSTEMD_LOG_SECCOMP=1 environment variable is set for
6559 systemd-nspawn all system call filter violations will be logged by
6560 the kernel (audit). This is useful for tracking down system calls
6561 invoked by container payloads that are prohibited by the container's
6562 system call filter policy.
6563
6fc5b951
LP		 6564 * If the $SYSTEMD_SECCOMP=0 environment variable is set for
6565 systemd-nspawn (and other programs that use seccomp) all seccomp
6566 filtering is turned off.
6567
db2db708 6568 * Two new unit file settings ProtectProc= and ProcSubset= have been
b182195a
ZJS		 6569 added that expose the hidepid= and subset= mount options of procfs.
6570 All processes of the unit will only see processes in /proc that are
6571 are owned by the unit's user. This is an important new sandboxing
6572 option that is recommended to be set on all system services. All
6573 long-running system services that are included in systemd itself set
6574 this option now. This option is only supported on kernel 5.8 and
6575 above, since the hidepid= option supported on older kernels was not a
6576 per-mount option but actually applied to the whole PID namespace.
db2db708
LP		 6577
6578 * Socket units gained a new boolean setting FlushPending=. If enabled
6579 all pending socket data/connections are flushed whenever the socket
6580 unit enters the "listening" state, i.e. after the associated service
6581 exited.
6582
b182195a
ZJS		 6583 * The unit file setting NUMAMask= gained a new "all" value: when used,
6584 all existing NUMA nodes are added to the NUMA mask.
db2db708
LP		 6585
6586 * A new "credentials" logic has been added to system services. This is
6587 a simple mechanism to pass privileged data to services in a safe and
6588 secure way. It's supposed to be used to pass per-service secret data
6589 such as passwords or cryptographic keys but also associated less
6590 private information such as user names, certificates, and similar to
6591 system services. Each credential is identified by a short user-chosen
6592 name and may contain arbitrary binary data. Two new unit file
b182195a
ZJS		 6593 settings have been added: SetCredential= and LoadCredential=. The
6594 former allows setting a credential to a literal string, the latter
6595 sets a credential to the contents of a file (or data read from a
6596 user-chosen AF_UNIX stream socket). Credentials are passed to the
6597 service via a special credentials directory, one file for each
6598 credential. The path to the credentials directory is passed in a new
6599 $CREDENTIALS_DIRECTORY environment variable. Since the credentials
db2db708 6600 are passed in the file system they may be easily referenced in
b182195a
ZJS		 6601 ExecStart= command lines too, thus no explicit support for the
6602 credentials logic in daemons is required (though ideally daemons
6603 would look for the bits they need in $CREDENTIALS_DIRECTORY
6604 themselves automatically, if set). The $CREDENTIALS_DIRECTORY is
6605 backed by unswappable memory if privileges allow it, immutable if
6606 privileges allow it, is accessible only to the service's UID, and is
6607 automatically destroyed when the service stops.
db2db708
LP		 6608
6609 * systemd-nspawn supports the same credentials logic. It can both
6610 consume credentials passed to it via the aforementioned
6611 $CREDENTIALS_DIRECTORY protocol as well as pass these credentials on
6612 to its payload. The service manager/PID 1 has been updated to match
6613 this: it can also accept credentials from the container manager that
b182195a
ZJS		 6614 invokes it (in fact: any process that invokes it), and passes them on
6615 to its services. Thus, credentials can be propagated recursively down
6616 the tree: from a system's service manager to a systemd-nspawn
6617 service, to the service manager that runs as container payload and to
6618 the service it runs below. Credentials may also be added on the
6619 systemd-nspawn command line, using new --set-credential= and
6620 --load-credential= command line switches that match the
6621 aforementioned service settings.
db2db708
LP		 6622
6623 * systemd-repart gained new settings Format=, Encrypt=, CopyFiles= in
6624 the partition drop-ins which may be used to format/LUKS
6625 encrypt/populate any created partitions. The partitions are
6626 encrypted/formatted/populated before they are registered in the
b182195a
ZJS		 6627 partition table, so that they appear atomically: either the
6628 partitions do not exist yet or they exist fully encrypted, formatted,
6629 and populated — there is no time window where they are
6630 "half-initialized". Thus the system is robust to abrupt shutdown: if
6631 the tool is terminated half-way during its operations on next boot it
6632 will start from the beginning.
db2db708
LP		 6633
6634 * systemd-repart's --size= operation gained a new "auto" value. If
6635 specified, and operating on a loopback file it is automatically sized
6636 to the minimal size the size constraints permit. This is useful to
6637 use "systemd-repart" as an image builder for minimally sized images.
6638
b182195a
ZJS		 6639 * systemd-resolved now gained a third IPC interface for requesting name
6640 resolution: besides D-Bus and local DNS to 127.0.0.53 a Varlink
6641 interface is now supported. The nss-resolve NSS module has been
6642 modified to use this new interface instead of D-Bus. Using Varlink
6643 has a major benefit over D-Bus: it works without a broker service,
6644 and thus already during earliest boot, before the dbus daemon has
6645 been started. This means name resolution via systemd-resolved now
6646 works at the same time systemd-networkd operates: from earliest boot
6647 on, including in the initrd.
db2db708
LP		 6648
6649 * systemd-resolved gained support for a new DNSStubListenerExtra=
6650 configuration file setting which may be used to specify additional IP
6651 addresses the built-in DNS stub shall listen on, in addition to the
6652 main one on 127.0.0.53:53.
6653
6654 * Name lookups issued via systemd-resolved's D-Bus and Varlink
6655 interfaces (and thus also via glibc NSS if nss-resolve is used) will
6656 now honour a trailing dot in the hostname: if specified the search
b182195a
ZJS		 6657 path logic is turned off. Thus "resolvectl query foo." is now
6658 equivalent to "resolvectl query --search=off foo.".
db2db708
LP		 6659
6660 * systemd-resolved gained a new D-Bus property "ResolvConfMode" that
6661 exposes how /etc/resolv.conf is currently managed: by resolved (and
6662 in which mode if so) or another subsystem. "resolvctl" will display
6663 this property in its status output.
6664
6665 * The resolv.conf snippets systemd-resolved provides will now set "."
b182195a
ZJS		 6666 as the search domain if no other search domain is known. This turns
6667 off the derivation of an implicit search domain by nss-dns for the
6668 hostname, when the hostname is set to an FQDN. This change is done to
6669 make nss-dns using resolv.conf provided by systemd-resolved behave
6670 more similarly to nss-resolve.
db2db708
LP		 6671
6672 * systemd-tmpfiles' file "aging" logic (i.e. the automatic clean-up of
6673 /tmp/ and /var/tmp/ based on file timestamps) now looks at the
b182195a
ZJS		 6674 "birth" time (btime) of a file in addition to the atime, mtime, and
6675 ctime.
db2db708
LP		 6676
6677 * systemd-analyze gained a new verb "capability" that lists all known
6678 capabilities by the systemd build and by the kernel.
6679
6680 * If a file /usr/lib/clock-epoch exists, PID 1 will read its mtime and
6681 advance the system clock to it at boot if it is noticed to be before
6682 that time. Previously, PID 1 would only advance the time to an epoch
6683 time that is set during build-time. With this new file OS builders
6684 can change this epoch timestamp on individual OS images without
6685 having to rebuild systemd.
6686
6687 * systemd-logind will now listen to the KEY_RESTART key from the Linux
b182195a
ZJS		 6688 input layer and reboot the system if it is pressed, similarly to how
6689 it already handles KEY_POWER, KEY_SUSPEND or KEY_SLEEP. KEY_RESTART
6690 was originally defined in the Multimedia context (to restart playback
6691 of a song or film), but is now primarily used in various embedded
6692 devices for "Reboot" buttons. Accordingly, systemd-logind will now
6693 honour it as such. This may configured in more detail via the new
db2db708
LP		 6694 HandleRebootKey= and RebootKeyIgnoreInhibited=.
6695
6696 * systemd-nspawn/systemd-machined will now reconstruct hardlinks when
6697 copying OS trees, for example in "systemd-nspawn --ephemeral",
6698 "systemd-nspawn --template=", "machinectl clone" and similar. This is
6699 useful when operating with OSTree images, which use hardlinks heavily
6700 throughout, and where such copies previously resulting in "exploding"
6701 hardlinks.
6702
6703 * systemd-nspawn's --console= setting gained support for a new
6704 "autopipe" value, which is identical to "interactive" when invoked on
6705 a TTY, and "pipe" otherwise.
6706
6707 * systemd-networkd's .network files gained support for explicitly
6708 configuring the multicast membership entries of bridge devices in the
6709 [BridgeMDB] section. It also gained support for the PIE queuing
6710 discipline in the [FlowQueuePIE] sections.
6711
6712 * systemd-networkd's .netdev files may now be used to create "BareUDP"
905a03e7 6713 tunnels, configured in the new [BareUDP] setting.
db2db708 6714
dc6a3162 6715 * systemd-networkd's Gateway= setting in .network files now accepts the
70a51d7e
YW		 6716 special values "_dhcp4" and "_ipv6ra" to configure additional,
6717 locally defined, explicit routes to the gateway acquired via DHCP or
6718 IPv6 Router Advertisements. The old setting "_dhcp" is deprecated,
6719 but still accepted for backwards compatibility.
dc6a3162 6720
cb9a48a9
ZJS		 6721 * systemd-networkd's [IPv6PrefixDelegation] section and
6722 IPv6PrefixDelegation= options have been renamed as [IPv6SendRA] and
6723 IPv6SendRA= (the old names are still accepted for backwards
6724 compatibility).
6725
70a51d7e
YW		 6726 * systemd-networkd's .network files gained the DHCPv6PrefixDelegation=
6727 boolean setting in [Network] section. If enabled, the delegated prefix
6728 gained by another link will be configured, and an address within the
6729 prefix will be assigned.
6730
6731 * systemd-networkd's .network files gained the Announce= boolean setting
6732 in [DHCPv6PrefixDelegation] section. When enabled, the delegated
6733 prefix will be announced through IPv6 router advertisement (IPv6 RA).
6734 The setting is enabled by default.
6735
905a03e7
ZJS		 6736 * VXLAN tunnels may now be marked as independent of any underlying
6737 network interface via the new Independent= boolean setting.
70a51d7e 6738
b182195a
ZJS		 6739 * systemctl gained support for two new verbs: "service-log-level" and
6740 "service-log-target" may be used on services that implement the
6741 generic org.freedesktop.LogControl1 D-Bus interface to dynamically
6742 adjust the log level and target. All of systemd's long-running
6743 services support this now, but ideally all system services would
6744 implement this interface to make the system more uniformly
db2db708
LP		 6745 debuggable.
6746
6747 * The SystemCallErrorNumber= unit file setting now accepts the new
6748 "kill" and "log" actions, in addition to arbitrary error number
10f34849
YW		 6749 specifications as before. If "kill" the processes are killed on the
6750 event, if "log" the offending system call is audit logged.
db2db708
LP		 6751
6752 * A new SystemCallLog= unit file setting has been added that accepts a
dc6a3162 6753 list of system calls that shall be logged about (audit).
db2db708
LP		 6754
6755 * The OS image dissection logic (as used by RootImage= in unit files or
b182195a 6756 systemd-nspawn's --image= switch) has gained support for identifying
db2db708
LP		 6757 and mounting explicit /usr/ partitions, which are now defined in the
6758 discoverable partition specification. This should be useful for
6759 environments where the root file system is
6760 generated/formatted/populated dynamically on first boot and combined
6761 with an immutable /usr/ tree that is supplied by the vendor.
6762
6763 * In the final phase of shutdown, within the systemd-shutdown binary
6764 we'll now try to detach MD devices (i.e software RAID) in addition to
6765 loopback block devices and DM devices as before. This is supposed to
6766 be a safety net only, in order to increase robustness if things go
6767 wrong. Storage subsystems are expected to properly detach their
6768 storage volumes during regular shutdown already (or in case of
6769 storage backing the root file system: in the initrd hook we return to
6770 later).
6771
6772 * If the SYSTEMD_LOG_TID environment variable is set all systemd tools
6773 will now log the thread ID in their log output. This is useful when
6774 working with heavily threaded programs.
6775
dc6a3162 6776 * If the SYSTEMD_RDRAND environment variable is set to "0", systemd will
b182195a
ZJS		 6777 not use the RDRAND CPU instruction. This is useful in environments
6778 such as replay debuggers where non-deterministic behaviour is not
6779 desirable.
db2db708 6780
dc6a3162
LP		 6781 * The autopaging logic in systemd's various tools (such as systemctl)
6782 has been updated to turn on "secure" mode in "less"
6783 (i.e. $LESSECURE=1) if execution in a "sudo" environment is
6784 detected. This disables invoking external programs from the pager,
6785 via the pipe logic. This behaviour may be overridden via the new
6786 $SYSTEMD_PAGERSECURE environment variable.
db2db708 6787
6e88f9e7
ZJS		 6788 * Units which have resource limits (.service, .mount, .swap, .slice,
6789 .socket, and .slice) gained new configuration settings
6790 ManagedOOMSwap=, ManagedOOMMemoryPressure=, and
90616bb9 6791 ManagedOOMMemoryPressureLimitPercent= that specify resource pressure
6e88f9e7
ZJS		 6792 limits and optional action taken by systemd-oomd.
6793
6794 * A new service systemd-oomd has been added. It monitors resource
6795 contention for selected parts of the unit hierarchy using the PSI
6796 information reported by the kernel, and kills processes when memory
6797 or swap pressure is above configured limits. This service is only
08c1864f
ZJS		 6798 enabled by default in developer mode (see below) and should be
6799 considered a preview in this release. Behaviour details and option
6800 names are subject to change without the usual backwards-compatibility
6801 promises.
6e88f9e7
ZJS		 6802
6803 * A new helper oomctl has been added to introspect systemd-oomd state.
042b028a 6804 It is only enabled by default in developer mode and should be
08c1864f
ZJS		 6805 considered a preview without the usual backwards-compatibility
6806 promises.
6e88f9e7
ZJS		 6807
6808 * New meson option -Dcompat-mutable-uid-boundaries= has been added. If
6809 enabled, systemd reads the system UID boundaries from /etc/login.defs
6810 at runtime, instead of using the built-in values selected during
6811 build. This is an option to improve compatibility for upgrades from
6812 old systems. It's strongly recommended not to make use of this
6813 functionality on new systems (or even enable it during build), as it
6814 makes something runtime-configurable that is mostly an implementation
6815 detail of the OS, and permits avoidable differences in deployments
6816 that create all kinds of problems in the long run.
6817
6818 * New meson option '-Dmode=developer|release' has been added. When
6819 'developer', additional checks and features are enabled that are
6820 relevant during upstream development, e.g. verification that
6821 semi-automatically-generated documentation has been properly updated
6822 following API changes. Those checks are considered hints for
6823 developers and are not actionable in downstream builds. In addition,
6824 extra features that are not ready for general consumption may be
6825 enabled in developer mode. It is thus recommended to set
6826 '-Dmode=release' in end-user and distro builds.
6827
da7511d5
LP		 6828 * systemd-cryptsetup gained support for processing detached LUKS
6829 headers specified on the kernel command line via the header=
6830 parameter of the luks.options= kernel command line option. The same
6831 device/path syntax as for key files is supported for header files
6832 like this.
6833
6834 * The "net_id" built-in of udev has been updated to ignore ACPI _SUN
6835 slot index data for devices that are connected through a PCI bridge
6836 where the _SUN index is associated with the bridge instead of the
6837 network device itself. Previously this would create ambiguous device
6838 naming if multiple network interfaces were connected to the same PCI
6839 bridge. Since this is a naming scheme incompatibility on systems that
6840 possess hardware like this it has been introduced as new naming
6841 scheme "v247". The previous scheme can be selected via the
78266a54 6842 "net.naming_scheme=v245" kernel command line parameter.
da7511d5
LP		 6843
6844 * ConditionFirstBoot= semantics have been modified to be safe towards
6845 abnormal system power-off during first boot. Specifically, the
6846 "systemd-machine-id-commit.service" service now acts as boot
6847 milestone indicating when the first boot process is sufficiently
6848 complete in order to not consider the next following boot also a
6849 first boot. If the system is reset before this unit is reached the
6850 first time, the next boot will still be considered a first boot; once
6851 it has been reached, no further boots will be considered a first
6852 boot. The "first-boot-complete.target" unit now acts as official hook
6853 point to order against this. If a service shall be run on every boot
6854 until the first boot fully succeeds it may thus be ordered before
6855 this target unit (and pull it in) and carry ConditionFirstBoot=
6856 appropriately.
6857
6858 * bootctl's set-default and set-oneshot commands now accept the three
6859 special strings "@default", "@oneshot", "@current" in place of a boot
6860 entry id. These strings are resolved to the current default and
6861 oneshot boot loader entry, as well as the currently booted one. Thus
6862 a command "bootctl set-default @current" may be used to make the
6863 currently boot menu item the new default for all subsequent boots.
6864
da7511d5
LP		 6865 * "systemctl edit" has been updated to show the original effective unit
6866 contents in commented form in the text editor.
6867
9101cd1a
ZJS		 6868 * Units in user mode are now segregated into three new slices:
6869 session.slice (units that form the core of graphical session),
6870 app.slice ("normal" user applications), and background.slice
6871 (low-priority tasks). Unless otherwise configured, user units are
6872 placed in app.slice. The plan is to add resource limits and
6873 protections for the different slices in the future.
6874
7bfcc0de
LP		 6875 * New GPT partition types for RISCV32/64 for the root and /usr
6876 partitions, and their associated Verity partitions have been defined,
6877 and are now understood by systemd-gpt-auto-generator, and the OS
6878 image dissection logic.
6879
a5322567 6880 Contributions from: Adolfo Jayme Barrientos, afg, Alec Moskvin, Alyssa
6fc5b951 6881 Ross, Amitanand Chikorde, Andrew Hangsleben, Anita Zhang, Ansgar
a5322567
LP		 6882 Burchardt, Arian van Putten, Aurelien Jarno, Axel Rasmussen, bauen1,
6883 Beniamino Galvani, Benjamin Berg, Bjørn Mork, brainrom, Chandradeep
d0dcf59b
ZJS		 6884 Dey, Charles Lee, Chris Down, Christian Göttsche, Christof Efkemann,
6885 Christoph Ruegge, Clemens Gruber, Daan De Meyer, Daniele Medri, Daniel
6886 Mack, Daniel Rusek, Dan Streetman, David Tardon, Dimitri John Ledkov,
6887 Dmitry Borodaenko, Elias Probst, Elisei Roca, ErrantSpore, Etienne
6888 Doms, Fabrice Fontaine, fangxiuning, Felix Riemann, Florian Klink,
6889 Franck Bui, Frantisek Sumsal, fwSmit, George Rawlinson, germanztz,
6890 Gibeom Gwon, Glen Whitney, Gogo Gogsi, Göran Uddeborg, Grant Mathews,
6891 Hans de Goede, Hans Ulrich Niedermann, Haochen Tong, Harald Seiler,
6892 huangyong, Hubert Kario, igo95862, Ikey Doherty, Insun Pyo, Jan Chren,
6893 Jan Schlüter, Jérémy Nouhaud, Jian-Hong Pan, Joerg Behrmann, Jonathan
6894 Lebon, Jörg Thalheim, Josh Brobst, Juergen Hoetzel, Julien Humbert,
6895 Kai-Chuan Hsieh, Kairui Song, Kamil Dudka, Kir Kolyshkin, Kristijan
6896 Gjoshev, Kyle Huey, Kyle Russell, Lee Whalen, Lennart Poettering,
6897 lichangze, Luca Boccassi, Lucas Werkmeister, Luca Weiss, Marc
6898 Kleine-Budde, Marco Wang, Martin Wilck, Marti Raudsepp, masmullin2000,
6899 Máté Pozsgay, Matt Fenwick, Michael Biebl, Michael Scherer, Michal
6900 Koutný, Michal Sekletár, Michal Suchanek, Mikael Szreder, Milo
6901 Casagrande, mirabilos, Mitsuha_QuQ, mog422, Muhammet Kara, Nazar
6902 Vinnichuk, Nicholas Narsing, Nicolas Fella, Njibhu, nl6720, Oğuz Ersen,
6903 Olivier Le Moal, Ondrej Kozina, onlybugreports, Pass Automated Testing
6904 Suite, Pat Coulthard, Pavel Sapezhko, Pedro Ruiz, perry_yuan, Peter
6905 Hutterer, Phaedrus Leeds, PhoenixDiscord, Piotr Drąg, Plan C,
6906 Purushottam choudhary, Rasmus Villemoes, Renaud Métrich, Robert Marko,
6907 Roman Beranek, Ronan Pigott, Roy Chen (陳彥廷), RussianNeuroMancer,
6908 Samanta Navarro, Samuel BF, scootergrisen, Sorin Ionescu, Steve Dodd,
6909 Susant Sahani, Timo Rothenpieler, Tobias Hunger, Tobias Kaufmann, Topi
6910 Miettinen, vanou, Vito Caputo, Weblate, Wen Yang, Whired Planck,
6911 williamvds, Yu, Li-Yu, Yuri Chornoivan, Yu Watanabe, Zbigniew
6912 Jędrzejewski-Szmek, Zmicer Turok, Дамјан Георгиевски
6913
6914 – Warsaw, 2020-11-26
a5322567 6915
72e51908 6916CHANGES WITH 246:
b0d0e0ef 6917
7f56c26d
ZJS		 6918 * The service manager gained basic support for cgroup v2 freezer. Units
6919 can now be suspended or resumed either using new systemctl verbs,
6920 freeze and thaw respectively, or via D-Bus.
6921
6922 * PID 1 may now automatically load pre-compiled AppArmor policies from
6923 /etc/apparmor/earlypolicy during early boot.
6924
6925 * The CPUAffinity= setting in service unit files now supports a new
6926 special value "numa" that causes the CPU affinity masked to be set
6927 based on the NUMA mask.
6928
6929 * systemd will now log about all left-over processes remaining in a
6930 unit when the unit is stopped. It will now warn about services using
6931 KillMode=none, as this is generally an unsafe thing to make use of.
6932
6933 * Two new unit file settings
6934 ConditionPathIsEncrypted=/AssertPathIsEncrypted= have been
6935 added. They may be used to check whether a specific file system path
6936 resides on a block device that is encrypted on the block level
6937 (i.e. using dm-crypt/LUKS).
6938
6939 * Another pair of new settings ConditionEnvironment=/AssertEnvironment=
6940 has been added that may be used for simple environment checks. This
6941 is particularly useful when passing in environment variables from a
6942 container manager (or from PAM in case of the systemd --user
6943 instance).
6944
6945 * .service unit files now accept a new setting CoredumpFilter= which
6946 allows configuration of the memory sections coredumps of the
6947 service's processes shall include.
6948
6949 * .mount units gained a new ReadWriteOnly= boolean option. If set
6950 it will not be attempted to mount a file system read-only if mounting
6951 in read-write mode doesn't succeed. An option x-systemd.rw-only is
6952 available in /etc/fstab to control the same.
6953
6954 * .socket units gained a new boolean setting PassPacketInfo=. If
6955 enabled, the kernel will attach additional per-packet metadata to all
5149990e
CR		 6956 packets read from the socket, as an ancillary message. This controls
6957 the IP_PKTINFO, IPV6_RECVPKTINFO, NETLINK_PKTINFO socket options,
7f56c26d
ZJS		 6958 depending on socket type.
6959
6960 * .service units gained a new setting RootHash= which may be used to
6961 specify the root hash for verity enabled disk images which are
6962 specified in RootImage=. RootVerity= may be used to specify a path to
6963 the Verity data matching a RootImage= file system. (The latter is
6964 only useful for images that do not contain the Verity data embedded
6965 into the same image that carries a GPT partition table following the
6966 Discoverable Partition Specification). Similarly, systemd-nspawn
6967 gained a new switch --verity-data= that takes a path to a file with
6968 the verity data of the disk image supplied in --image=, if the image
6969 doesn't contain the verity data itself.
6970
6971 * .service units gained a new setting RootHashSignature= which takes
6972 either a base64 encoded PKCS#7 signature of the root hash specified
6973 with RootHash=, or a path to a file to read the signature from. This
6974 allows validation of the root hash against public keys available in
6975 the kernel keyring, and is only supported on recent kernels
6976 (>= 5.4)/libcryptsetup (>= 2.30). A similar switch has been added to
6977 systemd-nspawn and systemd-dissect (--root-hash-sig=). Support for
6978 this mechanism has also been added to systemd-veritysetup.
6979
6980 * .service unit files gained two new options
6981 TimeoutStartFailureMode=/TimeoutStopFailureMode= that may be used to
6982 tune behaviour if a start or stop timeout is hit, i.e. whether to
6983 terminate the service with SIGTERM, SIGABRT or SIGKILL.
6984
6985 * Most options in systemd that accept hexadecimal values prefixed with
6986 0x in additional to the usual decimal notation now also support octal
cb713f16 6987 notation when the 0o prefix is used and binary notation if the 0b
7f56c26d
ZJS		 6988 prefix is used.
6989
337f0b00
ZJS		 6990 * Various command line parameters and configuration file settings that
6991 configure key or certificate files now optionally take paths to
6992 AF_UNIX sockets in the file system. If configured that way a stream
6993 connection is made to the socket and the required data read from
6994 it. This is a simple and natural extension to the existing regular
6995 file logic, and permits other software to provide keys or
6996 certificates via simple IPC services, for example when unencrypted
6997 storage on disk is not desired. Specifically, systemd-networkd's
6998 Wireguard and MACSEC key file settings as well as
6999 systemd-journal-gatewayd's and systemd-journal-remote's PEM
7000 key/certificate parameters support this now.
7001
7f56c26d
ZJS		 7002 * Unit files, tmpfiles.d/ snippets, sysusers.d/ snippets and other
7003 configuration files that support specifier expansion learnt six new
7004 specifiers: %a resolves to the current architecture, %o/%w/%B/%W
7005 resolve to the various ID fields from /etc/os-release, %l resolves to
7006 the "short" hostname of the system, i.e. the hostname configured in
7007 the kernel truncated at the first dot.
7008
7009 * Support for the .include syntax in unit files has been removed. The
7010 concept has been obsolete for 6 years and we started warning about
7011 its pending removal 2 years ago (also see NEWS file below). It's
7012 finally gone now.
7013
7014 * StandardError= and StandardOutput= in unit files no longer support
7015 the "syslog" and "syslog-console" switches. They were long removed
7016 from the documentation, but will now result in warnings when used,
7017 and be converted to "journal" and "journal+console" automatically.
7018
5d043c9f
LP		 7019 * If the service setting User= is set to the "nobody" user, a warning
7020 message is now written to the logs (but the value is nonetheless
7021 accepted). Setting User=nobody is unsafe, since the primary purpose
7022 of the "nobody" user is to own all files whose owner cannot be mapped
7023 locally. It's in particular used by the NFS subsystem and in user
7024 namespacing. By running a service under this user's UID it might get
7025 read and even write access to all these otherwise unmappable files,
7026 which is quite likely a major security problem.
7027
02e1eb6d
ZJS		 7028 * tmpfs mounts automatically created by systemd (/tmp, /run, /dev/shm,
7029 and others) now have a size and inode limits applied (50% of RAM for
c2cfb126
ZJS		 7030 /tmp and /dev/shm, 10% of RAM for other mounts, etc.). Please note
7031 that the implicit kernel default is 50% too, so there is no change
7032 in the size limit for /tmp and /dev/shm.
02e1eb6d 7033
337f0b00
ZJS		 7034 * nss-mymachines lost support for resolution of users and groups, and
7035 now only does resolution of hostnames. This functionality is now
7036 provided by nss-systemd. Thus, the 'mymachines' entry should be
7037 removed from the 'passwd:' and 'group:' lines in /etc/nsswitch.conf
7038 (and 'systemd' added if it is not already there).
7039
7f56c26d
ZJS		 7040 * A new kernel command line option systemd.hostname= has been added
7041 that allows controlling the hostname that is initialized early during
7042 boot.
7043
7044 * A kernel command line option "udev.blockdev_read_only" has been
7045 added. If specified all hardware block devices that show up are
7046 immediately marked as read-only by udev. This option is useful for
7047 making sure that a specific boot under no circumstances modifies data
7048 on disk. Use "blockdev --setrw" to undo the effect of this, per
7049 device.
b0d0e0ef
LP		 7050
7051 * A new boolean kernel command line option systemd.swap= has been
7052 added, which may be used to turn off automatic activation of swap
7f56c26d 7053 devices listed in /etc/fstab.
b0d0e0ef 7054
78266a54
LP		 7055 * New kernel command line options systemd.condition_needs_update= and
7056 systemd.condition_first_boot= have been added, which override the
7f56c26d
ZJS		 7057 result of the ConditionNeedsUpdate= and ConditionFirstBoot=
7058 conditions.
b0d0e0ef 7059
78266a54 7060 * A new kernel command line option systemd.clock_usec= has been added
7f56c26d
ZJS		 7061 that allows setting the system clock to the specified time in µs
7062 since Jan 1st, 1970 early during boot. This is in particular useful
7063 in order to make test cases more reliable.
b0d0e0ef 7064
7f56c26d
ZJS		 7065 * The fs.suid_dumpable sysctl is set to 2 / "suidsafe". This allows
7066 systemd-coredump to save core files for suid processes. When saving
7067 the core file, systemd-coredump will use the effective uid and gid of
7068 the process that faulted.
7069
7070 * The /sys/module/kernel/parameters/crash_kexec_post_notifiers file is
7071 now automatically set to "Y" at boot, in order to enable pstore
7072 generation for collection with systemd-pstore.
7073
c2cfb126 7074 * We provide a set of udev rules to enable auto-suspend on PCI and USB
69e3234d 7075 devices that were tested to correctly support it. Previously, this
c2cfb126
ZJS		 7076 was distributed as a set of udev rules, but has now been replaced by
7077 by a set of hwdb entries (and a much shorter udev rule to take action
7078 if the device modalias matches one of the new hwdb entries).
7079
7080 As before, entries are periodically imported from the database
7081 maintained by the ChromiumOS project. If you have a device that
7082 supports auto-suspend correctly and where it should be enabled by
7083 default, please submit a patch that adds it to the database (see
7084 /usr/lib/udev/hwdb.d/60-autosuspend.hwdb).
7f56c26d 7085
5149990e
CR		 7086 * systemd-udevd gained the new configuration option timeout_signal= as well
7087 as a corresponding kernel command line option udev.timeout_signal=.
7f56c26d
ZJS		 7088 The option can be used to configure the UNIX signal that the main
7089 daemon sends to the worker processes on timeout. Setting the signal
7090 to SIGABRT is useful for debugging.
7091
7092 * .link files managed by systemd-udevd gained options RxFlowControl=,
7093 TxFlowControl=, AutoNegotiationFlowControl= in the [Link] section, in
7094 order to configure various flow control parameters. They also gained
7095 RxMiniBufferSize= and RxJumboBufferSize= in order to configure jumbo
7096 frame ring buffer sizes.
b0d0e0ef 7097
3ea58e01 7098 * networkd.conf gained a new boolean setting ManageForeignRoutes=. If
aa0b850b 7099 enabled systemd-networkd manages all routes configured by other tools.
3ea58e01 7100
71af436c
YW		 7101 * .network files managed by systemd-networkd gained a new section
7102 [SR-IOV], in order to configure SR-IOV capable network devices.
7103
b0d0e0ef
LP		 7104 * systemd-networkd's [IPv6Prefix] section in .network files gained a
7105 new boolean setting Assign=. If enabled an address from the prefix is
7106 automatically assigned to the interface.
7107
c05b8edd
YW		 7108 * systemd-networkd gained a new section [DHCPv6PrefixDelegation] which
7109 controls delegated prefixes assigned by DHCPv6 client. The section
7110 has three settings: SubnetID=, Assign=, and Token=. The setting
7111 SubnetID= allows explicit configuration of the preferred subnet that
7112 systemd-networkd's Prefix Delegation logic assigns to interfaces. If
7113 Assign= is enabled (which is the default) an address from any acquired
7114 delegated prefix is automatically chosen and assigned to the
7115 interface. The setting Token= specifies an optional address generation
7116 mode for Assign=.
b0d0e0ef 7117
3ea58e01
YW		 7118 * systemd-networkd's [Network] section gained a new setting
7119 IPv4AcceptLocal=. If enabled the interface accepts packets with local
7120 source addresses.
7121
b0d0e0ef
LP		 7122 * systemd-networkd gained support for configuring the HTB queuing
7123 discipline in the [HierarchyTokenBucket] and
7124 [HierarchyTokenBucketClass] sections. Similar the "pfifo" qdisc may
7125 be configured in the [PFIFO] section, "GRED" in
7126 [GenericRandomEarlyDetection], "SFB" in [StochasticFairBlue], "cake"
7127 in [CAKE], "PIE" in [PIE], "DRR" in [DeficitRoundRobinScheduler] and
7128 [DeficitRoundRobinSchedulerClass], "BFIFO" in [BFIFO],
1f19ae0f
LP		 7129 "PFIFOHeadDrop" in [PFIFOHeadDrop], "PFIFOFast" in [PFIFOFast], "HHF"
7130 in [HeavyHitterFilter], "ETS" in [EnhancedTransmissionSelection] and
3ea58e01 7131 "QFQ" in [QuickFairQueueing] and [QuickFairQueueingClass].
b0d0e0ef
LP		 7132
7133 * systemd-networkd gained support for a new Termination= setting in the
7134 [CAN] section for configuring the termination resistor. It also
7135 gained a new ListenOnly= setting for controlling whether to only
7136 listen on CAN interfaces, without interfering with traffic otherwise
7137 (which is useful for debugging/monitoring CAN network
7138 traffic). DataBitRate=, DataSamplePoint=, FDMode=, FDNonISO= have
7139 been added to configure various CAN-FD aspects.
7140
554a97ba
YW		 7141 * systemd-networkd's [DHCPv6] section gained a new option WithoutRA=.
7142 When enabled, DHCPv6 will be attempted right-away without requiring an
7143 Router Advertisement packet suggesting it first (i.e. without the 'M'
7144 or 'O' flags set). The [IPv6AcceptRA] section gained a boolean option
7145 DHCPv6Client= that may be used to turn off the DHCPv6 client even if
7146 the RA packets suggest it.
b0d0e0ef
LP		 7147
7148 * systemd-networkd's [DHCPv4] section gained a new setting UseGateway=
7149 which may be used to turn off use of the gateway information provided
7150 by the DHCP lease. A new FallbackLeaseLifetimeSec= setting may be
7151 used to configure how to process leases that lack a lifetime option.
7152
7153 * systemd-networkd's [DHCPv4] and [DHCPServer] sections gained a new
7154 setting SendVendorOption= allowing configuration of additional vendor
7155 options to send in the DHCP requests/responses. The [DHCPv6] section
7156 gained a new SendOption= setting for sending arbitrary DHCP
7157 options. RequestOptions= has been added to request arbitrary options
7158 from the server. UserClass= has been added to set the DHCP user class
7159 field.
7160
7161 * systemd-networkd's [DHCPServer] section gained a new set of options
2a71d57f 7162 EmitPOP3=/POP3=, EmitSMTP=/SMTP=, EmitLPR=/LPR= for including server
b0d0e0ef
LP		 7163 information about these three protocols in the DHCP lease. It also
7164 gained support for including "MUD" URLs ("Manufacturer Usage
7165 Description"). Support for "MUD" URLs was also added to the LLDP
7166 stack, configurable in the [LLDP] section in .network files.
7167
6b949d26
YW		 7168 * The Mode= settings in [MACVLAN] and [MACVTAP] now support 'source'
7169 mode. Also, the sections now support a new setting SourceMACAddress=.
7170
7f56c26d
ZJS		 7171 * systemd-networkd's .netdev files now support a new setting
7172 VLANProtocol= in the [Bridge] section that allows configuration of
7173 the VLAN protocol to use.
7174
7175 * systemd-networkd supports a new Group= setting in the [Link] section
7176 of the .network files, to control the link group.
7177
6f6296b9 7178 * systemd-networkd's [Network] section gained a new
3ea58e01
YW		 7179 IPv6LinkLocalAddressGenerationMode= setting, which specifies how IPv6
7180 link local address is generated.
7181
7f56c26d
ZJS		 7182 * A new default .network file is now shipped that matches TUN/TAP
7183 devices that begin with "vt-" in their name. Such interfaces will
7184 have IP routing onto the host links set up automatically. This is
7185 supposed to be used by VM managers to trivially acquire a network
7186 interface which is fully set up for host communication, simply by
7187 carefully picking an interface name to use.
7188
3ea58e01 7189 * systemd-networkd's [DHCPv6] section gained a new setting RouteMetric=
aa0b850b 7190 which sets the route priority for routes specified by the DHCP server.
3ea58e01
YW		 7191
7192 * systemd-networkd's [DHCPv6] section gained a new setting VendorClass=
7193 which configures the vendor class information sent to DHCP server.
7194
7f56c26d
ZJS		 7195 * The BlackList= settings in .network files' [DHCPv4] and
7196 [IPv6AcceptRA] sections have been renamed DenyList=. The old names
7197 are still understood to provide compatibility.
7198
7199 * networkctl gained the new "forcerenew" command for forcing all DHCP
7200 server clients to renew their lease. The interface "status" output
7201 will now show numerous additional fields of information about an
7202 interface. There are new "up" and "down" commands to bring specific
7203 interfaces up or down.
7204
337f0b00
ZJS		 7205 * systemd-resolved's DNS= configuration option now optionally accepts a
7206 port number (after ":") and a host name (after "#"). When the host
7207 name is specified, the DNS-over-TLS certificate is validated to match
7208 the specified hostname. Additionally, in case of IPv6 addresses, an
7209 interface may be specified (after "%").
b0d0e0ef 7210
2bd5e1b2
ZJS		 7211 * systemd-resolved may be configured to forward single-label DNS names.
7212 This is not standard-conformant, but may make sense in setups where
7213 public DNS servers are not used.
7214
7215 * systemd-resolved's DNS-over-TLS support gained SNI validation.
7216
7f56c26d
ZJS		 7217 * systemd-nspawn's --resolv-conf= switch gained a number of new
7218 supported values. Specifically, options starting with "replace-" are
7219 like those prefixed "copy-" but replace any existing resolv.conf
7220 file. And options ending in "-uplink" and "-stub" can now be used to
7221 propagate other flavours of resolv.conf into the container (as
7222 defined by systemd-resolved).
b0d0e0ef 7223
7f56c26d
ZJS		 7224 * The various programs included in systemd can now optionally output
7225 their log messages on stderr prefixed with a timestamp, controlled by
7226 the $SYSTEMD_LOG_TIME environment variable.
366d0772 7227
b0d0e0ef
LP		 7228 * systemctl gained a new "-P" switch that is a shortcut for "--value
7229 --property=…".
7230
7f56c26d
ZJS		 7231 * "systemctl list-units" and "systemctl list-machines" no longer hide
7232 their first output column with --no-legend. To hide the first column,
7233 use --plain.
b0d0e0ef 7234
7f56c26d
ZJS		 7235 * "systemctl reboot" takes the option "--reboot-argument=".
7236 The optional positional argument to "systemctl reboot" is now
7237 being deprecated in favor of this option.
b0d0e0ef
LP		 7238
7239 * systemd-run gained a new switch --slice-inherit. If specified the
7240 unit it generates is placed in the same slice as the systemd-run
7241 process itself.
7242
7f56c26d
ZJS		 7243 * systemd-journald gained support for zstd compression of large fields
7244 in journal files. The hash tables in journal files have been hardened
7245 against hash collisions. This is an incompatible change and means
7246 that journal files created with new systemd versions are not readable
7247 with old versions. If the $SYSTEMD_JOURNAL_KEYED_HASH boolean
7248 environment variable for systemd-journald.service is set to 0 this
7249 new hardening functionality may be turned off, so that generated
7250 journal files remain compatible with older journalctl
7251 implementations.
b0d0e0ef 7252
7f56c26d 7253 * journalctl will now include a clickable link in the default output for
5bc9ea07 7254 each log message for which a URL with further documentation is
7f56c26d
ZJS		 7255 known. This is only supported on terminal emulators that support
7256 clickable hyperlinks, and is turned off if a pager is used (since
7257 "less" still doesn't support hyperlinks,
7258 unfortunately). Documentation URLs may be included in log messages
7259 either by including a DOCUMENTATION= journal field in it, or by
7260 associating a journal message catalog entry with the log message's
7261 MESSAGE_ID, which then carries a "Documentation:" tag.
b0d0e0ef
LP		 7262
7263 * journald.conf gained a new boolean setting Audit= that may be used to
7264 control whether systemd-journald will enable audit during
7265 initialization.
7266
7f56c26d
ZJS		 7267 * when systemd-journald's log stream is broken up into multiple lines
7268 because the PID of the sender changed this is indicated in the
7269 generated log records via the _LINE_BREAK=pid-change field.
b0d0e0ef 7270
7f56c26d
ZJS		 7271 * journalctl's "-o cat" output mode will now show one or more journal
7272 fields specified with --output-fields= instead of unconditionally
7273 MESSAGE=. This is useful to retrieve a very specific set of fields
7274 without any decoration.
b0d0e0ef 7275
495454f4
LP		 7276 * The sd-journal.h API gained two new functions:
7277 sd_journal_enumerate_available_unique() and
7278 sd_journal_enumerate_available_data() that operate like their
7279 counterparts that lack the _available_ in the name, but skip items
7280 that cannot be read and processed by the local implementation
7281 (i.e. are compressed in an unsupported format or such),
7282
7f56c26d
ZJS		 7283 * coredumpctl gained a new --file= switch, matching the same one in
7284 journalctl: a specific journal file may be specified to read the
7285 coredump data from.
7286
7287 * coredumps collected by systemd-coredump may now be compressed using
7288 the zstd algorithm.
b0d0e0ef
LP		 7289
7290 * systemd-binfmt gained a new switch --unregister for unregistering all
7291 registered entries at once. This is now invoked automatically at
7292 shutdown, so that binary formats registered with the "F" flag will
7293 not block clean file system unmounting.
7294
b0d0e0ef 7295 * systemd-notify's --pid= switch gained new values: "parent", "self",
1d16f661 7296 "auto" for controlling which PID to send to the service manager: the
b0d0e0ef
LP		 7297 systemd-notify process' PID, or the one of the process invoking it.
7298
b0d0e0ef
LP		 7299 * systemd-logind's Session bus object learnt a new method call
7300 SetType() for temporarily updating the session type of an already
7301 allocated session. This is useful for upgrading tty sessions to
7302 graphical ones once a compositor is invoked.
7303
b0d0e0ef
LP		 7304 * systemd-socket-proxy gained a new switch --exit-idle-time= for
7305 configuring an exit-on-idle time.
7306
b0d0e0ef
LP		 7307 * systemd-repart's --empty= setting gained a new value "create". If
7308 specified a new empty regular disk image file is created under the
1d16f661 7309 specified name. Its size may be specified with the new --size=
b0d0e0ef
LP		 7310 option. The latter is also supported without the "create" mode, in
7311 order to grow existing disk image files to the specified size. These
1d16f661
FS		 7312 two new options are useful when creating or manipulating disk images
7313 instead of operating on actual block devices.
b0d0e0ef
LP		 7314
7315 * systemd-repart drop-ins now support a new UUID= setting to control
7316 the UUID to assign to a newly created partition.
7317
1f19ae0f
LP		 7318 * systemd-repart's SizeMin= per-partition parameter now defaults to 10M
7319 instead of 0.
7320
7321 * systemd-repart's Label= setting now support the usual, simple
7322 specifier expansion.
7323
7f56c26d
ZJS		 7324 * systemd-homed's LUKS backend gained the ability to discard empty file
7325 system blocks automatically when the user logs out. This is enabled
7326 by default to ensure that home directories take minimal space when
7327 logged out but get full size guarantees when logged in. This may be
7328 controlled with the new --luks-offline-discard= switch to homectl.
b0d0e0ef 7329
7f56c26d
ZJS		 7330 * If systemd-homed detects that /home/ is encrypted as a whole it will
7331 now default to the directory or subvolume backends instead of the
7332 LUKS backend, in order to avoid double encryption. The default
7333 storage and file system may now be configured explicitly, too, via
7334 the new /etc/systemd/homed.conf configuration file.
b0d0e0ef 7335
5d043c9f
LP		 7336 * systemd-homed now supports unlocking home directories with FIDO2
7337 security tokens that support the 'hmac-secret' extension, in addition
7338 to the existing support for PKCS#11 security token unlocking
7339 support. Note that many recent hardware security tokens support both
7340 interfaces. The FIDO2 support is accessible via homectl's
7341 --fido2-device= option.
7342
7343 * homectl's --pkcs11-uri= setting now accepts two special parameters:
7344 if "auto" is specified and only one suitable PKCS#11 security token
7345 is plugged in, its URL is automatically determined and enrolled for
7346 unlocking the home directory. If "list" is specified a brief table of
7347 suitable PKCS#11 security tokens is shown. Similar, the new
7348 --fido2-device= option also supports these two special values, for
7349 automatically selecting and listing suitable FIDO2 devices.
7350
b0d0e0ef
LP		 7351 * The /etc/crypttab tmp option now optionally takes an argument
7352 selecting the file system to use. Moreover, the default is now
7353 changed from ext2 to ext4.
7354
7355 * There's a new /etc/crypttab option "keyfile-erase". If specified the
7356 key file listed in the same line is removed after use, regardless if
7357 volume activation was successful or not. This is useful if the key
7358 file is only acquired transiently at runtime and shall be erased
7359 before the system continues to boot.
7360
7361 * There's also a new /etc/crypttab option "try-empty-password". If
7362 specified, before asking the user for a password it is attempted to
7363 unlock the volume with an empty password. This is useful for
7364 installing encrypted images whose password shall be set on first boot
7365 instead of at installation time.
7366
7367 * systemd-cryptsetup will now attempt to load the keys to unlock
7368 volumes with automatically from files in
7369 /etc/cryptsetup-keys.d/<volume>.key and
7370 /run/cryptsetup-keys.d/<volume>.key, if any of these files exist.
7371
7f56c26d
ZJS		 7372 * systemd-cryptsetup may now activate Microsoft BitLocker volumes via
7373 /etc/crypttab, during boot.
7374
b0d0e0ef
LP		 7375 * logind.conf gained a new RuntimeDirectoryInodesMax= setting to
7376 control the inode limit for the per-user $XDG_RUNTIME_DIR tmpfs
7377 instance.
7378
b0d0e0ef 7379 * A new generator systemd-xdg-autostart-generator has been added. It
7f56c26d
ZJS		 7380 generates systemd unit files from XDG autostart .desktop files, and
7381 may be used to let the systemd user instance manage services that are
7382 started automatically as part of the desktop session.
47373451 7383
cb713f16 7384 * "bootctl" gained a new verb "reboot-to-firmware" that may be used
6ad3dc40
ZJS		 7385 to query and change the firmware's 'Reboot Into Firmware Interface'
7386 setup flag.
1f19ae0f 7387
7f56c26d
ZJS		 7388 * systemd-firstboot gained a new switch --kernel-command-line= that may
7389 be used to initialize the /etc/kernel/cmdline file of the image. It
7390 also gained a new switch --root-password-hashed= which is like
7391 --root-password= but accepts a pre-hashed UNIX password as
7392 argument. The new option --delete-root-password may be used to unset
495454f4
LP		 7393 any password for the root user (dangerous!). The --root-shell= switch
7394 may be used to control the shell to use for the root account. A new
7395 --force option may be used to override any already set settings with
7396 the parameters specified on the command line (by default, the tool
7397 will not override what has already been set before, i.e. is purely
7398 incremental).
1f19ae0f 7399
a38c68a1
LP		 7400 * systemd-firstboot gained support for a new --image= switch, which is
7401 similar to --root= but accepts the path to a disk image file, on
7402 which it then operates.
7403
7f56c26d
ZJS		 7404 * A new sd-path.h API has been added to libsystemd. It provides a
7405 simple API for retrieving various search paths and primary
7406 directories for various resources.
1f19ae0f 7407
7f56c26d
ZJS		 7408 * A new call sd_notify_barrier() has been added to the sd-daemon.h
7409 API. The call will block until all previously sent sd_notify()
7410 messages have been processed by the service manager. This is useful
7411 to remove races caused by a process already having disappeared at the
7412 time a notification message is processed by the service manager,
7413 making correct attribution impossible. The systemd-notify tool will
7414 now make use of this call implicitly, but this can be turned off again
7415 via the new --no-block switch.
1f19ae0f 7416
7f56c26d
ZJS		 7417 * When sending a file descriptor (fd) to the service manager to keep
7418 track of, using the sd_notify() mechanism, a new parameter FDPOLL=0
7419 may be specified. If passed the service manager will refrain from
7420 poll()ing on the file descriptor. Traditionally (and when the
7421 parameter is not specified), the service manager will poll it for
7422 POLLHUP or POLLERR events, and immediately close the fds in that
7423 case.
1f19ae0f
LP		 7424
7425 * The service manager (PID1) gained a new D-Bus method call
7426 SetShowStatus() which may be used to control whether it shall show
7427 boot-time status output on the console. This method has a similar
7428 effect to sending SIGRTMIN+20/SIGRTMIN+21 to PID 1.
7429
7f56c26d
ZJS		 7430 * The sd-bus API gained a number of convenience functions that take
7431 va_list arguments rather than "...". For example, there's now
7432 sd_bus_call_methodv() to match sd_bus_call_method(). Those calls make
7433 it easier to build wrappers that accept variadic arguments and want
7434 to pass a ready va_list structure to sd-bus.
1f19ae0f 7435
7f56c26d
ZJS		 7436 * sd-bus vtable entries can have a new SD_BUS_VTABLE_ABSOLUTE_OFFSET
7437 flag which alters how the userdata pointer to pass to the callbacks
7438 is determined. When the flag is set, the offset field is converted
7439 as-is into a pointer, without adding it to the object pointer the
7440 vtable is associated with.
1f19ae0f 7441
7f56c26d
ZJS		 7442 * sd-bus now exposes four new functions:
7443 sd_bus_interface_name_is_valid() + sd_bus_service_name_is_valid() +
7444 sd_bus_member_name_is_valid() + sd_bus_object_path_is_valid() will
7445 validate strings to check if they qualify as various D-Bus concepts.
1f19ae0f 7446
7f56c26d
ZJS		 7447 * The sd-bus API gained the SD_BUS_METHOD_WITH_ARGS(),
7448 SD_BUS_METHOD_WITH_ARGS_OFFSET() and SD_BUS_SIGNAL_WITH_ARGS() macros
7449 that simplify adding argument names to D-Bus methods and signals.
1f19ae0f 7450
7f56c26d 7451 * The man pages for the sd-bus and sd-hwdb APIs have been completed.
1f19ae0f 7452
7f56c26d
ZJS		 7453 * Various D-Bus APIs of systemd daemons now have man pages that
7454 document the methods, signals and properties.
1f19ae0f 7455
7f56c26d 7456 * The expectations on user/group name syntax are now documented in
5149990e
CR		 7457 detail; documentation on how classic home directories may be
7458 converted into home directories managed by homed has been added;
7459 documentation regarding integration of homed/userdb functionality in
7460 desktops has been added:
7f56c26d
ZJS		 7461
7462 https://systemd.io/USER_NAMES
7463 https://systemd.io/CONVERTING_TO_HOMED
7464 https://systemd.io/USERDB_AND_DESKTOPS
7465
7466 * Documentation for the on-disk Journal file format has been updated
7467 and has now moved to:
7468
7469 https://systemd.io/JOURNAL_FILE_FORMAT
7470
5961d35a
ZJS		 7471 * The interface for containers (https://systemd.io/CONTAINER_INTERFACE)
7472 has been extended by a set of environment variables that expose
7473 select fields from the host's os-release file to the container
7474 payload. Similarly, host's os-release files can be mounted into the
54971969 7475 container underneath /run/host. Together, those mechanisms provide a
5961d35a
ZJS		 7476 standardized way to expose information about the host to the
7477 container payload. Both interfaces are implemented in systemd-nspawn.
7478
7f56c26d
ZJS		 7479 * All D-Bus services shipped in systemd now implement the generic
7480 LogControl1 D-Bus API which allows clients to change log level +
7481 target of the service during runtime.
1f19ae0f 7482
337f0b00
ZJS		 7483 * Only relevant for developers: the mkosi.default symlink has been
7484 dropped from version control. Please create a symlink to one of the
7485 distribution-specific defaults in .mkosi/ based on your preference.
4c967576 7486
72e51908 7487 Contributions from: 24bisquitz, Adam Nielsen, Alan Perry, Alexander
ae366f3a
ZJS		 7488 Malafeev, Amitanand.Chikorde, Alin Popa, Alvin Šipraga, Amos Bird,
7489 Andreas Rammhold, AndreRH, Andrew Doran, Anita Zhang, Ankit Jain,
7490 antznin, Arnaud Ferraris, Arthur Moraes do Lago, Arusekk, Balaji
7491 Punnuru, Balint Reczey, Bastien Nocera, bemarek, Benjamin Berg,
7492 Benjamin Dahlhoff, Benjamin Robin, Chris Down, Chris Kerr, Christian
7493 Göttsche, Christian Hesse, Christian Oder, Ciprian Hacman, Clinton Roy,
7494 codicodi, Corey Hinshaw, Daan De Meyer, Dana Olson, Dan Callaghan,
7495 Daniel Fullmer, Daniel Rusek, Dan Streetman, Dave Reisner, David
7496 Edmundson, David Wood, Denis Pronin, Diego Escalante Urrelo, Dimitri
7497 John Ledkov, dolphrundgren, duguxy, Einsler Lee, Elisei Roca, Emmanuel
7498 Garette, Eric Anderson, Eric DeVolder, Evgeny Vereshchagin,
7499 ExtinctFire, fangxiuning, Ferran Pallarès Roca, Filipe Brandenburger,
7500 Filippo Falezza, Finn, Florian Klink, Florian Mayer, Franck Bui,
7501 Frantisek Sumsal, gaurav, Georg Müller, Gergely Polonkai, Giedrius
7502 Statkevičius, Gigadoc2, gogogogi, Gaurav Singh, gzjsgdsb, Hans de
7503 Goede, Haochen Tong, ianhi, ignapk, Jakov Smolic, James T. Lee, Jan
7504 Janssen, Jan Klötzke, Jan Palus, Jay Burger, Jeremy Cline, Jérémy
7505 Rosen, Jian-Hong Pan, Jiri Slaby, Joel Shapiro, Joerg Behrmann, Jörg
7506 Thalheim, Jouke Witteveen, Kai-Heng Feng, Kenny Levinsen, Kevin
7507 Kuehler, Kumar Kartikeya Dwivedi, layderv, laydervus, Lénaïc Huard,
7508 Lennart Poettering, Lidong Zhong, Luca Boccassi, Luca BRUNO, Lucas
7509 Werkmeister, Lukas Klingsbo, Lukáš Nykrýn, Łukasz Stelmach, Maciej
7510 S. Szmigiero, MadMcCrow, Marc-André Lureau, Marcel Holtmann, Marc
7511 Kleine-Budde, Martin Hundebøll, Matthew Leeds, Matt Ranostay, Maxim
7512 Fomin, MaxVerevkin, Michael Biebl, Michael Chapman, Michael Gubbels,
7513 Michael Marley, Michał Bartoszkiewicz, Michal Koutný, Michal Sekletár,
7514 Mike Gilbert, Mike Kazantsev, Mikhail Novosyolov, ml, Motiejus Jakštys,
7515 nabijaczleweli, nerdopolis, Niccolò Maggioni, Niklas Hambüchen, Norbert
7516 Lange, Paul Cercueil, pelzvieh, Peter Hutterer, Piero La Terza, Pieter
7517 Lexis, Piotr Drąg, Rafael Fontenelle, Richard Petri, Ronan Pigott, Ross
7518 Lagerwall, Rubens Figueiredo, satmandu, Sean-StarLabs, Sebastian
7519 Jennen, sterlinghughes, Surhud More, Susant Sahani, szb512, Thomas
7520 Haller, Tobias Hunger, Tom, Tomáš Pospíšek, Tomer Shechner, Tom Hughes,
7521 Topi Miettinen, Tudor Roman, Uwe Kleine-König, Valery0xff, Vito Caputo,
7522 Vladimir Panteleev, Vladyslav Tronko, Wen Yang, Yegor Vialov, Yigal
7523 Korman, Yi Gao, YmrDtnJu, Yuri Chornoivan, Yu Watanabe, Zbigniew
7524 Jędrzejewski-Szmek, Zhu Li, Дамјан Георгиевски, наб
7525
7526 – Warsaw, 2020-07-30
976efe1b 7527
901d1ce8 7528CHANGES WITH 245:
723822f0 7529
68410195 7530 * A new tool "systemd-repart" has been added, that operates as an
2ad98889
ZJS		 7531 idempotent declarative repartitioner for GPT partition tables.
7532 Specifically, a set of partitions that must or may exist can be
7533 configured via drop-in files, and during every boot the partition
7534 table on disk is compared with these files, creating missing
7535 partitions or growing existing ones based on configurable relative
7536 and absolute size constraints. The tool is strictly incremental,
7537 i.e. does not delete, shrink or move partitions, but only adds and
7538 grows them. The primary use-case is OS images that ship in minimized
7539 form, that on first boot are grown to the size of the underlying
7540 block device or augmented with additional partitions. For example,
7541 the root partition could be extended to cover the whole disk, or a
7542 swap or /home partitions could be added on first boot. It can also be
7543 used for systems that use an A/B update scheme but ship images with
7544 just the A partition, with B added on first boot. The tool is
7545 primarily intended to be run in the initrd, shortly before
7546 transitioning into the host OS, but can also be run after the
7547 transition took place. It automatically discovers the disk backing
7548 the root file system, and should hence not require any additional
7549 configuration besides the partition definition drop-ins. If no
7550 configuration drop-ins are present, no action is taken.
68410195
LP		 7551
7552 * A new component "userdb" has been added, along with a small daemon
a0223c30 7553 "systemd-userdbd.service" and a client tool "userdbctl". The framework
68410195
LP		 7554 allows defining rich user and group records in a JSON format,
7555 extending on the classic "struct passwd" and "struct group"
7556 structures. Various components in systemd have been updated to
7557 process records in this format, including systemd-logind and
7558 pam-systemd. The user records are intended to be extensible, and
7559 allow setting various resource management, security and runtime
7560 parameters that shall be applied to processes and sessions of the
7561 user as they log in. This facility is intended to allow associating
7562 such metadata directly with user/group records so that they can be
7563 produced, extended and consumed in unified form. We hope that
7564 eventually frameworks such as sssd will generate records this way, so
7565 that for the first time resource management and various other
7566 per-user settings can be configured in LDAP directories and then
7567 provided to systemd (specifically to systemd-logind and pam-system)
2ad98889 7568 to apply on login. For further details see:
68410195
LP		 7569
7570 https://systemd.io/USER_RECORD
7571 https://systemd.io/GROUP_RECORD
7572 https://systemd.io/USER_GROUP_API
7573
9a4940bf 7574 * A small new service systemd-homed.service has been added, that may be
2ad98889
ZJS		 7575 used to securely manage home directories with built-in encryption.
7576 The complete user record data is unified with the home directory,
7577 thus making home directories naturally migratable. Its primary
7578 back-end is based on LUKS volumes, but fscrypt, plain directories,
7579 and other storage schemes are also supported. This solves a couple of
7580 problems we saw with traditional ways to manage home directories, in
7581 particular when it comes to encryption. For further discussion of
7582 this, see the video of Lennart's talk at AllSystemsGo! 2019:
9a4940bf
LP		 7583
7584 https://media.ccc.de/v/ASG2019-164-reinventing-home-directories
7585
7586 For further details about the format and expectations on home
7587 directories this new daemon makes, see:
7588
7589 https://systemd.io/HOME_DIRECTORY
7590
7591 * systemd-journald is now multi-instantiable. In addition to the main
7592 instance systemd-journald.service there's now a template unit
2ad98889
ZJS		 7593 systemd-journald@.service, with each instance defining a new named
7594 log 'namespace' (whose name is specified via the instance part of the
7595 unit name). A new unit file setting LogNamespace= has been added,
7596 taking such a namespace name, that assigns services to the specified
7597 log namespaces. As each log namespace is serviced by its own
7598 independent journal daemon, this functionality may be used to improve
7599 performance and increase isolation of applications, at the price of
7600 losing global message ordering. Each instance of journald has a
7601 separate set of configuration files, with possibly different disk
7602 usage limitations and other settings.
7603
7604 journalctl now takes a new option --namespace= to show logs from a
7605 specific log namespace. The sd-journal.h API gained
7606 sd_journal_open_namespace() for opening the log stream of a specific
7607 log namespace. systemd-journald also gained the ability to exit on
7608 idle, which is useful in the context of log namespaces, as this means
7609 log daemons for log namespaces can be activated automatically on
7610 demand and will stop automatically when no longer used, minimizing
7611 resource usage.
9a4940bf 7612
723822f0 7613 * When systemd-tmpfiles copies a file tree using the 'C' line type it
2ad98889 7614 will now label every copied file according to the SELinux database.
723822f0
LP		 7615
7616 * When systemd/PID 1 detects it is used in the initrd it will now boot
7617 into initrd.target rather than default.target by default. This should
7618 make it simpler to build initrds with systemd as for many cases the
7619 only difference between a host OS image and an initrd image now is
2ad98889 7620 the presence of the /etc/initrd-release file.
723822f0
LP		 7621
7622 * A new kernel command line option systemd.cpu_affinity= is now
7623 understood. It's equivalent to the CPUAffinity= option in
7624 /etc/systemd/system.conf and allows setting the CPU mask for PID 1
2ad98889 7625 itself and the default for all other processes.
723822f0 7626
2ad98889
ZJS		 7627 * When systemd/PID 1 is reloaded (with systemctl daemon-reload or
7628 equivalent), the SELinux database is now reloaded, ensuring that
723822f0
LP		 7629 sockets and other file system objects are generated taking the new
7630 database into account.
7631
d54bb638
ZJS		 7632 * systemd/PID 1 accepts a new "systemd.show-status=error" setting, and
7633 "quiet" has been changed to imply that instead of
7634 "systemd.show-status=auto". In this mode, only messages about errors
7635 and significant delays in boot are shown on the console.
7636
2ad98889 7637 * The sd-event.h API gained native support for the new Linux "pidfd"
723822f0
LP		 7638 concept. This permits watching processes using file descriptors
7639 instead of PID numbers, which fixes a number of races and makes
2ad98889 7640 process supervision more robust and efficient. All of systemd's
723822f0
LP		 7641 components will now use pidfds if the kernel supports it for process
7642 watching, with the exception of PID 1 itself, unfortunately. We hope
7643 to move PID 1 to exclusively using pidfds too eventually, but this
7644 requires some more kernel work first. (Background: PID 1 watches
7645 processes using waitid() with the P_ALL flag, and that does not play
7646 together nicely with pidfds yet.)
7647
7648 * Closely related to this, the sd-event.h API gained two new calls
7649 sd_event_source_send_child_signal() (for sending a signal to a
7650 watched process) and sd_event_source_get_child_process_own() (for
2ad98889
ZJS		 7651 marking a process so that it is killed automatically whenever the
7652 event source watching it is freed).
723822f0 7653
60ed2dcf 7654 * systemd-networkd gained support for configuring Token Bucket Filter
2ad98889
ZJS		 7655 (TBF) parameters in its qdisc configuration support. Similarly,
7656 support for Stochastic Fairness Queuing (SFQ), Controlled-Delay
69f17347 7657 Active Queue Management (CoDel), and Fair Queue (FQ) has been added.
723822f0
LP		 7658
7659 * systemd-networkd gained support for Intermediate Functional Block
7660 (IFB) network devices.
7661
7662 * systemd-networkd gained support for configuring multi-path IP routes,
7663 using the new MultiPathRoute= setting in the [Route] section.
7664
2ad98889
ZJS		 7665 * systemd-networkd's DHCPv4 client has been updated to support a new
7666 SendDecline= option. If enabled, duplicate address detection is done
7667 after a DHCP offer is received from the server. If a conflict is
7668 detected, the address is declined. The DHCPv4 client also gained
723822f0
LP		 7669 support for a new RouteMTUBytes= setting that allows to configure the
7670 MTU size to be used for routes generated from DHCPv4 leases.
7671
7672 * The PrefixRoute= setting in systemd-networkd's [Address] section of
7673 .network files has been deprecated, and replaced by AddPrefixRoute=,
2ad98889 7674 with its sense inverted.
723822f0
LP		 7675
7676 * The Gateway= setting of [Route] sections of .network files gained
427928ca
ZJS		 7677 support for a special new value "_dhcp". If set, the configured
7678 static route uses the gateway host configured via DHCP.
723822f0 7679
573e58f6 7680 * New User= and SuppressPrefixLength= settings have been implemented
f05c0615
YW		 7681 for the [RoutingPolicyRule] section of .network files to configure
7682 source routing based on UID ranges and prefix length, respectively.
9a4940bf 7683
88b2a950
ZJS		 7684 * The Type= match property of .link files has been generalized to
7685 always match the device type shown by 'networkctl status', even for
7686 devices where udev does not set DEVTYPE=. This allows e.g. Type=ether
7687 to be used.
7688
2ad98889
ZJS		 7689 * sd-bus gained a new API call sd_bus_message_sensitive() that marks a
7690 D-Bus message object as "sensitive". Those objects are erased from
7691 memory when they are freed. This concept is intended to be used for
7692 messages that contain security sensitive data. A new flag
7693 SD_BUS_VTABLE_SENSITIVE has been introduced as well to mark methods
7694 in sd-bus vtables, causing any incoming and outgoing messages of
7695 those methods to be implicitly marked as "sensitive".
723822f0 7696
9a4940bf 7697 * sd-bus gained a new API call sd_bus_message_dump() for dumping the
2ad98889 7698 contents of a message (or parts thereof) to standard output for
9a4940bf
LP		 7699 debugging purposes.
7700
2ad98889
ZJS		 7701 * systemd-sysusers gained support for creating users with the primary
7702 group named differently than the user.
9a4940bf 7703
723822f0
LP		 7704 * systemd-growfs (i.e. the x-systemd.growfs mount option in /etc/fstab)
7705 gained support for growing XFS partitions. Previously it supported
7706 only ext4 and btrfs partitions.
7707
7708 * The support for /etc/crypttab gained a new x-initrd.attach option. If
2ad98889
ZJS		 7709 set, the specified encrypted volume is unlocked already in the
7710 initrd. This concept corresponds to the x-initrd.mount option in
723822f0
LP		 7711 /etc/fstab.
7712
7713 * systemd-cryptsetup gained native support for unlocking encrypted
7714 volumes utilizing PKCS#11 smartcards, i.e. for example to bind
2ad98889 7715 encryption of volumes to YubiKeys. This is exposed in the new
723822f0
LP		 7716 pkcs11-uri= option in /etc/crypttab.
7717
68410195
LP		 7718 * The /etc/fstab support in systemd now supports two new mount options
7719 x-systemd.{required,wanted}-by=, for explicitly configuring the units
7720 that the specified mount shall be pulled in by, in place of
7721 the usual local-fs.target/remote-fs.target.
7722
723822f0
LP		 7723 * The https://systemd.io/ web site has been relaunched, directly
7724 populated with most of the documentation included in the systemd
2ad98889
ZJS		 7725 repository. systemd also acquired a new logo, thanks to Tobias
7726 Bernard.
723822f0
LP		 7727
7728 * systemd-udevd gained support for managing "alternative" network
7729 interface names, as supported by new Linux kernels. For the first
7730 time this permits assigning multiple (and longer!) names to a network
7731 interface. systemd-udevd will now by default assign the names
2ad98889
ZJS		 7732 generated via all supported naming schemes to each interface. This
7733 may be further tweaked with .link files and the AlternativeName= and
7734 AlternativeNamesPolicy= settings. Other components of systemd have
7735 been updated to support the new alternative names wherever
7736 appropriate. For example, systemd-nspawn will now generate
7737 alternative interface names for the host-facing side of container
7738 veth links based on the full container name without truncation.
723822f0
LP		 7739
7740 * systemd-nspawn interface naming logic has been updated in another way
7741 too: if the main interface name (i.e. as opposed to new-style
2ad98889
ZJS		 7742 "alternative" names) based on the container name is truncated, a
7743 simple hashing scheme is used to give different interface names to
7744 multiple containers whose names all begin with the same prefix. Since
7745 this changes the primary interface names pointing to containers if
7746 truncation happens, the old scheme may still be requested by
78266a54 7747 selecting an older naming scheme, via the net.naming_scheme= kernel
2ad98889 7748 command line option.
723822f0 7749
68410195
LP		 7750 * PrivateUsers= in service files now works in services run by the
7751 systemd --user per-user instance of the service manager.
7752
7753 * A new per-service sandboxing option ProtectClock= has been added that
7754 locks down write access to the system clock. It takes away device
2ad98889
ZJS		 7755 node access to /dev/rtc as well as the system calls that set the
7756 system clock and the CAP_SYS_TIME and CAP_WAKE_ALARM capabilities.
7757 Note that this option does not affect access to auxiliary services
7758 that allow changing the clock, for example access to
7759 systemd-timedated.
68410195
LP		 7760
7761 * The systemd-id128 tool gained a new "show" verb for listing or
da890466 7762 resolving a number of well-known UUIDs/128-bit IDs, currently mostly
68410195 7763 GPT partition table types.
723822f0
LP		 7764
7765 * The Discoverable Partitions Specification has been updated to support
7766 /var and /var/tmp partition discovery. Support for this has been
7767 added to systemd-gpt-auto-generator. For details see:
7768
7769 https://systemd.io/DISCOVERABLE_PARTITIONS
7770
7771 * "systemctl list-unit-files" has been updated to show a new column
7772 with the suggested enablement state based on the vendor preset files
7773 for the respective units.
7774
68410195
LP		 7775 * "systemctl" gained a new option "--with-dependencies". If specified
7776 commands such as "systemctl status" or "systemctl cat" will now show
7777 all specified units along with all units they depend on.
7778
723822f0
LP		 7779 * networkctl gained support for showing per-interface logs in its
7780 "status" output.
7781
a100fe3c 7782 * systemd-networkd-wait-online gained support for specifying the maximum
573e58f6
ZJS		 7783 operational state to wait for, and to wait for interfaces to
7784 disappear.
7785
723822f0
LP		 7786 * The [Match] section of .link and .network files now supports a new
7787 option PermanentMACAddress= which may be used to check against the
7788 permanent MAC address of a network device even if a randomized MAC
7789 address is used.
7790
69f17347
ZJS		 7791 * The [TrafficControlQueueingDiscipline] section in .network files has
7792 been renamed to [NetworkEmulator] with the "NetworkEmulator" prefix
7793 dropped from the individual setting names.
68410195 7794
823b0352
ZJS		 7795 * Any .link and .network files that have an empty [Match] section (this
7796 also includes empty and commented-out files) will now be
7797 rejected. systemd-udev and systemd-networkd started warning about
7798 such files in version 243.
7799
2ad98889 7800 * systemd-logind will now validate access to the operation of changing
98ab0dae 7801 the virtual terminal via a polkit action. By default, only users
2ad98889 7802 with at least one session on a local VT are granted permission.
68410195 7803
2ad98889
ZJS		 7804 * When systemd sets up PAM sessions that invoked service processes
7805 shall run in, the pam_setcred() API is now invoked, thus permitting
7806 PAM modules to set additional credentials for the processes.
68410195 7807
d54bb638
ZJS		 7808 * portablectl attach/detach verbs now accept --now and --enable options
7809 to combine attachment with enablement and invocation, or detachment
7810 with stopping and disablement.
7811
2ca17c78
ZJS		 7812 * UPGRADE ISSUE: a bug where some jobs were trimmed as redundant was
7813 fixed, which in turn exposed bugs in unit configuration of services
7814 which have Type=oneshot and should only run once, but do not have
7815 RemainAfterExit=yes set. Without RemainAfterExit=yes, a one-shot
7816 service may be started again after exiting successfully, for example
7817 as a dependency in another transaction. Affected services included
7818 some internal systemd services (most notably
7819 systemd-vconsole-setup.service, which was updated to have
7820 RemainAfterExit=yes), and plymouth-start.service. Please ensure that
7821 plymouth has been suitably updated or patched before upgrading to
7822 this systemd release. See
7823 https://bugzilla.redhat.com/show_bug.cgi?id=1807771 for some
7824 additional discussion.
7825
9c4d3d79
ZJS		 7826 Contributions from: AJ Bagwell, Alin Popa, Andreas Rammhold, Anita
7827 Zhang, Ansgar Burchardt, Antonio Russo, Arian van Putten, Ashley Davis,
7828 Balint Reczey, Bart Willems, Bastien Nocera, Benjamin Dahlhoff, Charles
7829 (Chas) Williams, cheese1, Chris Down, Chris Murphy, Christian Ehrhardt,
7830 Christian Göttsche, cvoinf, Daan De Meyer, Daniele Medri, Daniel Rusek,
7831 Daniel Shahaf, Dann Frazier, Dan Streetman, Dariusz Gadomski, David
7832 Michael, Dimitri John Ledkov, Emmanuel Bourg, Evgeny Vereshchagin,
7833 ezst036, Felipe Sateler, Filipe Brandenburger, Florian Klink, Franck
7834 Bui, Fran Dieguez, Frantisek Sumsal, Greg "GothAck" Miell, Guilhem
7835 Lettron, Guillaume Douézan-Grard, Hans de Goede, HATAYAMA Daisuke, Iain
7836 Lane, James Buren, Jan Alexander Steffens (heftig), Jérémy Rosen, Jin
7837 Park, Jun'ichi Nomura, Kai Krakow, Kevin Kuehler, Kevin P. Fleming,
7838 Lennart Poettering, Leonid Bloch, Leonid Evdokimov, lothrond, Luca
7839 Boccassi, Lukas K, Lynn Kirby, Mario Limonciello, Mark Deneen, Matthew
7840 Leeds, Michael Biebl, Michal Koutný, Michal Sekletár, Mike Auty, Mike
7841 Gilbert, mtron, nabijaczleweli, Naïm Favier, Nate Jones, Norbert Lange,
7842 Oliver Giles, Paul Davey, Paul Menzel, Peter Hutterer, Piotr Drąg, Rafa
7843 Couto, Raphael, rhn, Robert Scheck, Rocka, Romain Naour, Ryan Attard,
7844 Sascha Dewald, Shengjing Zhu, Slava Kardakov, Spencer Michaels, Sylvain
7845 Plantefeve, Stanislav Angelovič, Susant Sahani, Thomas Haller, Thomas
7846 Schmitt, Timo Schlüßler, Timo Wilken, Tobias Bernard, Tobias Klauser,
7847 Tobias Stoeckmann, Topi Miettinen, tsia, WataruMatsuoka, Wieland
7848 Hoffmann, Wilhelm Schuster, Will Fleming, xduugu, Yong Cong Sin, Yuri
7849 Chornoivan, Yu Watanabe, Zach Smith, Zbigniew Jędrzejewski-Szmek, Zeyu
7850 DONG
901d1ce8 7851
03985d06 7852 – Warsaw, 2020-03-06
723822f0 7853
bdf2357c 7854CHANGES WITH 244:
ee50dada
ZJS		 7855
7856 * Support for the cpuset cgroups v2 controller has been added.
7857 Processes may be restricted to specific CPUs using the new
7858 AllowedCPUs= setting, and to specific memory NUMA nodes using the new
7859 AllowedMemoryNodes= setting.
7860
7861 * The signal used in restart jobs (as opposed to e.g. stop jobs) may
1e904320 7862 now be configured using a new RestartKillSignal= setting. This
ee50dada
ZJS		 7863 allows units which signals to request termination to implement
7864 different behaviour when stopping in preparation for a restart.
7865
7866 * "systemctl clean" may now be used also for socket, mount, and swap
7867 units.
7868
7869 * systemd will also read configuration options from the EFI variable
7870 SystemdOptions. This may be used to configure systemd behaviour when
7871 modifying the kernel command line is inconvenient, but configuration
7872 on disk is read too late, for example for the options related to
2536752d 7873 cgroup hierarchy setup. 'bootctl systemd-efi-options' may be used to
ee50dada
ZJS		 7874 set the EFI variable.
7875
7876 * systemd will now disable printk ratelimits in early boot. This should
7877 allow us to capture more logs from the early boot phase where normal
7878 storage is not available and the kernel ring buffer is used for
7879 logging. Configuration on the kernel command line has higher priority
7880 and overrides the systemd setting.
7881
7882 systemd programs which log to /dev/kmsg directly use internal
7883 ratelimits to prevent runaway logging. (Normally this is only used
7884 during early boot, so in practice this change has very little
7885 effect.)
7886
3e1db806
AZ		 7887 * Unit files now support top level dropin directories of the form
7888 <unit_type>.d/ (e.g. service.d/) that may be used to add configuration
7889 that affects all corresponding unit files.
ee50dada 7890
852b7272
ZJS		 7891 * systemctl gained support for 'stop --job-mode=triggering' which will
7892 stop the specified unit and any units which could trigger it.
7893
7894 * Unit status display now includes units triggering and triggered by
7895 the unit being shown.
7896
ee50dada
ZJS		 7897 * The RuntimeMaxSec= setting is now supported by scopes, not just
7898 .service units. This is particularly useful for PAM sessions which
7899 create a scope unit for the user login. systemd.runtime_max_sec=
7900 setting may used with the pam_systemd module to limit the duration
7901 of the PAM session, for example for time-limited logins.
7902
852b7272 7903 * A new @pkey system call group is now defined to make it easier to
6b000af4 7904 allow-list memory protection syscalls for containers and services
852b7272
ZJS		 7905 which need to use them.
7906
7907 * systemd-udevd: removed the 30s timeout for killing stale workers on
7908 exit. systemd-udevd now waits for workers to finish. The hard-coded
7909 exit timeout of 30s was too short for some large installations, where
7910 driver initialization could be prematurely interrupted during initrd
7911 processing if the root file system had been mounted and init was
7912 preparing to switch root. If udevd is run without systemd and workers
7913 are hanging while udevd receives an exit signal, udevd will now exit
7914 when udev.event_timeout is reached for the last hanging worker. With
7915 systemd, the exit timeout can additionally be configured using
7916 TimeoutStopSec= in systemd-udevd.service.
7917
ee50dada
ZJS		 7918 * udev now provides a program (fido_id) that identifies FIDO CTAP1
7919 ("U2F")/CTAP2 security tokens based on the usage declared in their
7920 report and descriptor and outputs suitable environment variables.
6b000af4 7921 This replaces the externally maintained allow lists of all known
ee50dada
ZJS		 7922 security tokens that were used previously.
7923
6b000af4 7924 * Automatically generated autosuspend udev rules for allow-listed
ee50dada 7925 devices have been imported from the Chromium OS project. This should
b7db8b7b 7926 improve power saving with many more devices.
ee50dada
ZJS		 7927
7928 * udev gained a new "CONST{key}=value" setting that allows matching
7929 against system-wide constants without forking a helper binary.
7930 Currently "arch" and "virt" keys are supported.
7931
7932 * udev now opens CDROMs in non-exclusive mode when querying their
7933 capabilities. This should fix issues where other programs trying to
7934 use the CDROM cannot gain access to it, but carries a risk of
7935 interfering with programs writing to the disk, if they did not open
7936 the device in exclusive mode as they should.
7937
7938 * systemd-networkd does not create a default route for IPv4 link local
7939 addressing anymore. The creation of the route was unexpected and was
7940 breaking routing in various cases, but people who rely on it being
7941 created implicitly will need to adjust. Such a route may be requested
7942 with DefaultRouteOnDevice=yes.
7943
7944 Similarly, systemd-networkd will not assign a link-local IPv6 address
7945 when IPv6 link-local routing is not enabled.
7946
7947 * Receive and transmit buffers may now be configured on links with
7948 the new RxBufferSize= and TxBufferSize= settings.
7949
7950 * systemd-networkd may now advertise additional IPv6 routes. A new
7951 [IPv6RoutePrefix] section with Route= and LifetimeSec= options is
7952 now supported.
7953
7954 * systemd-networkd may now configure "next hop" routes using the
7955 [NextHop] section and Gateway= and Id= settings.
7956
7957 * systemd-networkd will now retain DHCP config on restarts by default
7958 (but this may be overridden using the KeepConfiguration= setting).
7959 The default for SendRelease= has been changed to true.
7960
7961 * The DHCPv4 client now uses the OPTION_INFORMATION_REFRESH_TIME option
7962 received from the server.
7963
7964 The client will use the received SIP server list if UseSIP=yes is
7965 set.
7966
7967 The client may be configured to request specific options from the
7968 server using a new RequestOptions= setting.
7969
852b7272
ZJS		 7970 The client may be configured to send arbitrary options to the server
7971 using a new SendOption= setting.
7972
ee50dada
ZJS		 7973 A new IPServiceType= setting has been added to configure the "IP
7974 service type" value used by the client.
7975
7976 * The DHCPv6 client learnt a new PrefixDelegationHint= option to
7977 request prefix hints in the DHCPv6 solicitation.
7978
852b7272 7979 * The DHCPv4 server may be configured to send arbitrary options using
88b86003 7980 a new SendOption= setting.
852b7272
ZJS		 7981
7982 * The DHCPv4 server may now be configured to emit SIP server list using
7983 the new EmitSIP= and SIP= settings.
7984
ee50dada
ZJS		 7985 * systemd-networkd and networkctl may now renew DHCP leases on demand.
7986 networkctl has a new 'networkctl renew' verb.
7987
7988 * systemd-networkd may now reconfigure links on demand. networkctl
7989 gained two new verbs: "reload" will reload the configuration, and
7990 "reconfigure DEVICE…" will reconfigure one or more devices.
7991
7992 * .network files may now match on SSID and BSSID of a wireless network,
7993 i.e. the access point name and hardware address using the new SSID=
7994 and BSSID= options. networkctl will display the current SSID and
7995 BSSID for wireless links.
7996
7997 .network files may also match on the wireless network type using the
f36e6a4a 7998 new WLANInterfaceType= option.
ee50dada
ZJS		 7999
8000 * systemd-networkd now includes default configuration that enables
8001 link-local addressing when connected to an ad-hoc wireless network.
8002
ee50dada
ZJS		 8003 * systemd-networkd may configure the Traffic Control queueing
8004 disciplines in the kernel using the new
8005 [TrafficControlQueueingDiscipline] section and Parent=,
8006 NetworkEmulatorDelaySec=, NetworkEmulatorDelayJitterSec=,
6878c022
YW		 8007 NetworkEmulatorPacketLimit=, NetworkEmulatorLossRate=,
8008 NetworkEmulatorDuplicateRate= settings.
ee50dada
ZJS		 8009
8010 * systemd-tmpfiles gained a new w+ setting to append to files.
8011
8012 * systemd-analyze dump will now report when the memory configuration in
8013 the kernel does not match what systemd has configured (usually,
8014 because some external program has modified the kernel configuration
8015 on its own).
8016
852b7272
ZJS		 8017 * systemd-analyze gained a new --base-time= switch instructs the
8018 'calendar' verb to resolve times relative to that timestamp instead
8019 of the present time.
8020
ee50dada
ZJS		 8021 * journalctl --update-catalog now produces deterministic output (making
8022 reproducible image builds easier).
8023
8024 * A new devicetree-overlay setting is now documented in the Boot Loader
8025 Specification.
8026
8027 * The default value of the WatchdogSec= setting used in systemd
8028 services (the ones bundled with the project itself) may be set at
8029 configuration time using the -Dservice-watchdog= setting. If set to
8030 empty, the watchdogs will be disabled.
8031
0e4daba1
MK		 8032 * systemd-resolved validates IP addresses in certificates now when GnuTLS
8033 is being used.
597f905c 8034
852b7272
ZJS		 8035 * libcryptsetup >= 2.0.1 is now required.
8036
8037 * A configuration option -Duser-path= may be used to override the $PATH
8038 used by the user service manager. The default is again to use the same
8039 path as the system manager.
8040
168e131b 8041 * The systemd-id128 tool gained a new switch "-u" (or "--uuid") for
da890466 8042 outputting the 128-bit IDs in UUID format (i.e. in the "canonical
168e131b
LP		 8043 representation").
8044
8045 * Service units gained a new sandboxing option ProtectKernelLogs= which
8046 makes sure the program cannot get direct access to the kernel log
8047 buffer anymore, i.e. the syslog() system call (not to be confused
8048 with the API of the same name in libc, which is not affected), the
8049 /proc/kmsg and /dev/kmsg nodes and the CAP_SYSLOG capability are made
8050 inaccessible to the service. It's recommended to enable this setting
8051 for all services that should not be able to read from or write to the
8052 kernel log buffer, which are probably almost all.
8053
bdf2357c 8054 Contributions from: Aaron Plattner, Alcaro, Anita Zhang, Balint Reczey,
8bf2a311
LP		 8055 Bastien Nocera, Baybal Ni, Benjamin Bouvier, Benjamin Gilbert, Carlo
8056 Teubner, cbzxt, Chen Qi, Chris Down, Christian Rebischke, Claudio
8057 Zumbo, ClydeByrdIII, crashfistfight, Cyprien Laplace, Daniel Edgecumbe,
8058 Daniel Gorbea, Daniel Rusek, Daniel Stuart, Dan Streetman, David
8059 Pedersen, David Tardon, Dimitri John Ledkov, Dominique Martinet, Donald
8060 A. Cupp Jr, Evgeny Vereshchagin, Fabian Henneke, Filipe Brandenburger,
8061 Franck Bui, Frantisek Sumsal, Georg Müller, Hans de Goede, Haochen
8062 Tong, HATAYAMA Daisuke, Iwan Timmer, Jan Janssen, Jan Kundrát, Jan
8063 Synacek, Jan Tojnar, Jay Strict, Jérémy Rosen, Jóhann B. Guðmundsson,
8064 Jonas Jelten, Jonas Thelemann, Justin Trudell, J. Xing, Kai-Heng Feng,
8065 Kenneth D'souza, Kevin Becker, Kevin Kuehler, Lennart Poettering,
8066 Léonard Gérard, Lorenz Bauer, Luca Boccassi, Maciej Stanczew, Mario
8067 Limonciello, Marko Myllynen, Mark Stosberg, Martin Wilck, matthiasroos,
8068 Michael Biebl, Michael Olbrich, Michael Tretter, Michal Sekletar,
8069 Michal Sekletár, Michal Suchanek, Mike Gilbert, Mike Kazantsev, Nicolas
8070 Douma, nikolas, Norbert Lange, pan93412, Pascal de Bruijn, Paul Menzel,
8071 Pavel Hrdina, Peter Wu, Philip Withnall, Piotr Drąg, Rafael Fontenelle,
8072 Renaud Métrich, Riccardo Schirone, RoadrunnerWMC, Ronan Pigott, Ryan
8073 Attard, Sebastian Wick, Serge, Siddharth Chandrasekara, Steve Ramage,
8074 Steve Traylen, Susant Sahani, Thibault Nélis, Tim Teichmann, Tom
8075 Fitzhenry, Tommy J, Torsten Hilbrich, Vito Caputo, ypf791, Yu Watanabe,
8076 Zach Smith, Zbigniew Jędrzejewski-Szmek
8077
8078 – Warsaw, 2019-11-29
bdf2357c 8079
efb536d0 8080CHANGES WITH 243:
6af90583 8081
0338934f
LP		 8082 * This release enables unprivileged programs (i.e. requiring neither
8083 setuid nor file capabilities) to send ICMP Echo (i.e. ping) requests
08b59539 8084 by turning on the "net.ipv4.ping_group_range" sysctl of the Linux
0338934f
LP		 8085 kernel for the whole UNIX group range, i.e. all processes. This
8086 change should be reasonably safe, as the kernel support for it was
8087 specifically implemented to allow safe access to ICMP Echo for
8088 processes lacking any privileges. If this is not desirable, it can be
8089 disabled again by setting the parameter to "1 0".
8090
4cd82631 8091 * Previously, filters defined with SystemCallFilter= would have the
08b59539
CR		 8092 effect that any calling of an offending system call would terminate
8093 the calling thread. This behaviour never made much sense, since
8094 killing individual threads of unsuspecting processes is likely to
8095 create more problems than it solves. With this release the default
8096 action changed from killing the thread to killing the whole
8097 process. For this to work correctly both a kernel version (>= 4.14)
8098 and a libseccomp version (>= 2.4.0) supporting this new seccomp
8099 action is required. If an older kernel or libseccomp is used the old
8100 behaviour continues to be used. This change does not affect any
8101 services that have no system call filters defined, or that use
8102 SystemCallErrorNumber= (and thus see EPERM or another error instead
8103 of being killed when calling an offending system call). Note that
8104 systemd documentation always claimed that the whole process is
8105 killed. With this change behaviour is thus adjusted to match the
8106 documentation.
4cd82631 8107
4860f5c2
ZJS		 8108 * On 64 bit systems, the "kernel.pid_max" sysctl is now bumped to
8109 4194304 by default, i.e. the full 22bit range the kernel allows, up
da890466 8110 from the old 16-bit range. This should improve security and
4860f5c2
ZJS		 8111 robustness, as PID collisions are made less likely (though certainly
8112 still possible). There are rumours this might create compatibility
6af90583
LP		 8113 problems, though at this moment no practical ones are known to
8114 us. Downstream distributions are hence advised to undo this change in
8115 their builds if they are concerned about maximum compatibility, but
8116 for everybody else we recommend leaving the value bumped. Besides
8117 improving security and robustness this should also simplify things as
8118 the maximum number of allowed concurrent tasks was previously bounded
4860f5c2
ZJS		 8119 by both "kernel.pid_max" and "kernel.threads-max" and now effectively
8120 only a single knob is left ("kernel.threads-max"). There have been
8121 concerns that usability is affected by this change because larger PID
8122 numbers are harder to type, but we believe the change from 5 digits
8123 to 7 digits doesn't hamper usability.
6af90583 8124
2875a36b
LP		 8125 * MemoryLow= and MemoryMin= gained hierarchy-aware counterparts,
8126 DefaultMemoryLow= and DefaultMemoryMin=, which can be used to
acdb4b52
CD		 8127 hierarchically set default memory protection values for a particular
8128 subtree of the unit hierarchy.
8129
22bf131b
CD		 8130 * Memory protection directives can now take a value of zero, allowing
8131 explicit opting out of a default value propagated by an ancestor.
8132
87cf1f8f
LP		 8133 * systemd now defaults to the "unified" cgroup hierarchy setup during
8134 build-time, i.e. -Ddefault-hierarchy=unified is now the build-time
8135 default. Previously, -Ddefault-hierarchy=hybrid was the default. This
8136 change reflects the fact that cgroupsv2 support has matured
8137 substantially in both systemd and in the kernel, and is clearly the
8138 way forward. Downstream production distributions might want to
8139 continue to use -Ddefault-hierarchy=hybrid (or even =legacy) for
8140 their builds as unfortunately the popular container managers have not
8141 caught up with the kernel API changes.
8142
51b568f7
ZJS		 8143 * Man pages are not built by default anymore (html pages were already
8144 disabled by default), to make development builds quicker. When
8145 building systemd for a full installation with documentation, meson
4860f5c2
ZJS		 8146 should be called with -Dman=true and/or -Dhtml=true as appropriate.
8147 The default was changed based on the assumption that quick one-off or
8148 repeated development builds are much more common than full optimized
8149 builds for installation, and people need to pass various other
8150 options to when doing "proper" builds anyway, so the gain from making
8151 development builds quicker is bigger than the one time disruption for
8152 packagers.
51b568f7
ZJS		 8153
8154 Two scripts are created in the *build* directory to generate and
8155 preview man and html pages on demand, e.g.:
8156
8157 build/man/man systemctl
8158 build/man/html systemd.index
8159
e110599b 8160 * libidn2 is used by default if both libidn2 and libidn are installed.
4860f5c2 8161 Please use -Dlibidn=true if libidn is preferred.
e110599b 8162
2875a36b 8163 * The D-Bus "wire format" of the CPUAffinity= attribute is changed on
9120e2bf
ZJS		 8164 big-endian machines. Before, bytes were written and read in native
8165 machine order as exposed by the native libc __cpu_mask interface.
8166 Now, little-endian order is always used (CPUs 0–7 are described by
8167 bits 0–7 in byte 0, CPUs 8–15 are described by byte 1, and so on).
8168 This change fixes D-Bus calls that cross endianness boundary.
8169
2875a36b
LP		 8170 The presentation format used for CPUAffinity= by "systemctl show" and
8171 "systemd-analyze dump" is changed to present CPU indices instead of
8172 the raw __cpu_mask bitmask. For example, CPUAffinity=0-1 would be
8173 shown as CPUAffinity=03000000000000000000000000000… (on
8174 little-endian) or CPUAffinity=00000000000000300000000000000… (on
8175 64-bit big-endian), and is now shown as CPUAffinity=0-1, matching the
8176 input format. The maximum integer that will be printed in the new
8177 format is 8191 (four digits), while the old format always used a very
8178 long number (with the length varying by architecture), so they can be
8179 unambiguously distinguished.
9120e2bf 8180
51b568f7
ZJS		 8181 * /usr/sbin/halt.local is no longer supported. Implementation in
8182 distributions was inconsistent and it seems this functionality was
8183 very rarely used.
8184
8185 To replace this functionality, users should:
8186 - either define a new unit and make it a dependency of final.target
8187 (systemctl add-wants final.target my-halt-local.service)
8188 - or move the shutdown script to /usr/lib/systemd/system-shutdown/
8189 and ensure that it accepts "halt", "poweroff", "reboot", and
8190 "kexec" as an argument, see the description in systemd-shutdown(8).
8191
8192 * When a [Match] section in .link or .network file is empty (contains
8193 no match patterns), a warning will be emitted. Please add any "match
9120e2bf 8194 all" pattern instead, e.g. OriginalName=* or Name=* in case all
51b568f7
ZJS		 8195 interfaces should really be matched.
8196
b070c7c0 8197 * A new setting NUMAPolicy= may be used to set process memory
08b59539
CR		 8198 allocation policy. This setting can be specified in
8199 /etc/systemd/system.conf and hence will set the default policy for
8200 PID1. The default policy can be overridden on a per-service
8201 basis. The related setting NUMAMask= is used to specify NUMA node
8202 mask that should be associated with the selected policy.
2875a36b
LP		 8203
8204 * PID 1 will now listen to Out-Of-Memory (OOM) events the kernel
eebaa724 8205 generates when processes it manages are reaching their memory limits,
2875a36b
LP		 8206 and will place their units in a special state, and optionally kill or
8207 stop the whole unit.
8208
8209 * The service manager will now expose bus properties for the IO
8210 resources used by units. This information is also shown in "systemctl
8211 status" now (for services that have IOAccounting=yes set). Moreover,
8212 the IO accounting data is included in the resource log message
8213 generated whenever a unit stops.
8214
201632e3 8215 * Units may now configure an explicit timeout to wait for when killed
2875a36b 8216 with SIGABRT, for example when a service watchdog is hit. Previously,
201632e3
ZJS		 8217 the regular TimeoutStopSec= timeout was applied in this case too —
8218 now a separate timeout may be set using TimeoutAbortSec=.
2875a36b
LP		 8219
8220 * Services may now send a special WATCHDOG=trigger message with
8221 sd_notify() to trigger an immediate "watchdog missed" event, and thus
4860f5c2 8222 trigger service termination. This is useful both for testing watchdog
2875a36b
LP		 8223 handling, but also for defining error paths in services, that shall
8224 be handled the same way as watchdog events.
8225
8226 * There are two new per-unit settings IPIngressFilterPath= and
8227 IPEgressFilterPath= which allow configuration of a BPF program
8228 (usually by specifying a path to a program uploaded to /sys/fs/bpf/)
8229 to apply to the IP packet ingress/egress path of all processes of a
8230 unit. This is useful to allow running systemd services with BPF
8231 programs set up externally.
8232
8233 * systemctl gained a new "clean" verb for removing the state, cache,
8234 runtime or logs directories of a service while it is terminated. The
8235 new verb may also be used to remove the state maintained on disk for
8236 timer units that have Persistent= configured.
8237
8238 * During the last phase of shutdown systemd will now automatically
8239 increase the log level configured in the "kernel.printk" sysctl so
8240 that any relevant loggable events happening during late shutdown are
8241 made visible. Previously, loggable events happening so late during
8242 shutdown were generally lost if the "kernel.printk" sysctl was set to
8243 high thresholds, as regular logging daemons are terminated at that
8244 time and thus nothing is written to disk.
8245
8246 * If processes terminated during the last phase of shutdown do not exit
8247 quickly systemd will now show their names after a short time, to make
201632e3 8248 debugging easier. After a longer timeout they are forcibly killed,
2875a36b
LP		 8249 as before.
8250
8251 * journalctl (and the other tools that display logs) will now highlight
8252 warnings in yellow (previously, both LOG_NOTICE and LOG_WARNING where
8253 shown in bright bold, now only LOG_NOTICE is). Moreover, audit logs
8254 are now shown in blue color, to separate them visually from regular
8255 logs. References to configuration files are now turned into clickable
8256 links on terminals that support that.
8257
8258 * systemd-journald will now stop logging to /var/log/journal during
8259 shutdown when /var/ is on a separate mount, so that it can be
8260 unmounted safely during shutdown.
8261
8262 * systemd-resolved gained support for a new 'strict' DNS-over-TLS mode.
8263
29db4c3a
LP		 8264 * systemd-resolved "Cache=" configuration option in resolved.conf has
8265 been extended to also accept the 'no-negative' value. Previously,
8266 only a boolean option was allowed (yes/no), having yes as the
4860f5c2
ZJS		 8267 default. If this option is set to 'no-negative', negative answers are
8268 not cached while the old cache heuristics are used positive answers.
8269 The default remains unchanged.
37d7a7d9 8270
2875a36b
LP		 8271 * The predictable naming scheme for network devices now supports
8272 generating predictable names for "netdevsim" devices.
8273
4860f5c2
ZJS		 8274 Moreover, the "en" prefix was dropped from the ID_NET_NAME_ONBOARD
8275 udev property.
8276
78266a54
LP		 8277 Those two changes form a new net.naming_scheme= entry. Distributions
8278 which want to preserve naming stability may want to set the
8279 -Ddefault-net-naming-scheme= configuration option.
4860f5c2 8280
2875a36b
LP		 8281 * systemd-networkd now supports MACsec, nlmon, IPVTAP and Xfrm
8282 interfaces natively.
8283
8284 * systemd-networkd's bridge FDB support now allows configuration of a
8285 destination address for each entry (Destination=), as well as the
8286 VXLAN VNI (VNI=), as well as an option to declare what an entry is
8287 associated with (AssociatedWith=).
8288
8289 * systemd-networkd's DHCPv4 support now understands a new MaxAttempts=
33db1b90 8290 option for configuring the maximum number of DHCP lease requests. It
6b000af4 8291 also learnt a new BlackList= option for deny-listing DHCP servers (a
08b59539
CR		 8292 similar setting has also been added to the IPv6 RA client), as well
8293 as a SendRelease= option for configuring whether to send a DHCP
8294 RELEASE message when terminating.
2875a36b
LP		 8295
8296 * systemd-networkd's DHCPv4 and DHCPv6 stacks can now be configured
29db4c3a
LP		 8297 separately in the [DHCPv4] and [DHCPv6] sections.
8298
8299 * systemd-networkd's DHCP support will now optionally create an
8300 implicit host route to the DNS server specified in the DHCP lease, in
8301 addition to the routes listed explicitly in the lease. This should
8302 ensure that in multi-homed systems DNS traffic leaves the systems on
8303 the interface that acquired the DNS server information even if other
8304 routes such as default routes exist. This behaviour may be turned on
8305 with the new RoutesToDNS= option.
2875a36b
LP		 8306
8307 * systemd-networkd's VXLAN support gained a new option
eebaa724 8308 GenericProtocolExtension= for enabling VXLAN Generic Protocol
2875a36b
LP		 8309 Extension support, as well as IPDoNotFragment= for setting the IP
8310 "Don't fragment" bit on outgoing packets. A similar option has been
8311 added to the GENEVE support.
8312
8313 * In systemd-networkd's [Route] section you may now configure
8314 FastOpenNoCookie= for configuring per-route TCP fast-open support, as
8315 well as TTLPropagate= for configuring Label Switched Path (LSP) TTL
8316 propagation. The Type= setting now supports local, broadcast,
8317 anycast, multicast, any, xresolve routes, too.
8318
8319 * systemd-networkd's [Network] section learnt a new option
8320 DefaultRouteOnDevice= for automatically configuring a default route
8321 onto the network device.
8322
8323 * systemd-networkd's bridging support gained two new options ProxyARP=
8324 and ProxyARPWifi= for configuring proxy ARP behaviour as well as
9f0d45e4
YW		 8325 MulticastRouter= for configuring multicast routing behaviour. A new
8326 option MulticastIGMPVersion= may be used to change bridge's multicast
8327 Internet Group Management Protocol (IGMP) version.
2875a36b
LP		 8328
8329 * systemd-networkd's FooOverUDP support gained the ability to configure
8330 local and peer IP addresses via Local= and Peer=. A new option
8331 PeerPort= may be used to configure the peer's IP port.
8332
8333 * systemd-networkd's TUN support gained a new setting VnetHeader= for
8334 tweaking Generic Segment Offload support.
8335
70fcda85
ZJS		 8336 * The address family for policy rules may be specified using the new
8337 Family= option in the [RoutingPolicyRule] section.
8338
2875a36b
LP		 8339 * networkctl gained a new "delete" command for removing virtual network
8340 devices, as well as a new "--stats" switch for showing device
8341 statistics.
8342
13cb62af
YW		 8343 * networkd.conf gained a new setting SpeedMeter= and
8344 SpeedMeterIntervalSec=, to measure bitrate of network interfaces. The
8345 measured speed may be shown by 'networkctl status'.
8346
4860f5c2
ZJS		 8347 * "networkctl status" now displays MTU and queue lengths, and more
8348 detailed information about VXLAN and bridge devices.
8349
2875a36b
LP		 8350 * systemd-networkd's .network and .link files gained a new Property=
8351 setting in the [Match] section, to match against devices with
8352 specific udev properties.
8353
8354 * systemd-networkd's tunnel support gained a new option
8355 AssignToLoopback= for selecting whether to use the loopback device
8356 "lo" as underlying device.
8357
70183735 8358 * systemd-networkd's MACAddress= setting in the [Neighbor] section has
2875a36b
LP		 8359 been renamed to LinkLayerAddress=, and it now allows configuration of
8360 IP addresses, too.
8361
efb536d0
ZJS		 8362 * systemd-networkd's handling of the kernel's disable_ipv6 sysctl is
8363 simplified: systemd-networkd will disable the sysctl (enable IPv6) if
8364 IPv6 configuration (static or DHCPv6) was found for a given
8365 interface. It will not touch the sysctl otherwise.
8366
8367 * The order of entries is $PATH used by the user manager instance was
8368 changed to put bin/ entries before the corresponding sbin/ entries.
8369 It is recommended to not rely on this order, and only ever have one
8370 binary with a given name in the system paths under /usr.
8371
29db4c3a
LP		 8372 * A new tool systemd-network-generator has been added that may generate
8373 .network, .netdev and .link files from IP configuration specified on
4860f5c2 8374 the kernel command line in the format used by Dracut.
29db4c3a 8375
2875a36b
LP		 8376 * The CriticalConnection= setting in .network files is now deprecated,
8377 and replaced by a new KeepConfiguration= setting which allows more
8378 detailed configuration of the IP configuration to keep in place.
8379
4860f5c2
ZJS		 8380 * systemd-analyze gained a few new verbs:
8381
8382 - "systemd-analyze timestamp" parses and converts timestamps. This is
8383 similar to the existing "systemd-analyze calendar" command which
8384 does the same for recurring calendar events.
8385
8386 - "systemd-analyze timespan" parses and converts timespans (i.e.
8387 durations as opposed to points in time).
8388
8389 - "systemd-analyze condition" will parse and test ConditionXYZ=
8390 expressions.
8391
8392 - "systemd-analyze exit-status" will parse and convert exit status
8393 codes to their names and back.
8394
8395 - "systemd-analyze unit-files" will print a list of all unit
8396 file paths and unit aliases.
8397
8398 * SuccessExitStatus=, RestartPreventExitStatus=, and
8399 RestartForceExitStatus= now accept exit status names (e.g. "DATAERR"
8400 is equivalent to "65"). Those exit status name mappings may be
cc560ac0 8401 displayed with the systemd-analyze exit-status verb describe above.
2875a36b
LP		 8402
8403 * systemd-logind now exposes a per-session SetBrightness() bus call,
8404 which may be used to securely change the brightness of a kernel
8405 brightness device, if it belongs to the session's seat. By using this
8406 call unprivileged clients can make changes to "backlight" and "leds"
4860f5c2
ZJS		 8407 devices securely with strict requirements on session membership.
8408 Desktop environments may use this to generically make brightness
8409 changes to such devices without shipping private SUID binaries or
8410 udev rules for that purpose.
2875a36b
LP		 8411
8412 * "udevadm info" gained a --wait-for-initialization switch to wait for
8413 a device to be initialized.
8414
8415 * systemd-hibernate-resume-generator will now look for resumeflags= on
8416 the kernel command line, which is similar to rootflags= and may be
4860f5c2 8417 used to configure device timeout for the hibernation device.
2875a36b
LP		 8418
8419 * sd-event learnt a new API call sd_event_source_disable_unref() for
8420 disabling and unref'ing an event source in a single function. A
8421 related call sd_event_source_disable_unrefp() has been added for use
4860f5c2 8422 with gcc's cleanup extension.
2875a36b
LP		 8423
8424 * The sd-id128.h public API gained a new definition
da890466 8425 SD_ID128_UUID_FORMAT_STR for formatting a 128-bit ID in UUID format
2875a36b
LP		 8426 with printf().
8427
8428 * "busctl introspect" gained a new switch --xml-interface for dumping
8429 XML introspection data unmodified.
8430
8431 * PID 1 may now show the unit name instead of the unit description
8432 string in its status output during boot. This may be configured in
8433 the StatusUnitFormat= setting in /etc/systemd/system.conf or the
8434 kernel command line option systemd.status_unit_format=.
8435
907ddcd3 8436 * PID 1 now understands a new option KExecWatchdogSec= in
4860f5c2
ZJS		 8437 /etc/systemd/system.conf to set a watchdog timeout for kexec reboots.
8438 Previously watchdog functionality was only available for regular
8439 reboots. The new setting defaults to off, because we don't know in
8440 the general case if the watchdog will be reset after kexec (some
8441 drivers do reset it, but not all), and the new userspace might not be
8442 configured to handle the watchdog.
8443
8444 Moreover, the old ShutdownWatchdogSec= setting has been renamed to
8445 RebootWatchdogSec= to more clearly communicate what it is about. The
8446 old name is still accepted for compatibility.
907ddcd3 8447
2875a36b 8448 * The systemd.debug_shell kernel command line option now optionally
4860f5c2
ZJS		 8449 takes a tty name to spawn the debug shell on, which allows a
8450 different tty to be selected than the built-in default.
2875a36b 8451
a4d5848a
AZ		 8452 * Service units gained a new ExecCondition= setting which will run
8453 before ExecStartPre= and either continue execution of the unit (for
8454 clean exit codes), stop execution without marking the unit failed
8455 (for exit codes 1 through 254), or stop execution and fail the unit
4860f5c2 8456 (for exit code 255 or abnormal termination).
a4d5848a 8457
29db4c3a 8458 * A new service systemd-pstore.service has been added that pulls data
08b59539 8459 from /sys/fs/pstore/ and saves it to /var/lib/pstore for later
29db4c3a
LP		 8460 review.
8461
8462 * timedatectl gained new verbs for configuring per-interface NTP
8463 service configuration for systemd-timesyncd.
8464
8465 * "localectl list-locales" won't list non-UTF-8 locales anymore. It's
a18a3aac 8466 2019. (You can set non-UTF-8 locales though, if you know their name.)
29db4c3a 8467
b64c47c0
LP		 8468 * If variable assignments in sysctl.d/ files are prefixed with "-" any
8469 failures to apply them are now ignored.
8470
a18a3aac
LP		 8471 * systemd-random-seed.service now optionally credits entropy when
8472 applying the seed to the system. Set $SYSTEMD_RANDOM_SEED_CREDIT to
8473 true for the service to enable this behaviour, but please consult the
8474 documentation first, since this comes with a couple of caveats.
8475
4860f5c2
ZJS		 8476 * systemd-random-seed.service is now a synchronization point for full
8477 initialization of the kernel's entropy pool. Services that require
8478 /dev/urandom to be correctly initialized should be ordered after this
8479 service.
a18a3aac
LP		 8480
8481 * The systemd-boot boot loader has been updated to optionally maintain
8482 a random seed file in the EFI System Partition (ESP). During the boot
8483 phase, this random seed is read and updated with a new seed
4860f5c2 8484 cryptographically derived from it. Another derived seed is passed to
a18a3aac
LP		 8485 the OS. The latter seed is then credited to the kernel's entropy pool
8486 very early during userspace initialization (from PID 1). This allows
8487 systems to boot up with a fully initialized kernel entropy pool from
8488 earliest boot on, and thus entirely removes all entropy pool
8489 initialization delays from systems using systemd-boot. Special care
8490 is taken to ensure different seeds are derived on system images
4860f5c2
ZJS		 8491 replicated to multiple systems. "bootctl status" will show whether
8492 a seed was received from the boot loader.
8493
8494 * bootctl gained two new verbs:
8495
8496 - "bootctl random-seed" will generate the file in ESP and an EFI
8497 variable to allow a random seed to be passed to the OS as described
8498 above.
8499
8500 - "bootctl is-installed" checks whether systemd-boot is currently
8501 installed.
a18a3aac 8502
4860f5c2
ZJS		 8503 * bootctl will warn if it detects that boot entries are misconfigured
8504 (for example if the kernel image was removed without purging the
8505 bootloader entry).
a18a3aac
LP		 8506
8507 * A new document has been added describing systemd's use and support
8508 for the kernel's entropy pool subsystem:
8509
8510 https://systemd.io/RANDOM_SEEDS
8511
48fd50f7
LP		 8512 * When the system is hibernated the swap device to write the
8513 hibernation image to is now automatically picked from all available
8514 swap devices, preferring the swap device with the highest configured
8515 priority over all others, and picking the device with the most free
8516 space if there are multiple devices with the highest priority.
8517
8518 * /etc/crypttab support has learnt a new keyfile-timeout= per-device
86b52a39 8519 option that permits selecting the timeout how long to wait for a
48fd50f7
LP		 8520 device with an encryption key before asking for the password.
8521
2dbc45ae
KK		 8522 * IOWeight= has learnt to properly set the IO weight when using the
8523 BFQ scheduler officially found in kernels 5.0+.
8524
6d8cf864
ZJS		 8525 * A new mailing list has been created for reporting of security issues:
8526 systemd-security@redhat.com. For mode details, see
8527 https://systemd.io/CONTRIBUTING#security-vulnerability-reports.
8528
f21e2ecb
ZJS		 8529 Contributions from: Aaron Barany, Adrian Bunk, Alan Jenkins, Albrecht
8530 Lohofener, Andrej Valek, Anita Zhang, Arian van Putten, Balint Reczey,
8531 Bastien Nocera, Ben Boeckel, Benjamin Robin, camoz, Chen Qi, Chris
03985d06
ZJS		 8532 Chiu, Chris Down, Christian Göttsche, Christian Kellner, Clinton Roy,
8533 Connor Reeder, Daniel Black, Daniel Lublin, Daniele Medri, Dan
8534 Streetman, Dave Reisner, Dave Ross, David Art, David Tardon, Debarshi
8535 Ray, Dimitri John Ledkov, Dominick Grift, Donald Buczek, Douglas
8536 Christman, Eric DeVolder, EtherGraf, Evgeny Vereshchagin, Feldwor,
8537 Felix Riemann, Florian Dollinger, Francesco Pennica, Franck Bui,
8538 Frantisek Sumsal, Franz Pletz, frederik, Hans de Goede, Iago López
8539 Galeiras, Insun Pyo, Ivan Shapovalov, Iwan Timmer, Jack, Jakob
8540 Unterwurzacher, Jan Chren, Jan Klötzke, Jan Losinski, Jan Pokorný, Jan
8541 Synacek, Jan-Michael Brummer, Jeka Pats, Jeremy Soller, Jérémy Rosen,
8542 Jiri Pirko, Joe Lin, Joerg Behrmann, Joe Richey, Jóhann B. Guðmundsson,
8543 Johannes Christ, Johannes Schmitz, Jonathan Rouleau, Jorge Niedbalski,
8544 Jörg Thalheim, Kai Krakow, Kai Lüke, Karel Zak, Kashyap Chamarthy,
f21e2ecb
ZJS		 8545 Krayushkin Konstantin, Lennart Poettering, Lubomir Rintel, Luca
8546 Boccassi, Luís Ferreira, Marc-André Lureau, Markus Felten, Martin Pitt,
8547 Matthew Leeds, Mattias Jernberg, Michael Biebl, Michael Olbrich,
8548 Michael Prokop, Michael Stapelberg, Michael Zhivich, Michal Koutný,
8549 Michal Sekletar, Mike Gilbert, Milan Broz, Miroslav Lichvar, mpe85,
8550 Mr-Foo, Network Silence, Oliver Harley, pan93412, Paul Menzel, pEJipE,
03985d06
ZJS		 8551 Peter A. Bigot, Philip Withnall, Piotr Drąg, Rafael Fontenelle, Robert
8552 Scheck, Roberto Santalla, Ronan Pigott, root, RussianNeuroMancer,
8553 Sebastian Jennen, shinygold, Shreyas Behera, Simon Schricker, Susant
8554 Sahani, Thadeu Lima de Souza Cascardo, Theo Ouzhinski, Thiebaud
8555 Weksteen, Thomas Haller, Thomas Weißschuh, Tomas Mraz, Tommi Rantala,
8556 Topi Miettinen, VD-Lycos, ven, Vladimir Yerilov, Wieland Hoffmann,
8557 William A. Kennington III, William Wold, Xi Ruoyao, Yuri Chornoivan,
8558 Yu Watanabe, Zach Smith, Zbigniew Jędrzejewski-Szmek, Zhang Xianwei
29db4c3a 8559
efb536d0 8560 – Camerino, 2019-09-03
6af90583 8561
d822bd4e 8562CHANGES WITH 242:
9b89e602
ZJS		 8563
8564 * In .link files, MACAddressPolicy=persistent (the default) is changed
8565 to cover more devices. For devices like bridges, tun, tap, bond, and
8566 similar interfaces that do not have other identifying information,
8567 the interface name is used as the basis for persistent seed for MAC
8568 and IPv4LL addresses. The way that devices that were handled
fd9baae8
ZJS		 8569 previously is not changed, and this change is about covering more
8570 devices then previously by the "persistent" policy.
9b89e602
ZJS		 8571
8572 MACAddressPolicy=random may be used to force randomized MACs and
8573 IPv4LL addresses for a device if desired.
8574
8575 Hint: the log output from udev (at debug level) was enhanced to
8576 clarify what policy is followed and which attributes are used.
8577 `SYSTEMD_LOG_LEVEL=debug udevadm test-builtin net_setup_link /sys/class/net/<name>`
8578 may be used to view this.
8579
c111cd98
YW		 8580 Hint: if a bridge interface is created without any slaves, and gains
8581 a slave later, then now the bridge does not inherit slave's MAC.
8582 To inherit slave's MAC, for example, create the following file:
8583 ```
8584 # /etc/systemd/network/98-bridge-inherit-mac.link
8585 [Match]
8586 Type=bridge
8587
8588 [Link]
8589 MACAddressPolicy=none
8590 ```
8591
9b89e602
ZJS		 8592 * The .device units generated by systemd-fstab-generator and other
8593 generators do not automatically pull in the corresponding .mount unit
8594 as a Wants= dependency. This means that simply plugging in the device
8595 will not cause the mount unit to be started automatically. But please
5787c509
LP		 8596 note that the mount unit may be started for other reasons, in
8597 particular if it is part of local-fs.target, and any unit which
8598 (transitively) depends on local-fs.target is started.
9b89e602 8599
5787c509
LP		 8600 * networkctl list/status/lldp now accept globbing wildcards for network
8601 interface names to match against all existing interfaces.
8602
8603 * The $PIDFILE environment variable is set to point the absolute path
8604 configured with PIDFile= for processes of that service.
9b89e602
ZJS		 8605
8606 * The fallback DNS server list was augmented with Cloudflare public DNS
8607 servers. Use `-Ddns-servers=` to set a different fallback.
8608
8609 * A new special target usb-gadget.target will be started automatically
8610 when a USB Device Controller is detected (which means that the system
8611 is a USB peripheral).
8612
5787c509
LP		 8613 * A new unit setting CPUQuotaPeriodSec= assigns the time period
8614 relatively to which the CPU time quota specified by CPUQuota= is
8615 measured.
9b89e602 8616
5787c509 8617 * A new unit setting ProtectHostname= may be used to prevent services
9b89e602
ZJS		 8618 from modifying hostname information (even if they otherwise would
8619 have privileges to do so).
8620
5787c509 8621 * A new unit setting NetworkNamespacePath= may be used to specify a
9b89e602
ZJS		 8622 namespace for service or socket units through a path referring to a
8623 Linux network namespace pseudo-file.
8624
5787c509
LP		 8625 * The PrivateNetwork= setting and JoinsNamespaceOf= dependencies now
8626 have an effect on .socket units: when used the listening socket is
8627 created within the configured network namespace instead of the host
8628 namespace.
8629
8630 * ExecStart= command lines in unit files may now be prefixed with ':'
8631 in which case environment variable substitution is
8632 disabled. (Supported for the other ExecXYZ= settings, too.)
8633
2eb466fc
LP		 8634 * .timer units gained two new boolean settings OnClockChange= and
8635 OnTimezoneChange= which may be used to also trigger a unit when the
8636 system clock is changed or the local timezone is
8637 modified. systemd-run has been updated to make these options easily
8638 accessible from the command line for transient timers.
8639
8640 * Two new conditions for units have been added: ConditionMemory= may be
8641 used to conditionalize a unit based on installed system
8642 RAM. ConditionCPUs= may be used to conditionalize a unit based on
39e445c9 8643 installed CPU cores.
2eb466fc
LP		 8644
8645 * The @default system call filter group understood by SystemCallFilter=
8646 has been updated to include the new rseq() system call introduced in
8647 kernel 4.15.
8648
ab80eca1
ZJS		 8649 * A new time-set.target has been added that indicates that the system
8650 time has been set from a local source (possibly imprecise). The
8651 existing time-sync.target is stronger and indicates that the time has
8652 been synchronized with a precise external source. Services where
8653 approximate time is sufficient should use the new target.
8654
2eb466fc
LP		 8655 * "systemctl start" (and related commands) learnt a new
8656 --show-transaction option. If specified brief information about all
8657 jobs queued because of the requested operation is shown.
8658
5787c509
LP		 8659 * systemd-networkd recognizes a new operation state 'enslaved', used
8660 (instead of 'degraded' or 'carrier') for interfaces which form a
8661 bridge, bond, or similar, and an new 'degraded-carrier' operational
8662 state used for the bond or bridge master interface when one of the
8663 enslaved devices is not operational.
9b89e602 8664
5787c509
LP		 8665 * .network files learnt the new IgnoreCarrierLoss= option for leaving
8666 networks configured even if the carrier is lost.
8667
8668 * The RequiredForOnline= setting in .network files may now specify a
9b89e602 8669 minimum operational state required for the interface to be considered
5787c509
LP		 8670 "online" by systemd-networkd-wait-online. Related to this
8671 systemd-networkd-wait-online gained a new option --operational-state=
8672 to configure the same, and its --interface= option was updated to
8673 optionally also take an operational state specific for an interface.
9b89e602 8674
2eb466fc
LP		 8675 * systemd-networkd-wait-online gained a new setting --any for waiting
8676 for only one of the requested interfaces instead of all of them.
8677
9b89e602
ZJS		 8678 * systemd-networkd now implements L2TP tunnels.
8679
5787c509
LP		 8680 * Two new .network settings UseAutonomousPrefix= and UseOnLinkPrefix=
8681 may be used to cause autonomous and onlink prefixes received in IPv6
9b89e602
ZJS		 8682 Router Advertisements to be ignored.
8683
5787c509
LP		 8684 * New MulticastFlood=, NeighborSuppression=, and Learning= .network
8685 file settings may be used to tweak bridge behaviour.
8686
8687 * The new TripleSampling= option in .network files may be used to
8688 configure CAN triple sampling.
9b89e602 8689
78bb2866
YW		 8690 * A new .netdev settings PrivateKeyFile= and PresharedKeyFile= may be
8691 used to point to private or preshared key for a WireGuard interface.
9b89e602 8692
5787c509
LP		 8693 * /etc/crypttab now supports the same-cpu-crypt and
8694 submit-from-crypt-cpus options to tweak encryption work scheduling
8695 details.
9b89e602
ZJS		 8696
8697 * systemd-tmpfiles will now take a BSD file lock before operating on a
8698 contents of directory. This may be used to temporarily exclude
8699 directories from aging by taking the same lock (useful for example
8700 when extracting a tarball into /tmp or /var/tmp as a privileged user,
8701 which might create files with really old timestamps, which
5787c509
LP		 8702 nevertheless should not be deleted). For further details, see:
8703
8704 https://systemd.io/TEMPORARY_DIRECTORIES
9b89e602 8705
70d8401d
LP		 8706 * systemd-tmpfiles' h line type gained support for the
8707 FS_PROJINHERIT_FL ('P') file attribute (introduced in kernel 4.5),
8708 controlling project quota inheritance.
8709
9b89e602
ZJS		 8710 * sd-boot and bootctl now implement support for an Extended Boot Loader
8711 (XBOOTLDR) partition, that is intended to be mounted to /boot, in
8712 addition to the ESP partition mounted to /efi or /boot/efi.
8713 Configuration file fragments, kernels, initrds and other EFI images
8714 to boot will be loaded from both the ESP and XBOOTLDR partitions.
8715 The XBOOTLDR partition was previously described by the Boot Loader
5787c509
LP		 8716 Specification, but implementation was missing in sd-boot. Support for
8717 this concept allows using the sd-boot boot loader in more
8718 conservative scenarios where the boot loader itself is placed in the
8719 ESP but the kernels to boot (and their metadata) in a separate
8720 partition.
9b89e602 8721
5787c509
LP		 8722 * A system may now be booted with systemd.volatile=overlay on the
8723 kernel command line, which causes the root file system to be set up
8724 an overlayfs mount combining the root-only root directory with a
8725 writable tmpfs. In this setup, the underlying root device is not
8726 modified, and any changes are lost at reboot.
9b89e602 8727
5787c509
LP		 8728 * Similar, systemd-nspawn can now boot containers with a volatile
8729 overlayfs root with the new --volatile=overlay switch.
9b89e602
ZJS		 8730
8731 * systemd-nspawn can now consume OCI runtime bundles using a new
8732 --oci-bundle= option. This implementation is fully usable, with most
8733 features in the specification implemented, but since this a lot of
8734 new code and functionality, this feature should most likely not
8735 be used in production yet.
8736
5787c509
LP		 8737 * systemd-nspawn now supports various options described by the OCI
8738 runtime specification on the command-line and in .nspawn files:
9b89e602 8739 --inaccessible=/Inaccessible= may be used to mask parts of the file
5787c509 8740 system tree, --console=/--pipe may be used to configure how standard
9b89e602
ZJS		 8741 input, output, and error are set up.
8742
8743 * busctl learned the `emit` verb to generate D-Bus signals.
8744
8745 * systemd-analyze cat-config may be used to gather and display
8746 configuration spread over multiple files, for example system and user
8747 presets, tmpfiles.d, sysusers.d, udev rules, etc.
8748
5787c509
LP		 8749 * systemd-analyze calendar now takes an optional new parameter
8750 --iterations= which may be used to show a maximum number of iterations
8751 the specified expression will elapse next.
8752
8753 * The sd-bus C API gained support for naming method parameters in the
8754 introspection data.
8755
8756 * systemd-logind gained D-Bus APIs to specify the "reboot parameter"
8757 the reboot() system call expects.
8758
8759 * journalctl learnt a new --cursor-file= option that points to a file
9b89e602
ZJS		 8760 from which a cursor should be loaded in the beginning and to which
8761 the updated cursor should be stored at the end.
8762
8763 * ACRN hypervisor and Windows Subsystem for Linux (WSL) are now
8764 detected by systemd-detect-virt (and may also be used in
8765 ConditionVirtualization=).
8766
8767 * The behaviour of systemd-logind may now be modified with environment
8768 variables $SYSTEMD_REBOOT_TO_FIRMWARE_SETUP,
8769 $SYSTEMD_REBOOT_TO_BOOT_LOADER_MENU, and
8770 $SYSTEMD_REBOOT_TO_BOOT_LOADER_ENTRY. They cause logind to either
8771 skip the relevant operation completely (when set to false), or to
8772 create a flag file in /run/systemd (when set to true), instead of
8773 actually commencing the real operation when requested. The presence
8774 of /run/systemd/reboot-to-firmware-setup,
8775 /run/systemd/reboot-to-boot-loader-menu, and
8776 /run/systemd/reboot-to-boot-loader-entry, may be used by alternative
8777 boot loader implementations to replace some steps logind performs
8778 during reboot with their own operations.
8779
8780 * systemctl can be used to request a reboot into the boot loader menu
5787c509
LP		 8781 or a specific boot loader entry with the new --boot-load-menu= and
8782 --boot-loader-entry= options to a reboot command. (This requires a
8783 boot loader that supports this, for example sd-boot.)
9b89e602
ZJS		 8784
8785 * kernel-install will no longer unconditionally create the output
8786 directory (e.g. /efi/<machine-id>/<kernel-version>) for boot loader
8787 snippets, but will do only if the machine-specific parent directory
8788 (i.e. /efi/<machine-id>/) already exists. bootctl has been modified
8789 to create this parent directory during sd-boot installation.
8790
8791 This makes it easier to use kernel-install with plugins which support
8792 a different layout of the bootloader partitions (for example grub2).
8793
a3134241 8794 * During package installation (with `ninja install`), we would create
1fa3ba90
PM		 8795 symlinks for getty@tty1.service, systemd-networkd.service,
8796 systemd-networkd.socket, systemd-resolved.service,
8797 remote-cryptsetup.target, remote-fs.target,
a3134241
ZJS		 8798 systemd-networkd-wait-online.service, and systemd-timesyncd.service
8799 in /etc, as if `systemctl enable` was called for those units, to make
8800 the system usable immediately after installation. Now this is not
8801 done anymore, and instead calling `systemctl preset-all` is
8802 recommended after the first installation of systemd.
8803
bf65b7e0
LP		 8804 * A new boolean sandboxing option RestrictSUIDSGID= has been added that
8805 is built on seccomp. When turned on creation of SUID/SGID files is
8806 prohibited.
8807
8808 * The NoNewPrivileges= and the new RestrictSUIDSGID= options are now
8809 implied if DynamicUser= is turned on for a service. This hardens
8810 these services, so that they neither can benefit from nor create
8811 SUID/SGID executables. This is a minor compatibility breakage, given
8812 that when DynamicUser= was first introduced SUID/SGID behaviour was
8813 unaffected. However, the security benefit of these two options is
8814 substantial, and the setting is still relatively new, hence we opted
8815 to make it mandatory for services with dynamic users.
8816
5b2fc74f
LP		 8817 Contributions from: Adam Jackson, Alexander Tsoy, Andrey Yashkin,
8818 Andrzej Pietrasiewicz, Anita Zhang, Balint Reczey, Beniamino Galvani,
8819 Ben Iofel, Benjamin Berg, Benjamin Dahlhoff, Chris, Chris Morin,
8820 Christopher Wong, Claudius Ellsel, Clemens Gruber, dana, Daniel Black,
8821 Davide Cavalca, David Michael, David Rheinsberg, emersion, Evgeny
8822 Vereshchagin, Filipe Brandenburger, Franck Bui, Frantisek Sumsal,
8823 Giacinto Cifelli, Hans de Goede, Hugo Kindel, Ignat Korchagin, Insun
c3287a42
LP		 8824 Pyo, Jan Engelhardt, Jonas Dorel, Jonathan Lebon, Jonathon Kowalski,
8825 Jörg Sommer, Jörg Thalheim, Jussi Pakkanen, Kai-Heng Feng, Lennart
8826 Poettering, Lubomir Rintel, Luís Ferreira, Martin Pitt, Matthias
8827 Klumpp, Michael Biebl, Michael Niewöhner, Michael Olbrich, Michal
ab80eca1
ZJS		 8828 Sekletar, Mike Lothian, Paul Menzel, Piotr Drąg, Riccardo Schirone,
8829 Robin Elvedi, Roman Kulikov, Ronald Tschalär, Ross Burton, Ryan
1e5d2d65
ZJS		 8830 Gonzalez, Sebastian Krzyszkowiak, Stephane Chazelas, StKob, Susant
8831 Sahani, Sylvain Plantefève, Szabolcs Fruhwald, Taro Yamada, Theo
8832 Ouzhinski, Thomas Haller, Tobias Jungel, Tom Yan, Tony Asleson, Topi
8833 Miettinen, unixsysadmin, Van Laser, Vesa Jääskeläinen, Yu, Li-Yu,
8834 Yu Watanabe, Zbigniew Jędrzejewski-Szmek
c3287a42 8835
1e5d2d65 8836 — Warsaw, 2019-04-11
bf65b7e0 8837
d0f71749 8838CHANGES WITH 241:
b4ff3dbb
ZJS		 8839
8840 * The default locale can now be configured at compile time. Otherwise,
8841 a suitable default will be selected automatically (one of C.UTF-8,
8842 en_US.UTF-8, and C).
8843
8844 * The version string shown by systemd and other tools now includes the
8845 git commit hash when built from git. An override may be specified
8846 during compilation, which is intended to be used by distributions to
8847 include the package release information.
8848
8849 * systemd-cat can now filter standard input and standard error streams
8850 for different syslog priorities using the new --stderr-priority=
8851 option.
8852
8853 * systemd-journald and systemd-journal-remote reject entries which
8854 contain too many fields (CVE-2018-16865) and set limits on the
8855 process' command line length (CVE-2018-16864).
8856
8857 * $DBUS_SESSION_BUS_ADDRESS environment variable is set by pam_systemd
8858 again.
8859
08e1fe42
ZJS		 8860 * A new network device NamePolicy "keep" is implemented for link files,
8861 and used by default in 99-default.link (the fallback configuration
8862 provided by systemd). With this policy, if the network device name
8863 was already set by userspace, the device will not be renamed again.
8864 This matches the naming scheme that was implemented before
8865 systemd-240. If naming-scheme < 240 is specified, the "keep" policy
8866 is also enabled by default, even if not specified. Effectively, this
8867 means that if naming-scheme >= 240 is specified, network devices will
8868 be renamed according to the configuration, even if they have been
8869 renamed already, if "keep" is not specified as the naming policy in
8870 the .link file. The 99-default.link file provided by systemd includes
8871 "keep" for backwards compatibility, but it is recommended for user
8872 installed .link files to *not* include it.
8873
8874 The "kernel" policy, which keeps kernel names declared to be
8875 "persistent", now works again as documented.
8876
ba7a6b8c
LP		 8877 * kernel-install script now optionally takes the paths to one or more
8878 initrd files, and passes them to all plugins.
bd36ef0a 8879
57c03b1e
LP		 8880 * The mincore() system call has been dropped from the @system-service
8881 system call filter group, as it is pretty exotic and may potentially
8882 used for side-channel attacks.
8883
774d6375
ZJS		 8884 * -fPIE is dropped from compiler and linker options. Please specify
8885 -Db_pie=true option to meson to build position-independent
bd36ef0a
YW		 8886 executables. Note that the meson option is supported since meson-0.49.
8887
27325875
LW		 8888 * The fs.protected_regular and fs.protected_fifos sysctls, which were
8889 added in Linux 4.19 to make some data spoofing attacks harder, are
8890 now enabled by default. While this will hopefully improve the
8891 security of most installations, it is technically a backwards
8892 incompatible change; to disable these sysctls again, place the
8893 following lines in /etc/sysctl.d/60-protected.conf or a similar file:
8894
8895 fs.protected_regular = 0
8896 fs.protected_fifos = 0
8897
8898 Note that the similar hardlink and symlink protection has been
8899 enabled since v199, and may be disabled likewise.
8900
a77f438b
LT		 8901 * The files read from the EnvironmentFile= setting in unit files now
8902 parse backslashes inside quotes literally, matching the behaviour of
8903 POSIX shells.
8904
ba7a6b8c
LP		 8905 * udevadm trigger, udevadm control, udevadm settle and udevadm monitor
8906 now automatically become NOPs when run in a chroot() environment.
8907
8908 * The tmpfiles.d/ "C" line type will now copy directory trees not only
8909 when the destination is so far missing, but also if it already exists
8910 as a directory and is empty. This is useful to cater for systems
8911 where directory trees are put together from multiple separate mount
8912 points but otherwise empty.
8913
8914 * A new function sd_bus_close_unref() (and the associated
8915 sd_bus_close_unrefp()) has been added to libsystemd, that combines
8916 sd_bus_close() and sd_bus_unref() in one.
8917
8918 * udevadm control learnt a new option for --ping for testing whether a
8919 systemd-udevd instance is running and reacting.
8920
ecebd1ec
YW		 8921 * udevadm trigger learnt a new option for --wait-daemon for waiting
8922 systemd-udevd daemon to be initialized.
8923
d0f71749
LP		 8924 Contributions from: Aaron Plattner, Alberts Muktupāvels, Alex Mayer,
8925 Ayman Bagabas, Beniamino Galvani, Burt P, Chris Down, Chris Lamb, Chris
8926 Morin, Christian Hesse, Claudius Ellsel, dana, Daniel Axtens, Daniele
8927 Medri, Dave Reisner, David Santamaría Rogado, Diego Canuhe, Dimitri
8928 John Ledkov, Evgeny Vereshchagin, Fabrice Fontaine, Filipe
8929 Brandenburger, Franck Bui, Frantisek Sumsal, govwin, Hans de Goede,
8930 James Hilliard, Jan Engelhardt, Jani Uusitalo, Jan Janssen, Jan
8931 Synacek, Jonathan McDowell, Jonathan Roemer, Jonathon Kowalski, Joost
8932 Heitbrink, Jörg Thalheim, Lance, Lennart Poettering, Louis Taylor,
8933 Lucas Werkmeister, Mantas Mikulėnas, Marc-Antoine Perennou,
8934 marvelousblack, Michael Biebl, Michael Sloan, Michal Sekletar, Mike
8935 Auty, Mike Gilbert, Mikhail Kasimov, Neil Brown, Niklas Hambüchen,
8936 Patrick Williams, Paul Seyfert, Peter Hutterer, Philip Withnall, Roger
8937 James, Ronnie P. Thomas, Ryan Gonzalez, Sam Morris, Stephan Edel,
8938 Stephan Gerhold, Susant Sahani, Taro Yamada, Thomas Haller, Topi
8939 Miettinen, YiFei Zhu, YmrDtnJu, YunQiang Su, Yu Watanabe, Zbigniew
8940 Jędrzejewski-Szmek, zsergeant77, Дамјан Георгиевски
8941
36d28ebc 8942 — Berlin, 2019-02-14
ba7a6b8c 8943
32673162 8944CHANGES WITH 240:
fcb97512 8945
e68a35a7
ZJS		 8946 * NoNewPrivileges=yes has been set for all long-running services
8947 implemented by systemd. Previously, this was problematic due to
8948 SELinux (as this would also prohibit the transition from PID1's label
8949 to the service's label). This restriction has since been lifted, but
8950 an SELinux policy update is required.
8951 (See e.g. https://github.com/fedora-selinux/selinux-policy/pull/234.)
8952
aa2437e2
YW		 8953 * DynamicUser=yes is dropped from systemd-networkd.service,
8954 systemd-resolved.service and systemd-timesyncd.service, which was
8955 enabled in v239 for systemd-networkd.service and systemd-resolved.service,
8956 and since v236 for systemd-timesyncd.service. The users and groups
8957 systemd-network, systemd-resolve and systemd-timesync are created
8958 by systemd-sysusers again. Distributors or system administrators
8959 may need to create these users and groups if they not exist (or need
8960 to re-enable DynamicUser= for those units) while upgrading systemd.
787a133f
YW		 8961 Also, the clock file for systemd-timesyncd may need to move from
8962 /var/lib/private/systemd/timesync/clock to /var/lib/systemd/timesync/clock.
aa2437e2 8963
b1a082cd
ZJS		 8964 * When unit files are loaded from disk, previously systemd would
8965 sometimes (depending on the unit loading order) load units from the
8966 target path of symlinks in .wants/ or .requires/ directories of other
8967 units. This meant that unit could be loaded from different paths
8968 depending on whether the unit was requested explicitly or as a
8969 dependency of another unit, not honouring the priority of directories
8970 in search path. It also meant that it was possible to successfully
8971 load and start units which are not found in the unit search path, as
8972 long as they were requested as a dependency and linked to from
8973 .wants/ or .requires/. The target paths of those symlinks are not
8974 used for loading units anymore and the unit file must be found in
8975 the search path.
8976
fcb97512 8977 * A new service type has been added: Type=exec. It's very similar to
421e3b45 8978 Type=simple but ensures the service manager will wait for both fork()
fcb97512
LP		 8979 and execve() of the main service binary to complete before proceeding
8980 with follow-up units. This is primarily useful so that the manager
8981 propagates any errors in the preparation phase of service execution
8982 back to the job that requested the unit to be started. For example,
8983 consider a service that has ExecStart= set to a file system binary
421e3b45
ZJS		 8984 that doesn't exist. With Type=simple starting the unit would be
8985 considered instantly successful, as only fork() has to complete
8986 successfully and the manager does not wait for execve(), and hence
8987 its failure is seen "too late". With the new Type=exec service type
8988 starting the unit will fail, as the manager will wait for the
8989 execve() and notice its failure, which is then propagated back to the
8990 start job.
fcb97512
LP		 8991
8992 NOTE: with the next release 241 of systemd we intend to change the
8993 systemd-run tool to default to Type=exec for transient services
8994 started by it. This should be mostly safe, but in specific corner
8995 cases might result in problems, as the systemd-run tool will then
6b1ab752 8996 block on NSS calls (such as user name look-ups due to User=) done
fcb97512
LP		 8997 between the fork() and execve(), which under specific circumstances
8998 might cause problems. It is recommended to specify "-p Type=simple"
8999 explicitly in the few cases where this applies. For regular,
9000 non-transient services (i.e. those defined with unit files on disk)
9001 we will continue to default to Type=simple.
9002
0972c1ae
LP		 9003 * The Linux kernel's current default RLIMIT_NOFILE resource limit for
9004 userspace processes is set to 1024 (soft) and 4096
9005 (hard). Previously, systemd passed this on unmodified to all
9006 processes it forked off. With this systemd release the hard limit
0abf9492 9007 systemd passes on is increased to 512K, overriding the kernel's
0972c1ae
LP		 9008 defaults and substantially increasing the number of simultaneous file
9009 descriptors unprivileged userspace processes can allocate. Note that
9010 the soft limit remains at 1024 for compatibility reasons: the
9011 traditional UNIX select() call cannot deal with file descriptors >=
9012 1024 and increasing the soft limit globally might thus result in
9013 programs unexpectedly allocating a high file descriptor and thus
9014 failing abnormally when attempting to use it with select() (of
9015 course, programs shouldn't use select() anymore, and prefer
9016 poll()/epoll, but the call unfortunately remains undeservedly popular
9017 at this time). This change reflects the fact that file descriptor
9018 handling in the Linux kernel has been optimized in more recent
9019 kernels and allocating large numbers of them should be much cheaper
9020 both in memory and in performance than it used to be. Programs that
9021 want to take benefit of the increased limit have to "opt-in" into
421e3b45
ZJS		 9022 high file descriptors explicitly by raising their soft limit. Of
9023 course, when they do that they must acknowledge that they cannot use
9024 select() anymore (and neither can any shared library they use — or
9025 any shared library used by any shared library they use and so on).
9026 Which default hard limit is most appropriate is of course hard to
9027 decide. However, given reports that ~300K file descriptors are used
9028 in real-life applications we believe 512K is sufficiently high as new
9029 default for now. Note that there are also reports that using very
9030 high hard limits (e.g. 1G) is problematic: some software allocates
9031 large arrays with one element for each potential file descriptor
9032 (Java, …) — a high hard limit thus triggers excessively large memory
9033 allocations in these applications. Hopefully, the new default of 512K
9034 is a good middle ground: higher than what real-life applications
9035 currently need, and low enough for avoid triggering excessively large
9036 allocations in problematic software. (And yes, somebody should fix
9037 Java.)
0972c1ae 9038
a8b627aa
LP		 9039 * The fs.nr_open and fs.file-max sysctls are now automatically bumped
9040 to the highest possible values, as separate accounting of file
9041 descriptors is no longer necessary, as memcg tracks them correctly as
9042 part of the memory accounting anyway. Thus, from the four limits on
9043 file descriptors currently enforced (fs.file-max, fs.nr_open,
9044 RLIMIT_NOFILE hard, RLIMIT_NOFILE soft) we turn off the first two,
9045 and keep only the latter two. A set of build-time options
a579d42a 9046 (-Dbump-proc-sys-fs-file-max=false and -Dbump-proc-sys-fs-nr-open=false)
a8b627aa
LP		 9047 has been added to revert this change in behaviour, which might be
9048 an option for systems that turn off memcg in the kernel.
9049
4f7dc24f
LP		 9050 * When no /etc/locale.conf file exists (and hence no locale settings
9051 are in place), systemd will now use the "C.UTF-8" locale by default,
9052 and set LANG= to it. This locale is supported by various
9053 distributions including Fedora, with clear indications that upstream
9054 glibc is going to make it available too. This locale enables UTF-8
9055 mode by default, which appears appropriate for 2018.
9056
230450d4
LR		 9057 * The "net.ipv4.conf.all.rp_filter" sysctl will now be set to 2 by
9058 default. This effectively switches the RFC3704 Reverse Path filtering
9059 from Strict mode to Loose mode. This is more appropriate for hosts
9060 that have multiple links with routes to the same networks (e.g.
9061 a client with a Wi-Fi and Ethernet both connected to the internet).
9062
6b1ab752 9063 Consult the kernel documentation for details on this sysctl:
0e685823 9064 https://docs.kernel.org/networking/ip-sysctl.html
195d181c 9065
e447ffe4
SI		 9066 * The v239 change to turn on "net.ipv4.tcp_ecn" by default has been
9067 reverted.
230450d4 9068
23305a29
CD		 9069 * CPUAccounting=yes no longer enables the CPU controller when using
9070 kernel 4.15+ and the unified cgroup hierarchy, as required accounting
9071 statistics are now provided independently from the CPU controller.
9072
6b1ab752 9073 * Support for disabling a particular cgroup controller within a sub-tree
a8467688
CD		 9074 has been added through the DisableControllers= directive.
9075
8f044cf9
CD		 9076 * cgroup_no_v1=all on the kernel command line now also implies
9077 using the unified cgroup hierarchy, unless one explicitly passes
9078 systemd.unified_cgroup_hierarchy=0 on the kernel command line.
9079
6b1ab752
LP		 9080 * The new "MemoryMin=" unit file property may now be used to set the
9081 memory usage protection limit of processes invoked by the unit. This
4e1dfa45 9082 controls the cgroup v2 memory.min attribute. Similarly, the new
6b1ab752 9083 "IODeviceLatencyTargetSec=" property has been added, wrapping the new
4e1dfa45 9084 cgroup v2 io.latency cgroup property for configuring per-service I/O
6b1ab752
LP		 9085 latency.
9086
4e1dfa45
CD		 9087 * systemd now supports the cgroup v2 devices BPF logic, as counterpart
9088 to the cgroup v1 "devices" cgroup controller.
6b1ab752
LP		 9089
9090 * systemd-escape now is able to combine --unescape with --template. It
9091 also learnt a new option --instance for extracting and unescaping the
9092 instance part of a unit name.
9093
9094 * sd-bus now provides the sd_bus_message_readv() which is similar to
9095 sd_bus_message_read() but takes a va_list object. The pair
9096 sd_bus_set_method_call_timeout() and sd_bus_get_method_call_timeout()
421e3b45 9097 has been added for configuring the default method call timeout to
6b1ab752
LP		 9098 use. sd_bus_error_move() may be used to efficiently move the contents
9099 from one sd_bus_error structure to another, invalidating the
9100 source. sd_bus_set_close_on_exit() and sd_bus_get_close_on_exit() may
9101 be used to control whether a bus connection object is automatically
9102 flushed when an sd-event loop is exited.
9103
9104 * When processing classic BSD syslog log messages, journald will now
9105 save the original time-stamp string supplied in the new
9106 SYSLOG_TIMESTAMP= journal field. This permits consumers to
9107 reconstruct the original BSD syslog message more correctly.
9108
9109 * StandardOutput=/StandardError= in service files gained support for
9110 new "append:…" parameters, for connecting STDOUT/STDERR of a service
9111 to a file, and appending to it.
9112
9113 * The signal to use as last step of killing of unit processes is now
9114 configurable. Previously it was hard-coded to SIGKILL, which may now
9115 be overridden with the new KillSignal= setting. Note that this is the
46b028f2 9116 signal used when regular termination (i.e. SIGTERM) does not suffice.
421e3b45
ZJS		 9117 Similarly, the signal used when aborting a program in case of a
9118 watchdog timeout may now be configured too (WatchdogSignal=).
6b1ab752
LP		 9119
9120 * The XDG_SESSION_DESKTOP environment variable may now be configured in
9121 the pam_systemd argument line, using the new desktop= switch. This is
9122 useful to initialize it properly from a display manager without
9123 having to touch C code.
9124
421e3b45
ZJS		 9125 * Most configuration options that previously accepted percentage values
9126 now also accept permille values with the '‰' suffix (instead of '%').
6b1ab752 9127
6b1ab752
LP		 9128 * systemd-resolved may now optionally use OpenSSL instead of GnuTLS for
9129 DNS-over-TLS.
9130
9131 * systemd-resolved's configuration file resolved.conf gained a new
9132 option ReadEtcHosts= which may be used to turn off processing and
9133 honoring /etc/hosts entries.
9134
9135 * The "--wait" switch may now be passed to "systemctl
9136 is-system-running", in which case the tool will synchronously wait
9137 until the system finished start-up.
9138
9139 * hostnamed gained a new bus call to determine the DMI product UUID.
9140
9141 * On x86-64 systemd will now prefer using the RDRAND processor
9142 instruction over /dev/urandom whenever it requires randomness that
9143 neither has to be crypto-grade nor should be reproducible. This
9144 should substantially reduce the amount of entropy systemd requests
9145 from the kernel during initialization on such systems, though not
9146 reduce it to zero. (Why not zero? systemd still needs to allocate
9147 UUIDs and such uniquely, which require high-quality randomness.)
9148
9149 * networkd gained support for Foo-Over-UDP, ERSPAN and ISATAP
9150 tunnels. It also gained a new option ForceDHCPv6PDOtherInformation=
9151 for forcing the "Other Information" bit in IPv6 RA messages. The
d6131be9 9152 bonding logic gained four new options AdActorSystemPriority=,
6b1ab752 9153 AdUserPortKey=, AdActorSystem= for configuring various 802.3ad
d6131be9
YW		 9154 aspects, and DynamicTransmitLoadBalancing= for enabling dynamic
9155 shuffling of flows. The tunnel logic gained a new
9156 IPv6RapidDeploymentPrefix= option for configuring IPv6 Rapid
9157 Deployment. The policy rule logic gained four new options IPProtocol=,
9158 SourcePort= and DestinationPort=, InvertRule=. The bridge logic gained
9159 support for the MulticastToUnicast= option. networkd also gained
9160 support for configuring static IPv4 ARP or IPv6 neighbor entries.
6b1ab752
LP		 9161
9162 * .preset files (as read by 'systemctl preset') may now be used to
9163 instantiate services.
9164
9165 * /etc/crypttab now understands the sector-size= option to configure
9166 the sector size for an encrypted partition.
9167
9168 * Key material for encrypted disks may now be placed on a formatted
421e3b45
ZJS		 9169 medium, and referenced from /etc/crypttab by the UUID of the file
9170 system, followed by "=" suffixed by the path to the key file.
6b1ab752
LP		 9171
9172 * The "collect" udev component has been removed without replacement, as
421e3b45 9173 it is neither used nor maintained.
6b1ab752
LP		 9174
9175 * When the RuntimeDirectory=, StateDirectory=, CacheDirectory=,
9176 LogsDirectory=, ConfigurationDirectory= settings are used in a
9177 service the executed processes will now receive a set of environment
421e3b45
ZJS		 9178 variables containing the full paths of these directories.
9179 Specifically, RUNTIME_DIRECTORY=, STATE_DIRECTORY, CACHE_DIRECTORY,
9180 LOGS_DIRECTORY, CONFIGURATION_DIRECTORY are now set if these options
9181 are used. Note that these options may be used multiple times per
9182 service in which case the resulting paths will be concatenated and
9183 separated by colons.
6b1ab752
LP		 9184
9185 * Predictable interface naming has been extended to cover InfiniBand
9186 NICs. They will be exposed with an "ib" prefix.
9187
9188 * tmpfiles.d/ line types may now be suffixed with a '-' character, in
9189 which case the respective line failing is ignored.
9190
9191 * .link files may now be used to configure the equivalent to the
9192 "ethtool advertise" commands.
9193
9194 * The sd-device.h and sd-hwdb.h APIs are now exported, as an
9195 alternative to libudev.h. Previously, the latter was just an internal
9196 wrapper around the former, but now these two APIs are exposed
9197 directly.
9198
9199 * sd-id128.h gained a new function sd_id128_get_boot_app_specific()
9200 which calculates an app-specific boot ID similar to how
9201 sd_id128_get_machine_app_specific() generates an app-specific machine
9202 ID.
9203
9204 * A new tool systemd-id128 has been added that can be used to determine
da890466 9205 and generate various 128-bit IDs.
6b1ab752
LP		 9206
9207 * /etc/os-release gained two new standardized fields DOCUMENTATION_URL=
9208 and LOGO=.
9209
9210 * systemd-hibernate-resume-generator will now honor the "noresume"
9211 kernel command line option, in which case it will bypass resuming
9212 from any hibernated image.
9213
9214 * The systemd-sleep.conf configuration file gained new options
9215 AllowSuspend=, AllowHibernation=, AllowSuspendThenHibernate=,
9216 AllowHybridSleep= for prohibiting specific sleep modes even if the
421e3b45 9217 kernel exports them.
6b1ab752
LP		 9218
9219 * portablectl is now officially supported and has thus moved to
9220 /usr/bin/.
9221
9222 * bootctl learnt the two new commands "set-default" and "set-oneshot"
9223 for setting the default boot loader item to boot to (either
9224 persistently or only for the next boot). This is currently only
9225 compatible with sd-boot, but may be implemented on other boot loaders
9226 too, that follow the boot loader interface. The updated interface is
9227 now documented here:
9228
9229 https://systemd.io/BOOT_LOADER_INTERFACE
9230
9231 * A new kernel command line option systemd.early_core_pattern= is now
9232 understood which may be used to influence the core_pattern PID 1
9233 installs during early boot.
9234
9235 * busctl learnt two new options -j and --json= for outputting method
9236 call replies, properties and monitoring output in JSON.
9237
9238 * journalctl's JSON output now supports simple ANSI coloring as well as
9239 a new "json-seq" mode for generating RFC7464 output.
9240
9241 * Unit files now support the %g/%G specifiers that resolve to the UNIX
9242 group/GID of the service manager runs as, similar to the existing
9243 %u/%U specifiers that resolve to the UNIX user/UID.
9244
9245 * systemd-logind learnt a new global configuration option
9246 UserStopDelaySec= that may be set in logind.conf. It specifies how
9247 long the systemd --user instance shall remain started after a user
9248 logs out. This is useful to speed up repetitive re-connections of the
9249 same user, as it means the user's service manager doesn't have to be
9250 stopped/restarted on each iteration, but can be reused between
9251 subsequent options. This setting defaults to 10s. systemd-logind also
9252 exports two new properties on its Manager D-Bus objects indicating
421e3b45
ZJS		 9253 whether the system's lid is currently closed, and whether the system
9254 is on AC power.
6b1ab752
LP		 9255
9256 * systemd gained support for a generic boot counting logic, which
9257 generically permits automatic reverting to older boot loader entries
9258 if newer updated ones don't work. The boot loader side is implemented
9259 in sd-boot, but is kept open for other boot loaders too. For details
9260 see:
9261
9262 https://systemd.io/AUTOMATIC_BOOT_ASSESSMENT
9263
9264 * The SuccessAction=/FailureAction= unit file settings now learnt two
9265 new parameters: "exit" and "exit-force", which result in immediate
9266 exiting of the service manager, and are only useful in systemd --user
9267 and container environments.
9268
9269 * Unit files gained support for a pair of options
9270 FailureActionExitStatus=/SuccessActionExitStatus= for configuring the
9271 exit status to use as service manager exit status when
9272 SuccessAction=/FailureAction= is set to exit or exit-force.
9273
9274 * A pair of LogRateLimitIntervalSec=/LogRateLimitBurst= per-service
9275 options may now be used to configure the log rate limiting applied by
9276 journald per-service.
9277
9278 * systemd-analyze gained a new verb "timespan" for parsing and
9279 normalizing time span values (i.e. strings like "5min 7s 8us").
9280
9281 * systemd-analyze also gained a new verb "security" for analyzing the
9282 security and sand-boxing settings of services in order to determine an
9283 "exposure level" for them, indicating whether a service would benefit
9284 from more sand-boxing options turned on for them.
9285
9286 * "systemd-analyze syscall-filter" will now also show system calls
9287 supported by the local kernel but not included in any of the defined
9288 groups.
9289
9290 * .nspawn files now understand the Ephemeral= setting, matching the
9291 --ephemeral command line switch.
9292
9293 * sd-event gained the new APIs sd_event_source_get_floating() and
9294 sd_event_source_set_floating() for controlling whether a specific
9295 event source is "floating", i.e. destroyed along with the even loop
9296 object itself.
9297
9298 * Unit objects on D-Bus gained a new "Refs" property that lists all
421e3b45
ZJS		 9299 clients that currently have a reference on the unit (to ensure it is
9300 not unloaded).
6b1ab752
LP		 9301
9302 * The JoinControllers= option in system.conf is no longer supported, as
9303 it didn't work correctly, is hard to support properly, is legacy (as
4e1dfa45 9304 the concept only exists on cgroup v1) and apparently wasn't used.
6b1ab752
LP		 9305
9306 * Journal messages that are generated whenever a unit enters the failed
421e3b45
ZJS		 9307 state are now tagged with a unique MESSAGE_ID. Similarly, messages
9308 generated whenever a service process exits are now made recognizable,
5238e957 9309 too. A tagged message is also emitted whenever a unit enters the
421e3b45 9310 "dead" state on success.
6b1ab752
LP		 9311
9312 * systemd-run gained a new switch --working-directory= for configuring
9313 the working directory of the service to start. A shortcut -d is
9314 equivalent, setting the working directory of the service to the
9315 current working directory of the invoking program. The new --shell
9316 (or just -S) option has been added for invoking the $SHELL of the
9317 caller as a service, and implies --pty --same-dir --wait --collect
421e3b45 9318 --service-type=exec. Or in other words, "systemd-run -S" is now the
6b1ab752
LP		 9319 quickest way to quickly get an interactive in a fully clean and
9320 well-defined system service context.
9321
9322 * machinectl gained a new verb "import-fs" for importing an OS tree
9323 from a directory. Moreover, when a directory or tarball is imported
9324 and single top-level directory found with the OS itself below the OS
9325 tree is automatically mangled and moved one level up.
9326
421e3b45
ZJS		 9327 * systemd-importd will no longer set up an implicit btrfs loop-back
9328 file system on /var/lib/machines. If one is already set up, it will
9329 continue to be used.
6b1ab752
LP		 9330
9331 * A new generator "systemd-run-generator" has been added. It will
9332 synthesize a unit from one or more program command lines included in
9333 the kernel command line. This is very useful in container managers
9334 for example:
9335
9336 # systemd-nspawn -i someimage.raw -b systemd.run='"some command line"'
9337
9338 This will run "systemd-nspawn" on an image, invoke the specified
421e3b45
ZJS		 9339 command line and immediately shut down the container again, returning
9340 the command line's exit code.
6b1ab752 9341
421e3b45 9342 * The block device locking logic is now documented:
6b1ab752
LP		 9343
9344 https://systemd.io/BLOCK_DEVICE_LOCKING
9345
9346 * loginctl and machinectl now optionally output the various tables in
9347 JSON using the --output= switch. It is our intention to add similar
9348 support to systemctl and all other commands.
9349
9350 * udevadm's query and trigger verb now optionally take a .device unit
9351 name as argument.
9352
9353 * systemd-udevd's network naming logic now understands a new
78266a54 9354 net.naming_scheme= kernel command line switch, which may be used to
6b1ab752
LP		 9355 pick a specific version of the naming scheme. This helps stabilizing
9356 interface names even as systemd/udev are updated and the naming logic
9357 is improved.
9358
67081438 9359 * sd-id128.h learnt two new auxiliary helpers: sd_id128_is_allf() and
da890466 9360 SD_ID128_ALLF to test if a 128-bit ID is set to all 0xFF bytes, and to
67081438
LP		 9361 initialize one to all 0xFF.
9362
144d7f1d
LP		 9363 * After loading the SELinux policy systemd will now recursively relabel
9364 all files and directories listed in
9365 /run/systemd/relabel-extra.d/*.relabel (which should be simple
9366 newline separated lists of paths) in addition to the ones it already
9367 implicitly relabels in /run, /dev and /sys. After the relabelling is
9368 completed the *.relabel files (and /run/systemd/relabel-extra.d/) are
9369 removed. This is useful to permit initrds (i.e. code running before
9370 the SELinux policy is in effect) to generate files in the host
9371 filesystem safely and ensure that the correct label is applied during
9372 the transition to the host OS.
9373
98a7b55a
LP		 9374 * KERNEL API BREAKAGE: Linux kernel 4.18 changed behaviour regarding
9375 mknod() handling in user namespaces. Previously mknod() would always
9376 fail with EPERM in user namespaces. Since 4.18 mknod() will succeed
9377 but device nodes generated that way cannot be opened, and attempts to
9378 open them result in EPERM. This breaks the "graceful fallback" logic
9379 in systemd's PrivateDevices= sand-boxing option. This option is
9380 implemented defensively, so that when systemd detects it runs in a
9381 restricted environment (such as a user namespace, or an environment
9382 where mknod() is blocked through seccomp or absence of CAP_SYS_MKNOD)
9383 where device nodes cannot be created the effect of PrivateDevices= is
9384 bypassed (following the logic that 2nd-level sand-boxing is not
9385 essential if the system systemd runs in is itself already sand-boxed
9386 as a whole). This logic breaks with 4.18 in container managers where
9387 user namespacing is used: suddenly PrivateDevices= succeeds setting
9388 up a private /dev/ file system containing devices nodes — but when
9389 these are opened they don't work.
9390
d238709c 9391 At this point it is recommended that container managers utilizing
98a7b55a
LP		 9392 user namespaces that intend to run systemd in the payload explicitly
9393 block mknod() with seccomp or similar, so that the graceful fallback
9394 logic works again.
9395
9396 We are very sorry for the breakage and the requirement to change
9397 container configurations for newer kernels. It's purely caused by an
9398 incompatible kernel change. The relevant kernel developers have been
9399 notified about this userspace breakage quickly, but they chose to
9400 ignore it.
9401
455027c9
ZJS		 9402 * PermissionsStartOnly= setting is deprecated (but is still supported
9403 for backwards compatibility). The same functionality is provided by
9404 the more flexible "+", "!", and "!!" prefixes to ExecStart= and other
9405 commands.
9406
b4ff3dbb
ZJS		 9407 * $DBUS_SESSION_BUS_ADDRESS environment variable is not set by
9408 pam_systemd anymore.
9409
08e1fe42
ZJS		 9410 * The naming scheme for network devices was changed to always rename
9411 devices, even if they were already renamed by userspace. The "kernel"
9412 policy was changed to only apply as a fallback, if no other naming
9413 policy took effect.
9414
bd36ef0a
YW		 9415 * The requirements to build systemd is bumped to meson-0.46 and
9416 python-3.5.
9417
6b1ab752
LP		 9418 Contributions from: afg, Alan Jenkins, Aleksei Timofeyev, Alexander
9419 Filippov, Alexander Kurtz, Alexey Bogdanenko, Andreas Henriksson,
9420 Andrew Jorgensen, Anita Zhang, apnix-uk, Arkan49, Arseny Maslennikov,
9421 asavah, Asbjørn Apeland, aszlig, Bastien Nocera, Ben Boeckel, Benedikt
c37e2358
LP		 9422 Morbach, Benjamin Berg, Bruce Zhang, Carlo Caione, Cedric Viou, Chen
9423 Qi, Chris Chiu, Chris Down, Chris Morin, Christian Rebischke, Claudius
9424 Ellsel, Colin Guthrie, dana, Daniel, Daniele Medri, Daniel Kahn
9425 Gillmor, Daniel Rusek, Daniel van Vugt, Dariusz Gadomski, Dave Reisner,
9426 David Anderson, Davide Cavalca, David Leeds, David Malcolm, David
1742aae2
ZJS		 9427 Strauss, David Tardon, Dimitri John Ledkov, Dmitry Torokhov, dj-kaktus,
9428 Dongsu Park, Elias Probst, Emil Soleyman, Erik Kooistra, Ervin Peters,
9429 Evgeni Golov, Evgeny Vereshchagin, Fabrice Fontaine, Faheel Ahmad,
9430 Faizal Luthfi, Felix Yan, Filipe Brandenburger, Franck Bui, Frank
9431 Schaefer, Frantisek Sumsal, Gautier Husson, Gianluca Boiano, Giuseppe
9432 Scrivano, glitsj16, Hans de Goede, Harald Hoyer, Harry Mallon, Harshit
9433 Jain, Helmut Grohne, Henry Tung, Hui Yiqun, imayoda, Insun Pyo, Iwan
9434 Timmer, Jan Janssen, Jan Pokorný, Jan Synacek, Jason A. Donenfeld,
9435 javitoom, Jérémy Nouhaud, Jeremy Su, Jiuyang Liu, João Paulo Rechi
9436 Vita, Joe Hershberger, Joe Rayhawk, Joerg Behrmann, Joerg Steffens,
9437 Jonas Dorel, Jon Ringle, Josh Soref, Julian Andres Klode, Jun Bo Bi,
9438 Jürg Billeter, Keith Busch, Khem Raj, Kirill Marinushkin, Larry
9439 Bernstone, Lennart Poettering, Lion Yang, Li Song, Lorenz
9440 Hübschle-Schneider, Lubomir Rintel, Lucas Werkmeister, Ludwin Janvier,
9441 Lukáš Nykrýn, Luke Shumaker, mal, Marc-Antoine Perennou, Marcin
9442 Skarbek, Marco Trevisan (Treviño), Marian Cepok, Mario Hros, Marko
9443 Myllynen, Markus Grimm, Martin Pitt, Martin Sobotka, Martin Wilck,
9444 Mathieu Trudel-Lapierre, Matthew Leeds, Michael Biebl, Michael Olbrich,
9445 Michael 'pbone' Pobega, Michael Scherer, Michal Koutný, Michal
9446 Sekletar, Michal Soltys, Mike Gilbert, Mike Palmer, Muhammet Kara, Neal
9447 Gompa, Neil Brown, Network Silence, Niklas Tibbling, Nikolas Nyby,
9448 Nogisaka Sadata, Oliver Smith, Patrik Flykt, Pavel Hrdina, Paweł
9449 Szewczyk, Peter Hutterer, Piotr Drąg, Ray Strode, Reinhold Mueller,
9450 Renaud Métrich, Roman Gushchin, Ronny Chevalier, Rubén Suárez Alvarez,
9451 Ruixin Bao, RussianNeuroMancer, Ryutaroh Matsumoto, Saleem Rashid, Sam
9452 Morris, Samuel Morris, Sandy Carter, scootergrisen, Sébastien Bacher,
9453 Sergey Ptashnick, Shawn Landden, Shengyao Xue, Shih-Yuan Lee
9454 (FourDollars), Silvio Knizek, Sjoerd Simons, Stasiek Michalski, Stephen
9455 Gallagher, Steven Allen, Steve Ramage, Susant Sahani, Sven Joachim,
9456 Sylvain Plantefève, Tanu Kaskinen, Tejun Heo, Thiago Macieira, Thomas
9457 Blume, Thomas Haller, Thomas H. P. Andersen, Tim Ruffing, TJ, Tobias
9458 Jungel, Todd Walton, Tommi Rantala, Tomsod M, Tony Novak, Tore
9459 Anderson, Trevonn, Victor Laskurain, Victor Tapia, Violet Halo, Vojtech
9460 Trefny, welaq, William A. Kennington III, William Douglas, Wyatt Ward,
9461 Xiang Fan, Xi Ruoyao, Xuanwo, Yann E. Morin, YmrDtnJu, Yu Watanabe,
9462 Zbigniew Jędrzejewski-Szmek, Zhang Xianwei, Zsolt Dollenstein
9463
9464 — Warsaw, 2018-12-21
6b1ab752 9465
e8498f82 9466CHANGES WITH 239:
019cb3ab
SH		 9467
9468 * NETWORK INTERFACE DEVICE NAMING CHANGES: systemd-udevd's "net_id"
d69f5282
ZJS		 9469 builtin will name network interfaces differently than in previous
9470 versions for virtual network interfaces created with SR-IOV and NPAR
9471 and for devices where the PCI network controller device does not have
9472 a slot number associated.
9473
9474 SR-IOV virtual devices are now named based on the name of the parent
9475 interface, with a suffix of "v<N>", where <N> is the virtual device
9476 number. Previously those virtual devices were named as if completely
9477 independent.
9478
9479 The ninth and later NPAR virtual devices will be named following the
9480 scheme used for the first eight NPAR partitions. Previously those
9481 devices were not renamed and the kernel default (eth<n>) was used.
9482
9483 "net_id" will also generate names for PCI devices where the PCI
9484 network controller device does not have an associated slot number
9485 itself, but one of its parents does. Previously those devices were
9486 not renamed and the kernel default (eth<n>) was used.
019cb3ab 9487
6e2d744b
YW		 9488 * AF_INET and AF_INET6 are dropped from RestrictAddressFamilies= in
9489 systemd-logind.service. Since v235, IPAddressDeny=any has been set to
fe903cf4
LP		 9490 the unit. So, it is expected that the default behavior of
9491 systemd-logind is not changed. However, if distribution packagers or
9492 administrators disabled or modified IPAddressDeny= setting by a
9493 drop-in config file, then it may be necessary to update the file to
9494 re-enable AF_INET and AF_INET6 to support network user name services,
9495 e.g. NIS.
9496
9497 * When the RestrictNamespaces= unit property is specified multiple
9498 times, then the specified types are merged now. Previously, only the
9499 last assignment was used. So, if distribution packagers or
9500 administrators modified the setting by a drop-in config file, then it
9501 may be necessary to update the file.
e0eee477 9502
1fc83d09
LP		 9503 * When OnFailure= is used in combination with Restart= on a service
9504 unit, then the specified units will no longer be triggered on
9505 failures that result in restarting. Previously, the specified units
9506 would be activated each time the unit failed, even when the unit was
9507 going to be restarted automatically. This behaviour contradicted the
9508 documentation. With this release the code is adjusted to match the
9509 documentation.
9510
41a4c3ec
LP		 9511 * systemd-tmpfiles will now print a notice whenever it encounters
9512 tmpfiles.d/ lines referencing the /var/run/ directory. It will
9513 recommend reworking them to use the /run/ directory instead (for
5cadf58e
ZJS		 9514 which /var/run/ is simply a symlinked compatibility alias). This way
9515 systemd-tmpfiles can properly detect line conflicts and merge lines
9516 referencing the same file by two paths, without having to access
9517 them.
41a4c3ec 9518
ce55bd5e
ZJS		 9519 * systemctl disable/unmask/preset/preset-all cannot be used with
9520 --runtime. Previously this was allowed, but resulted in unintuitive
fe903cf4
LP		 9521 behaviour that wasn't useful. systemctl disable/unmask will now undo
9522 both runtime and persistent enablement/masking, i.e. it will remove
9523 any relevant symlinks both in /run and /etc.
ce55bd5e 9524
e01d9e21 9525 * Note that all long-running system services shipped with systemd will
6b000af4 9526 now default to a system call allow list (rather than a deny list, as
e01d9e21
LP		 9527 before). In particular, systemd-udevd will now enforce one too. For
9528 most cases this should be safe, however downstream distributions
9529 which disabled sandboxing of systemd-udevd (specifically the
9530 MountFlags= setting), might want to disable this security feature
6b000af4 9531 too, as the default allow-listing will prohibit all mount, swap,
e01d9e21
LP		 9532 reboot and clock changing operations from udev rules.
9533
5cadf58e
ZJS		 9534 * sd-boot acquired new loader configuration settings to optionally turn
9535 off Windows and MacOS boot partition discovery as well as
9536 reboot-into-firmware menu items. It is also able to pick a better
9537 screen resolution for HiDPI systems, and now provides loader
41a4c3ec
LP		 9538 configuration settings to change the resolution explicitly.
9539
c9299be2
IT		 9540 * systemd-resolved now supports DNS-over-TLS. It's still
9541 turned off by default, use DNSOverTLS=opportunistic to turn it on in
c086ce8c
LP		 9542 resolved.conf. We intend to make this the default as soon as couple
9543 of additional techniques for optimizing the initial latency caused by
9544 establishing a TLS/TCP connection are implemented.
9545
73c718a9
YW		 9546 * systemd-resolved.service and systemd-networkd.service now set
9547 DynamicUser=yes. The users systemd-resolve and systemd-network are
abc291aa
LP		 9548 not created by systemd-sysusers anymore.
9549
9550 NOTE: This has a chance of breaking nss-ldap and similar NSS modules
5238e957 9551 that embed a network facing module into any process using getpwuid()
abc291aa
LP		 9552 or related call: the dynamic allocation of the user ID for
9553 systemd-resolved.service means the service manager has to check NSS
9554 if the user name is already taken when forking off the service. Since
9555 the user in the common case won't be defined in /etc/passwd the
9556 lookup is likely to trigger nss-ldap which in turn might use NSS to
9557 ask systemd-resolved for hostname lookups. This will hence result in
9558 a deadlock: a user name lookup in order to start
38b38500 9559 systemd-resolved.service will result in a hostname lookup for which
abc291aa
LP		 9560 systemd-resolved.service needs to be started already. There are
9561 multiple ways to work around this problem: pre-allocate the
9562 "systemd-resolve" user on such systems, so that nss-ldap won't be
9563 triggered; or use a different NSS package that doesn't do networking
9564 in-process but provides a local asynchronous name cache; or configure
9565 the NSS package to avoid lookups for UIDs in the range `pkg-config
9566 systemd --variable=dynamicuidmin` … `pkg-config systemd
9567 --variable=dynamicuidmax`, so that it does not consider itself
9568 authoritative for the same UID range systemd allocates dynamic users
9569 from.
73c718a9 9570
41a4c3ec
LP		 9571 * The systemd-resolve tool has been renamed to resolvectl (it also
9572 remains available under the old name, for compatibility), and its
9573 interface is now verb-based, similar in style to the other <xyz>ctl
5cadf58e
ZJS		 9574 tools, such as systemctl or loginctl.
9575
75da262a
LP		 9576 * The resolvectl/systemd-resolve tool also provides 'resolvconf'
9577 compatibility. It may be symlinked under the 'resolvconf' name, in
5cadf58e
ZJS		 9578 which case it will take arguments and input compatible with the
9579 Debian and FreeBSD resolvconf tool.
41a4c3ec
LP		 9580
9581 * Support for suspend-then-hibernate has been added, i.e. a sleep mode
3f9a0a52 9582 where the system initially suspends, and after a timeout resumes and
41a4c3ec
LP		 9583 hibernates again.
9584
9585 * networkd's ClientIdentifier= now accepts a new option "duid-only". If
dc3f9b5e
YW		 9586 set the client will only send a DUID as client identifier. (EDIT: the
9587 option was broken, and was dropped in v255.)
41a4c3ec
LP		 9588
9589 * The nss-systemd glibc NSS module will now enumerate dynamic users and
9590 groups in effect. Previously, it could resolve UIDs/GIDs to user
9591 names/groups and vice versa, but did not support enumeration.
9592
9593 * journald's Compress= configuration setting now optionally accepts a
9594 byte threshold value. All journal objects larger than this threshold
9595 will be compressed, smaller ones will not. Previously this threshold
9596 was not configurable and set to 512.
9597
5cadf58e
ZJS		 9598 * A new system.conf setting NoNewPrivileges= is now available which may
9599 be used to turn off acquisition of new privileges system-wide
9600 (i.e. set Linux' PR_SET_NO_NEW_PRIVS for PID 1 itself, and thus also
9601 for all its children). Note that turning this option on means setuid
9602 binaries and file system capabilities lose their special powers.
9603 While turning on this option is a big step towards a more secure
9604 system, doing so is likely to break numerous pre-existing UNIX tools,
9605 in particular su and sudo.
41a4c3ec
LP		 9606
9607 * A new service systemd-time-sync-wait.service has been added. If
9608 enabled it will delay the time-sync.target unit at boot until time
bc99dac5 9609 synchronization has been received from the network. This
41a4c3ec
LP		 9610 functionality is useful on systems lacking a local RTC or where it is
9611 acceptable that the boot process shall be delayed by external network
9612 services.
9613
9614 * When hibernating, systemd will now inform the kernel of the image
9615 write offset, on kernels new enough to support this. This means swap
9616 files should work for hibernation now.
9617
5cadf58e
ZJS		 9618 * When loading unit files, systemd will now look for drop-in unit files
9619 extensions in additional places. Previously, for a unit file name
41a4c3ec
LP		 9620 "foo-bar-baz.service" it would look for dropin files in
9621 "foo-bar-baz.service.d/*.conf". Now, it will also look in
9622 "foo-bar-.service.d/*.conf" and "foo-.service.d/", i.e. at the
9623 service name truncated after all inner dashes. This scheme allows
9624 writing drop-ins easily that apply to a whole set of unit files at
9625 once. It's particularly useful for mount and slice units (as their
5cadf58e
ZJS		 9626 naming is prefix based), but is also useful for service and other
9627 units, for packages that install multiple unit files at once,
41a4c3ec 9628 following a strict naming regime of beginning the unit file name with
5cadf58e
ZJS		 9629 the package's name. Two new specifiers are now supported in unit
9630 files to match this: %j and %J are replaced by the part of the unit
9631 name following the last dash.
9632
9633 * Unit files and other configuration files that support specifier
88099359 9634 expansion now understand another three new specifiers: %T and %V will
5cadf58e 9635 resolve to /tmp and /var/tmp respectively, or whatever temporary
88099359
ZJS		 9636 directory has been set for the calling user. %E will expand to either
9637 /etc (for system units) or $XDG_CONFIG_HOME (for user units).
41a4c3ec
LP		 9638
9639 * The ExecStart= lines of unit files are no longer required to
9640 reference absolute paths. If non-absolute paths are specified the
9641 specified binary name is searched within the service manager's
5cadf58e
ZJS		 9642 built-in $PATH, which may be queried with 'systemd-path
9643 search-binaries-default'. It's generally recommended to continue to
9644 use absolute paths for all binaries specified in unit files.
41a4c3ec 9645
c7f93e28
ZJS		 9646 * Units gained a new load state "bad-setting", which is used when a
9647 unit file was loaded, but contained fatal errors which prevent it
ba1dc1a1
LP		 9648 from being started (for example, a service unit has been defined
9649 lacking both ExecStart= and ExecStop= lines).
c7f93e28 9650
41a4c3ec
LP		 9651 * coredumpctl's "gdb" verb has been renamed to "debug", in order to
9652 support alternative debuggers, for example lldb. The old name
9653 continues to be available however, for compatibility reasons. Use the
5cadf58e
ZJS		 9654 new --debugger= switch or the $SYSTEMD_DEBUGGER environment variable
9655 to pick an alternative debugger instead of the default gdb.
41a4c3ec
LP		 9656
9657 * systemctl and the other tools will now output escape sequences that
9658 generate proper clickable hyperlinks in various terminal emulators
9659 where useful (for example, in the "systemctl status" output you can
9660 now click on the unit file name to quickly open it in the
9661 editor/viewer of your choice). Note that not all terminal emulators
9662 support this functionality yet, but many do. Unfortunately, the
9663 "less" pager doesn't support this yet, hence this functionality is
9664 currently automatically turned off when a pager is started (which
9665 happens quite often due to auto-paging). We hope to remove this
5cadf58e
ZJS		 9666 limitation as soon as "less" learns these escape sequences. This new
9667 behaviour may also be turned off explicitly with the $SYSTEMD_URLIFY
9668 environment variable. For details on these escape sequences see:
41a4c3ec
LP		 9669 https://gist.github.com/egmontkob/eb114294efbcd5adb1944c9f3cb5feda
9670
9671 * networkd's .network files now support a new IPv6MTUBytes= option for
9672 setting the MTU used by IPv6 explicitly as well as a new MTUBytes=
9673 option in the [Route] section to configure the MTU to use for
9674 specific routes. It also gained support for configuration of the DHCP
9675 "UserClass" option through the new UserClass= setting. It gained
9676 three new options in the new [CAN] section for configuring CAN
9677 networks. The MULTICAST and ALLMULTI interface flags may now be
9678 controlled explicitly with the new Multicast= and AllMulticast=
9679 settings.
9680
9681 * networkd will now automatically make use of the kernel's route
9682 expiration feature, if it is available.
9683
5cadf58e
ZJS		 9684 * udevd's .link files now support setting the number of receive and
9685 transmit channels, using the RxChannels=, TxChannels=,
9686 OtherChannels=, CombinedChannels= settings.
9687
9688 * Support for UDPSegmentationOffload= has been removed, given its
9689 limited support in hardware, and waning software support.
41a4c3ec
LP		 9690
9691 * networkd's .netdev files now support creating "netdevsim" interfaces.
9692
9693 * PID 1 learnt a new bus call GetUnitByControlGroup() which may be used
9694 to query the unit belonging to a specific kernel control group.
9695
5cadf58e 9696 * systemd-analyze gained a new verb "cat-config", which may be used to
41a4c3ec
LP		 9697 dump the contents of any configuration file, with all its matching
9698 drop-in files added in, and honouring the usual search and masking
9699 logic applied to systemd configuration files. For example use
9700 "systemd-analyze cat-config systemd/system.conf" to get the complete
9701 system configuration file of systemd how it would be loaded by PID 1
5cadf58e
ZJS		 9702 itself. Similar to this, various tools such as systemd-tmpfiles or
9703 systemd-sysusers, gained a new option "--cat-config", which does the
41a4c3ec
LP		 9704 corresponding operation for their own configuration settings. For
9705 example, "systemd-tmpfiles --cat-config" will now output the full
9706 list of tmpfiles.d/ lines in place.
9707
704ae536
YW		 9708 * timedatectl gained three new verbs: "show" shows bus properties of
9709 systemd-timedated, "timesync-status" shows the current NTP
9710 synchronization state of systemd-timesyncd, and "show-timesync"
9711 shows bus properties of systemd-timesyncd.
41a4c3ec
LP		 9712
9713 * systemd-timesyncd gained a bus interface on which it exposes details
9714 about its state.
9715
73c718a9
YW		 9716 * A new environment variable $SYSTEMD_TIMEDATED_NTP_SERVICES is now
9717 understood by systemd-timedated. It takes a colon-separated list of
9718 unit names of NTP client services. The list is used by
9719 "timedatectl set-ntp".
9720
41a4c3ec
LP		 9721 * systemd-nspawn gained a new --rlimit= switch for setting initial
9722 resource limits for the container payload. There's a new switch
5cadf58e 9723 --hostname= to explicitly override the container's hostname. A new
41a4c3ec
LP		 9724 --no-new-privileges= switch may be used to control the
9725 PR_SET_NO_NEW_PRIVS flag for the container payload. A new
9726 --oom-score-adjust= switch controls the OOM scoring adjustment value
9727 for the payload. The new --cpu-affinity= switch controls the CPU
9728 affinity of the container payload. The new --resolv-conf= switch
9729 allows more detailed control of /etc/resolv.conf handling of the
5cadf58e 9730 container. Similarly, the new --timezone= switch allows more detailed
41a4c3ec
LP		 9731 control of /etc/localtime handling of the container.
9732
5cadf58e 9733 * systemd-detect-virt gained a new --list switch, which will print a
41a4c3ec
LP		 9734 list of all currently known VM and container environments.
9735
5cadf58e 9736 * Support for "Portable Services" has been added, see
41a4c3ec 9737 doc/PORTABLE_SERVICES.md for details. Currently, the support is still
5cadf58e
ZJS		 9738 experimental, but this is expected to change soon. Reflecting this
9739 experimental state, the "portablectl" binary is not installed into
41a4c3ec
LP		 9740 /usr/bin yet. The binary has to be called with the full path
9741 /usr/lib/systemd/portablectl instead.
9742
9743 * journalctl's and systemctl's -o switch now knows a new log output
9744 mode "with-unit". The output it generates is very similar to the
9745 regular "short" mode, but displays the unit name instead of the
9746 syslog tag for each log line. Also, the date is shown with timezone
9747 information. This mode is probably more useful than the classic
9748 "short" output mode for most purposes, except where pixel-perfect
9749 compatibility with classic /var/log/messages formatting is required.
9750
9751 * A new --dump-bus-properties switch has been added to the systemd
9752 binary, which may be used to dump all supported D-Bus properties.
c7f93e28
ZJS		 9753 (Options which are still supported, but are deprecated, are *not*
9754 shown.)
41a4c3ec 9755
41a4c3ec
LP		 9756 * sd-bus gained a set of new calls:
9757 sd_bus_slot_set_floating()/sd_bus_slot_get_floating() may be used to
9758 enable/disable the "floating" state of a bus slot object,
9759 i.e. whether the slot object pins the bus it is allocated for into
9760 memory or if the bus slot object gets disconnected when the bus goes
9761 away. sd_bus_open_with_description(),
9762 sd_bus_open_user_with_description(),
9763 sd_bus_open_system_with_description() may be used to allocate bus
9764 objects and set their description string already during allocation.
9765
9766 * sd-event gained support for watching inotify events from the event
9767 loop, in an efficient way, sharing inotify handles between multiple
9768 users. For this a new function sd_event_add_inotify() has been added.
9769
9770 * sd-event and sd-bus gained support for calling special user-supplied
9771 destructor functions for userdata pointers associated with
c7f93e28
ZJS		 9772 sd_event_source, sd_bus_slot, and sd_bus_track objects. For this new
9773 functions sd_bus_slot_set_destroy_callback,
9774 sd_bus_slot_get_destroy_callback, sd_bus_track_set_destroy_callback,
9775 sd_bus_track_get_destroy_callback,
9776 sd_event_source_set_destroy_callback,
9777 sd_event_source_get_destroy_callback have been added.
41a4c3ec
LP		 9778
9779 * The "net.ipv4.tcp_ecn" sysctl will now be turned on by default.
9780
9781 * PID 1 will now automatically reschedule .timer units whenever the
5cadf58e 9782 local timezone changes. (They previously got rescheduled
41a4c3ec
LP		 9783 automatically when the system clock changed.)
9784
9785 * New documentation has been added to document cgroups delegation,
9786 portable services and the various code quality tools we have set up:
9787
a8a27374
SK		 9788 https://github.com/systemd/systemd/blob/master/docs/CGROUP_DELEGATION.md
9789 https://github.com/systemd/systemd/blob/master/docs/PORTABLE_SERVICES.md
9790 https://github.com/systemd/systemd/blob/master/docs/CODE_QUALITY.md
41a4c3ec 9791
d6906108
LP		 9792 * The Boot Loader Specification has been added to the source tree.
9793
a8a27374 9794 https://github.com/systemd/systemd/blob/master/docs/BOOT_LOADER_SPECIFICATION.md
d6906108
LP		 9795
9796 While moving it into our source tree we have updated it and further
9797 changes are now accepted through the usual github PR workflow.
9798
41a4c3ec
LP		 9799 * pam_systemd will now look for PAM userdata fields systemd.memory_max,
9800 systemd.tasks_max, systemd.cpu_weight, systemd.io_weight set by
9801 earlier PAM modules. The data in these fields is used to initialize
9802 the session scope's resource properties. Thus external PAM modules
9803 may now configure per-session limits, for example sourced from
9804 external user databases.
9805
9806 * socket units with Accept=yes will now maintain a "refused" counter in
9807 addition to the existing "accepted" counter, counting connections
9808 refused due to the enforced limits.
9809
9810 * The "systemd-path search-binaries-default" command may now be use to
9811 query the default, built-in $PATH PID 1 will pass to the services it
9812 manages.
9813
c49a7cbd
LP		 9814 * A new unit file setting PrivateMounts= has been added. It's a boolean
9815 option. If enabled the unit's processes are invoked in their own file
9816 system namespace. Note that this behaviour is also implied if any
9817 other file system namespacing options (such as PrivateTmp=,
9818 PrivateDevices=, ProtectSystem=, …) are used. This option is hence
9819 primarily useful for services that do not use any of the other file
9820 system namespacing options. One such service is systemd-udevd.service
5238e957 9821 where this is now used by default.
c49a7cbd 9822
57ab451e
ZJS		 9823 * ConditionSecurity= gained a new value "uefi-secureboot" that is true
9824 when the system is booted in UEFI "secure mode".
9825
c7668c1c
LP		 9826 * A new unit "system-update-pre.target" is added, which defines an
9827 optional synchronization point for offline system updates, as
9828 implemented by the pre-existing "system-update.target" unit. It
9829 allows ordering services before the service that executes the actual
9830 update process in a generic way.
9831
f26ad321
ZJS		 9832 * Systemd now emits warnings whenever .include syntax is used.
9833
41a4c3ec 9834 Contributions from: Adam Duskett, Alan Jenkins, Alessandro Casale,
ec53d48c 9835 Alexander Kurtz, Alex Gartrell, Anssi Hannula, Arnaud Rebillout, Brian
bb6f071f
LP		 9836 J. Murrell, Bruno Vernay, Chris Lamb, Chris Lesiak, Christian Brauner,
9837 Christian Hesse, Christian Rebischke, Colin Guthrie, Daniel Dao, Daniel
9838 Lin, Danylo Korostil, Davide Cavalca, David Tardon, Dimitri John
9839 Ledkov, Dmitriy Geels, Douglas Christman, Elia Geretto, emelenas, Emil
9840 Velikov, Evgeny Vereshchagin, Felipe Sateler, Feng Sun, Filipe
9841 Brandenburger, Franck Bui, futpib, Giuseppe Scrivano, Guillem Jover,
9842 guixxx, Hannes Reinecke, Hans de Goede, Harald Hoyer, Henrique Dante de
9843 Almeida, Hiram van Paassen, Ian Miell, Igor Gnatenko, Ivan Shapovalov,
9844 Iwan Timmer, James Cowgill, Jan Janssen, Jan Synacek, Jared Kazimir,
9845 Jérémy Rosen, João Paulo Rechi Vita, Joost Heitbrink, Jui-Chi Ricky
9846 Liang, Jürg Billeter, Kai-Heng Feng, Karol Augustin, Kay Sievers,
9847 Krzysztof Nowicki, Lauri Tirkkonen, Lennart Poettering, Leonard König,
9848 Long Li, Luca Boccassi, Lucas Werkmeister, Marcel Hoppe, Marc
9849 Kleine-Budde, Mario Limonciello, Martin Jansa, Martin Wilck, Mathieu
9850 Malaterre, Matteo F. Vescovi, Matthew McGinn, Matthias-Christian Ott,
9851 Michael Biebl, Michael Olbrich, Michael Prokop, Michal Koutný, Michal
9852 Sekletar, Mike Gilbert, Mikhail Kasimov, Milan Broz, Milan Pässler,
9853 Mladen Pejaković, Muhammet Kara, Nicolas Boichat, Omer Katz, Paride
9854 Legovini, Paul Menzel, Paul Milliken, Pavel Hrdina, Peter A. Bigot,
9855 Peter D'Hoye, Peter Hutterer, Peter Jones, Philip Sequeira, Philip
61d0025d 9856 Withnall, Piotr Drąg, Radostin Stoyanov, Ricardo Salveti de Araujo,
bb6f071f
LP		 9857 Ronny Chevalier, Rosen Penev, Rubén Suárez Alvarez, Ryan Gonzalez,
9858 Salvo Tomaselli, Sebastian Reichel, Sergey Ptashnick, Sergio Lindo
9859 Mansilla, Stefan Schweter, Stephen Hemminger, Stuart Hayes, Susant
9860 Sahani, Sylvain Plantefève, Thomas H. P. Andersen, Tobias Jungel,
9861 Tomasz Torcz, Vito Caputo, Will Dietz, Will Thompson, Wim van Mourik,
9862 Yu Watanabe, Zbigniew Jędrzejewski-Szmek
41a4c3ec 9863
e8498f82 9864 — Berlin, 2018-06-22
41a4c3ec 9865
c657bff1 9866CHANGES WITH 238:
e0c46a73
LP		 9867
9868 * The MemoryAccounting= unit property now defaults to on. After
9869 discussions with the upstream control group maintainers we learnt
9870 that the negative impact of cgroup memory accounting on current
9871 kernels is finally relatively minimal, so that it should be safe to
444d5863
ZJS		 9872 enable this by default without affecting system performance. Besides
9873 memory accounting only task accounting is turned on by default, all
9874 other forms of resource accounting (CPU, IO, IP) remain off for now,
9875 because it's not clear yet that their impact is small enough to move
9876 from opt-in to opt-out. We recommend downstreams to leave memory
07a35e84 9877 accounting on by default if kernel 4.14 or higher is primarily
444d5863
ZJS		 9878 used. On very resource constrained systems or when support for old
9879 kernels is a necessity, -Dmemory-accounting-default=false can be used
9880 to revert this change.
e0c46a73 9881
313c32c3
ZJS		 9882 * rpm scriptlets to update the udev hwdb and rules (%udev_hwdb_update,
9883 %udev_rules_update) and the journal catalog (%journal_catalog_update)
9884 from the upgrade scriptlets of individual packages now do nothing.
9885 Transfiletriggers have been added which will perform those updates
9886 once at the end of the transaction.
9887
9888 Similar transfiletriggers have been added to execute any sysctl.d
9889 and binfmt.d rules. Thus, it should be unnecessary to provide any
9890 scriptlets to execute this configuration from package installation
9891 scripts.
9892
9893 * systemd-sysusers gained a mode where the configuration to execute is
9894 specified on the command line, but this configuration is not executed
9895 directly, but instead it is merged with the configuration on disk,
9896 and the result is executed. This is useful for package installation
9897 scripts which want to create the user before installing any files on
9898 disk (in case some of those files are owned by that user), while
9899 still allowing local admin overrides.
9900
07a35e84 9901 This functionality is exposed to rpm scriptlets through a new
313c32c3
ZJS		 9902 %sysusers_create_package macro. Old %sysusers_create and
9903 %sysusers_create_inline macros are deprecated.
9904
9905 A transfiletrigger for sysusers.d configuration is now installed,
07a35e84 9906 which means that it should be unnecessary to call systemd-sysusers from
313c32c3
ZJS		 9907 package installation scripts, unless the package installs any files
9908 owned by those newly-created users, in which case
9909 %sysusers_create_package should be used.
9910
9911 * Analogous change has been done for systemd-tmpfiles: it gained a mode
9912 where the command-line configuration is merged with the configuration
9913 on disk. This is exposed as the new %tmpfiles_create_package macro,
9914 and %tmpfiles_create is deprecated. A transfiletrigger is installed
9915 for tmpfiles.d, hence it should be unnecessary to call systemd-tmpfiles
9916 from package installation scripts.
9917
9918 * sysusers.d configuration for a user may now also specify the group
9919 number, in addition to the user number ("u username 123:456"), or
9920 without the user number ("u username -:456").
9921
9922 * Configution items for systemd-sysusers can now be specified as
9923 positional arguments when the new --inline switch is used.
9924
9925 * The login shell of users created through sysusers.d may now be
9926 specified (previously, it was always /bin/sh for root and
9927 /sbin/nologin for other users).
9928
9929 * systemd-analyze gained a new --global switch to look at global user
9930 configuration. It also gained a unit-paths verb to list the unit load
9931 paths that are compiled into systemd (which can be used with
9932 --systemd, --user, or --global).
9933
9934 * udevadm trigger gained a new --settle/-w option to wait for any
9935 triggered events to finish (but just those, and not any other events
9936 which are triggered meanwhile).
9937
9938 * The action that systemd-logind takes when the lid is closed and the
9939 machine is connected to external power can now be configured using
9940 HandleLidSwitchExternalPower= in logind.conf. Previously, this action
9941 was determined by HandleLidSwitch=, and, for backwards compatibility,
9942 is still is, if HandleLidSwitchExternalPower= is not explicitly set.
9943
9944 * journalctl will periodically call sd_journal_process() to make it
9945 resilient against inotify queue overruns when journal files are
9946 rotated very quickly.
9947
9948 * Two new functions in libsystemd — sd_bus_get_n_queued_read and
9949 sd_bus_get_n_queued_write — may be used to check the number of
9950 pending bus messages.
9951
9952 * systemd gained a new
9953 org.freedesktop.systemd1.Manager.AttachProcessesToUnit dbus call
9954 which can be used to migrate foreign processes to scope and service
9955 units. The primary user for this new API is systemd itself: the
9956 systemd --user instance uses this call of the systemd --system
9957 instance to migrate processes if it itself gets the request to
9958 migrate processes and the kernel refuses this due to access
33db1b90 9959 restrictions. Thanks to this "systemd-run --scope --user …" works
4e1dfa45 9960 again in pure cgroup v2 environments when invoked from the user
313c32c3
ZJS		 9961 session scope.
9962
9963 * A new TemporaryFileSystem= setting can be used to mask out part of
9964 the real file system tree with tmpfs mounts. This may be combined
9965 with BindPaths= and BindReadOnlyPaths= to hide files or directories
9966 not relevant to the unit, while still allowing some paths lower in
9967 the tree to be accessed.
9968
9969 ProtectHome=tmpfs may now be used to hide user home and runtime
9970 directories from units, in a way that is mostly equivalent to
9971 "TemporaryFileSystem=/home /run/user /root".
9972
9973 * Non-service units are now started with KeyringMode=shared by default.
9974 This means that mount and swapon and other mount tools have access
9975 to keys in the main keyring.
9976
9977 * /sys/fs/bpf is now mounted automatically.
9978
9979 * QNX virtualization is now detected by systemd-detect-virt and may
9980 be used in ConditionVirtualization=.
9981
9982 * IPAccounting= may now be enabled also for slice units.
9983
9984 * A new -Dsplit-bin= build configuration switch may be used to specify
9985 whether bin and sbin directories are merged, or if they should be
9986 included separately in $PATH and various listings of executable
9987 directories. The build configuration scripts will try to autodetect
9988 the proper values of -Dsplit-usr= and -Dsplit-bin= based on build
9989 system, but distributions are encouraged to configure this
9990 explicitly.
9991
9992 * A new -Dok-color= build configuration switch may be used to change
9993 the colour of "OK" status messages.
9994
9995 * UPGRADE ISSUE: serialization of units using JoinsNamespaceOf= with
9996 PrivateNetwork=yes was buggy in previous versions of systemd. This
9997 means that after the upgrade and daemon-reexec, any such units must
9998 be restarted.
9999
10000 * INCOMPATIBILITY: as announced in the NEWS for 237, systemd-tmpfiles
10001 will not exclude read-only files owned by root from cleanup.
10002
c657bff1
ZJS		 10003 Contributions from: Alan Jenkins, Alexander F Rødseth, Alexis Jeandet,
10004 Andika Triwidada, Andrei Gherzan, Ansgar Burchardt, antizealot1337,
10005 Batuhan Osman Taşkaya, Beniamino Galvani, Bill Yodlowsky, Caio Marcelo
10006 de Oliveira Filho, CuBiC, Daniele Medri, Daniel Mouritzen, Daniel
10007 Rusek, Davide Cavalca, Dimitri John Ledkov, Douglas Christman, Evgeny
10008 Vereshchagin, Faalagorn, Filipe Brandenburger, Franck Bui, futpib,
10009 Giacomo Longo, Gunnar Hjalmarsson, Hans de Goede, Hermann Gausterer,
10010 Iago López Galeiras, Jakub Filak, Jan Synacek, Jason A. Donenfeld,
10011 Javier Martinez Canillas, Jérémy Rosen, Lennart Poettering, Lucas
10012 Werkmeister, Mao Huang, Marco Gulino, Michael Biebl, Michael Vogt,
10013 MilhouseVH, Neal Gompa (ニール・ゴンパ), Oleander Reis, Olof Mogren,
10014 Patrick Uiterwijk, Peter Hutterer, Peter Portante, Piotr Drąg, Robert
10015 Antoni Buj Gelonch, Sergey Ptashnick, Shawn Landden, Shuang Liu, Simon
10016 Fowler, SjonHortensius, snorreflorre, Susant Sahani, Sylvain
10017 Plantefève, Thomas Blume, Thomas Haller, Vito Caputo, Yu Watanabe,
10018 Zbigniew Jędrzejewski-Szmek, Марко М. Костић (Marko M. Kostić)
10019
10020 — Warsaw, 2018-03-05
10021
82c8e3e6 10022CHANGES WITH 237:
2b0c59ba
MP		 10023
10024 * Some keyboards come with a zoom see-saw or rocker which until now got
10025 mapped to the Linux "zoomin/out" keys in hwdb. However, these
10026 keycodes are not recognized by any major desktop. They now produce
10027 Up/Down key events so that they can be used for scrolling.
10028
49e87292
LP		 10029 * INCOMPATIBILITY: systemd-tmpfiles' "f" lines changed behaviour
10030 slightly: previously, if an argument was specified for lines of this
10031 type (i.e. the right-most column was set) this string was appended to
10032 existing files each time systemd-tmpfiles was run. This behaviour was
10033 different from what the documentation said, and not particularly
10034 useful, as repeated systemd-tmpfiles invocations would not be
10035 idempotent and grow such files without bounds. With this release
15c5594b
ZJS		 10036 behaviour has been altered to match what the documentation says:
10037 lines of this type only have an effect if the indicated files don't
10038 exist yet, and only then the argument string is written to the file.
49e87292 10039
82c8e3e6
LP		 10040 * FUTURE INCOMPATIBILITY: In systemd v238 we intend to slightly change
10041 systemd-tmpfiles behaviour: previously, read-only files owned by root
10042 were always excluded from the file "aging" algorithm (i.e. the
10043 automatic clean-up of directories like /tmp based on
10044 atime/mtime/ctime). We intend to drop this restriction, and age files
10045 by default even when owned by root and read-only. This behaviour was
10046 inherited from older tools, but there have been requests to remove
10047 it, and it's not obvious why this restriction was made in the first
28423d9a 10048 place. Please speak up now, if you are aware of software that requires
82c8e3e6
LP		 10049 this behaviour, otherwise we'll remove the restriction in v238.
10050
95894b91
LP		 10051 * A new environment variable $SYSTEMD_OFFLINE is now understood by
10052 systemctl. It takes a boolean argument. If on, systemctl assumes it
10053 operates on an "offline" OS tree, and will not attempt to talk to the
10054 service manager. Previously, this mode was implicitly enabled if a
10055 chroot() environment was detected, and this new environment variable
10056 now provides explicit control.
10057
1a0cd2c7
ZJS		 10058 * .path and .socket units may now be created transiently, too.
10059 Previously only service, mount, automount and timer units were
95894b91
LP		 10060 supported as transient units. The systemd-run tool has been updated
10061 to expose this new functionality, you may hence use it now to bind
10062 arbitrary commands to path or socket activation on-the-fly from the
1a0cd2c7
ZJS		 10063 command line. Moreover, almost all properties are now exposed for the
10064 unit types that already supported transient operation.
95894b91
LP		 10065
10066 * The systemd-mount command gained support for a new --owner= parameter
10067 which takes a user name, which is then resolved and included in uid=
10068 and gid= mount options string of the file system to mount.
10069
10070 * A new unit condition ConditionControlGroupController= has been added
10071 that checks whether a specific cgroup controller is available.
10072
10073 * Unit files, udev's .link files, and systemd-networkd's .netdev and
10074 .network files all gained support for a new condition
10075 ConditionKernelVersion= for checking against specific kernel
10076 versions.
10077
10078 * In systemd-networkd, the [IPVLAN] section in .netdev files gained
6cddc792 10079 support for configuring device flags in the Flags= setting. In the
95894b91 10080 same files, the [Tunnel] section gained support for configuring
33db1b90 10081 AllowLocalRemote=. The [Route] section in .network files gained
95894b91
LP		 10082 support for configuring InitialCongestionWindow=,
10083 InitialAdvertisedReceiveWindow= and QuickAck=. The [DHCP] section now
10084 understands RapidCommit=.
10085
10086 * systemd-networkd's DHCPv6 support gained support for Prefix
10087 Delegation.
10088
10089 * sd-bus gained support for a new "watch-bind" feature. When this
10090 feature is enabled, an sd_bus connection may be set up to connect to
10091 an AF_UNIX socket in the file system as soon as it is created. This
10092 functionality is useful for writing early-boot services that
10093 automatically connect to the system bus as soon as it is started,
10094 without ugly time-based polling. systemd-networkd and
10095 systemd-resolved have been updated to make use of this
10096 functionality. busctl exposes this functionality in a new
10097 --watch-bind= command line switch.
10098
10099 * sd-bus will now optionally synthesize a local "Connected" signal as
10100 soon as a D-Bus connection is set up fully. This message mirrors the
10101 already existing "Disconnected" signal which is synthesized when the
10102 connection is terminated. This signal is generally useful but
10103 particularly handy in combination with the "watch-bind" feature
10104 described above. Synthesizing of this message has to be requested
10105 explicitly through the new API call sd_bus_set_connected_signal(). In
10106 addition a new call sd_bus_is_ready() has been added that checks
caf2a2d8 10107 whether a connection is fully set up (i.e. between the "Connected" and
95894b91
LP		 10108 "Disconnected" signals).
10109
10110 * sd-bus gained two new calls sd_bus_request_name_async() and
10111 sd_bus_release_name_async() for asynchronously registering bus
10112 names. Similar, there is now sd_bus_add_match_async() for installing
10113 a signal match asynchronously. All of systemd's own services have
10114 been updated to make use of these calls. Doing these operations
10115 asynchronously has two benefits: it reduces the risk of deadlocks in
10116 case of cyclic dependencies between bus services, and it speeds up
10117 service initialization since synchronization points for bus
10118 round-trips are removed.
10119
10120 * sd-bus gained two new calls sd_bus_match_signal() and
10121 sd_bus_match_signal_async(), which are similar to sd_bus_add_match()
10122 and sd_bus_add_match_async() but instead of taking a D-Bus match
10123 string take match fields as normal function parameters.
10124
10125 * sd-bus gained two new calls sd_bus_set_sender() and
10126 sd_bus_message_set_sender() for setting the sender name of outgoing
10127 messages (either for all outgoing messages or for just one specific
10128 one). These calls are only useful in direct connections as on
10129 brokered connections the broker fills in the sender anyway,
10130 overwriting whatever the client filled in.
10131
10132 * sd-event gained a new pseudo-handle that may be specified on all API
10133 calls where an "sd_event*" object is expected: SD_EVENT_DEFAULT. When
10134 used this refers to the default event loop object of the calling
10135 thread. Note however that this does not implicitly allocate one —
6cddc792
CR		 10136 which has to be done prior by using sd_event_default(). Similarly
10137 sd-bus gained three new pseudo-handles SD_BUS_DEFAULT,
95894b91
LP		 10138 SD_BUS_DEFAULT_USER, SD_BUS_DEFAULT_SYSTEM that may be used to refer
10139 to the default bus of the specified type of the calling thread. Here
10140 too this does not implicitly allocate bus connection objects, this
10141 has to be done prior with sd_bus_default() and friends.
10142
10143 * sd-event gained a new call pair
6cddc792
CR		 10144 sd_event_source_{get|set}_io_fd_own(). This may be used to request
10145 automatic closure of the file descriptor an IO event source watches
95894b91
LP		 10146 when the event source is destroyed.
10147
10148 * systemd-networkd gained support for natively configuring WireGuard
10149 connections.
10150
6cddc792
CR		 10151 * In previous versions systemd synthesized user records both for the
10152 "nobody" (UID 65534) and "root" (UID 0) users in nss-systemd and
10153 internally. In order to simplify distribution-wide renames of the
95894b91
LP		 10154 "nobody" user (like it is planned in Fedora: nfsnobody → nobody), a
10155 new transitional flag file has been added: if
10156 /etc/systemd/dont-synthesize-nobody exists synthesizing of the 65534
10157 user and group record within the systemd codebase is disabled.
10158
10159 * systemd-notify gained a new --uid= option for selecting the source
10160 user/UID to use for notification messages sent to the service
10161 manager.
10162
31751f7e 10163 * journalctl gained a new --grep= option to list only entries in which
e6501af8
ZJS		 10164 the message matches a certain pattern. By default matching is case
10165 insensitive if the pattern is lowercase, and case sensitive
10166 otherwise. Option --case-sensitive=yes|no can be used to override
10167 this an specify case sensitivity or case insensitivity.
10168
56a29112 10169 * There's now a "systemd-analyze service-watchdogs" command for printing
508058c9 10170 the current state of the service runtime watchdog, and optionally
56a29112 10171 enabling or disabling the per-service watchdogs system-wide if given a
508058c9
LP		 10172 boolean argument (i.e. the concept you configure in WatchdogSec=), for
10173 debugging purposes. There's also a kernel command line option
56a29112 10174 systemd.service_watchdogs= for controlling the same.
508058c9
LP		 10175
10176 * Two new "log-level" and "log-target" options for systemd-analyze were
bc99dac5 10177 added that merge the now deprecated get-log-level, set-log-level and
508058c9
LP		 10178 get-log-target, set-log-target pairs. The deprecated options are still
10179 understood for backwards compatibility. The two new options print the
10180 current value when no arguments are given, and set them when a
56a29112 10181 level/target is given as an argument.
95894b91 10182
508058c9
LP		 10183 * sysusers.d's "u" lines now optionally accept both a UID and a GID
10184 specification, separated by a ":" character, in order to create users
10185 where UID and GID do not match.
10186
95894b91 10187 Contributions from: Adam Duskett, Alan Jenkins, Alexander Kuleshov,
508058c9
LP		 10188 Alexis Deruelle, Andrew Jeddeloh, Armin Widegreen, Batuhan Osman
10189 Taşkaya, Björn Esser, bleep_blop, Bruce A. Johnson, Chris Down, Clinton
10190 Roy, Colin Walters, Daniel Rusek, Dimitri John Ledkov, Dmitry Rozhkov,
10191 Evgeny Vereshchagin, Ewout van Mansom, Felipe Sateler, Franck Bui,
10192 Frantisek Sumsal, George Gaydarov, Gianluca Boiano, Hans-Christian
10193 Noren Egtvedt, Hans de Goede, Henrik Grindal Bakken, Jan Alexander
10194 Steffens, Jan Klötzke, Jason A. Donenfeld, jdkbx, Jérémy Rosen,
10195 Jerónimo Borque, John Lin, John Paul Herold, Jonathan Rudenberg, Jörg
10196 Thalheim, Ken (Bitsko) MacLeod, Larry Bernstone, Lennart Poettering,
10197 Lucas Werkmeister, Maciej S. Szmigiero, Marek Čermák, Martin Pitt,
10198 Mathieu Malaterre, Matthew Thode, Matthias-Christian Ott, Max Harmathy,
10199 Michael Biebl, Michael Vogt, Michal Koutný, Michal Sekletar, Michał
10200 Szczepański, Mike Gilbert, Nathaniel McCallum, Nicolas Chauvet, Olaf
10201 Hering, Olivier Schwander, Patrik Flykt, Paul Cercueil, Peter Hutterer,
10202 Piotr Drąg, Raphael Vogelgsang, Reverend Homer, Robert Kolchmeyer,
10203 Samuel Dionne-Riel, Sergey Ptashnick, Shawn Landden, Susant Sahani,
10204 Sylvain Plantefève, Thomas H. P. Andersen, Thomas Huth, Tomasz
10205 Bachorski, Vladislav Vishnyakov, Wieland Hoffmann, Yu Watanabe, Zachary
10206 Winnerman, Zbigniew Jędrzejewski-Szmek, Дамјан Георгиевски, Дилян
10207 Палаузов
10208
10209 — Brno, 2018-01-28
2b0c59ba 10210
a1b2c92d 10211CHANGES WITH 236:
195b943d 10212
89780840
ZJS		 10213 * The modprobe.d/ drop-in for the bonding.ko kernel module introduced
10214 in v235 has been extended to also set the dummy.ko module option
10215 numdummies=0, preventing the kernel from automatically creating
10216 dummy0. All dummy interfaces must now be explicitly created.
195b943d 10217
3925496a
LP		 10218 * Unknown '%' specifiers in configuration files are now rejected. This
10219 applies to units and tmpfiles.d configuration. Any percent characters
10220 that are followed by a letter or digit that are not supposed to be
10221 interpreted as the beginning of a specifier should be escaped by
10222 doubling ("%%"). (So "size=5%" is still accepted, as well as
10223 "size=5%,foo=bar", but not "LABEL=x%y%z" since %y and %z are not
10224 valid specifiers today.)
751223fe 10225
e6b2d948 10226 * systemd-resolved now maintains a new dynamic
89780840
ZJS		 10227 /run/systemd/resolve/stub-resolv.conf compatibility file. It is
10228 recommended to make /etc/resolv.conf a symlink to it. This file
10229 points at the systemd-resolved stub DNS 127.0.0.53 resolver and
10230 includes dynamically acquired search domains, achieving more correct
10231 DNS resolution by software that bypasses local DNS APIs such as NSS.
e6b2d948 10232
67eb5b38
LP		 10233 * The "uaccess" udev tag has been dropped from /dev/kvm and
10234 /dev/dri/renderD*. These devices now have the 0666 permissions by
10235 default (but this may be changed at build-time). /dev/dri/renderD*
10236 will now be owned by the "render" group along with /dev/kfd.
10237
89780840
ZJS		 10238 * "DynamicUser=yes" has been enabled for systemd-timesyncd.service,
10239 systemd-journal-gatewayd.service and
10240 systemd-journal-upload.service. This means "nss-systemd" must be
10241 enabled in /etc/nsswitch.conf to ensure the UIDs assigned to these
10242 services are resolved properly.
67eb5b38 10243
3925496a
LP		 10244 * In /etc/fstab two new mount options are now understood:
10245 x-systemd.makefs and x-systemd.growfs. The former has the effect that
10246 the configured file system is formatted before it is mounted, the
10247 latter that the file system is resized to the full block device size
10248 after it is mounted (i.e. if the file system is smaller than the
10249 partition it resides on, it's grown). This is similar to the fsck
10250 logic in /etc/fstab, and pulls in systemd-makefs@.service and
10251 systemd-growfs@.service as necessary, similar to
10252 systemd-fsck@.service. Resizing is currently only supported on ext4
10253 and btrfs.
10254
67eb5b38
LP		 10255 * In systemd-networkd, the IPv6 RA logic now optionally may announce
10256 DNS server and domain information.
10257
10258 * Support for the LUKS2 on-disk format for encrypted partitions has
10259 been added. This requires libcryptsetup2 during compilation and
10260 runtime.
10261
89780840 10262 * The systemd --user instance will now signal "readiness" when its
67eb5b38
LP		 10263 basic.target unit has been reached, instead of when the run queue ran
10264 empty for the first time.
10265
8ea2dcb0
ZJS		 10266 * Tmpfiles.d with user configuration are now also supported.
10267 systemd-tmpfiles gained a new --user switch, and snippets placed in
10268 ~/.config/user-tmpfiles.d/ and corresponding directories will be
10269 executed by systemd-tmpfiles --user running in the new
10270 systemd-tmpfiles-setup.service and systemd-tmpfiles-clean.service
10271 running in the user session.
10272
10273 * Unit files and tmpfiles.d snippets learnt three new % specifiers:
10274 %S resolves to the top-level state directory (/var/lib for the system
10275 instance, $XDG_CONFIG_HOME for the user instance), %C resolves to the
10276 top-level cache directory (/var/cache for the system instance,
10277 $XDG_CACHE_HOME for the user instance), %L resolves to the top-level
10278 logs directory (/var/log for the system instance,
67eb5b38 10279 $XDG_CONFIG_HOME/log/ for the user instance). This matches the
8ea2dcb0 10280 existing %t specifier, that resolves to the top-level runtime
67eb5b38
LP		 10281 directory (/run for the system instance, and $XDG_RUNTIME_DIR for the
10282 user instance).
10283
10284 * journalctl learnt a new parameter --output-fields= for limiting the
10285 set of journal fields to output in verbose and JSON output modes.
10286
10287 * systemd-timesyncd's configuration file gained a new option
89780840
ZJS		 10288 RootDistanceMaxSec= for setting the maximum root distance of servers
10289 it'll use, as well as the new options PollIntervalMinSec= and
10290 PollIntervalMaxSec= to tweak the minimum and maximum poll interval.
67eb5b38
LP		 10291
10292 * bootctl gained a new command "list" for listing all available boot
89780840 10293 menu items on systems that follow the boot loader specification.
67eb5b38
LP		 10294
10295 * systemctl gained a new --dry-run switch that shows what would be done
10296 instead of doing it, and is currently supported by the shutdown and
10297 sleep verbs.
10298
e9ad86d5 10299 * ConditionSecurity= can now detect the TOMOYO security module.
67eb5b38
LP		 10300
10301 * Unit file [Install] sections are now also respected in unit drop-in
89780840 10302 files. This is intended to be used by drop-ins under /usr/lib/.
67eb5b38 10303
89780840 10304 * systemd-firstboot may now also set the initial keyboard mapping.
67eb5b38 10305
89780840
ZJS		 10306 * Udev "changed" events for devices which are exposed as systemd
10307 .device units are now propagated to units specified in
10308 ReloadPropagatedFrom= as reload requests.
67eb5b38 10309
89780840
ZJS		 10310 * If a udev device has a SYSTEMD_WANTS= property containing a systemd
10311 unit template name (i.e. a name in the form of 'foobar@.service',
10312 without the instance component between the '@' and - the '.'), then
10313 the escaped sysfs path of the device is automatically used as the
10314 instance.
67eb5b38
LP		 10315
10316 * SystemCallFilter= in unit files has been extended so that an "errno"
10317 can be specified individually for each system call. Example:
10318 SystemCallFilter=~uname:EILSEQ.
10319
10320 * The cgroup delegation logic has been substantially updated. Delegate=
10321 now optionally takes a list of controllers (instead of a boolean, as
10322 before), which lists the controllers to delegate at least.
10323
89780840 10324 * The networkd DHCPv6 client now implements the FQDN option (RFC 4704).
67eb5b38 10325
89780840
ZJS		 10326 * A new LogLevelMax= setting configures the maximum log level any
10327 process of the service may log at (i.e. anything with a lesser
10328 priority than what is specified is automatically dropped). A new
10329 LogExtraFields= setting allows configuration of additional journal
10330 fields to attach to all log records generated by any of the unit's
10331 processes.
67eb5b38 10332
89780840
ZJS		 10333 * New StandardInputData= and StandardInputText= settings along with the
10334 new option StandardInput=data may be used to configure textual or
10335 binary data that shall be passed to the executed service process via
10336 standard input, encoded in-line in the unit file.
67eb5b38
LP		 10337
10338 * StandardInput=, StandardOutput= and StandardError= may now be used to
10339 connect stdin/stdout/stderr of executed processes directly with a
10340 file or AF_UNIX socket in the file system, using the new "file:" option.
10341
89780840
ZJS		 10342 * A new unit file option CollectMode= has been added, that allows
10343 tweaking the garbage collection logic for units. It may be used to
10344 tell systemd to garbage collect units that have failed automatically
10345 (normally it only GCs units that exited successfully). systemd-run
10346 and systemd-mount expose this new functionality with a new -G option.
10347
67eb5b38
LP		 10348 * "machinectl bind" may now be used to bind mount non-directories
10349 (i.e. regularfiles, devices, fifos, sockets).
10350
10351 * systemd-analyze gained a new verb "calendar" for validating and
10352 testing calendar time specifications to use for OnCalendar= in timer
10353 units. Besides validating the expression it will calculate the next
10354 time the specified expression would elapse.
10355
10356 * In addition to the pre-existing FailureAction= unit file setting
89780840
ZJS		 10357 there's now SuccessAction=, for configuring a shutdown action to
10358 execute when a unit completes successfully. This is useful in
10359 particular inside containers that shall terminate after some workload
10360 has been completed. Also, both options are now supported for all unit
10361 types, not just services.
67eb5b38
LP		 10362
10363 * networkds's IP rule support gained two new options
dd014eeb 10364 IncomingInterface= and OutgoingInterface= for configuring the incoming
67eb5b38
LP		 10365 and outgoing interfaces of configured rules. systemd-networkd also
10366 gained support for "vxcan" network devices.
10367
10368 * networkd gained a new setting RequiredForOnline=, taking a
10369 boolean. If set, systemd-wait-online will take it into consideration
10370 when determining that the system is up, otherwise it will ignore the
10371 interface for this purpose.
10372
10373 * The sd_notify() protocol gained support for a new operation: with
10374 FDSTOREREMOVE=1 file descriptors may be removed from the per-service
10375 store again, ahead of POLLHUP or POLLERR when they are removed
10376 anyway.
10377
f09eb768
LP		 10378 * A new document doc/UIDS-GIDS.md has been added to the source tree,
10379 that documents the UID/GID range and assignment assumptions and
3925496a
LP		 10380 requirements of systemd.
10381
10382 * The watchdog device PID 1 will ping may now be configured through the
10383 WatchdogDevice= configuration file setting, or by setting the
7c52d523 10384 systemd.watchdog_service= kernel command line option.
3925496a
LP		 10385
10386 * systemd-resolved's gained support for registering DNS-SD services on
10387 the local network using MulticastDNS. Services may either be
10388 registered by dropping in a .dnssd file in /etc/systemd/dnssd/ (or
10389 the same dir below /run, /usr/lib), or through its D-Bus API.
10390
a327431b
DB		 10391 * The sd_notify() protocol can now with EXTEND_TIMEOUT_USEC=microsecond
10392 extend the effective start, runtime, and stop time. The service must
10393 continue to send EXTEND_TIMEOUT_USEC within the period specified to
10394 prevent the service manager from making the service as timedout.
10395
ea2a3c9e
LP		 10396 * systemd-resolved's DNSSEC support gained support for RFC 8080
10397 (Ed25519 keys and signatures).
10398
a1b2c92d
LP		 10399 * The systemd-resolve command line tool gained a new set of options
10400 --set-dns=, --set-domain=, --set-llmnr=, --set-mdns=, --set-dnssec=,
10401 --set-nta= and --revert to configure per-interface DNS configuration
10402 dynamically during runtime. It's useful for pushing DNS information
10403 into systemd-resolved from DNS hook scripts that various interface
10404 managing software supports (such as pppd).
10405
10406 * systemd-nspawn gained a new --network-namespace-path= command line
10407 option, which may be used to make a container join an existing
10408 network namespace, by specifying a path to a "netns" file.
10409
3925496a
LP		 10410 Contributions from: Alan Jenkins, Alan Robertson, Alessandro Ghedini,
10411 Andrew Jeddeloh, Antonio Rojas, Ari, asavah, bleep_blop, Carsten
10412 Strotmann, Christian Brauner, Christian Hesse, Clinton Roy, Collin
ea2a3c9e 10413 Eggert, Cong Wang, Daniel Black, Daniel Lockyer, Daniel Rusek, Dimitri
a1b2c92d
LP		 10414 John Ledkov, Dmitry Rozhkov, Dongsu Park, Edward A. James, Evgeny
10415 Vereshchagin, Florian Klink, Franck Bui, Gwendal Grignou, Hans de
10416 Goede, Harald Hoyer, Hristo Venev, Iago López Galeiras, Ikey Doherty,
10417 Jakub Wilk, Jérémy Rosen, Jiahui Xie, John Lin, José Bollo, Josef
10418 Andersson, juga0, Krzysztof Nowicki, Kyle Walker, Lars Karlitski, Lars
10419 Kellogg-Stedman, Lauri Tirkkonen, Lennart Poettering, Lubomir Rintel,
10420 Luca Bruno, Lucas Werkmeister, Lukáš Nykrýn, Lukáš Říha, Lukasz
10421 Rubaszewski, Maciej S. Szmigiero, Mantas Mikulėnas, Marcus Folkesson,
10422 Martin Steuer, Mathieu Trudel-Lapierre, Matija Skala,
10423 Matthias-Christian Ott, Max Resch, Michael Biebl, Michael Vogt, Michal
10424 Koutný, Michal Sekletar, Mike Gilbert, Muhammet Kara, Neil Brown, Olaf
10425 Hering, Ondrej Kozina, Patrik Flykt, Patryk Kocielnik, Peter Hutterer,
10426 Piotr Drąg, Razvan Cojocaru, Robin McCorkell, Roland Hieber, Saran
10427 Tunyasuvunakool, Sergey Ptashnick, Shawn Landden, Shuang Liu, Simon
10428 Arlott, Simon Peeters, Stanislav Angelovič, Stefan Agner, Susant
10429 Sahani, Sylvain Plantefève, Thomas Blume, Thomas Haller, Tiago Salem
10430 Herrmann, Tinu Weber, Tom Stellard, Topi Miettinen, Torsten Hilbrich,
10431 Vito Caputo, Vladislav Vishnyakov, WaLyong Cho, Yu Watanabe, Zbigniew
10432 Jędrzejewski-Szmek, Zeal Jagannatha
67eb5b38 10433
ea2a3c9e 10434 — Berlin, 2017-12-14
3754abc5 10435
582faeb4
DJL		 10436CHANGES WITH 235:
10437
2bcbffd6
LP		 10438 * INCOMPATIBILITY: systemd-logind.service and other long-running
10439 services now run inside an IPv4/IPv6 sandbox, prohibiting them any IP
10440 communication with the outside. This generally improves security of
10441 the system, and is in almost all cases a safe and good choice, as
23d37367 10442 these services do not and should not provide any network-facing
2bcbffd6
LP		 10443 functionality. However, systemd-logind uses the glibc NSS API to
10444 query the user database. This creates problems on systems where NSS
10445 is set up to directly consult network services for user database
10446 lookups. In particular, this creates incompatibilities with the
10447 "nss-nis" module, which attempts to directly contact the NIS/YP
10448 network servers it is configured for, and will now consistently
10449 fail. In such cases, it is possible to turn off IP sandboxing for
10450 systemd-logind.service (set IPAddressDeny= in its [Service] section
10451 to the empty string, via a .d/ unit file drop-in). Downstream
10452 distributions might want to update their nss-nis packaging to include
10453 such a drop-in snippet, accordingly, to hide this incompatibility
10454 from the user. Another option is to make use of glibc's nscd service
10455 to proxy such network requests through a privilege-separated, minimal
10456 local caching daemon, or to switch to more modern technologies such
10457 sssd, whose NSS hook-ups generally do not involve direct network
10458 access. In general, we think it's definitely time to question the
10459 implementation choices of nss-nis, i.e. whether it's a good idea
10460 today to embed a network-facing loadable module into all local
10461 processes that need to query the user database, including the most
10462 trivial and benign ones, such as "ls". For more details about
10463 IPAddressDeny= see below.
10464
fccf5419
LP		 10465 * A new modprobe.d drop-in is now shipped by default that sets the
10466 bonding module option max_bonds=0. This overrides the kernel default,
10467 to avoid conflicts and ambiguity as to whether or not bond0 should be
10468 managed by systemd-networkd or not. This resolves multiple issues
10469 with bond0 properties not being applied, when bond0 is configured
10470 with systemd-networkd. Distributors may choose to not package this,
10471 however in that case users will be prevented from correctly managing
10472 bond0 interface using systemd-networkd.
582faeb4 10473
ef5a8cb1 10474 * systemd-analyze gained new verbs "get-log-level" and "get-log-target"
21723f53
ZJS		 10475 which print the logging level and target of the system manager. They
10476 complement the existing "set-log-level" and "set-log-target" verbs
10477 used to change those values.
ef5a8cb1 10478
fccf5419
LP		 10479 * journald.conf gained a new boolean setting ReadKMsg= which defaults
10480 to on. If turned off kernel log messages will not be read by
21723f53
ZJS		 10481 systemd-journald or included in the logs. It also gained a new
10482 setting LineMax= for configuring the maximum line length in
10483 STDOUT/STDERR log streams. The new default for this value is 48K, up
10484 from the previous hardcoded 2048.
fccf5419 10485
21723f53
ZJS		 10486 * A new unit setting RuntimeDirectoryPreserve= has been added, which
10487 allows more detailed control of what to do with a runtime directory
10488 configured with RuntimeDirectory= (i.e. a directory below /run or
10489 $XDG_RUNTIME_DIR) after a unit is stopped.
fccf5419
LP		 10490
10491 * The RuntimeDirectory= setting for units gained support for creating
10492 deeper subdirectories below /run or $XDG_RUNTIME_DIR, instead of just
10493 one top-level directory.
10494
10495 * Units gained new options StateDirectory=, CacheDirectory=,
10496 LogsDirectory= and ConfigurationDirectory= which are closely related
10497 to RuntimeDirectory= but manage per-service directories below
21723f53 10498 /var/lib, /var/cache, /var/log and /etc. By making use of them it is
fccf5419
LP		 10499 possible to write unit files which when activated automatically gain
10500 properly owned service specific directories in these locations, thus
10501 making unit files self-contained and increasing compatibility with
10502 stateless systems and factory reset where /etc or /var are
10503 unpopulated at boot. Matching these new settings there's also
10504 StateDirectoryMode=, CacheDirectoryMode=, LogsDirectoryMode=,
10505 ConfigurationDirectoryMode= for configuring the access mode of these
75dfbbac
LP		 10506 directories. These settings are particularly useful in combination
10507 with DynamicUser=yes as they provide secure, properly-owned,
10508 writable, and stateful locations for storage, excluded from the
10509 sandbox that such services live in otherwise.
fccf5419
LP		 10510
10511 * Automake support has been removed from this release. systemd is now
10512 Meson-only.
10513
10514 * systemd-journald will now aggressively cache client metadata during
10515 runtime, speeding up log write performance under pressure. This comes
10516 at a small price though: as much of the metadata is read
10517 asynchronously from /proc/ (and isn't implicitly attached to log
10518 datagrams by the kernel, like UID/GID/PID/SELinux are) this means the
10519 metadata stored alongside a log entry might be slightly
10520 out-of-date. Previously it could only be slightly newer than the log
10521 message. The time window is small however, and given that the kernel
10522 is unlikely to be improved anytime soon in this regard, this appears
10523 acceptable to us.
10524
10525 * nss-myhostname/systemd-resolved will now by default synthesize an
10526 A/AAAA resource record for the "_gateway" hostname, pointing to the
10527 current default IP gateway. Previously it did that for the "gateway"
10528 name, hampering adoption, as some distributions wanted to leave that
38b38500 10529 hostname open for local use. The old behaviour may still be
fccf5419
LP		 10530 requested at build time.
10531
10532 * systemd-networkd's [Address] section in .network files gained a new
10533 Scope= setting for configuring the IP address scope. The [Network]
10534 section gained a new boolean setting ConfigureWithoutCarrier= that
10535 tells systemd-networkd to ignore link sensing when configuring the
10536 device. The [DHCP] section gained a new Anonymize= boolean option for
10537 turning on a number of options suggested in RFC 7844. A new
10538 [RoutingPolicyRule] section has been added for configuring the IP
10539 routing policy. The [Route] section has gained support for a new
10540 Type= setting which permits configuring
10541 blackhole/unreachable/prohibit routes.
10542
10543 * The [VRF] section in .netdev files gained a new Table= setting for
10544 configuring the routing table to use. The [Tunnel] section gained a
10545 new Independent= boolean field for configuring tunnels independent of
10546 an underlying network interface. The [Bridge] section gained a new
10547 GroupForwardMask= option for configuration of propagation of link
10548 local frames between bridge ports.
10549
10550 * The WakeOnLan= setting in .link files gained support for a number of
10551 new modes. A new TCP6SegmentationOffload= setting has been added for
10552 configuring TCP/IPv6 hardware segmentation offload.
10553
10554 * The IPv6 RA sender implementation may now optionally send out RDNSS
21723f53 10555 and RDNSSL records to supply DNS configuration to peers.
fccf5419
LP		 10556
10557 * systemd-nspawn gained support for a new --system-call-filter= command
21723f53
ZJS		 10558 line option for adding and removing entries in the default system
10559 call filter it applies. Moreover systemd-nspawn has been changed to
6b000af4 10560 implement a system call allow list instead of a deny list.
fccf5419
LP		 10561
10562 * systemd-run gained support for a new --pipe command line option. If
10563 used the STDIN/STDOUT/STDERR file descriptors passed to systemd-run
10564 are directly passed on to the activated transient service
21723f53
ZJS		 10565 executable. This allows invoking arbitrary processes as systemd
10566 services (for example to take benefit of dependency management,
10567 accounting management, resource management or log management that is
10568 done automatically for services) — while still allowing them to be
fccf5419
LP		 10569 integrated in a classic UNIX shell pipeline.
10570
10571 * When a service sends RELOAD=1 via sd_notify() and reload propagation
10572 using ReloadPropagationTo= is configured, a reload is now propagated
10573 to configured units. (Previously this was only done on explicitly
10574 requested reloads, using "systemctl reload" or an equivalent
10575 command.)
10576
10577 * For each service unit a restart counter is now kept: it is increased
10578 each time the service is restarted due to Restart=, and may be
10579 queried using "systemctl show -p NRestarts …".
10580
44898c53
LP		 10581 * New system call filter groups @aio, @sync, @chown, @setuid, @memlock,
10582 @signal and @timer have been added, for usage with SystemCallFilter=
fccf5419
LP		 10583 in unit files and the new --system-call-filter= command line option
10584 of systemd-nspawn (see above).
10585
10586 * ExecStart= lines in unit files gained two new modifiers: when a
10587 command line is prefixed with "!" the command will be executed as
10588 configured, except for the credentials applied by
10589 setuid()/setgid()/setgroups(). It is very similar to the pre-existing
10590 "+", but does still apply namespacing options unlike "+". There's
10591 also "!!" now, which is mostly identical, but becomes a NOP on
10592 systems that support ambient capabilities. This is useful to write
10593 unit files that work with ambient capabilities where possible but
10594 automatically fall back to traditional privilege dropping mechanisms
10595 on systems where this is not supported.
10596
10597 * ListenNetlink= settings in socket units now support RDMA netlink
10598 sockets.
10599
10600 * A new unit file setting LockPersonality= has been added which permits
10601 locking down the chosen execution domain ("personality") of a service
10602 during runtime.
10603
10604 * A new special target "getty-pre.target" has been added, which is
10605 ordered before all text logins, and may be used to order services
21723f53 10606 before textual logins acquire access to the console.
fccf5419
LP		 10607
10608 * systemd will now attempt to load the virtio-rng.ko kernel module very
10609 early on if a VM environment supporting this is detected. This should
10610 improve entropy during early boot in virtualized environments.
10611
10612 * A _netdev option is now supported in /etc/crypttab that operates in a
10613 similar way as the same option in /etc/fstab: it permits configuring
21723f53
ZJS		 10614 encrypted devices that need to be ordered after the network is up.
10615 Following this logic, two new special targets
fccf5419 10616 remote-cryptsetup-pre.target and remote-cryptsetup.target have been
21723f53
ZJS		 10617 added that are to cryptsetup.target what remote-fs.target and
10618 remote-fs-pre.target are to local-fs.target.
fccf5419
LP		 10619
10620 * Service units gained a new UnsetEnvironment= setting which permits
21723f53
ZJS		 10621 unsetting specific environment variables for services that are
10622 normally passed to it (for example in order to mask out locale
fccf5419
LP		 10623 settings for specific services that can't deal with it).
10624
10625 * Units acquired a new boolean option IPAccounting=. When turned on, IP
10626 traffic accounting (packet count as well as byte count) is done for
10627 the service, and shown as part of "systemctl status" or "systemd-run
10628 --wait".
10629
10630 * Service units acquired two new options IPAddressAllow= and
10631 IPAddressDeny=, taking a list of IPv4 or IPv6 addresses and masks,
10632 for configuring a simple IP access control list for all sockets of
10633 the unit. These options are available also on .slice and .socket
10634 units, permitting flexible access list configuration for individual
10635 services as well as groups of services (as defined by a slice unit),
10636 including system-wide. Note that IP ACLs configured this way are
10637 enforced on every single IPv4 and IPv6 socket created by any process
10638 of the service unit, and apply to ingress as well as egress traffic.
10639
21723f53 10640 * If CPUAccounting= or IPAccounting= is turned on for a unit a new
608f70e6 10641 structured log message is generated each time the unit is stopped,
fccf5419
LP		 10642 containing information about the consumed resources of this
10643 invocation.
10644
10645 * A new setting KeyringMode= has been added to unit files, which may be
10646 used to control how the kernel keyring is set up for executed
10647 processes.
10648
e06fafb2
LP		 10649 * "systemctl poweroff", "systemctl reboot", "systemctl halt",
10650 "systemctl kexec" and "systemctl exit" are now always asynchronous in
10651 behaviour (that is: these commands return immediately after the
21723f53
ZJS		 10652 operation was enqueued instead of waiting for the operation to
10653 complete). Previously, "systemctl poweroff" and "systemctl reboot"
e06fafb2
LP		 10654 were asynchronous on systems using systemd-logind (i.e. almost
10655 always, and like they were on sysvinit), and the other three commands
10656 were unconditionally synchronous. With this release this is cleaned
10657 up, and callers will see the same asynchronous behaviour on all
10658 systems for all five operations.
10659
10660 * systemd-logind gained new Halt() and CanHalt() bus calls for halting
10661 the system.
10662
fccf5419
LP		 10663 * .timer units now accept calendar specifications in other timezones
10664 than UTC or the local timezone.
10665
f6e64b78 10666 * The tmpfiles snippet var.conf has been changed to create
21723f53
ZJS		 10667 /var/log/btmp with access mode 0660 instead of 0600. It was owned by
10668 the "utmp" group already, and it appears to be generally understood
10669 that members of "utmp" can modify/flush the utmp/wtmp/lastlog/btmp
10670 databases. Previously this was implemented correctly for all these
10671 databases excepts btmp, which has been opened up like this now
10672 too. Note that while the other databases are world-readable
10673 (i.e. 0644), btmp is not and remains more restrictive.
f6e64b78 10674
d55b0463
LP		 10675 * The systemd-resolve tool gained a new --reset-server-features
10676 switch. When invoked like this systemd-resolved will forget
10677 everything it learnt about the features supported by the configured
10678 upstream DNS servers, and restarts the feature probing logic on the
cf84484a
LP		 10679 next resolver look-up for them at the highest feature level
10680 again.
10681
10682 * The status dump systemd-resolved sends to the logs upon receiving
10683 SIGUSR1 now also includes information about all DNS servers it is
10684 configured to use, and the features levels it probed for them.
d55b0463 10685
fccf5419
LP		 10686 Contributions from: Abdó Roig-Maranges, Alan Jenkins, Alexander
10687 Kuleshov, Andreas Rammhold, Andrew Jeddeloh, Andrew Soutar, Ansgar
76451c1d
LP		 10688 Burchardt, Beniamino Galvani, Benjamin Berg, Benjamin Robin, Charles
10689 Huber, Christian Hesse, Daniel Berrange, Daniel Kahn Gillmor, Daniel
10690 Mack, Daniel Rusek, Daniel Șerbănescu, Davide Cavalca, Dimitri John
10691 Ledkov, Diogo Pereira, Djalal Harouni, Dmitriy Geels, Dmitry Torokhov,
10692 ettavolt, Evgeny Vereshchagin, Fabio Kung, Felipe Sateler, Franck Bui,
10693 Hans de Goede, Harald Hoyer, Insun Pyo, Ivan Kurnosov, Ivan Shapovalov,
10694 Jakub Wilk, Jan Synacek, Jason Gunthorpe, Jeremy Bicha, Jérémy Rosen,
10695 John Lin, jonasBoss, Jonathan Lebon, Jonathan Teh, Jon Ringle, Jörg
10696 Thalheim, Jouke Witteveen, juga0, Justin Capella, Justin Michaud,
10697 Kai-Heng Feng, Lennart Poettering, Lion Yang, Luca Bruno, Lucas
10698 Werkmeister, Lukáš Nykrýn, Marcel Hollerbach, Marcus Lundblad, Martin
10699 Pitt, Michael Biebl, Michael Grzeschik, Michal Sekletar, Mike Gilbert,
10700 Neil Brown, Nicolas Iooss, Patrik Flykt, pEJipE, Piotr Drąg, Russell
10701 Stuart, S. Fan, Shengyao Xue, Stefan Pietsch, Susant Sahani, Tejun Heo,
10702 Thomas Miller, Thomas Sailer, Tobias Hunger, Tomasz Pala, Tom
10703 Gundersen, Tommi Rantala, Topi Miettinen, Torstein Husebø, userwithuid,
10704 Vasilis Liaskovitis, Vito Caputo, WaLyong Cho, William Douglas, Xiang
10705 Fan, Yu Watanabe, Zbigniew Jędrzejewski-Szmek
fccf5419 10706
c1719d8b 10707 — Berlin, 2017-10-06
fccf5419 10708
4b4da299
LP		 10709CHANGES WITH 234:
10710
10711 * Meson is now supported as build system in addition to Automake. It is
10712 our plan to remove Automake in one of our next releases, so that
10713 Meson becomes our exclusive build system. Hence, please start using
10714 the Meson build system in your downstream packaging. There's plenty
10715 of documentation around how to use Meson, the extremely brief
10716 summary:
10717
10718 ./autogen.sh && ./configure && make && sudo make install
10719
10720 becomes:
10721
10722 meson build && ninja -C build && sudo ninja -C build install
10723
10724 * Unit files gained support for a new JobRunningTimeoutUSec= setting,
10725 which permits configuring a timeout on the time a job is
10726 running. This is particularly useful for setting timeouts on jobs for
10727 .device units.
10728
10729 * Unit files gained two new options ConditionUser= and ConditionGroup=
10730 for conditionalizing units based on the identity of the user/group
10731 running a systemd user instance.
10732
10733 * systemd-networkd now understands a new FlowLabel= setting in the
10734 [VXLAN] section of .network files, as well as a Priority= in
10735 [Bridge], GVRP= + MVRP= + LooseBinding= + ReorderHeader= in [VLAN]
10736 and GatewayOnlink= + IPv6Preference= + Protocol= in [Route]. It also
10737 gained support for configuration of GENEVE links, and IPv6 address
10738 labels. The [Network] section gained the new IPv6ProxyNDP= setting.
10739
9f09a95a 10740 * .link files now understand a new Port= setting.
4b4da299
LP		 10741
10742 * systemd-networkd's DHCP support gained support for DHCP option 119
10743 (domain search list).
10744
10745 * systemd-networkd gained support for serving IPv6 address ranges using
bc99dac5 10746 the Router Advertisement protocol. The new .network configuration
4b4da299
LP		 10747 section [IPv6Prefix] may be used to configure the ranges to
10748 serve. This is implemented based on a new, minimal, native server
10749 implementation of RA.
10750
10751 * journalctl's --output= switch gained support for a new parameter
10752 "short-iso-precise" for a mode where timestamps are shown as precise
10753 ISO date values.
10754
10755 * systemd-udevd's "net_id" builtin may now generate stable network
10756 interface names from IBM PowerVM VIO devices as well as ACPI platform
10757 devices.
10758
10759 * MulticastDNS support in systemd-resolved may now be explicitly
10760 enabled/disabled using the new MulticastDNS= configuration file
10761 option.
10762
10763 * systemd-resolved may now optionally use libidn2 instead of the libidn
7f7ab228
ZJS		 10764 for processing internationalized domain names. Support for libidn2
10765 should be considered experimental and should not be enabled by
10766 default yet.
4b4da299
LP		 10767
10768 * "machinectl pull-tar" and related call may now do verification of
10769 downloaded images using SUSE-style .sha256 checksum files in addition
10770 to the already existing support for validating using Ubuntu-style
10771 SHA256SUMS files.
10772
10773 * sd-bus gained support for a new sd_bus_message_appendv() call which
10774 is va_list equivalent of sd_bus_message_append().
10775
10776 * sd-boot gained support for validating images using SHIM/MOK.
10777
10778 * The SMACK code learnt support for "onlycap".
10779
10780 * systemd-mount --umount is now much smarter in figuring out how to
10781 properly unmount a device given its mount or device path.
5486a31d
ZJS		 10782
10783 * The code to call libnss_dns as a fallback from libnss_resolve when
10784 the communication with systemd-resolved fails was removed. This
10785 fallback was redundant and interfered with the [!UNAVAIL=return]
10786 suffix. See nss-resolve(8) for the recommended configuration.
10787
9f09a95a
ZJS		 10788 * systemd-logind may now be restarted without losing state. It stores
10789 the file descriptors for devices it manages in the system manager
38d93385 10790 using the FDSTORE= mechanism. Please note that further changes in
9f09a95a
ZJS		 10791 other components may be required to make use of this (for example
10792 Xorg has code to listen for stops of systemd-logind and terminate
10793 itself when logind is stopped or restarted, in order to avoid using
10794 stale file descriptors for graphical devices, which is now
10795 counterproductive and must be reverted in order for restarts of
10796 systemd-logind to be safe. See
10797 https://cgit.freedesktop.org/xorg/xserver/commit/?id=dc48bd653c7e101.)
10798
d271c5d3 10799 * All kernel-install plugins are called with the environment variable
9d8813b3 10800 KERNEL_INSTALL_MACHINE_ID which is set to the machine ID given by
d271c5d3
ZJS		 10801 /etc/machine-id. If the machine ID could not be determined,
10802 $KERNEL_INSTALL_MACHINE_ID will be empty. Plugins should not put
10803 anything in the entry directory (passed as the second argument) if
5238e957 10804 $KERNEL_INSTALL_MACHINE_ID is empty. For backwards compatibility, a
d271c5d3
ZJS		 10805 temporary directory is passed as the entry directory and removed
10806 after all the plugins exit.
9d8813b3 10807
357376d0
DDM		 10808 * If KERNEL_INSTALL_MACHINE_ID is set in /etc/machine-info, kernel-install
10809 will now use its value as the machine ID instead of the machine ID
10810 from /etc/machine-id. If KERNEL_INSTALL_MACHINE_ID isn't set in
10811 /etc/machine-info and no machine ID is set in /etc/machine-id,
10812 kernel-install will try to store the current machine ID there as
10813 KERNEL_INSTALL_MACHINE_ID. If there is no machine ID, kernel-install
10814 will generate a new UUID, store it in /etc/machine-info as
10815 KERNEL_INSTALL_MACHINE_ID and use it as the machine ID.
10816
184d2c15 10817 Contributions from: Adrian Heine né Lang, Aggelos Avgerinos, Alexander
ac172e52
LP		 10818 Kurtz, Alexandros Frantzis, Alexey Brodkin, Alex Lu, Amir Pakdel, Amir
10819 Yalon, Anchor Cat, Anthony Parsons, Bastien Nocera, Benjamin Gilbert,
10820 Benjamin Robin, Boucman, Charles Plessy, Chris Chiu, Chris Lamb,
10821 Christian Brauner, Christian Hesse, Colin Walters, Daniel Drake,
184d2c15
LP		 10822 Danielle Church, Daniel Molkentin, Daniel Rusek, Daniel Wang, Davide
10823 Cavalca, David Herrmann, David Michael, Dax Kelson, Dimitri John
10824 Ledkov, Djalal Harouni, Dušan Kazik, Elias Probst, Evgeny Vereshchagin,
10825 Federico Di Pierro, Felipe Sateler, Felix Zhang, Franck Bui, Gary
ac172e52
LP		 10826 Tierney, George McCollister, Giedrius Statkevičius, Hans de Goede,
10827 hecke, Hendrik Westerberg, Hristo Venev, Ian Wienand, Insun Pyo, Ivan
10828 Shapovalov, James Cowgill, James Hemsing, Janne Heß, Jan Synacek, Jason
10829 Reeder, João Paulo Rechi Vita, John Paul Adrian Glaubitz, Jörg
10830 Thalheim, Josef Andersson, Josef Gajdusek, Julian Mehne, Kai Krakow,
10831 Krzysztof Jackiewicz, Lars Karlitski, Lennart Poettering, Lluís Gili,
10832 Lucas Werkmeister, Lukáš Nykrýn, Łukasz Stelmach, Mantas Mikulėnas,
10833 Marcin Bachry, Marcus Cooper, Mark Stosberg, Martin Pitt, Matija Skala,
10834 Matt Clarkson, Matthew Garrett, Matthias Greiner, Matthijs van Duin,
10835 Max Resch, Michael Biebl, Michal Koutný, Michal Sekletar, Michal
10836 Soltys, Michal Suchanek, Mike Gilbert, Nate Clark, Nathaniel R. Lewis,
10837 Neil Brown, Nikolai Kondrashov, Pascal S. de Kloe, Pat Riehecky, Patrik
10838 Flykt, Paul Kocialkowski, Peter Hutterer, Philip Withnall, Piotr
10839 Szydełko, Rafael Fontenelle, Ray Strode, Richard Maw, Roelf Wichertjes,
10840 Ronny Chevalier, Sarang S. Dalal, Sjoerd Simons, slodki, Stefan
10841 Schweter, Susant Sahani, Ted Wood, Thomas Blume, Thomas Haller, Thomas
184d2c15
LP		 10842 H. P. Andersen, Timothée Ravier, Tobias Jungel, Tobias Stoeckmann, Tom
10843 Gundersen, Tom Yan, Torstein Husebø, Umut Tezduyar Lindskog,
ac172e52
LP		 10844 userwithuid, Vito Caputo, Waldemar Brodkorb, WaLyong Cho, Yu, Li-Yu,
10845 Yusuke Nojima, Yu Watanabe, Zbigniew Jędrzejewski-Szmek, Дамјан
10846 Георгиевски
4b4da299 10847
ac172e52 10848 — Berlin, 2017-07-12
4b4da299 10849
a2b53448 10850CHANGES WITH 233:
d08ee7cb 10851
23eb30b3
ZJS		 10852 * The "hybrid" control group mode has been modified to improve
10853 compatibility with "legacy" cgroups-v1 setups. Specifically, the
10854 "hybrid" setup of /sys/fs/cgroup is now pretty much identical to
10855 "legacy" (including /sys/fs/cgroup/systemd as "name=systemd" named
10856 cgroups-v1 hierarchy), the only externally visible change being that
10857 the cgroups-v2 hierarchy is also mounted, to
10858 /sys/fs/cgroup/unified. This should provide a large degree of
10859 compatibility with "legacy" cgroups-v1, while taking benefit of the
10860 better management capabilities of cgroups-v2.
10861
10862 * The default control group setup mode may be selected both a boot-time
10863 via a set of kernel command line parameters (specifically:
10864 systemd.unified_cgroup_hierarchy= and
10865 systemd.legacy_systemd_cgroup_controller=), as well as a compile-time
10866 default selected on the configure command line
10867 (--with-default-hierarchy=). The upstream default is "hybrid"
10868 (i.e. the cgroups-v1 + cgroups-v2 mixture discussed above) now, but
10869 this will change in a future systemd version to be "unified" (pure
10870 cgroups-v2 mode). The third option for the compile time option is
10871 "legacy", to enter pure cgroups-v1 mode. We recommend downstream
10872 distributions to default to "hybrid" mode for release distributions,
10873 starting with v233. We recommend "unified" for development
10874 distributions (specifically: distributions such as Fedora's rawhide)
10875 as that's where things are headed in the long run. Use "legacy" for
10876 greatest stability and compatibility only.
10877
10878 * Note one current limitation of "unified" and "hybrid" control group
10879 setup modes: the kernel currently does not permit the systemd --user
10880 instance (i.e. unprivileged code) to migrate processes between two
10881 disconnected cgroup subtrees, even if both are managed and owned by
10882 the user. This effectively means "systemd-run --user --scope" doesn't
10883 work when invoked from outside of any "systemd --user" service or
10884 scope. Specifically, it is not supported from session scopes. We are
10885 working on fixing this in a future systemd version. (See #3388 for
10886 further details about this.)
10887
fb7c4eff
MG		 10888 * DBus policy files are now installed into /usr rather than /etc. Make
10889 sure your system has dbus >= 1.9.18 running before upgrading to this
10890 version, or override the install path with --with-dbuspolicydir= .
10891
23eb30b3
ZJS		 10892 * All python scripts shipped with systemd (specifically: the various
10893 tests written in Python) now require Python 3.
10894
d60c5270 10895 * systemd unit tests can now run standalone (without the source or
4dfe64f8
ZJS		 10896 build directories), and can be installed into /usr/lib/systemd/tests/
10897 with 'make install-tests'.
10898
23eb30b3
ZJS		 10899 * Note that from this version on, CONFIG_CRYPTO_USER_API_HASH,
10900 CONFIG_CRYPTO_HMAC and CONFIG_CRYPTO_SHA256 need to be enabled in the
10901 kernel.
10902
10903 * Support for the %c, %r, %R specifiers in unit files has been
10904 removed. Specifiers are not supposed to be dependent on configuration
10905 in the unit file itself (so that they resolve the same regardless
10906 where used in the unit files), but these specifiers were influenced
10907 by the Slice= option.
10908
5cfc0a84
LP		 10909 * The shell invoked by debug-shell.service now defaults to /bin/sh in
10910 all cases. If distributions want to use a different shell for this
10911 purpose (for example Fedora's /sbin/sushell) they need to specify
10912 this explicitly at configure time using --with-debug-shell=.
10913
2bcc3309
FB		 10914 * The confirmation spawn prompt has been reworked to offer the
10915 following choices:
10916
b0eb2944 10917 (c)ontinue, proceed without asking anymore
dd6f9ac0 10918 (D)ump, show the state of the unit
2bcc3309 10919 (f)ail, don't execute the command and pretend it failed
d172b175 10920 (h)elp
eedf223a 10921 (i)nfo, show a short summary of the unit
56fde33a 10922 (j)obs, show jobs that are in progress
2bcc3309
FB		 10923 (s)kip, don't execute the command and pretend it succeeded
10924 (y)es, execute the command
10925
10926 The 'n' choice for the confirmation spawn prompt has been removed,
10927 because its meaning was confusing.
10928
d08ee7cb
LP		 10929 The prompt may now also be redirected to an alternative console by
10930 specifying the console as parameter to systemd.confirm_spawn=.
10931
8e458bfe
JW		 10932 * Services of Type=notify require a READY=1 notification to be sent
10933 during startup. If no such message is sent, the service now fails,
10934 even if the main process exited with a successful exit code.
10935
85266f9b
LP		 10936 * Services that fail to start up correctly now always have their
10937 ExecStopPost= commands executed. Previously, they'd enter "failed"
10938 state directly, without executing these commands.
10939
baf32786
MP		 10940 * The option MulticastDNS= of network configuration files has acquired
10941 an actual implementation. With MulticastDNS=yes a host can resolve
23eb30b3 10942 names of remote hosts and reply to mDNS A and AAAA requests.
fa8b4499 10943
631b676b
LP		 10944 * When units are about to be started an additional check is now done to
10945 ensure that all dependencies of type BindsTo= (when used in
10946 combination with After=) have been started.
10947
d08ee7cb
LP		 10948 * systemd-analyze gained a new verb "syscall-filter" which shows which
10949 system call groups are defined for the SystemCallFilter= unit file
23eb30b3 10950 setting, and which system calls they contain.
d08ee7cb
LP		 10951
10952 * A new system call filter group "@filesystem" has been added,
23eb30b3 10953 consisting of various file system related system calls. Group
d08ee7cb 10954 "@reboot" has been added, covering reboot, kexec and shutdown related
23eb30b3 10955 calls. Finally, group "@swap" has been added covering swap
d08ee7cb
LP		 10956 configuration related calls.
10957
10958 * A new unit file option RestrictNamespaces= has been added that may be
10959 used to restrict access to the various process namespace types the
10960 Linux kernel provides. Specifically, it may be used to take away the
23eb30b3
ZJS		 10961 right for a service unit to create additional file system, network,
10962 user, and other namespaces. This sandboxing option is particularly
10963 relevant due to the high amount of recently discovered namespacing
10964 related vulnerabilities in the kernel.
d08ee7cb 10965
23eb30b3
ZJS		 10966 * systemd-udev's .link files gained support for a new AutoNegotiation=
10967 setting for configuring Ethernet auto-negotiation.
d08ee7cb
LP		 10968
10969 * systemd-networkd's .network files gained support for a new
10970 ListenPort= setting in the [DHCP] section to explicitly configure the
10971 UDP client port the DHCP client shall listen on.
10972
23eb30b3
ZJS		 10973 * .network files gained a new Unmanaged= boolean setting for explicitly
10974 excluding one or more interfaces from management by systemd-networkd.
10975
10976 * The systemd-networkd ProxyARP= option has been renamed to
10977 IPV4ProxyARP=. Similarly, VXLAN-specific option ARPProxy= has been
10978 renamed to ReduceARPProxy=. The old names continue to be available
10979 for compatibility.
10980
10981 * systemd-networkd gained support for configuring IPv6 Proxy NDP
10982 addresses via the new IPv6ProxyNDPAddress= .network file setting.
10983
10984 * systemd-networkd's bonding device support gained support for two new
10985 configuration options ActiveSlave= and PrimarySlave=.
10986
10987 * The various options in the [Match] section of .network files gained
10988 support for negative matching.
10989
d08ee7cb
LP		 10990 * New systemd-specific mount options are now understood in /etc/fstab:
10991
10992 x-systemd.mount-timeout= may be used to configure the maximum
10993 permitted runtime of the mount command.
10994
10995 x-systemd.device-bound may be set to bind a mount point to its
10996 backing device unit, in order to automatically remove a mount point
10997 if its backing device is unplugged. This option may also be
10998 configured through the new SYSTEMD_MOUNT_DEVICE_BOUND udev property
10999 on the block device, which is now automatically set for all CDROM
11000 drives, so that mounted CDs are automatically unmounted when they are
11001 removed from the drive.
11002
23eb30b3
ZJS		 11003 x-systemd.after= and x-systemd.before= may be used to explicitly
11004 order a mount after or before another unit or mount point.
d08ee7cb
LP		 11005
11006 * Enqueued start jobs for device units are now automatically garbage
11007 collected if there are no jobs waiting for them anymore.
11008
23eb30b3
ZJS		 11009 * systemctl list-jobs gained two new switches: with --after, for every
11010 queued job the jobs it's waiting for are shown; with --before the
11011 jobs which it's blocking are shown.
d08ee7cb
LP		 11012
11013 * systemd-nspawn gained support for ephemeral boots from disk images
11014 (or in other words: --ephemeral and --image= may now be
11015 combined). Moreover, ephemeral boots are now supported for normal
11016 directories, even if the backing file system is not btrfs. Of course,
baf32786
MP		 11017 if the file system does not support file system snapshots or
11018 reflinks, the initial copy operation will be relatively expensive, but
11019 this should still be suitable for many use cases.
d08ee7cb
LP		 11020
11021 * Calendar time specifications in .timer units now support
11022 specifications relative to the end of a month by using "~" instead of
11023 "-" as separator between month and day. For example, "*-02~03" means
23eb30b3 11024 "the third last day in February". In addition a new syntax for
d08ee7cb
LP		 11025 repeated events has been added using the "/" character. For example,
11026 "9..17/2:00" means "every two hours from 9am to 5pm".
11027
11028 * systemd-socket-proxyd gained a new parameter --connections-max= for
11029 configuring the maximum number of concurrent connections.
11030
23eb30b3
ZJS		 11031 * sd-id128 gained a new API for generating unique IDs for the host in a
11032 way that does not leak the machine ID. Specifically,
d08ee7cb 11033 sd_id128_get_machine_app_specific() derives an ID based on the
387f6955 11034 machine ID in a well-defined, non-reversible, stable way. This is
d08ee7cb
LP		 11035 useful whenever an identifier for the host is needed but where the
11036 identifier shall not be useful to identify the system beyond the
11037 scope of the application itself. (Internally this uses HMAC-SHA256 as
11038 keyed hash function using the machine ID as input.)
11039
11040 * NotifyAccess= gained a new supported value "exec". When set
11041 notifications are accepted from all processes systemd itself invoked,
11042 including all control processes.
11043
11044 * .nspawn files gained support for defining overlay mounts using the
11045 Overlay= and OverlayReadOnly= options. Previously this functionality
11046 was only available on the systemd-nspawn command line.
11047
11048 * systemd-nspawn's --bind= and --overlay= options gained support for
11049 bind/overlay mounts whose source lies within the container tree by
11050 prefixing the source path with "+".
11051
11052 * systemd-nspawn's --bind= and --overlay= options gained support for
11053 automatically allocating a temporary source directory in /var/tmp
11054 that is removed when the container dies. Specifically, if the source
11055 directory is specified as empty string this mechanism is selected. An
11056 example usage is --overlay=+/var::/var, which creates an overlay
86b52a39 11057 mount based on the original /var contained in the image, overlaid
d08ee7cb
LP		 11058 with a temporary directory in the host's /var/tmp. This way changes
11059 to /var are automatically flushed when the container shuts down.
11060
baf32786
MP		 11061 * systemd-nspawn --image= option does now permit raw file system block
11062 devices (in addition to images containing partition tables, as
11063 before).
d08ee7cb
LP		 11064
11065 * The disk image dissection logic in systemd-nspawn gained support for
11066 automatically setting up LUKS encrypted as well as Verity protected
11067 partitions. When a container is booted from an encrypted image the
11068 passphrase is queried at start-up time. When a container with Verity
11069 data is started, the root hash is search in a ".roothash" file
11070 accompanying the disk image (alternatively, pass the root hash via
11071 the new --root-hash= command line option).
11072
11073 * A new tool /usr/lib/systemd/systemd-dissect has been added that may
11074 be used to dissect disk images the same way as systemd-nspawn does
11075 it, following the Bootable Partition Specification. It may even be
11076 used to mount disk images with complex partition setups (including
11077 LUKS and Verity partitions) to a local host directory, in order to
11078 inspect them. This tool is not considered public API (yet), and is
11079 thus not installed into /usr/bin. Please do not rely on its
3b31c466 11080 existence, since it might go away or be changed in later systemd
d08ee7cb
LP		 11081 versions.
11082
11083 * A new generator "systemd-verity-generator" has been added, similar in
baf32786 11084 style to "systemd-cryptsetup-generator", permitting automatic setup of
d08ee7cb
LP		 11085 Verity root partitions when systemd boots up. In order to make use of
11086 this your partition setup should follow the Discoverable Partitions
11087 Specification, and the GPT partition ID of the root file system
da890466 11088 partition should be identical to the upper 128-bit of the Verity root
d08ee7cb 11089 hash. The GPT partition ID of the Verity partition protecting it
da890466 11090 should be the lower 128-bit of the Verity root hash. If the partition
d08ee7cb
LP		 11091 image follows this model it is sufficient to specify a single
11092 "roothash=" kernel command line argument to both configure which root
11093 image and verity partition to use as well as the root hash for
11094 it. Note that systemd-nspawn's Verity support follows the same
11095 semantics, meaning that disk images with proper Verity data in place
11096 may be booted in containers with systemd-nspawn as well as on
11097 physical systems via the verity generator. Also note that the "mkosi"
11098 tool available at https://github.com/systemd/mkosi has been updated
11099 to generate Verity protected disk images following this scheme. In
11100 fact, it has been updated to generate disk images that optionally
11101 implement a complete UEFI SecureBoot trust chain, involving a signed
11102 kernel and initrd image that incorporates such a root hash as well as
11103 a Verity-enabled root partition.
11104
d08ee7cb
LP		 11105 * The hardware database (hwdb) udev supports has been updated to carry
11106 accelerometer quirks.
11107
11108 * All system services are now run with a fresh kernel keyring set up
11109 for them. The invocation ID is stored by default in it, thus
11110 providing a safe, non-overridable way to determine the invocation
11111 ID of each service.
11112
11113 * Service unit files gained new BindPaths= and BindReadOnlyPaths=
11114 options for bind mounting arbitrary paths in a service-specific
11115 way. When these options are used, arbitrary host or service files and
11116 directories may be mounted to arbitrary locations in the service's
11117 view.
11118
11119 * Documentation has been added that lists all of systemd's low-level
11120 environment variables:
11121
a8a27374 11122 https://github.com/systemd/systemd/blob/master/docs/ENVIRONMENT.md
d08ee7cb
LP		 11123
11124 * sd-daemon gained a new API sd_is_socket_sockaddr() for determining
11125 whether a specific socket file descriptor matches a specified socket
11126 address.
11127
11128 * systemd-firstboot has been updated to check for the
11129 systemd.firstboot= kernel command line option. It accepts a boolean
11130 and when set to false the first boot questions are skipped.
11131
d08ee7cb 11132 * systemd-fstab-generator has been updated to check for the
23eb30b3
ZJS		 11133 systemd.volatile= kernel command line option, which either takes an
11134 optional boolean parameter or the special value "state". If used the
11135 system may be booted in a "volatile" boot mode. Specifically,
11136 "systemd.volatile" is used, the root directory will be mounted as
d08ee7cb 11137 tmpfs, and only /usr is mounted from the actual root file system. If
23eb30b3
ZJS		 11138 "systemd.volatile=state" is used, the root directory will be mounted
11139 as usual, but /var is mounted as tmpfs. This concept provides similar
d08ee7cb
LP		 11140 functionality as systemd-nspawn's --volatile= option, but provides it
11141 on physical boots. Use this option for implementing stateless
11142 systems, or testing systems with all state and/or configuration reset
11143 to the defaults. (Note though that many distributions are not
23eb30b3 11144 prepared to boot up without a populated /etc or /var, though.)
d08ee7cb
LP		 11145
11146 * systemd-gpt-auto-generator gained support for LUKS encrypted root
11147 partitions. Previously it only supported LUKS encrypted partitions
11148 for all other uses, except for the root partition itself.
11149
11150 * Socket units gained support for listening on AF_VSOCK sockets for
11151 communication in virtualized QEMU environments.
11152
11153 * The "configure" script gained a new option --with-fallback-hostname=
11154 for specifying the fallback hostname to use if none is configured in
11155 /etc/hostname. For example, by specifying
11156 --with-fallback-hostname=fedora it is possible to default to a
23eb30b3 11157 hostname of "fedora" on pristine installations.
d08ee7cb
LP		 11158
11159 * systemd-cgls gained support for a new --unit= switch for listing only
11160 the control groups of a specific unit. Similar --user-unit= has been
11161 added for listing only the control groups of a specific user unit.
11162
11163 * systemd-mount gained a new --umount switch for unmounting a mount or
11164 automount point (and all mount/automount points below it).
11165
11166 * systemd will now refuse full configuration reloads (via systemctl
11167 daemon-reload and related calls) unless at least 16MiB of free space
11168 are available in /run. This is a safety precaution in order to ensure
11169 that generators can safely operate after the reload completed.
11170
11171 * A new unit file option RootImage= has been added, which has a similar
11172 effect as RootDirectory= but mounts the service's root directory from
11173 a disk image instead of plain directory. This logic reuses the same
11174 image dissection and mount logic that systemd-nspawn already uses,
11175 and hence supports any disk images systemd-nspawn supports, including
11176 those following the Discoverable Partition Specification, as well as
11177 Verity enabled images. This option enables systemd to run system
11178 services directly off disk images acting as resource bundles,
11179 possibly even including full integrity data.
11180
11181 * A new MountAPIVFS= unit file option has been added, taking a boolean
baf32786 11182 argument. If enabled /proc, /sys and /dev (collectively called the
d08ee7cb
LP		 11183 "API VFS") will be mounted for the service. This is only relevant if
11184 RootDirectory= or RootImage= is used for the service, as these mounts
11185 are of course in place in the host mount namespace anyway.
11186
11187 * systemd-nspawn gained support for a new --pivot-root= switch. If
11188 specified the root directory within the container image is pivoted to
11189 the specified mount point, while the original root disk is moved to a
11190 different place. This option enables booting of ostree images
11191 directly with systemd-nspawn.
11192
d08ee7cb 11193 * The systemd build scripts will no longer complain if the NTP server
23eb30b3 11194 addresses are not changed from the defaults. Google now supports
d08ee7cb
LP		 11195 these NTP servers officially. We still recommend downstreams to
11196 properly register an NTP pool with the NTP pool project though.
11197
c1ec34d1 11198 * coredumpctl gained a new "--reverse" option for printing the list
d08ee7cb
LP		 11199 of coredumps in reverse order.
11200
23eb30b3
ZJS		 11201 * coredumpctl will now show additional information about truncated and
11202 inaccessible coredumps, as well as coredumps that are still being
11203 processed. It also gained a new --quiet switch for suppressing
11204 additional informational message in its output.
11205
11206 * coredumpctl gained support for only showing coredumps newer and/or
11207 older than specific timestamps, using the new --since= and --until=
11208 options, reminiscent of journalctl's options by the same name.
11209
d08ee7cb 11210 * The systemd-coredump logic has been improved so that it may be reused
23eb30b3 11211 to collect backtraces in non-compiled languages, for example in
d08ee7cb
LP		 11212 scripting languages such as Python.
11213
11214 * machinectl will now show the UID shift of local containers, if user
11215 namespacing is enabled for them.
11216
baf32786 11217 * systemd will now optionally run "environment generator" binaries at
d08ee7cb
LP		 11218 configuration load time. They may be used to add environment
11219 variables to the environment block passed to services invoked. One
baf32786 11220 user environment generator is shipped by default that sets up
23eb30b3
ZJS		 11221 environment variables based on files dropped into /etc/environment.d
11222 and ~/.config/environment.d/.
d08ee7cb 11223
a2b53448
LP		 11224 * systemd-resolved now includes the new, recently published 2017 DNSSEC
11225 root key (KSK).
11226
a2b53448
LP		 11227 * hostnamed has been updated to report a new chassis type of
11228 "convertible" to cover "foldable" laptops that can both act as a
11229 tablet and as a laptop, such as various Lenovo Yoga devices.
11230
d08ee7cb
LP		 11231 Contributions from: Adrián López, Alexander Galanin, Alexander
11232 Kochetkov, Alexandros Frantzis, Andrey Ulanov, Antoine Eiche, Baruch
11233 Siach, Bastien Nocera, Benjamin Robin, Björn, Brandon Philips, Cédric
11234 Schieli, Charles (Chas) Williams, Christian Hesse, Daniele Medri,
11235 Daniel Drake, Daniel Rusek, Daniel Wagner, Dan Streetman, Dave Reisner,
11236 David Glasser, David Herrmann, David Michael, Djalal Harouni, Dmitry
11237 Khlebnikov, Dmitry Rozhkov, Dongsu Park, Douglas Christman, Earnestly,
11238 Emil Soleyman, Eric Cook, Evgeny Vereshchagin, Felipe Sateler, Fionn
11239 Cleary, Florian Klink, Francesco Brozzu, Franck Bui, Gabriel Rauter,
a2b53448
LP		 11240 Gianluca Boiano, Giedrius Statkevičius, Graeme Lawes, Hans de Goede,
11241 Harald Hoyer, Ian Kelling, Ivan Shapovalov, Jakub Wilk, Janne Heß, Jan
11242 Synacek, Jason Reeder, Jonathan Boulle, Jörg Thalheim, Jouke Witteveen,
11243 Karl Kraus, Kees Cook, Keith Busch, Kieran Colford, kilian-k, Lennart
11244 Poettering, Lubomir Rintel, Lucas Werkmeister, Lukas Rusak, Maarten de
11245 Vries, Maks Naumov, Mantas Mikulėnas, Marc-Andre Lureau, Marcin Bachry,
11246 Mark Stosberg, Martin Ejdestig, Martin Pitt, Mauricio Faria de
11247 Oliveira, micah, Michael Biebl, Michael Shields, Michal Schmidt, Michal
11248 Sekletar, Michel Kraus, Mike Gilbert, Mikko Ylinen, Mirza Krak,
11249 Namhyung Kim, nikolaof, peoronoob, Peter Hutterer, Peter Körner, Philip
11250 Withnall, Piotr Drąg, Ray Strode, Reverend Homer, Rike-Benjamin
11251 Schuppner, Robert Kreuzer, Ronny Chevalier, Ruslan Bilovol, sammynx,
11252 Sergey Ptashnick, Sergiusz Urbaniak, Stefan Berger, Stefan Hajnoczi,
11253 Stefan Schweter, Stuart McLaren, Susant Sahani, Sylvain Plantefève,
11254 Taylor Smock, Tejun Heo, Thomas Blume, Thomas H. P. Andersen, Tibor
11255 Nagy, Tobias Stoeckmann, Tom Gundersen, Torstein Husebø, Viktar
11256 Vaŭčkievič, Viktor Mihajlovski, Vitaly Sulimov, Waldemar Brodkorb,
11257 Walter Garcia-Fontes, Wim de With, Yassine Imounachen, Yi EungJun,
11258 YunQiang Su, Yu Watanabe, Zbigniew Jędrzejewski-Szmek, Александр
11259 Тихонов
11260
11261 — Berlin, 2017-03-01
d08ee7cb 11262
54b24597 11263CHANGES WITH 232:
76153ad4 11264
05f426d2
LP		 11265 * udev now runs with MemoryDenyWriteExecute=, RestrictRealtime= and
11266 RestrictAddressFamilies= enabled. These sandboxing options should
11267 generally be compatible with the various external udev call-out
11268 binaries we are aware of, however there may be exceptions, in
11269 particular when exotic languages for these call-outs are used. In
11270 this case, consider turning off these settings locally.
11271
4ffe2479
ZJS		 11272 * The new RemoveIPC= option can be used to remove IPC objects owned by
11273 the user or group of a service when that service exits.
11274
6fa44114 11275 * The new ProtectKernelModules= option can be used to disable explicit
4c37970d
LP		 11276 load and unload operations of kernel modules by a service. In
11277 addition access to /usr/lib/modules is removed if this option is set.
6fa44114 11278
4a77c53d
ZJS		 11279 * ProtectSystem= option gained a new value "strict", which causes the
11280 whole file system tree with the exception of /dev, /proc, and /sys,
11281 to be remounted read-only for a service.
11282
e49e2c25 11283 * The new ProtectKernelTunables= option can be used to disable
4a77c53d
ZJS		 11284 modification of configuration files in /sys and /proc by a service.
11285 Various directories and files are remounted read-only, so access is
11286 restricted even if the file permissions would allow it.
11287
6fa44114 11288 * The new ProtectControlGroups= option can be used to disable write
4a77c53d
ZJS		 11289 access by a service to /sys/fs/cgroup.
11290
11291 * Various systemd services have been hardened with
11292 ProtectKernelTunables=yes, ProtectControlGroups=yes,
11293 RestrictAddressFamilies=.
11294
4ffe2479
ZJS		 11295 * Support for dynamically creating users for the lifetime of a service
11296 has been added. If DynamicUser=yes is specified, user and group IDs
1d3a473b 11297 will be allocated from the range 61184…65519 for the lifetime of the
4ffe2479
ZJS		 11298 service. They can be resolved using the new nss-systemd.so NSS
11299 module. The module must be enabled in /etc/nsswitch.conf. Services
11300 started in this way have PrivateTmp= and RemoveIPC= enabled, so that
11301 any resources allocated by the service will be cleaned up when the
4a77c53d
ZJS		 11302 service exits. They also have ProtectHome=read-only and
11303 ProtectSystem=strict enabled, so they are not able to make any
11304 permanent modifications to the system.
4ffe2479 11305
171ae2cd 11306 * The nss-systemd module also always resolves root and nobody, making
4ffe2479 11307 it possible to have no /etc/passwd or /etc/group files in minimal
171ae2cd 11308 container or chroot environments.
4ffe2479
ZJS		 11309
11310 * Services may be started with their own user namespace using the new
171ae2cd
LP		 11311 boolean PrivateUsers= option. Only root, nobody, and the uid/gid
11312 under which the service is running are mapped. All other users are
11313 mapped to nobody.
4ffe2479
ZJS		 11314
11315 * Support for the cgroup namespace has been added to systemd-nspawn. If
11316 supported by kernel, the container system started by systemd-nspawn
11317 will have its own view of the cgroup hierarchy. This new behaviour
11318 can be disabled using $SYSTEMD_NSPAWN_USE_CGNS environment variable.
11319
11320 * The new MemorySwapMax= option can be used to limit the maximum swap
11321 usage under the unified cgroup hierarchy.
11322
11323 * Support for the CPU controller in the unified cgroup hierarchy has
11324 been added, via the CPUWeight=, CPUStartupWeight=, CPUAccounting=
11325 options. This controller requires out-of-tree patches for the kernel
11326 and the support is provisional.
11327
171ae2cd
LP		 11328 * Mount and automount units may now be created transiently
11329 (i.e. dynamically at runtime via the bus API, instead of requiring
11330 unit files in the file system).
11331
11332 * systemd-mount is a new tool which may mount file systems – much like
11333 mount(8), optionally pulling in additional dependencies through
11334 transient .mount and .automount units. For example, this tool
11335 automatically runs fsck on a backing block device before mounting,
11336 and allows the automount logic to be used dynamically from the
11337 command line for establishing mount points. This tool is particularly
11338 useful when dealing with removable media, as it will ensure fsck is
11339 run – if necessary – before the first access and that the file system
11340 is quickly unmounted after each access by utilizing the automount
11341 logic. This maximizes the chance that the file system on the
11342 removable media stays in a clean state, and if it isn't in a clean
11343 state is fixed automatically.
4ffe2479
ZJS		 11344
11345 * LazyUnmount=yes option for mount units has been added to expose the
11346 umount --lazy option. Similarly, ForceUnmount=yes exposes the --force
11347 option.
11348
11349 * /efi will be used as the mount point of the EFI boot partition, if
11350 the directory is present, and the mount point was not configured
11351 through other means (e.g. fstab). If /efi directory does not exist,
11352 /boot will be used as before. This makes it easier to automatically
11353 mount the EFI partition on systems where /boot is used for something
11354 else.
11355
171ae2cd
LP		 11356 * When operating on GPT disk images for containers, systemd-nspawn will
11357 now mount the ESP to /boot or /efi according to the same rules as PID
11358 1 running on a host. This allows tools like "bootctl" to operate
11359 correctly within such containers, in order to make container images
11360 bootable on physical systems.
11361
4a77c53d 11362 * disk/by-id and disk/by-path symlinks are now created for NVMe drives.
4ffe2479
ZJS		 11363
11364 * Two new user session targets have been added to support running
11365 graphical sessions under the systemd --user instance:
11366 graphical-session.target and graphical-session-pre.target. See
11367 systemd.special(7) for a description of how those targets should be
11368 used.
11369
11370 * The vconsole initialization code has been significantly reworked to
d4c08299 11371 use KD_FONT_OP_GET/SET ioctls instead of KD_FONT_OP_COPY and better
4ffe2479
ZJS		 11372 support unicode keymaps. Font and keymap configuration will now be
11373 copied to all allocated virtual consoles.
11374
05ecf467 11375 * FreeBSD's bhyve virtualization is now detected.
4ffe2479 11376
d4c08299 11377 * Information recorded in the journal for core dumps now includes the
4ffe2479
ZJS		 11378 contents of /proc/mountinfo and the command line of the process at
11379 the top of the process hierarchy (which is usually the init process
11380 of the container).
11381
171ae2cd 11382 * systemd-journal-gatewayd learned the --directory= option to serve
4ffe2479
ZJS		 11383 files from the specified location.
11384
11385 * journalctl --root=… can be used to peruse the journal in the
11386 /var/log/ directories inside of a container tree. This is similar to
11387 the existing --machine= option, but does not require the container to
11388 be active.
11389
11390 * The hardware database has been extended to support
11391 ID_INPUT_TRACKBALL, used in addition to ID_INPUT_MOUSE to identify
11392 trackball devices.
11393
11394 MOUSE_WHEEL_CLICK_ANGLE_HORIZONTAL hwdb property has been added to
11395 specify the click rate for mice which include a horizontal wheel with
11396 a click rate that is different than the one for the vertical wheel.
11397
11398 * systemd-run gained a new --wait option that makes service execution
171ae2cd
LP		 11399 synchronous. (Specifically, the command will not return until the
11400 specified service binary exited.)
4ffe2479 11401
171ae2cd 11402 * systemctl gained a new --wait option that causes the start command to
4a77c53d
ZJS		 11403 wait until the units being started have terminated again.
11404
171ae2cd 11405 * A new journal output mode "short-full" has been added which displays
4ffe2479 11406 timestamps with abbreviated English day names and adds a timezone
171ae2cd
LP		 11407 suffix. Those timestamps include more information than the default
11408 "short" output mode, and can be passed directly to journalctl's
11409 --since= and --until= options.
4ffe2479
ZJS		 11410
11411 * /etc/resolv.conf will be bind-mounted into containers started by
11412 systemd-nspawn, if possible, so any changes to resolv.conf contents
11413 are automatically propagated to the container.
11414
11415 * The number of instances for socket-activated services originating
171ae2cd
LP		 11416 from a single IP address can be limited with
11417 MaxConnectionsPerSource=, extending the existing setting of
11418 MaxConnections=.
4ffe2479 11419
4a77c53d
ZJS		 11420 * systemd-networkd gained support for vcan ("Virtual CAN") interface
11421 configuration.
11422
11423 * .netdev and .network configuration can now be extended through
11424 drop-ins.
11425
4ffe2479
ZJS		 11426 * UDP Segmentation Offload, TCP Segmentation Offload, Generic
11427 Segmentation Offload, Generic Receive Offload, Large Receive Offload
11428 can be enabled and disabled using the new UDPSegmentationOffload=,
11429 TCPSegmentationOffload=, GenericSegmentationOffload=,
11430 GenericReceiveOffload=, LargeReceiveOffload= options in the
11431 [Link] section of .link files.
11432
171ae2cd
LP		 11433 * The Spanning Tree Protocol, Priority, Aging Time, and the Default
11434 Port VLAN ID can be configured for bridge devices using the new STP=,
11435 Priority=, AgeingTimeSec=, and DefaultPVID= settings in the [Bridge]
11436 section of .netdev files.
4ffe2479 11437
171ae2cd 11438 * The route table to which routes received over DHCP or RA should be
4a77c53d
ZJS		 11439 added can be configured with the new RouteTable= option in the [DHCP]
11440 and [IPv6AcceptRA] sections of .network files.
11441
171ae2cd 11442 * The Address Resolution Protocol can be disabled on links managed by
4ffe2479
ZJS		 11443 systemd-networkd using the ARP=no setting in the [Link] section of
11444 .network files.
11445
171ae2cd
LP		 11446 * New environment variables $SERVICE_RESULT, $EXIT_CODE and
11447 $EXIT_STATUS are set for ExecStop= and ExecStopPost= commands, and
11448 encode information about the result and exit codes of the current
11449 service runtime cycle.
4ffe2479 11450
4a77c53d 11451 * systemd-sysctl will now configure kernel parameters in the order
1f4f4cf7 11452 they occur in the configuration files. This matches what sysctl
4a77c53d
ZJS		 11453 has been traditionally doing.
11454
11455 * kernel-install "plugins" that are executed to perform various
11456 tasks after a new kernel is added and before an old one is removed
11457 can now return a special value to terminate the procedure and
11458 prevent any later plugins from running.
11459
76153ad4 11460 * Journald's SplitMode=login setting has been deprecated. It has been
d4c08299 11461 removed from documentation, and its use is discouraged. In a future
76153ad4
ZJS		 11462 release it will be completely removed, and made equivalent to current
11463 default of SplitMode=uid.
11464
4a77c53d
ZJS		 11465 * Storage=both option setting in /etc/systemd/coredump.conf has been
11466 removed. With fast LZ4 compression storing the core dump twice is not
11467 useful.
11468
4ffe2479
ZJS		 11469 * The --share-system systemd-nspawn option has been replaced with an
11470 (undocumented) variable $SYSTEMD_NSPAWN_SHARE_SYSTEM, but the use of
11471 this functionality is discouraged. In addition the variables
11472 $SYSTEMD_NSPAWN_SHARE_NS_IPC, $SYSTEMD_NSPAWN_SHARE_NS_PID,
11473 $SYSTEMD_NSPAWN_SHARE_NS_UTS may be used to control the unsharing of
11474 individual namespaces.
11475
171ae2cd
LP		 11476 * "machinectl list" now shows the IP address of running containers in
11477 the output, as well as OS release information.
11478
11479 * "loginctl list" now shows the TTY of each session in the output.
11480
11481 * sd-bus gained new API calls sd_bus_track_set_recursive(),
11482 sd_bus_track_get_recursive(), sd_bus_track_count_name(),
11483 sd_bus_track_count_sender(). They permit usage of sd_bus_track peer
11484 tracking objects in a "recursive" mode, where a single client can be
11485 counted multiple times, if it takes multiple references.
11486
11487 * sd-bus gained new API calls sd_bus_set_exit_on_disconnect() and
bc99dac5 11488 sd_bus_get_exit_on_disconnect(). They may be used to make a
171ae2cd
LP		 11489 process using sd-bus automatically exit if the bus connection is
11490 severed.
11491
11492 * Bus clients of the service manager may now "pin" loaded units into
11493 memory, by taking an explicit reference on them. This is useful to
11494 ensure the client can retrieve runtime data about the service even
11495 after the service completed execution. Taking such a reference is
11496 available only for privileged clients and should be helpful to watch
11497 running services in a race-free manner, and in particular collect
11498 information about exit statuses and results.
11499
4c37970d
LP		 11500 * The nss-resolve module has been changed to strictly return UNAVAIL
11501 when communication via D-Bus with resolved failed, and NOTFOUND when
11502 a lookup completed but was negative. This means it is now possible to
11503 neatly configure fallbacks using nsswitch.conf result checking
11504 expressions. Taking benefit of this, the new recommended
11505 configuration line for the "hosts" entry in /etc/nsswitch.conf is:
11506
11507 hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
11508
11509 * A new setting CtrlAltDelBurstAction= has been added to
11510 /etc/systemd/system.conf which may be used to configure the precise
11511 behaviour if the user on the console presses Ctrl-Alt-Del more often
11512 than 7 times in 2s. Previously this would unconditionally result in
11513 an expedited, immediate reboot. With this new setting the precise
11514 operation may be configured in more detail, and also turned off
11515 entirely.
11516
11517 * In .netdev files two new settings RemoteChecksumTx= and
11518 RemoteChecksumRx= are now understood that permit configuring the
11519 remote checksumming logic for VXLAN networks.
11520
11521 * The service manager learnt a new "invocation ID" concept for invoked
11522 services. Each runtime cycle of a service will get a new invocation
da890466 11523 ID (a 128-bit random UUID) assigned that identifies the current
4c37970d
LP		 11524 run of the service uniquely and globally. A new invocation ID
11525 is generated each time a service starts up. The journal will store
11526 the invocation ID of a service along with any logged messages, thus
11527 making the invocation ID useful for matching the online runtime of a
11528 service with the offline log data it generated in a safe way without
11529 relying on synchronized timestamps. In many ways this new service
11530 invocation ID concept is similar to the kernel's boot ID concept that
11531 uniquely and globally identifies the runtime of each boot. The
11532 invocation ID of a service is passed to the service itself via an
11533 environment variable ($INVOCATION_ID). A new bus call
11534 GetUnitByInvocationID() has been added that is similar to GetUnit()
11535 but instead of retrieving the bus path for a unit by its name
11536 retrieves it by its invocation ID. The returned path is valid only as
11537 long as the passed invocation ID is current.
11538
11539 * systemd-resolved gained a new "DNSStubListener" setting in
11540 resolved.conf. It either takes a boolean value or the special values
11541 "udp" and "tcp", and configures whether to enable the stub DNS
11542 listener on 127.0.0.53:53.
11543
11544 * IP addresses configured via networkd may now carry additional
11545 configuration settings supported by the kernel. New options include:
11546 HomeAddress=, DuplicateAddressDetection=, ManageTemporaryAddress=,
11547 PrefixRoute=, AutoJoin=.
11548
11549 * The PAM configuration fragment file for "user@.service" shipped with
11550 systemd (i.e. the --user instance of systemd) has been stripped to
11551 the minimum necessary to make the system boot. Previously, it
11552 contained Fedora-specific stanzas that did not apply to other
11553 distributions. It is expected that downstream distributions add
11554 additional configuration lines, matching their needs to this file,
11555 using it only as rough template of what systemd itself needs. Note
11556 that this reduced fragment does not even include an invocation of
11557 pam_limits which most distributions probably want to add, even though
11558 systemd itself does not need it. (There's also the new build time
11559 option --with-pamconfdir=no to disable installation of the PAM
11560 fragment entirely.)
11561
11562 * If PrivateDevices=yes is set for a service the CAP_SYS_RAWIO
11563 capability is now also dropped from its set (in addition to
11564 CAP_SYS_MKNOD as before).
11565
11566 * In service unit files it is now possible to connect a specific named
11567 file descriptor with stdin/stdout/stdout of an executed service. The
11568 name may be specified in matching .socket units using the
11569 FileDescriptorName= setting.
11570
11571 * A number of journal settings may now be configured on the kernel
11572 command line. Specifically, the following options are now understood:
11573 systemd.journald.max_level_console=,
11574 systemd.journald.max_level_store=,
11575 systemd.journald.max_level_syslog=, systemd.journald.max_level_kmsg=,
11576 systemd.journald.max_level_wall=.
11577
11578 * "systemctl is-enabled --full" will now show by which symlinks a unit
11579 file is enabled in the unit dependency tree.
11580
b4eed568
LP		 11581 * Support for VeraCrypt encrypted partitions has been added to the
11582 "cryptsetup" logic and /etc/crypttab.
11583
11584 * systemd-detect-virt gained support for a new --private-users switch
11585 that checks whether the invoking processes are running inside a user
11586 namespace. Similar, a new special value "private-users" for the
11587 existing ConditionVirtualization= setting has been added, permitting
11588 skipping of specific units in user namespace environments.
11589
07393b6e
LP		 11590 Contributions from: Alban Crequy, Alexander Kuleshov, Alfie John,
11591 Andreas Henriksson, Andrew Jeddeloh, Balázs Úr, Bart Rulon, Benjamin
11592 Richter, Ben Gamari, Ben Harris, Brian J. Murrell, Christian Brauner,
11593 Christian Rebischke, Clinton Roy, Colin Walters, Cristian Rodríguez,
11594 Daniel Hahler, Daniel Mack, Daniel Maixner, Daniel Rusek, Dan Dedrick,
11595 Davide Cavalca, David Herrmann, David Michael, Dennis Wassenberg,
11596 Djalal Harouni, Dongsu Park, Douglas Christman, Elias Probst, Eric
11597 Cook, Erik Karlsson, Evgeny Vereshchagin, Felipe Sateler, Felix Zhang,
11598 Franck Bui, George Hilliard, Giuseppe Scrivano, HATAYAMA Daisuke,
11599 Heikki Kemppainen, Hendrik Brueckner, hi117, Ismo Puustinen, Ivan
11600 Shapovalov, Jakub Filak, Jakub Wilk, Jan Synacek, Jason Kölker,
11601 Jean-Sébastien Bour, Jiří Pírko, Jonathan Boulle, Jorge Niedbalski,
11602 Keith Busch, kristbaum, Kyle Russell, Lans Zhang, Lennart Poettering,
11603 Leonardo Brondani Schenkel, Lucas Werkmeister, Luca Bruno, Lukáš
11604 Nykrýn, Maciek Borzecki, Mantas Mikulėnas, Marc-Antoine Perennou,
11605 Marcel Holtmann, Marcos Mello, Martin Ejdestig, Martin Pitt, Matej
11606 Habrnal, Maxime de Roucy, Michael Biebl, Michael Chapman, Michael Hoy,
11607 Michael Olbrich, Michael Pope, Michal Sekletar, Michal Soltys, Mike
11608 Gilbert, Nick Owens, Patrik Flykt, Paweł Szewczyk, Peter Hutterer,
11609 Piotr Drąg, Reid Price, Richard W.M. Jones, Roman Stingler, Ronny
11610 Chevalier, Seraphime Kirkovski, Stefan Schweter, Steve Muir, Susant
11611 Sahani, Tejun Heo, Thomas Blume, Thomas H. P. Andersen, Tiago Levit,
11612 Tobias Jungel, Tomáš Janoušek, Topi Miettinen, Torstein Husebø, Umut
11613 Tezduyar Lindskog, Vito Caputo, WaLyong Cho, Wilhelm Schuster, Yann
11614 E. MORIN, Yi EungJun, Yuki Inoguchi, Yu Watanabe, Zbigniew
11615 Jędrzejewski-Szmek, Zeal Jagannatha
11616
54b24597 11617 — Santa Fe, 2016-11-03
07393b6e 11618
5cd118ba
MP		 11619CHANGES WITH 231:
11620
fcd30826
LP		 11621 * In service units the various ExecXYZ= settings have been extended
11622 with an additional special character as first argument of the
43eb109a 11623 assigned value: if the character '+' is used the specified command
fcd30826
LP		 11624 line it will be run with full privileges, regardless of User=,
11625 Group=, CapabilityBoundingSet= and similar options. The effect is
11626 similar to the existing PermissionsStartOnly= option, but allows
11627 configuration of this concept for each executed command line
11628 independently.
11629
11630 * Services may now alter the service watchdog timeout at runtime by
11631 sending a WATCHDOG_USEC= message via sd_notify().
11632
11633 * MemoryLimit= and related unit settings now optionally take percentage
11634 specifications. The percentage is taken relative to the amount of
11635 physical memory in the system (or in case of containers, the assigned
11636 amount of memory). This allows scaling service resources neatly with
771de3f5 11637 the amount of RAM available on the system. Similarly, systemd-logind's
fcd30826
LP		 11638 RuntimeDirectorySize= option now also optionally takes percentage
11639 values.
11640
11641 * In similar fashion TasksMax= takes percentage values now, too. The
11642 value is taken relative to the configured maximum number of processes
11643 on the system. The per-service task maximum has been changed to 15%
11644 using this functionality. (Effectively this is an increase of 512 →
11645 4915 for service units, given the kernel's default pid_max setting.)
11646
11647 * Calendar time specifications in .timer units now understand a ".."
11648 syntax for time ranges. Example: "4..7:10" may now be used for
11649 defining a timer that is triggered at 4:10am, 5:10am, 6:10am and
11650 7:10am every day.
11651
11652 * The InaccessableDirectories=, ReadOnlyDirectories= and
11653 ReadWriteDirectories= unit file settings have been renamed to
11654 InaccessablePaths=, ReadOnlyPaths= and ReadWritePaths= and may now be
11655 applied to all kinds of file nodes, and not just directories, with
11656 the exception of symlinks. Specifically these settings may now be
11657 used on block and character device nodes, UNIX sockets and FIFOS as
11658 well as regular files. The old names of these settings remain
11659 available for compatibility.
11660
11661 * systemd will now log about all service processes it kills forcibly
11662 (using SIGKILL) because they remained after the clean shutdown phase
11663 of the service completed. This should help identifying services that
11664 shut down uncleanly. Moreover if KillUserProcesses= is enabled in
11665 systemd-logind's configuration a similar log message is generated for
11666 processes killed at the end of each session due to this setting.
11667
11668 * systemd will now set the $JOURNAL_STREAM environment variable for all
11669 services whose stdout/stderr are connected to the Journal (which
11670 effectively means by default: all services). The variable contains
11671 the device and inode number of the file descriptor used for
11672 stdout/stderr. This may be used by invoked programs to detect whether
11673 their stdout/stderr is connected to the Journal, in which case they
11674 can switch over to direct Journal communication, thus being able to
11675 pass extended, structured metadata along with their log messages. As
11676 one example, this is now used by glib's logging primitives.
11677
11678 * When using systemd's default tmp.mount unit for /tmp, the mount point
11679 will now be established with the "nosuid" and "nodev" options. This
11680 avoids privilege escalation attacks that put traps and exploits into
33db1b90 11681 /tmp. However, this might cause problems if you e.g. put container
5cd118ba
MP		 11682 images or overlays into /tmp; if you need this, override tmp.mount's
11683 "Options=" with a drop-in, or mount /tmp from /etc/fstab with your
11684 desired options.
11685
fcd30826 11686 * systemd now supports the "memory" cgroup controller also on
4e1dfa45 11687 cgroup v2.
fcd30826
LP		 11688
11689 * The systemd-cgtop tool now optionally takes a control group path as
11690 command line argument. If specified, the control group list shown is
11691 limited to subgroups of that group.
11692
11693 * The SystemCallFilter= unit file setting gained support for
11694 pre-defined, named system call filter sets. For example
11695 SystemCallFilter=@clock is now an effective way to make all clock
771de3f5 11696 changing-related system calls unavailable to a service. A number of
fcd30826
LP		 11697 similar pre-defined groups are defined. Writing system call filters
11698 for system services is simplified substantially with this new
11699 concept. Accordingly, all of systemd's own, long-running services now
11700 enable system call filtering based on this, by default.
11701
11702 * A new service setting MemoryDenyWriteExecute= has been added, taking
11703 a boolean value. If turned on, a service may no longer create memory
11704 mappings that are writable and executable at the same time. This
11705 enhances security for services where this is enabled as it becomes
11706 harder to dynamically write and then execute memory in exploited
11707 service processes. This option has been enabled for all of systemd's
11708 own long-running services.
11709
11710 * A new RestrictRealtime= service setting has been added, taking a
11711 boolean argument. If set the service's processes may no longer
11712 acquire realtime scheduling. This improves security as realtime
11713 scheduling may otherwise be used to easily freeze the system.
11714
11715 * systemd-nspawn gained a new switch --notify-ready= taking a boolean
11716 value. This may be used for requesting that the system manager inside
11717 of the container reports start-up completion to nspawn which then
11718 propagates this notification further to the service manager
11719 supervising nspawn itself. A related option NotifyReady= in .nspawn
11720 files has been added too. This functionality allows ordering of the
11721 start-up of multiple containers using the usual systemd ordering
11722 primitives.
11723
11724 * machinectl gained a new command "stop" that is an alias for
11725 "terminate".
11726
11727 * systemd-resolved gained support for contacting DNS servers on
11728 link-local IPv6 addresses.
11729
11730 * If systemd-resolved receives the SIGUSR2 signal it will now flush all
11731 its caches. A method call for requesting the same operation has been
11732 added to the bus API too, and is made available via "systemd-resolve
11733 --flush-caches".
11734
771de3f5 11735 * systemd-resolve gained a new --status switch. If passed a brief
fcd30826
LP		 11736 summary of the used DNS configuration with per-interface information
11737 is shown.
11738
11739 * resolved.conf gained a new Cache= boolean option, defaulting to
11740 on. If turned off local DNS caching is disabled. This comes with a
11741 performance penalty in particular when DNSSEC is enabled. Note that
771de3f5 11742 resolved disables its internal caching implicitly anyway, when the
fcd30826
LP		 11743 configured DNS server is on a host-local IP address such as ::1 or
11744 127.0.0.1, thus automatically avoiding double local caching.
11745
11746 * systemd-resolved now listens on the local IP address 127.0.0.53:53
11747 for DNS requests. This improves compatibility with local programs
11748 that do not use the libc NSS or systemd-resolved's bus APIs for name
11749 resolution. This minimal DNS service is only available to local
11750 programs and does not implement the full DNS protocol, but enough to
11751 cover local DNS clients. A new, static resolv.conf file, listing just
11752 this DNS server is now shipped in /usr/lib/systemd/resolv.conf. It is
11753 now recommended to make /etc/resolv.conf a symlink to this file in
11754 order to route all DNS lookups to systemd-resolved, regardless if
11755 done via NSS, the bus API or raw DNS packets. Note that this local
11756 DNS service is not as fully featured as the libc NSS or
11757 systemd-resolved's bus APIs. For example, as unicast DNS cannot be
11758 used to deliver link-local address information (as this implies
11759 sending a local interface index along), LLMNR/mDNS support via this
11760 interface is severely restricted. It is thus strongly recommended for
11761 all applications to use the libc NSS API or native systemd-resolved
11762 bus API instead.
11763
11764 * systemd-networkd's bridge support learned a new setting
11765 VLANFiltering= for controlling VLAN filtering. Moreover a new section
11766 in .network files has been added for configuring VLAN bridging in
11767 more detail: VLAN=, EgressUntagged=, PVID= in [BridgeVLAN].
11768
11769 * systemd-networkd's IPv6 Router Advertisement code now makes use of
11770 the DNSSL and RDNSS options. This means IPv6 DNS configuration may
11771 now be acquired without relying on DHCPv6. Two new options
11772 UseDomains= and UseDNS= have been added to configure this behaviour.
11773
11774 * systemd-networkd's IPv6AcceptRouterAdvertisements= option has been
11775 renamed IPv6AcceptRA=, without altering its behaviour. The old
11776 setting name remains available for compatibility reasons.
11777
11778 * The systemd-networkd VTI/VTI6 tunneling support gained new options
11779 Key=, InputKey= and OutputKey=.
11780
11781 * systemd-networkd gained support for VRF ("Virtual Routing Function")
11782 interface configuration.
11783
11784 * "systemctl edit" may now be used to create new unit files by
11785 specifying the --force switch.
11786
11787 * sd-event gained a new function sd_event_get_iteration() for
11788 requesting the current iteration counter of the event loop. It starts
11789 at zero and is increased by one with each event loop iteration.
11790
43a569a1
ZJS		 11791 * A new rpm macro %systemd_ordering is provided by the macros.systemd
11792 file. It can be used in lieu of %systemd_requires in packages which
11793 don't use any systemd functionality and are intended to be installed
11794 in minimal containers without systemd present. This macro provides
ce830873 11795 ordering dependencies to ensure that if the package is installed in
43a569a1
ZJS		 11796 the same rpm transaction as systemd, systemd will be installed before
11797 the scriptlets for the package are executed, allowing unit presets
11798 to be handled.
11799
11800 New macros %_systemdgeneratordir and %_systemdusergeneratordir have
11801 been added to simplify packaging of generators.
11802
11803 * The os-release file gained VERSION_CODENAME field for the
11804 distribution nickname (e.g. VERSION_CODENAME=woody).
11805
11806 * New udev property UDEV_DISABLE_PERSISTENT_STORAGE_RULES_FLAG=1
11807 can be set to disable parsing of metadata and the creation
11808 of persistent symlinks for that device.
11809
0f1da52b
LP		 11810 * The v230 change to tag framebuffer devices (/dev/fb*) with "uaccess"
11811 to make them available to logged-in users has been reverted.
11812
11813 * Much of the common code of the various systemd components is now
11814 built into an internal shared library libsystemd-shared-231.so
11815 (incorporating the systemd version number in the name, to be updated
11816 with future releases) that the components link to. This should
11817 decrease systemd footprint both in memory during runtime and on
11818 disk. Note that the shared library is not for public use, and is
ead6bd25 11819 neither API nor ABI stable, but is likely to change with every new
1ecbf32f
ZJS		 11820 released update. Packagers need to make sure that binaries
11821 linking to libsystemd-shared.so are updated in step with the
11822 library.
43a569a1 11823
fcd30826
LP		 11824 * Configuration for "mkosi" is now part of the systemd
11825 repository. mkosi is a tool to easily build legacy-free OS images,
11826 and is available on github: https://github.com/systemd/mkosi. If
11827 "mkosi" is invoked in the build tree a new raw OS image is generated
11828 incorporating the systemd sources currently being worked on and a
11829 clean, fresh distribution installation. The generated OS image may be
ce830873 11830 booted up with "systemd-nspawn -b -i", qemu-kvm or on any physical
fcd30826
LP		 11831 UEFI PC. This functionality is particularly useful to easily test
11832 local changes made to systemd in a pristine, defined environment. See
f09eb768 11833 doc/HACKING for details.
ceeddf79 11834
4ffe2479
ZJS		 11835 * configure learned the --with-support-url= option to specify the
11836 distribution's bugtracker.
11837
38b383d9
LP		 11838 Contributions from: Alban Crequy, Alessandro Puccetti, Alessio Igor
11839 Bogani, Alexander Kuleshov, Alexander Kurtz, Alex Gaynor, Andika
11840 Triwidada, Andreas Pokorny, Andreas Rammhold, Andrew Jeddeloh, Ansgar
11841 Burchardt, Atrotors, Benjamin Drung, Brian Boylston, Christian Hesse,
11842 Christian Rebischke, Daniele Medri, Daniel Mack, Dave Reisner, David
11843 Herrmann, David Michael, Djalal Harouni, Douglas Christman, Elias
11844 Probst, Evgeny Vereshchagin, Federico Mena Quintero, Felipe Sateler,
11845 Franck Bui, Harald Hoyer, Ian Lee, Ivan Shapovalov, Jakub Wilk, Jan
11846 Janssen, Jean-Sébastien Bour, John Paul Adrian Glaubitz, Jouke
11847 Witteveen, Kai Ruhnau, kpengboy, Kyle Walker, Lénaïc Huard, Lennart
11848 Poettering, Luca Bruno, Lukas Lösche, Lukáš Nykrýn, mahkoh, Marcel
11849 Holtmann, Martin Pitt, Marty Plummer, Matthieu Codron, Max Prokhorov,
11850 Michael Biebl, Michael Karcher, Michael Olbrich, Michał Bartoszkiewicz,
11851 Michal Sekletar, Michal Soltys, Minkyung, Muhammet Kara, mulkieran,
11852 Otto Wallenius, Pablo Lezaeta Reyes, Peter Hutterer, Ronny Chevalier,
11853 Rusty Bird, Stef Walter, Susant Sahani, Tejun Heo, Thomas Blume, Thomas
771de3f5
ZJS		 11854 Haller, Thomas H. P. Andersen, Tobias Jungel, Tom Gundersen, Tom Yan,
11855 Topi Miettinen, Torstein Husebø, Valentin Vidić, Viktar Vaŭčkievič,
38b383d9 11856 WaLyong Cho, Weng Xuetian, Werner Fink, Zbigniew Jędrzejewski-Szmek
5cd118ba 11857
38b383d9 11858 — Berlin, 2016-07-25
5cd118ba 11859
46e40fab 11860CHANGES WITH 230:
7f6e8043 11861
61ecb465
LP		 11862 * DNSSEC is now turned on by default in systemd-resolved (in
11863 "allow-downgrade" mode), but may be turned off during compile time by
11864 passing "--with-default-dnssec=no" to "configure" (and of course,
11865 during runtime with DNSSEC= in resolved.conf). We recommend
11866 downstreams to leave this on at least during development cycles and
11867 report any issues with the DNSSEC logic upstream. We are very
11868 interested in collecting feedback about the DNSSEC validator and its
11869 limitations in the wild. Note however, that DNSSEC support is
11870 probably nothing downstreams should turn on in stable distros just
96d49011 11871 yet, as it might create incompatibilities with a few DNS servers and
61ecb465
LP		 11872 networks. We tried hard to make sure we downgrade to non-DNSSEC mode
11873 automatically whenever we detect such incompatible setups, but there
11874 might be systems we do not cover yet. Hence: please help us testing
11875 the DNSSEC code, leave this on where you can, report back, but then
11876 again don't consider turning this on in your stable, LTS or
e40a326c
LP		 11877 production release just yet. (Note that you have to enable
11878 nss-resolve in /etc/nsswitch.conf, to actually use systemd-resolved
38b38500 11879 and its DNSSEC mode for hostname resolution from local
e40a326c 11880 applications.)
61ecb465 11881
96515dbf 11882 * systemd-resolve conveniently resolves DANE records with the --tlsa
e40a326c 11883 option and OPENPGPKEY records with the --openpgp option. It also
e75690c3 11884 supports dumping raw DNS record data via the new --raw= switch.
96515dbf 11885
97e5530c
ZJS		 11886 * systemd-logind will now by default terminate user processes that are
11887 part of the user session scope unit (session-XX.scope) when the user
977f2bea 11888 logs out. This behavior is controlled by the KillUserProcesses=
e40a326c
LP		 11889 setting in logind.conf, and the previous default of "no" is now
11890 changed to "yes". This means that user sessions will be properly
11891 cleaned up after, but additional steps are necessary to allow
11892 intentionally long-running processes to survive logout.
97e5530c
ZJS		 11893
11894 While the user is logged in at least once, user@.service is running,
11895 and any service that should survive the end of any individual login
11896 session can be started at a user service or scope using systemd-run.
e40a326c 11897 systemd-run(1) man page has been extended with an example which shows
8951eaec 11898 how to run screen in a scope unit underneath user@.service. The same
e40a326c 11899 command works for tmux.
97e5530c
ZJS		 11900
11901 After the user logs out of all sessions, user@.service will be
11902 terminated too, by default, unless the user has "lingering" enabled.
11903 To effectively allow users to run long-term tasks even if they are
152199f2
ZJS		 11904 logged out, lingering must be enabled for them. See loginctl(1) for
11905 details. The default polkit policy was modified to allow users to
11906 set lingering for themselves without authentication.
7f6e8043 11907
95365a57 11908 Previous defaults can be restored at compile time by the
e40a326c 11909 --without-kill-user-processes option to "configure".
7f6e8043 11910
e75690c3
ZJS		 11911 * systemd-logind gained new configuration settings SessionsMax= and
11912 InhibitorsMax=, both with a default of 8192. It will not register new
188d3082 11913 user sessions or inhibitors above this limit.
e75690c3
ZJS		 11914
11915 * systemd-logind will now reload configuration on SIGHUP.
11916
96515dbf 11917 * The unified cgroup hierarchy added in Linux 4.5 is now supported.
e40a326c 11918 Use systemd.unified_cgroup_hierarchy=1 on the kernel command line to
25b0e6cb
LP		 11919 enable. Also, support for the "io" cgroup controller in the unified
11920 hierarchy has been added, so that the "memory", "pids" and "io" are
11921 now the controllers that are supported on the unified hierarchy.
e40a326c 11922
96515dbf
ZJS		 11923 WARNING: it is not possible to use previous systemd versions with
11924 systemd.unified_cgroup_hierarchy=1 and the new kernel. Therefore it
11925 is necessary to also update systemd in the initramfs if using the
e40a326c 11926 unified hierarchy. An updated SELinux policy is also required.
96515dbf 11927
e40a326c
LP		 11928 * LLDP support has been extended, and both passive (receive-only) and
11929 active (sender) modes are supported. Passive mode ("routers-only") is
8951eaec
ZJS		 11930 enabled by default in systemd-networkd. Active LLDP mode is enabled
11931 by default for containers on the internal network. The "networkctl
e40a326c
LP		 11932 lldp" command may be used to list information gathered. "networkctl
11933 status" will also show basic LLDP information on connected peers now.
96515dbf 11934
e40a326c
LP		 11935 * The IAID and DUID unique identifier sent in DHCP requests may now be
11936 configured for the system and each .network file managed by
e75690c3
ZJS		 11937 systemd-networkd using the DUIDType=, DUIDRawData=, IAID= options.
11938
11939 * systemd-networkd gained support for configuring proxy ARP support for
11940 each interface, via the ProxyArp= setting in .network files. It also
11941 gained support for configuring the multicast querier feature of
11942 bridge devices, via the new MulticastQuerier= setting in .netdev
11943 files. Similarly, snooping on the IGMP traffic can be controlled
11944 via the new setting MulticastSnooping=.
11945
11946 A new setting PreferredLifetime= has been added for addresses
11947 configured in .network file to configure the lifetime intended for an
11948 address.
11949
11950 The systemd-networkd DHCP server gained the option EmitRouter=, which
11951 defaults to yes, to configure whether the DHCP Option 3 (Router)
11952 should be emitted.
96515dbf 11953
e40a326c 11954 * The testing tool /usr/lib/systemd/systemd-activate is renamed to
97e5530c
ZJS		 11955 systemd-socket-activate and installed into /usr/bin. It is now fully
11956 supported.
11957
e40a326c
LP		 11958 * systemd-journald now uses separate threads to flush changes to disk
11959 when closing journal files, thus reducing impact of slow disk I/O on
11960 logging performance.
96515dbf 11961
e75690c3
ZJS		 11962 * The sd-journal API gained two new calls
11963 sd_journal_open_directory_fd() and sd_journal_open_files_fd() which
11964 can be used to open journal files using file descriptors instead of
11965 file or directory paths. sd_journal_open_container() has been
11966 deprecated, sd_journal_open_directory_fd() should be used instead
11967 with the flag SD_JOURNAL_OS_ROOT.
11968
11969 * journalctl learned a new output mode "-o short-unix" that outputs log
11970 lines prefixed by their UNIX time (i.e. seconds since Jan 1st, 1970
11971 UTC). It also gained support for a new --no-hostname setting to
11972 suppress the hostname column in the family of "short" output modes.
11973
e40a326c
LP		 11974 * systemd-ask-password now optionally skips printing of the password to
11975 stdout with --no-output which can be useful in scripts.
96515dbf
ZJS		 11976
11977 * Framebuffer devices (/dev/fb*) and 3D printers and scanners
11978 (devices tagged with ID_MAKER_TOOL) are now tagged with
11979 "uaccess" and are available to logged in users.
11980
e75690c3 11981 * The DeviceAllow= unit setting now supports specifiers (with "%").
e40a326c
LP		 11982
11983 * "systemctl show" gained a new --value switch, which allows print a
11984 only the contents of a specific unit property, without also printing
8951eaec
ZJS		 11985 the property's name. Similar support was added to "show*" verbs
11986 of loginctl and machinectl that output "key=value" lists.
e40a326c 11987
e75690c3
ZJS		 11988 * A new unit type "generated" was added for files dynamically generated
11989 by generator tools. Similarly, a new unit type "transient" is used
11990 for unit files created using the runtime API. "systemctl enable" will
11991 refuse to operate on such files.
11992
e40a326c
LP		 11993 * A new command "systemctl revert" has been added that may be used to
11994 revert to the vendor version of a unit file, in case local changes
11995 have been made by adding drop-ins or overriding the unit file.
11996
11997 * "machinectl clean" gained a new verb to automatically remove all or
11998 just hidden container images.
11999
e40a326c
LP		 12000 * systemd-tmpfiles gained support for a new line type "e" for emptying
12001 directories, if they exist, without creating them if they don't.
12002
e40a326c
LP		 12003 * systemd-nspawn gained support for automatically patching the UID/GIDs
12004 of the owners and the ACLs of all files and directories in a
12005 container tree to match the UID/GID user namespacing range selected
12006 for the container invocation. This mode is enabled via the new
24597ee0
ZJS		 12007 --private-users-chown switch. It also gained support for
12008 automatically choosing a free, previously unused UID/GID range when
12009 starting a container, via the new --private-users=pick setting (which
12010 implies --private-users-chown). Together, these options for the first
12011 time make user namespacing for nspawn containers fully automatic and
12012 thus deployable. The systemd-nspawn@.service template unit file has
12013 been changed to use this functionality by default.
e40a326c 12014
25b0e6cb
LP		 12015 * systemd-nspawn gained a new --network-zone= switch, that allows
12016 creating ad-hoc virtual Ethernet links between multiple containers,
12017 that only exist as long as at least one container referencing them is
12018 running. This allows easy connecting of multiple containers with a
12019 common link that implements an Ethernet broadcast domain. Each of
12020 these network "zones" may be named relatively freely by the user, and
12021 may be referenced by any number of containers, but each container may
12022 only reference one of these "zones". On the lower level, this is
12023 implemented by an automatically managed bridge network interface for
12024 each zone, that is created when the first container referencing its
12025 zone is created and removed when the last one referencing its zone
12026 terminates.
12027
e40a326c 12028 * The default start timeout may now be configured on the kernel command
8951eaec
ZJS		 12029 line via systemd.default_timeout_start_sec=. It was already
12030 configurable via the DefaultTimeoutStartSec= option in
12031 /etc/systemd/system.conf.
e40a326c 12032
030bd839 12033 * Socket units gained a new TriggerLimitIntervalSec= and
e40a326c
LP		 12034 TriggerLimitBurst= setting to configure a limit on the activation
12035 rate of the socket unit.
12036
12037 * The LimitNICE= setting now optionally takes normal UNIX nice values
12038 in addition to the raw integer limit value. If the specified
1d3a473b 12039 parameter is prefixed with "+" or "-" and is in the range -20…19 the
e40a326c
LP		 12040 value is understood as UNIX nice value. If not prefixed like this it
12041 is understood as raw RLIMIT_NICE limit.
12042
999a43f8
LP		 12043 * Note that the effect of the PrivateDevices= unit file setting changed
12044 slightly with this release: the per-device /dev file system will be
12045 mounted read-only from this version on, and will have "noexec"
188d3082 12046 set. This (minor) change of behavior might cause some (exceptional)
999a43f8
LP		 12047 legacy software to break, when PrivateDevices=yes is set for its
12048 service. Please leave PrivateDevices= off if you run into problems
12049 with this.
12050
e75690c3
ZJS		 12051 * systemd-bootchart has been split out to a separate repository:
12052 https://github.com/systemd/systemd-bootchart
12053
12054 * systemd-bus-proxyd has been removed, as kdbus is unlikely to still be
12055 merged into the kernel in its current form.
12056
12057 * The compatibility libraries libsystemd-daemon.so,
12058 libsystemd-journal.so, libsystemd-id128.so, and libsystemd-login.so
12059 which have been deprecated since systemd-209 have been removed along
12060 with the corresponding pkg-config files. All symbols provided by
12061 those libraries are provided by libsystemd.so.
12062
12063 * The Capabilities= unit file setting has been removed (it is ignored
12064 for backwards compatibility). AmbientCapabilities= and
12065 CapabilityBoundingSet= should be used instead.
12066
4f9020fa
DR		 12067 * A new special target has been added, initrd-root-device.target,
12068 which creates a synchronization point for dependencies of the root
12069 device in early userspace. Initramfs builders must ensure that this
12070 target is now included in early userspace.
12071
e75690c3
ZJS		 12072 Contributions from: Alban Crequy, Alexander Kuleshov, Alexander Shopov,
12073 Alex Crawford, Andre Klärner, Andrew Eikum, Beniamino Galvani, Benjamin
12074 Robin, Biao Lu, Bjørnar Ness, Calvin Owens, Christian Hesse, Clemens
12075 Gruber, Colin Guthrie, Daniel Drake, Daniele Medri, Daniel J Walsh,
12076 Daniel Mack, Dan Nicholson, daurnimator, David Herrmann, David
12077 R. Hedges, Elias Probst, Emmanuel Gil Peyrot, EMOziko, Evgeny
12078 Vereshchagin, Federico, Felipe Sateler, Filipe Brandenburger, Franck
12079 Bui, frankheckenbach, gdamjan, Georgia Brikis, Harald Hoyer, Hendrik
77ff6022
CG		 12080 Brueckner, Hristo Venev, Iago López Galeiras, Ian Kelling, Ismo
12081 Puustinen, Jakub Wilk, Jaroslav Škarvada, Jeff Huang, Joel Holdsworth,
e75690c3
ZJS		 12082 John Paul Adrian Glaubitz, Jonathan Boulle, kayrus, Klearchos
12083 Chaloulos, Kyle Russell, Lars Uebernickel, Lennart Poettering, Lubomir
12084 Rintel, Lukáš Nykrýn, Mantas Mikulėnas, Marcel Holtmann, Martin Pitt,
77ff6022
CG		 12085 Michael Biebl, michaelolbrich, Michał Bartoszkiewicz, Michal Koutný,
12086 Michal Sekletar, Mike Frysinger, Mike Gilbert, Mingcong Bai, Ming Lin,
12087 mulkieran, muzena, Nalin Dahyabhai, Naohiro Aota, Nathan McSween,
e75690c3
ZJS		 12088 Nicolas Braud-Santoni, Patrik Flykt, Peter Hutterer, Peter Mattern,
12089 Petr Lautrbach, Petros Angelatos, Piotr Drąg, Rabin Vincent, Robert
12090 Węcławski, Ronny Chevalier, Samuel Tardieu, Stefan Saraev, Stefan
12091 Schallenberg aka nafets227, Steven Siloti, Susant Sahani, Sylvain
12092 Plantefève, Taylor Smock, Tejun Heo, Thomas Blume, Thomas Haller,
12093 Thomas H. P. Andersen, Tobias Klauser, Tom Gundersen, topimiettinen,
46e40fab
ZJS		 12094 Torstein Husebø, Umut Tezduyar Lindskog, Uwe Kleine-König, Victor Toso,
12095 Vinay Kulkarni, Vito Caputo, Vittorio G (VittGam), Vladimir Panteleev,
12096 Wieland Hoffmann, Wouter Verhelst, Yu Watanabe, Zbigniew
12097 Jędrzejewski-Szmek
e40a326c 12098
46e40fab 12099 — Fairfax, 2016-05-21
96515dbf 12100
61f32bff
MP		 12101CHANGES WITH 229:
12102
d5f8b295
LP		 12103 * The systemd-resolved DNS resolver service has gained a substantial
12104 set of new features, most prominently it may now act as a DNSSEC
12105 validating stub resolver. DNSSEC mode is currently turned off by
ed5f8840
ZJS		 12106 default, but is expected to be turned on by default in one of the
12107 next releases. For now, we invite everybody to test the DNSSEC logic
12108 by setting DNSSEC=allow-downgrade in /etc/systemd/resolved.conf. The
12109 service also gained a full set of D-Bus interfaces, including calls
12110 to configure DNS and DNSSEC settings per link (for use by external
12111 network management software). systemd-resolved and systemd-networkd
12112 now distinguish between "search" and "routing" domains. The former
12113 are used to qualify single-label names, the latter are used purely
12114 for routing lookups within certain domains to specific links.
12115 resolved now also synthesizes RRs for all entries from /etc/hosts.
d5f8b295
LP		 12116
12117 * The systemd-resolve tool (which is a client utility for
ed5f8840
ZJS		 12118 systemd-resolved) has been improved considerably and is now fully
12119 supported and documented. Hence it has moved from /usr/lib/systemd to
12120 /usr/bin.
d5f8b295
LP		 12121
12122 * /dev/disk/by-path/ symlink support has been (re-)added for virtio
12123 devices.
12124
a7c723c0
LP		 12125 * The coredump collection logic has been reworked: when a coredump is
12126 collected it is now written to disk, compressed and processed
12127 (including stacktrace extraction) from a new instantiated service
12128 systemd-coredump@.service, instead of directly from the
12129 /proc/sys/kernel/core_pattern hook we provide. This is beneficial as
12130 processing large coredumps can take up a substantial amount of
12131 resources and time, and this previously happened entirely outside of
12132 systemd's service supervision. With the new logic the core_pattern
12133 hook only does minimal metadata collection before passing off control
12134 to the new instantiated service, which is configured with a time
12135 limit, a nice level and other settings to minimize negative impact on
12136 the rest of the system. Also note that the new logic will honour the
12137 RLIMIT_CORE setting of the crashed process, which now allows users
12138 and processes to turn off coredumping for their processes by setting
12139 this limit.
12140
12141 * The RLIMIT_CORE resource limit now defaults to "unlimited" for PID 1
12142 and all forked processes by default. Previously, PID 1 would leave
12143 the setting at "0" for all processes, as set by the kernel. Note that
12144 the resource limit traditionally has no effect on the generated
12145 coredumps on the system if the /proc/sys/kernel/core_pattern hook
12146 logic is used. Since the limit is now honoured (see above) its
12147 default has been changed so that the coredumping logic is enabled by
12148 default for all processes, while allowing specific opt-out.
12149
12150 * When the stacktrace is extracted from processes of system users, this
12151 is now done as "systemd-coredump" user, in order to sandbox this
12152 potentially security sensitive parsing operation. (Note that when
12153 processing coredumps of normal users this is done under the user ID
12154 of process that crashed, as before.) Packagers should take notice
12155 that it is now necessary to create the "systemd-coredump" system user
12156 and group at package installation time.
12157
d5f8b295
LP		 12158 * The systemd-activate socket activation testing tool gained support
12159 for SOCK_DGRAM and SOCK_SEQPACKET sockets using the new --datagram
12160 and --seqpacket switches. It also has been extended to support both
12161 new-style and inetd-style file descriptor passing. Use the new
12162 --inetd switch to request inetd-style file descriptor passing.
12163
8968aea0
MP		 12164 * Most systemd tools now honor a new $SYSTEMD_COLORS environment
12165 variable, which takes a boolean value. If set to false, ANSI color
d5f8b295
LP		 12166 output is disabled in the tools even when run on a terminal that
12167 supports it.
12168
12169 * The VXLAN support in networkd now supports two new settings
12170 DestinationPort= and PortRange=.
12171
12172 * A new systemd.machine_id= kernel command line switch has been added,
12173 that may be used to set the machine ID in /etc/machine-id if it is
12174 not initialized yet. This command line option has no effect if the
12175 file is already initialized.
12176
12177 * systemd-nspawn gained a new --as-pid2 switch that invokes any
12178 specified command line as PID 2 rather than PID 1 in the
ed5f8840
ZJS		 12179 container. In this mode PID 1 is a minimal stub init process that
12180 implements the special POSIX and Linux semantics of PID 1 regarding
12181 signal and child process management. Note that this stub init process
12182 is implemented in nspawn itself and requires no support from the
12183 container image. This new logic is useful to support running
12184 arbitrary commands in the container, as normal processes are
d5f8b295
LP		 12185 generally not prepared to run as PID 1.
12186
12187 * systemd-nspawn gained a new --chdir= switch for setting the current
12188 working directory for the process started in the container.
12189
ed5f8840
ZJS		 12190 * "journalctl /dev/sda" will now output all kernel log messages for
12191 specified device from the current boot, in addition to all devices
12192 that are parents of it. This should make log output about devices
12193 pretty useful, as long as kernel drivers attach enough metadata to
12194 the log messages. (The usual SATA drivers do.)
d5f8b295
LP		 12195
12196 * The sd-journal API gained two new calls
12197 sd_journal_has_runtime_files() and sd_journal_has_persistent_files()
12198 that report whether log data from /run or /var has been found.
12199
12200 * journalctl gained a new switch "--fields" that prints all journal
33db1b90 12201 record field names currently in use in the journal. This is backed
d5f8b295
LP		 12202 by two new sd-journal API calls sd_journal_enumerate_fields() and
12203 sd_journal_restart_fields().
12204
12205 * Most configurable timeouts in systemd now expect an argument of
8968aea0
MP		 12206 "infinity" to turn them off, instead of "0" as before. The semantics
12207 from now on is that a timeout of "0" means "now", and "infinity"
12208 means "never". To maintain backwards compatibility, "0" continues to
12209 turn off previously existing timeout settings.
d5f8b295
LP		 12210
12211 * "systemctl reload-or-try-restart" has been renamed to "systemctl
8968aea0
MP		 12212 try-reload-or-restart" to clarify what it actually does: the "try"
12213 logic applies to both reloading and restarting, not just restarting.
12214 The old name continues to be accepted for compatibility.
12215
12216 * On boot-up, when PID 1 detects that the system clock is behind the
12217 release date of the systemd version in use, the clock is now set
12218 to the latter. Previously, this was already done in timesyncd, in order
d5f8b295
LP		 12219 to avoid running with clocks set to the various clock epochs such as
12220 1902, 1938 or 1970. With this change the logic is now done in PID 1
12221 in addition to timesyncd during early boot-up, so that it is enforced
12222 before the first process is spawned by systemd. Note that the logic
12223 in timesyncd remains, as it is more comprehensive and ensures
ed5f8840 12224 clock monotonicity by maintaining a persistent timestamp file in
d5f8b295
LP		 12225 /var. Since /var is generally not available in earliest boot or the
12226 initrd, this part of the logic remains in timesyncd, and is not done
12227 by PID 1.
12228
50f48ad3
DM		 12229 * Support for tweaking details in net_cls.class_id through the
12230 NetClass= configuration directive has been removed, as the kernel
12231 people have decided to deprecate that controller in cgroup v2.
12232 Userspace tools such as nftables are moving over to setting rules
12233 that are specific to the full cgroup path of a task, which obsoletes
12234 these controllers anyway. The NetClass= directive is kept around for
12235 legacy compatibility reasons. For a more in-depth description of the
12236 kernel change, please refer to the respective upstream commit:
12237
12238 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bd1060a1d671
12239
d5f8b295 12240 * A new service setting RuntimeMaxSec= has been added that may be used
8968aea0 12241 to specify a maximum runtime for a service. If the timeout is hit, the
d5f8b295
LP		 12242 service is terminated and put into a failure state.
12243
8968aea0
MP		 12244 * A new service setting AmbientCapabilities= has been added. It allows
12245 configuration of additional Linux process capabilities that are
12246 passed to the activated processes. This is only available on very
d5f8b295
LP		 12247 recent kernels.
12248
12249 * The process resource limit settings in service units may now be used
12250 to configure hard and soft limits individually.
12251
8968aea0 12252 * The various libsystemd APIs such as sd-bus or sd-event now publicly
ed5f8840
ZJS		 12253 expose support for gcc's __attribute__((cleanup())) C extension.
12254 Specifically, for many object destructor functions alternative
12255 versions have been added that have names suffixed with "p" and take a
12256 pointer to a pointer to the object to destroy, instead of just a
12257 pointer to the object itself. This is useful because these destructor
12258 functions may be used directly as parameters to the cleanup
12259 construct. Internally, systemd has been a heavy user of this GCC
12260 extension for a long time, and with this change similar support is
12261 now available to consumers of the library outside of systemd. Note
8968aea0 12262 that by using this extension in your sources compatibility with old
ed5f8840
ZJS		 12263 and strictly ANSI compatible C compilers is lost. However, all gcc or
12264 LLVM versions of recent years support this extension.
d5f8b295
LP		 12265
12266 * Timer units gained support for a new setting RandomizedDelaySec= that
8968aea0
MP		 12267 allows configuring some additional randomized delay to the configured
12268 time. This is useful to spread out timer events to avoid load peaks in
12269 clusters or larger setups.
d5f8b295
LP		 12270
12271 * Calendar time specifications now support sub-second accuracy.
12272
12273 * Socket units now support listening on SCTP and UDP-lite protocol
12274 sockets.
12275
12276 * The sd-event API now comes with a full set of man pages.
12277
12278 * Older versions of systemd contained experimental support for
12279 compressing journal files and coredumps with the LZ4 compressor that
12280 was not compatible with the lz4 binary (due to API limitations of the
12281 lz4 library). This support has been removed; only support for files
12282 compatible with the lz4 binary remains. This LZ4 logic is now
12283 officially supported and no longer considered experimental.
12284
12285 * The dkr image import logic has been removed again from importd. dkr's
12286 micro-services focus doesn't fit into the machine image focus of
12287 importd, and quickly got out of date with the upstream dkr API.
12288
12289 * Creation of the /run/lock/lockdev/ directory was dropped from
12290 tmpfiles.d/legacy.conf. Better locking mechanisms like flock() have
61f32bff
MP		 12291 been available for many years. If you still need this, you need to
12292 create your own tmpfiles.d config file with:
d5f8b295
LP		 12293
12294 d /run/lock/lockdev 0775 root lock -
61f32bff 12295
dd95b381
LP		 12296 * The settings StartLimitBurst=, StartLimitInterval=, StartLimitAction=
12297 and RebootArgument= have been moved from the [Service] section of
12298 unit files to [Unit], and they are now supported on all unit types,
12299 not just service units. Of course, systemd will continue to
12300 understand these settings also at the old location, in order to
12301 maintain compatibility.
12302
3545ab35
LP		 12303 Contributions from: Abdo Roig-Maranges, Alban Crequy, Aleksander
12304 Adamowski, Alexander Kuleshov, Andreas Pokorny, Andrei Borzenkov,
12305 Andrew Wilcox, Arthur Clement, Beniamino Galvani, Casey Schaufler,
12306 Chris Atkinson, Chris Mayo, Christian Hesse, Damjan Georgievski, Dan
12307 Dedrick, Daniele Medri, Daniel J Walsh, Daniel Korostil, Daniel Mack,
12308 David Herrmann, Dimitri John Ledkov, Dominik Hannen, Douglas Christman,
12309 Evgeny Vereshchagin, Filipe Brandenburger, Franck Bui, Gabor Kelemen,
12310 Harald Hoyer, Hayden Walles, Helmut Grohne, Henrik Kaare Poulsen,
12311 Hristo Venev, Hui Wang, Indrajit Raychaudhuri, Ismo Puustinen, Jakub
12312 Wilk, Jan Alexander Steffens (heftig), Jan Engelhardt, Jan Synacek,
12313 Joost Bremmer, Jorgen Schaefer, Karel Zak, Klearchos Chaloulos,
12314 lc85446, Lennart Poettering, Lukas Nykryn, Mantas Mikulėnas, Marcel
12315 Holtmann, Martin Pitt, Michael Biebl, Michael Olbrich, Michael Scherer,
12316 Michał Górny, Michal Sekletar, Nicolas Cornu, Nicolas Iooss, Nils
12317 Carlson, nmartensen, nnz1024, Patrick Ohly, Peter Hutterer, Phillip Sz,
12318 Ronny Chevalier, Samu Kallio, Shawn Landden, Stef Walter, Susant
12319 Sahani, Sylvain Plantefève, Tadej Janež, Thomas Hindoe Paaboel
12320 Andersen, Tom Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Vito
12321 Caputo, WaLyong Cho, Yu Watanabe, Zbigniew Jędrzejewski-Szmek
12322
ccddd104 12323 — Berlin, 2016-02-11
61f32bff 12324
a11c7ea5
LP		 12325CHANGES WITH 228:
12326
a11c7ea5
LP		 12327 * A number of properties previously only settable in unit
12328 files are now also available as properties to set when
12329 creating transient units programmatically via the bus, as it
12330 is exposed with systemd-run's --property=
12331 setting. Specifically, these are: SyslogIdentifier=,
12332 SyslogLevelPrefix=, TimerSlackNSec=, OOMScoreAdjust=,
12333 EnvironmentFile=, ReadWriteDirectories=,
12334 ReadOnlyDirectories=, InaccessibleDirectories=,
12335 ProtectSystem=, ProtectHome=, RuntimeDirectory=.
12336
28c85daf
LP		 12337 * When creating transient services via the bus API it is now
12338 possible to pass in a set of file descriptors to use as
12339 STDIN/STDOUT/STDERR for the invoked process.
a11c7ea5 12340
f1f8a5a5
LP		 12341 * Slice units may now be created transiently via the bus APIs,
12342 similar to the way service and scope units may already be
12343 created transiently.
12344
a11c7ea5
LP		 12345 * Wherever systemd expects a calendar timestamp specification
12346 (like in journalctl's --since= and --until= switches) UTC
12347 timestamps are now supported. Timestamps suffixed with "UTC"
12348 are now considered to be in Universal Time Coordinated
12349 instead of the local timezone. Also, timestamps may now
815bb5bd 12350 optionally be specified with sub-second accuracy. Both of
a11c7ea5
LP		 12351 these additions also apply to recurring calendar event
12352 specification, such as OnCalendar= in timer units.
12353
28c85daf
LP		 12354 * journalctl gained a new "--sync" switch that asks the
12355 journal daemon to write all so far unwritten log messages to
12356 disk and sync the files, before returning.
12357
a11c7ea5
LP		 12358 * systemd-tmpfiles learned two new line types "q" and "Q" that
12359 operate like "v", but also set up a basic btrfs quota
12360 hierarchy when used on a btrfs file system with quota
12361 enabled.
12362
f1f8a5a5
LP		 12363 * tmpfiles' "v", "q" and "Q" will now create a plain directory
12364 instead of a subvolume (even on a btrfs file system) if the
12365 root directory is a plain directory, and not a
12366 subvolume. This should simplify things with certain chroot()
12367 environments which are not aware of the concept of btrfs
12368 subvolumes.
12369
a11c7ea5
LP		 12370 * systemd-detect-virt gained a new --chroot switch to detect
12371 whether execution takes place in a chroot() environment.
12372
28c85daf 12373 * CPUAffinity= now takes CPU index ranges in addition to
a11c7ea5
LP		 12374 individual indexes.
12375
28c85daf 12376 * The various memory-related resource limit settings (such as
1d3a473b 12377 LimitAS=) now understand the usual K, M, G, … suffixes to
28c85daf 12378 the base of 1024 (IEC). Similar, the time-related resource
1d3a473b
ZJS		 12379 limit settings understand the usual min, h, day, … suffixes
12380 now.
28c85daf 12381
f1f8a5a5
LP		 12382 * There's a new system.conf setting DefaultTasksMax= to
12383 control the default TasksMax= setting for services and
12384 scopes running on the system. (TasksMax= is the primary
12385 setting that exposes the "pids" cgroup controller on systemd
12386 and was introduced in the previous systemd release.) The
12387 setting now defaults to 512, which means services that are
12388 not explicitly configured otherwise will only be able to
12389 create 512 processes or threads at maximum, from this
12390 version on. Note that this means that thread- or
12391 process-heavy services might need to be reconfigured to set
12392 TasksMax= to a higher value. It is sufficient to set
12393 TasksMax= in these specific unit files to a higher value, or
12394 even "infinity". Similar, there's now a logind.conf setting
12395 UserTasksMax= that defaults to 4096 and limits the total
12396 number of processes or tasks each user may own
12397 concurrently. nspawn containers also have the TasksMax=
12398 value set by default now, to 8192. Note that all of this
12399 only has an effect if the "pids" cgroup controller is
12400 enabled in the kernel. The general benefit of these changes
12401 should be a more robust and safer system, that provides a
12402 certain amount of per-service fork() bomb protection.
12403
28c85daf
LP		 12404 * systemd-nspawn gained the new --network-veth-extra= switch
12405 to define additional and arbitrarily-named virtual Ethernet
12406 links between the host and the container.
12407
12408 * A new service execution setting PassEnvironment= has been
12409 added that allows importing select environment variables
12410 from PID1's environment block into the environment block of
12411 the service.
12412
ddb4b0d3 12413 * Timer units gained support for a new RemainAfterElapse=
595bfe7d 12414 setting which takes a boolean argument. It defaults to on,
ddb4b0d3
LP		 12415 exposing behaviour unchanged to previous releases. If set to
12416 off, timer units are unloaded after they elapsed if they
12417 cannot elapse again. This is particularly useful for
12418 transient timer units, which shall not stay around longer
12419 than until they first elapse.
12420
a11c7ea5 12421 * systemd will now bump the net.unix.max_dgram_qlen to 512 by
28c85daf
LP		 12422 default now (the kernel default is 16). This is beneficial
12423 for avoiding blocking on AF_UNIX/SOCK_DGRAM sockets since it
a11c7ea5
LP		 12424 allows substantially larger numbers of queued
12425 datagrams. This should increase the capability of systemd to
12426 parallelize boot-up, as logging and sd_notify() are unlikely
12427 to stall execution anymore. If you need to change the value
12428 from the new defaults, use the usual sysctl.d/ snippets.
12429
28c85daf
LP		 12430 * The compression framing format used by the journal or
12431 coredump processing has changed to be in line with what the
12432 official LZ4 tools generate. LZ4 compression support in
12433 systemd was considered unsupported previously, as the format
12434 was not compatible with the normal tools. With this release
12435 this has changed now, and it is hence safe for downstream
12436 distributions to turn it on. While not compressing as well
815bb5bd 12437 as the XZ, LZ4 is substantially faster, which makes
28c85daf
LP		 12438 it a good default choice for the compression logic in the
12439 journal and in coredump handling.
a11c7ea5 12440
28c85daf
LP		 12441 * Any reference to /etc/mtab has been dropped from
12442 systemd. The file has been obsolete since a while, but
12443 systemd refused to work on systems where it was incorrectly
815bb5bd 12444 set up (it should be a symlink or non-existent). Please make
28c85daf
LP		 12445 sure to update to util-linux 2.27.1 or newer in conjunction
12446 with this systemd release, which also drops any reference to
12447 /etc/mtab. If you maintain a distribution make sure that no
12448 software you package still references it, as this is a
12449 likely source of bugs. There's also a glibc bug pending,
12450 asking for removal of any reference to this obsolete file:
12451
12452 https://sourceware.org/bugzilla/show_bug.cgi?id=19108
a11c7ea5 12453
d5bd92bb
LP		 12454 Note that only util-linux versions built with
12455 --enable-libmount-force-mountinfo are supported.
12456
a11c7ea5
LP		 12457 * Support for the ".snapshot" unit type has been removed. This
12458 feature turned out to be little useful and little used, and
12459 has now been removed from the core and from systemctl.
12460
b9e2f7eb
LP		 12461 * The dependency types RequiresOverridable= and
12462 RequisiteOverridable= have been removed from systemd. They
12463 have been used only very sparingly to our knowledge and
12464 other options that provide a similar effect (such as
12465 systemctl --mode=ignore-dependencies) are much more useful
12466 and commonly used. Moreover, they were only half-way
12467 implemented as the option to control behaviour regarding
12468 these dependencies was never added to systemctl. By removing
12469 these dependency types the execution engine becomes a bit
12470 simpler. Unit files that use these dependencies should be
12471 changed to use the non-Overridable dependency types
12472 instead. In fact, when parsing unit files with these
12473 options, that's what systemd will automatically convert them
12474 too, but it will also warn, asking users to fix the unit
12475 files accordingly. Removal of these dependency types should
12476 only affect a negligible number of unit files in the wild.
12477
12478 * Behaviour of networkd's IPForward= option changed
12479 (again). It will no longer maintain a per-interface setting,
12480 but propagate one way from interfaces where this is enabled
12481 to the global kernel setting. The global setting will be
12482 enabled when requested by a network that is set up, but
12483 never be disabled again. This change was made to make sure
12484 IPv4 and IPv6 behaviour regarding packet forwarding is
12485 similar (as the Linux IPv6 stack does not support
12486 per-interface control of this setting) and to minimize
12487 surprises.
12488
28c85daf
LP		 12489 * In unit files the behaviour of %u, %U, %h, %s has
12490 changed. These specifiers will now unconditionally resolve
12491 to the various user database fields of the user that the
12492 systemd instance is running as, instead of the user
12493 configured in the specific unit via User=. Note that this
12494 effectively doesn't change much, as resolving of these
12495 specifiers was already turned off in the --system instance
12496 of systemd, as we cannot do NSS lookups from PID 1. In the
12497 --user instance of systemd these specifiers where correctly
12498 resolved, but hardly made any sense, since the user instance
12499 lacks privileges to do user switches anyway, and User= is
ce830873 12500 hence useless. Moreover, even in the --user instance of
28c85daf
LP		 12501 systemd behaviour was awkward as it would only take settings
12502 from User= assignment placed before the specifier into
12503 account. In order to unify and simplify the logic around
12504 this the specifiers will now always resolve to the
12505 credentials of the user invoking the manager (which in case
12506 of PID 1 is the root user).
12507
12508 Contributions from: Andrew Jones, Beniamino Galvani, Boyuan
12509 Yang, Daniel Machon, Daniel Mack, David Herrmann, David
12510 Reynolds, David Strauss, Dongsu Park, Evgeny Vereshchagin,
f1f8a5a5
LP		 12511 Felipe Sateler, Filipe Brandenburger, Franck Bui, Hristo
12512 Venev, Iago López Galeiras, Jan Engelhardt, Jan Janssen, Jan
12513 Synacek, Jesus Ornelas Aguayo, Karel Zak, kayrus, Kay Sievers,
12514 Lennart Poettering, Liu Yuan Yuan, Mantas Mikulėnas, Marcel
12515 Holtmann, Marcin Bachry, Marcos Alano, Marcos Mello, Mark
12516 Theunissen, Martin Pitt, Michael Marineau, Michael Olbrich,
12517 Michal Schmidt, Michal Sekletar, Mirco Tischler, Nick Owens,
12518 Nicolas Cornu, Patrik Flykt, Peter Hutterer, reverendhomer,
12519 Ronny Chevalier, Sangjung Woo, Seong-ho Cho, Shawn Landden,
12520 Susant Sahani, Thomas Haller, Thomas Hindoe Paaboel Andersen,
12521 Tom Gundersen, Torstein Husebø, Vito Caputo, Zbigniew
12522 Jędrzejewski-Szmek
28c85daf 12523
ccddd104 12524 — Berlin, 2015-11-18
a11c7ea5 12525
c97e586d
DM		 12526CHANGES WITH 227:
12527
12528 * systemd now depends on util-linux v2.27. More specifically,
12529 the newly added mount monitor feature in libmount now
12530 replaces systemd's former own implementation.
12531
12532 * libmount mandates /etc/mtab not to be regular file, and
12533 systemd now enforces this condition at early boot.
12534 /etc/mtab has been deprecated and warned about for a very
12535 long time, so systems running systemd should already have
12536 stopped having this file around as anything else than a
12537 symlink to /proc/self/mounts.
12538
33db1b90 12539 * Support for the "pids" cgroup controller has been added. It
d046fb93 12540 allows accounting the number of tasks in a cgroup and
c97e586d
DM		 12541 enforcing limits on it. This adds two new setting
12542 TasksAccounting= and TasksMax= to each unit, as well as a
6fd5517b 12543 global option DefaultTasksAccounting=.
c97e586d
DM		 12544
12545 * Support for the "net_cls" cgroup controller has been added.
fe08a30b
LP		 12546 It allows assigning a net class ID to each task in the
12547 cgroup, which can then be used in firewall rules and traffic
12548 shaping configurations. Note that the kernel netfilter net
12549 class code does not currently work reliably for ingress
12550 packets on unestablished sockets.
c97e586d
DM		 12551
12552 This adds a new config directive called NetClass= to CGroup
6fd5517b 12553 enabled units. Allowed values are positive numbers for fixed
c97e586d
DM		 12554 assignments and "auto" for picking a free value
12555 automatically.
12556
21d86c61
DM		 12557 * 'systemctl is-system-running' now returns 'offline' if the
12558 system is not booted with systemd. This command can now be
12559 used as a substitute for 'systemd-notify --booted'.
12560
12561 * Watchdog timeouts have been increased to 3 minutes for all
12562 in-tree service files. Apparently, disk IO issues are more
12563 frequent than we hoped, and user reported >1 minute waiting
12564 for disk IO.
12565
12566 * 'machine-id-commit' functionality has been merged into
12567 'machine-id-setup --commit'. The separate binary has been
12568 removed.
12569
d046fb93
LP		 12570 * The WorkingDirectory= directive in unit files may now be set
12571 to the special value '~'. In this case, the working
12572 directory is set to the home directory of the user
12573 configured in User=.
21d86c61 12574
fe08a30b
LP		 12575 * "machinectl shell" will now open the shell in the home
12576 directory of the selected user by default.
12577
21d86c61 12578 * The CrashChVT= configuration file setting is renamed to
d046fb93
LP		 12579 CrashChangeVT=, following our usual logic of not
12580 abbreviating unnecessarily. The old directive is still
12581 supported for compat reasons. Also, this directive now takes
12582 an integer value between 1 and 63, or a boolean value. The
12583 formerly supported '-1' value for disabling stays around for
12584 compat reasons.
21d86c61 12585
fe08a30b 12586 * The PrivateTmp=, PrivateDevices=, PrivateNetwork=,
8b5f9d15 12587 NoNewPrivileges=, TTYPath=, WorkingDirectory= and
fe08a30b
LP		 12588 RootDirectory= properties can now be set for transient
12589 units.
12590
12591 * The systemd-analyze tool gained a new "set-log-target" verb
12592 to change the logging target the system manager logs to
12593 dynamically during runtime. This is similar to how
12594 "systemd-analyze set-log-level" already changes the log
12595 level.
12596
12597 * In nspawn /sys is now mounted as tmpfs, with only a selected
12598 set of subdirectories mounted in from the real sysfs. This
12599 enhances security slightly, and is useful for ensuring user
12600 namespaces work correctly.
12601
12602 * Support for USB FunctionFS activation has been added. This
12603 allows implementation of USB gadget services that are
12604 activated as soon as they are requested, so that they don't
595bfe7d 12605 have to run continuously, similar to classic socket
fe08a30b
LP		 12606 activation.
12607
12608 * The "systemctl exit" command now optionally takes an
12609 additional parameter that sets the exit code to return from
12610 the systemd manager when exiting. This is only relevant when
12611 running the systemd user instance, or when running the
12612 system instance in a container.
12613
12614 * sd-bus gained the new API calls sd_bus_path_encode_many()
12615 and sd_bus_path_decode_many() that allow easy encoding and
12616 decoding of multiple identifier strings inside a D-Bus
12617 object path. Another new call sd_bus_default_flush_close()
12618 has been added to flush and close per-thread default
12619 connections.
12620
12621 * systemd-cgtop gained support for a -M/--machine= switch to
12622 show the control groups within a certain container only.
12623
12624 * "systemctl kill" gained support for an optional --fail
12625 switch. If specified the requested operation will fail of no
12626 processes have been killed, because the unit had no
12627 processes attached, or similar.
12628
bdba9227
DM		 12629 * A new systemd.crash_reboot=1 kernel command line option has
12630 been added that triggers a reboot after crashing. This can
12631 also be set through CrashReboot= in systemd.conf.
12632
12633 * The RuntimeDirectory= setting now understands unit
12634 specifiers like %i or %f.
12635
ce830873 12636 * A new (still internal) library API sd-ipv4acd has been added,
fe08a30b
LP		 12637 that implements address conflict detection for IPv4. It's
12638 based on code from sd-ipv4ll, and will be useful for
12639 detecting DHCP address conflicts.
12640
bdba9227
DM		 12641 * File descriptors passed during socket activation may now be
12642 named. A new API sd_listen_fds_with_names() is added to
33db1b90 12643 access the names. The default names may be overridden,
bdba9227
DM		 12644 either in the .socket file using the FileDescriptorName=
12645 parameter, or by passing FDNAME= when storing the file
12646 descriptors using sd_notify().
fe08a30b 12647
d046fb93
LP		 12648 * systemd-networkd gained support for:
12649
0053598f 12650 - Setting the IPv6 Router Advertisement settings via
edf4126f 12651 IPv6AcceptRouterAdvertisements= in .network files.
d046fb93
LP		 12652
12653 - Configuring the HelloTimeSec=, MaxAgeSec= and
12654 ForwardDelaySec= bridge parameters in .netdev files.
12655
12656 - Configuring PreferredSource= for static routes in
edf4126f 12657 .network files.
fe08a30b 12658
bdba9227
DM		 12659 * The "ask-password" framework used to query for LUKS harddisk
12660 passwords or SSL passwords during boot gained support for
12661 caching passwords in the kernel keyring, if it is
12662 available. This makes sure that the user only has to type in
12663 a passphrase once if there are multiple objects to unlock
12664 with the same one. Previously, such password caching was
12665 available only when Plymouth was used; this moves the
12666 caching logic into the systemd codebase itself. The
12667 "systemd-ask-password" utility gained a new --keyname=
12668 switch to control which kernel keyring key to use for
12669 caching a password in. This functionality is also useful for
12670 enabling display managers such as gdm to automatically
12671 unlock the user's GNOME keyring if its passphrase, the
12672 user's password and the harddisk password are the same, if
12673 gdm-autologin is used.
fe08a30b
LP		 12674
12675 * When downloading tar or raw images using "machinectl
12676 pull-tar" or "machinectl pull-raw", a matching ".nspawn"
12677 file is now also downloaded, if it is available and stored
12678 next to the image file.
c97e586d 12679
91d0d699
LP		 12680 * Units of type ".socket" gained a new boolean setting
12681 Writable= which is only useful in conjunction with
12682 ListenSpecial=. If true, enables opening the specified
12683 special file in O_RDWR mode rather than O_RDONLY mode.
12684
12685 * systemd-rfkill has been reworked to become a singleton
12686 service that is activated through /dev/rfkill on each rfkill
12687 state change and saves the settings to disk. This way,
12688 systemd-rfkill is now compatible with devices that exist
12689 only intermittendly, and even restores state if the previous
12690 system shutdown was abrupt rather than clean.
12691
d046fb93
LP		 12692 * The journal daemon gained support for vacuuming old journal
12693 files controlled by the number of files that shall remain,
12694 in addition to the already existing control by size and by
12695 date. This is useful as journal interleaving performance
6dd6a9c4 12696 degrades with too many separate journal files, and allows
d046fb93
LP		 12697 putting an effective limit on them. The new setting defaults
12698 to 100, but this may be changed by setting SystemMaxFiles=
12699 and RuntimeMaxFiles= in journald.conf. Also, the
12700 "journalctl" tool gained the new --vacuum-files= switch to
12701 manually vacuum journal files to leave only the specified
12702 number of files in place.
c48eb61f 12703
bdba9227
DM		 12704 * udev will now create /dev/disk/by-path links for ATA devices
12705 on kernels where that is supported.
c30f086f 12706
efce0ffe 12707 * Galician, Serbian, Turkish and Korean translations were added.
c97e586d 12708
61e6771c
LP		 12709 Contributions from: Aaro Koskinen, Alban Crequy, Beniamino
12710 Galvani, Benjamin Robin, Branislav Blaskovic, Chen-Han Hsiao
12711 (Stanley), Daniel Buch, Daniel Machon, Daniel Mack, David
12712 Herrmann, David Milburn, doubleodoug, Evgeny Vereshchagin,
12713 Felipe Franciosi, Filipe Brandenburger, Fran Dieguez, Gabriel
12714 de Perthuis, Georg Müller, Hans de Goede, Hendrik Brueckner,
12715 Ivan Shapovalov, Jacob Keller, Jan Engelhardt, Jan Janssen,
12716 Jan Synacek, Jens Kuske, Karel Zak, Kay Sievers, Krzesimir
12717 Nowak, Krzysztof Kotlenga, Lars Uebernickel, Lennart
12718 Poettering, Lukas Nykryn, Łukasz Stelmach, Maciej Wereski,
12719 Marcel Holtmann, Marius Thesing, Martin Pitt, Michael Biebl,
12720 Michael Gebetsroither, Michal Schmidt, Michal Sekletar, Mike
12721 Gilbert, Muhammet Kara, nazgul77, Nicolas Cornu, NoXPhasma,
12722 Olof Johansson, Patrik Flykt, Pawel Szewczyk, reverendhomer,
12723 Ronny Chevalier, Sangjung Woo, Seong-ho Cho, Susant Sahani,
12724 Sylvain Plantefève, Thomas Haller, Thomas Hindoe Paaboel
12725 Andersen, Tom Gundersen, Tom Lyon, Viktar Vauchkevich,
12726 Zbigniew Jędrzejewski-Szmek, Марко М. Костић
12727
ccddd104 12728 — Berlin, 2015-10-07
c97e586d 12729
c9912c5e
DH		 12730CHANGES WITH 226:
12731
5e8d4254
LP		 12732 * The DHCP implementation of systemd-networkd gained a set of
12733 new features:
12734
12735 - The DHCP server now supports emitting DNS and NTP
12736 information. It may be enabled and configured via
12737 EmitDNS=, DNS=, EmitNTP=, and NTP=. If transmission of DNS
12738 and NTP information is enabled, but no servers are
12739 configured, the corresponding uplink information (if there
12740 is any) is propagated.
12741
12742 - Server and client now support transmission and reception
12743 of timezone information. It can be configured via the
12744 newly introduced network options UseTimezone=,
33db1b90 12745 EmitTimezone=, and Timezone=. Transmission of timezone
5e8d4254
LP		 12746 information is enabled between host and containers by
12747 default now: the container will change its local timezone
12748 to what the host has set.
12749
12750 - Lease timeouts can now be configured via
12751 MaxLeaseTimeSec= and DefaultLeaseTimeSec=.
12752
12753 - The DHCP server improved on the stability of
12754 leases. Clients are more likely to get the same lease
12755 information back, even if the server loses state.
12756
12757 - The DHCP server supports two new configuration options to
12758 control the lease address pool metrics, PoolOffset= and
12759 PoolSize=.
12760
12761 * The encapsulation limit of tunnels in systemd-networkd may
12762 now be configured via 'EncapsulationLimit='. It allows
12763 modifying the maximum additional levels of encapsulation
12764 that are permitted to be prepended to a packet.
12765
12766 * systemd now supports the concept of user buses replacing
12767 session buses, if used with dbus-1.10 (and enabled via dbus
12768 --enable-user-session). It previously only supported this on
12769 kdbus-enabled systems, and this release expands this to
12770 'dbus-daemon' systems.
12771
12772 * systemd-networkd now supports predictable interface names
12773 for virtio devices.
12774
12775 * systemd now optionally supports the new Linux kernel
12776 "unified" control group hierarchy. If enabled via the kernel
12777 command-line option 'systemd.unified_cgroup_hierarchy=1',
12778 systemd will try to mount the unified cgroup hierarchy
12779 directly on /sys/fs/cgroup. If not enabled, or not
12780 available, systemd will fall back to the legacy cgroup
12781 hierarchy setup, as before. Host system and containers can
12782 mix and match legacy and unified hierarchies as they
856ca72b 12783 wish. nspawn understands the $UNIFIED_CGROUP_HIERARCHY
5e8d4254
LP		 12784 environment variable to individually select the hierarchy to
12785 use for executed containers. By default, nspawn will use the
12786 unified hierarchy for the containers if the host uses the
12787 unified hierarchy, and the legacy hierarchy otherwise.
12788 Please note that at this point the unified hierarchy is an
12789 experimental kernel feature and is likely to change in one
33db1b90 12790 of the next kernel releases. Therefore, it should not be
5e8d4254
LP		 12791 enabled by default in downstream distributions yet. The
12792 minimum required kernel version for the unified hierarchy to
12793 work is 4.2. Note that when the unified hierarchy is used
12794 for the first time delegated access to controllers is
12795 safe. Because of this systemd-nspawn containers will get
12796 access to controllers now, as will systemd user
12797 sessions. This means containers and user sessions may now
12798 manage their own resources, partitioning up what the system
12799 grants them.
12800
12801 * A new special scope unit "init.scope" has been introduced
12802 that encapsulates PID 1 of the system. It may be used to
12803 determine resource usage and enforce resource limits on PID
12804 1 itself. PID 1 hence moved out of the root of the control
12805 group tree.
12806
12807 * The cgtop tool gained support for filtering out kernel
12808 threads when counting tasks in a control group. Also, the
12809 count of processes is now recursively summed up by
12810 default. Two options -k and --recursive= have been added to
12811 revert to old behaviour. The tool has also been updated to
12812 work correctly in containers now.
12813
12814 * systemd-nspawn's --bind= and --bind-ro= options have been
12815 extended to allow creation of non-recursive bind mounts.
12816
c626bf1d
DM		 12817 * libsystemd gained two new calls sd_pid_get_cgroup() and
12818 sd_peer_get_cgroup() which return the control group path of
5e8d4254
LP		 12819 a process or peer of a connected AF_UNIX socket. This
12820 function call is particularly useful when implementing
12821 delegated subtrees support in the control group hierarchy.
12822
12823 * The "sd-event" event loop API of libsystemd now supports
12824 correct dequeuing of real-time signals, without losing
12825 signal events.
12826
d35f51ea
ZJS		 12827 * When systemd requests a polkit decision when managing units it
12828 will now add additional fields to the request, including unit
12829 name and desired operation. This enables more powerful polkit
12830 policies, that make decisions depending on these parameters.
c9912c5e 12831
47f5a38c
LP		 12832 * nspawn learnt support for .nspawn settings files, that may
12833 accompany the image files or directories of containers, and
12834 may contain additional settings for the container. This is
12835 an alternative to configuring container parameters via the
12836 nspawn command line.
12837
2f77decc
LP		 12838 Contributions from: Cristian Rodríguez, Daniel Mack, David
12839 Herrmann, Eugene Yakubovich, Evgeny Vereshchagin, Filipe
12840 Brandenburger, Hans de Goede, Jan Alexander Steffens, Jan
12841 Synacek, Kay Sievers, Lennart Poettering, Mangix, Marcel
12842 Holtmann, Martin Pitt, Michael Biebl, Michael Chapman, Michal
12843 Sekletar, Peter Hutterer, Piotr Drąg, reverendhomer, Robin
12844 Hack, Susant Sahani, Sylvain Pasche, Thomas Hindoe Paaboel
23d08d1b 12845 Andersen, Tom Gundersen, Torstein Husebø
c9912c5e 12846
ccddd104 12847 — Berlin, 2015-09-08
c9912c5e 12848
ec5249a2
DM		 12849CHANGES WITH 225:
12850
5e8d4254
LP		 12851 * machinectl gained a new verb 'shell' which opens a fresh
12852 shell on the target container or the host. It is similar to
12853 the existing 'login' command of machinectl, but spawns the
12854 shell directly without prompting for username or
12855 password. The pseudo machine '.host' now refers to the local
12856 host and is used by default. Hence, 'machinectl shell' can
12857 be used as replacement for 'su -' which spawns a session as
12858 a fresh systemd unit in a way that is fully isolated from
12859 the originating session.
12860
12861 * systemd-networkd learned to cope with private-zone DHCP
12862 options and allows other programs to query the values.
12863
12864 * SELinux access control when enabling/disabling units is no
d35f51ea
ZJS		 12865 longer enforced with this release. The previous implementation
12866 was incorrect, and a new corrected implementation is not yet
12867 available. As unit file operations are still protected via
12868 polkit and D-Bus policy this is not a security problem. Yet,
12869 distributions which care about optimal SELinux support should
12870 probably not stabilize on this release.
5e8d4254
LP		 12871
12872 * sd-bus gained support for matches of type "arg0has=", that
12873 test for membership of strings in string arrays sent in bus
12874 messages.
12875
12876 * systemd-resolved now dumps the contents of its DNS and LLMNR
12877 caches to the logs on reception of the SIGUSR1 signal. This
12878 is useful to debug DNS behaviour.
12879
12880 * The coredumpctl tool gained a new --directory= option to
12881 operate on journal files in a specific directory.
12882
12883 * "systemctl reboot" and related commands gained a new
12884 "--message=" option which may be used to set a free-text
12885 wall message when shutting down or rebooting the
12886 system. This message is also logged, which is useful for
12887 figuring out the reason for a reboot or shutdown a
12888 posteriori.
12889
12890 * The "systemd-resolve-host" tool's -i switch now takes
12891 network interface numbers as alternative to interface names.
12892
12893 * A new unit file setting for services has been introduced:
12894 UtmpMode= allows configuration of how precisely systemd
12895 handles utmp and wtmp entries for the service if this is
12896 enabled. This allows writing services that appear similar to
12897 user sessions in the output of the "w", "who", "last" and
12898 "lastlog" tools.
12899
12900 * systemd-resolved will now locally synthesize DNS resource
12901 records for the "localhost" and "gateway" domains as well as
12902 the local hostname. This should ensure that clients querying
12903 RRs via resolved will get similar results as those going via
12904 NSS, if nss-myhostname is enabled.
12905
12906 Contributions from: Alastair Hughes, Alex Crawford, Daniel
12907 Mack, David Herrmann, Dimitri John Ledkov, Eric Kostrowski,
12908 Evgeny Vereshchagin, Felipe Sateler, HATAYAMA Daisuke, Jan
12909 Pokorný, Jan Synacek, Johnny Robeson, Karel Zak, Kay Sievers,
12910 Kefeng Wang, Lennart Poettering, Major Hayden, Marcel
12911 Holtmann, Markus Elfring, Martin Mikkelsen, Martin Pitt, Matt
12912 Turner, Maxim Mikityanskiy, Michael Biebl, Namhyung Kim,
12913 Nicolas Cornu, Owen W. Taylor, Patrik Flykt, Peter Hutterer,
12914 reverendhomer, Richard Maw, Ronny Chevalier, Seth Jennings,
12915 Stef Walter, Susant Sahani, Thomas Blume, Thomas Hindoe
12916 Paaboel Andersen, Thomas Meyer, Tom Gundersen, Vincent Batts,
12917 WaLyong Cho, Zbigniew Jędrzejewski-Szmek
e1439a14 12918
ccddd104 12919 — Berlin, 2015-08-27
ec5249a2 12920
11811e85
DH		 12921CHANGES WITH 224:
12922
10fa421c
DH		 12923 * The systemd-efi-boot-generator functionality was merged into
12924 systemd-gpt-auto-generator.
12925
5e8d4254
LP		 12926 * systemd-networkd now supports Group Policy for vxlan
12927 devices. It can be enabled via the new boolean configuration
12928 option called 'GroupPolicyExtension='.
10fa421c 12929
11811e85
DH		 12930 Contributions from: Andreas Kempf, Christian Hesse, Daniel Mack, David
12931 Herrmann, Herman Fries, Johannes Nixdorf, Kay Sievers, Lennart
12932 Poettering, Peter Hutterer, Susant Sahani, Tom Gundersen
12933
ccddd104 12934 — Berlin, 2015-07-31
11811e85 12935
e57eaef8
DH		 12936CHANGES WITH 223:
12937
12938 * The python-systemd code has been removed from the systemd repository.
12939 A new repository has been created which accommodates the code from
12940 now on, and we kindly ask distributions to create a separate package
12941 for this: https://github.com/systemd/python-systemd
12942
01608bc8 12943 * The systemd daemon will now reload its main configuration
e57eaef8
DH		 12944 (/etc/systemd/system.conf) on daemon-reload.
12945
12946 * sd-dhcp now exposes vendor specific extensions via
12947 sd_dhcp_lease_get_vendor_specific().
12948
931618d0
DM		 12949 * systemd-networkd gained a number of new configuration options.
12950
12951 - A new boolean configuration option for TAP devices called
37d54b93 12952 'VNetHeader='. If set, the IFF_VNET_HDR flag is set for the
931618d0
DM		 12953 device, thus allowing to send and receive GSO packets.
12954
12955 - A new tunnel configuration option called 'CopyDSCP='.
12956 If enabled, the DSCP field of ip6 tunnels is copied into the
12957 decapsulated packet.
12958
12959 - A set of boolean bridge configuration options were added.
12960 'UseBPDU=', 'HairPin=', 'FastLeave=', 'AllowPortToBeRoot=',
12961 and 'UnicastFlood=' are now parsed by networkd and applied to the
12962 respective bridge link device via the respective IFLA_BRPORT_*
12963 netlink attribute.
12964
12965 - A new string configuration option to override the hostname sent
12966 to a DHCP server, called 'Hostname='. If set and 'SendHostname='
12967 is true, networkd will use the configured hostname instead of the
12968 system hostname when sending DHCP requests.
12969
12970 - A new tunnel configuration option called 'IPv6FlowLabel='. If set,
12971 networkd will configure the IPv6 flow-label of the tunnel device
12972 according to RFC2460.
e57eaef8 12973
f5f113f6
DH		 12974 - The 'macvtap' virtual network devices are now supported, similar to
12975 the already supported 'macvlan' devices.
12976
e57eaef8 12977 * systemd-resolved now implements RFC5452 to improve resilience against
01608bc8 12978 cache poisoning. Additionally, source port randomization is enabled
e57eaef8
DH		 12979 by default to further protect against DNS spoofing attacks.
12980
12981 * nss-mymachines now supports translating UIDs and GIDs of running
12982 containers with user-namespaces enabled. If a container 'foo'
12983 translates a host uid 'UID' to the container uid 'TUID', then
12984 nss-mymachines will also map uid 'UID' to/from username 'vu-foo-TUID'
12985 (with 'foo' and 'TUID' replaced accordingly). Similarly, groups are
12986 mapped as 'vg-foo-TGID'.
12987
12988 Contributions from: Beniamino Galvani, cee1, Christian Hesse, Daniel
e4e66993
DH		 12989 Buch, Daniel Mack, daurnimator, David Herrmann, Dimitri John Ledkov,
12990 HATAYAMA Daisuke, Ivan Shapovalov, Jan Alexander Steffens (heftig),
12991 Johan Ouwerkerk, Jose Carlos Venegas Munoz, Karel Zak, Kay Sievers,
12992 Lennart Poettering, Lidong Zhong, Martin Pitt, Michael Biebl, Michael
12993 Olbrich, Michal Schmidt, Michal Sekletar, Mike Gilbert, Namhyung Kim,
12994 Nick Owens, Peter Hutterer, Richard Maw, Steven Allen, Sungbae Yoo,
12995 Susant Sahani, Thomas Blume, Thomas Hindoe Paaboel Andersen, Tom
12996 Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Vito Caputo,
12997 Vivenzio Pagliari, Zbigniew Jędrzejewski-Szmek
12998
ccddd104 12999 — Berlin, 2015-07-29
e57eaef8 13000
0db83ad7 13001CHANGES WITH 222:
5541c889 13002
861b02eb
KS		 13003 * udev does not longer support the WAIT_FOR_SYSFS= key in udev rules.
13004 There are no known issues with current sysfs, and udev does not need
13005 or should be used to work around such bugs.
13006
13007 * udev does no longer enable USB HID power management. Several reports
13008 indicate, that some devices cannot handle that setting.
0db83ad7
DH		 13009
13010 * The udev accelerometer helper was removed. The functionality
13011 is now fully included in iio-sensor-proxy. But this means,
13012 older iio-sensor-proxy versions will no longer provide
13013 accelerometer/orientation data with this systemd version.
13014 Please upgrade iio-sensor-proxy to version 1.0.
13015
5541c889
DH		 13016 * networkd gained a new configuration option IPv6PrivacyExtensions=
13017 which enables IPv6 privacy extensions (RFC 4941, "Privacy Extensions
13018 for Stateless Address") on selected networks.
13019
9b361114
DM		 13020 * For the sake of fewer build-time dependencies and less code in the
13021 main repository, the python bindings are about to be removed in the
13022 next release. A new repository has been created which accommodates
13023 the code from now on, and we kindly ask distributions to create a
13024 separate package for this. The removal will take place in v223.
13025
13026 https://github.com/systemd/python-systemd
13027
0db83ad7
DH		 13028 Contributions from: Abdo Roig-Maranges, Andrew Eikum, Bastien Nocera,
13029 Cédric Delmas, Christian Hesse, Christos Trochalakis, Daniel Mack,
13030 daurnimator, David Herrmann, Dimitri John Ledkov, Eric Biggers, Eric
13031 Cook, Felipe Sateler, Geert Jansen, Gerd Hoffmann, Gianpaolo Macario,
5541c889
DH		 13032 Greg Kroah-Hartman, Iago López Galeiras, Jan Alexander Steffens
13033 (heftig), Jan Engelhardt, Jay Strict, Kay Sievers, Lennart Poettering,
0db83ad7
DH		 13034 Markus Knetschke, Martin Pitt, Michael Biebl, Michael Marineau, Michal
13035 Sekletar, Miguel Bernal Marin, Peter Hutterer, Richard Maw, rinrinne,
2d1ca112
DH		 13036 Susant Sahani, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Torstein
13037 Husebø, Vedran Miletić, WaLyong Cho, Zbigniew Jędrzejewski-Szmek
0db83ad7 13038
ccddd104 13039 — Berlin, 2015-07-07
0db83ad7 13040
0f0467e6
MP		 13041CHANGES WITH 221:
13042
470e72d4 13043 * The sd-bus.h and sd-event.h APIs have now been declared
5f92d24f 13044 stable and have been added to the official interface of
470e72d4
LP		 13045 libsystemd.so. sd-bus implements an alternative D-Bus client
13046 library, that is relatively easy to use, very efficient and
13047 supports both classic D-Bus as well as kdbus as transport
13048 backend. sd-event is a generic event loop abstraction that
13049 is built around Linux epoll, but adds features such as event
0aee49d5 13050 prioritization or efficient timer handling. Both APIs are good
470e72d4
LP		 13051 choices for C programs looking for a bus and/or event loop
13052 implementation that is minimal and does not have to be
5f92d24f 13053 portable to other kernels.
0f0467e6 13054
470e72d4
LP		 13055 * kdbus support is no longer compile-time optional. It is now
13056 always built-in. However, it can still be disabled at
13057 runtime using the kdbus=0 kernel command line setting, and
c6551464 13058 that setting may be changed to default to off, by specifying
470e72d4
LP		 13059 --disable-kdbus at build-time. Note though that the kernel
13060 command line setting has no effect if the kdbus.ko kernel
13061 module is not installed, in which case kdbus is (obviously)
13062 also disabled. We encourage all downstream distributions to
0aee49d5 13063 begin testing kdbus by adding it to the kernel images in the
470e72d4
LP		 13064 development distributions, and leaving kdbus support in
13065 systemd enabled.
0f0467e6 13066
470e72d4
LP		 13067 * The minimal required util-linux version has been bumped to
13068 2.26.
13069
13070 * Support for chkconfig (--enable-chkconfig) was removed in
0aee49d5 13071 favor of calling an abstraction tool
470e72d4
LP		 13072 /lib/systemd/systemd-sysv-install. This needs to be
13073 implemented for your distribution. See "SYSV INIT.D SCRIPTS"
13074 in README for details.
13075
13076 * If there's a systemd unit and a SysV init script for the
13077 same service name, and the user executes "systemctl enable"
13078 for it (or a related call), then this will now enable both
13079 (or execute the related operation on both), not just the
13080 unit.
13081
13082 * The libudev API documentation has been converted from gtkdoc
13083 into man pages.
13084
13085 * gudev has been removed from the systemd tree, it is now an
13086 external project.
13087
13088 * The systemd-cgtop tool learnt a new --raw switch to generate
0aee49d5 13089 "raw" (machine parsable) output.
470e72d4
LP		 13090
13091 * networkd's IPForwarding= .network file setting learnt the
13092 new setting "kernel", which ensures that networkd does not
13093 change the IP forwarding sysctl from the default kernel
13094 state.
13095
13096 * The systemd-logind bus API now exposes a new boolean
13097 property "Docked" that reports whether logind considers the
13098 system "docked", i.e. connected to a docking station or not.
13099
13100 Contributions from: Alex Crawford, Andreas Pokorny, Andrei
13101 Borzenkov, Charles Duffy, Colin Guthrie, Cristian Rodríguez,
13102 Daniele Medri, Daniel Hahler, Daniel Mack, David Herrmann,
13103 David Mohr, Dimitri John Ledkov, Djalal Harouni, dslul, Ed
13104 Swierk, Eric Cook, Filipe Brandenburger, Gianpaolo Macario,
13105 Harald Hoyer, Iago López Galeiras, Igor Vuk, Jan Synacek,
13106 Jason Pleau, Jason S. McMullan, Jean Delvare, Jeff Huang,
13107 Jonathan Boulle, Karel Zak, Kay Sievers, kloun, Lennart
13108 Poettering, Marc-Antoine Perennou, Marcel Holtmann, Mario
13109 Limonciello, Martin Pitt, Michael Biebl, Michael Olbrich,
13110 Michal Schmidt, Mike Gilbert, Nick Owens, Pablo Lezaeta Reyes,
b912e251
LP		 13111 Patrick Donnelly, Pavel Odvody, Peter Hutterer, Philip
13112 Withnall, Ronny Chevalier, Simon McVittie, Susant Sahani,
13113 Thomas Hindoe Paaboel Andersen, Tom Gundersen, Torstein
13114 Husebø, Umut Tezduyar Lindskog, Viktar Vauchkevich, Werner
13115 Fink, Zbigniew Jędrzejewski-Szmek
470e72d4 13116
ccddd104 13117 — Berlin, 2015-06-19
0f0467e6 13118
481a0aa2
LP		 13119CHANGES WITH 220:
13120
f7a73a25
DH		 13121 * The gudev library has been extracted into a separate repository
13122 available at: https://git.gnome.org/browse/libgudev/
13123 It is now managed as part of the Gnome project. Distributions
13124 are recommended to pass --disable-gudev to systemd and use
13125 gudev from the Gnome project instead. gudev is still included
13126 in systemd, for now. It will be removed soon, though. Please
13127 also see the announcement-thread on systemd-devel:
56cadcb6 13128 https://lists.freedesktop.org/archives/systemd-devel/2015-May/032070.html
f7a73a25 13129
481a0aa2
LP		 13130 * systemd now exposes a CPUUsageNSec= property for each
13131 service unit on the bus, that contains the overall consumed
13132 CPU time of a service (the sum of what each process of the
13133 service consumed). This value is only available if
13134 CPUAccounting= is turned on for a service, and is then shown
13135 in the "systemctl status" output.
13136
13137 * Support for configuring alternative mappings of the old SysV
13138 runlevels to systemd targets has been removed. They are now
29d1fcb4 13139 hardcoded in a way that runlevels 2, 3, 4 all map to
481a0aa2
LP		 13140 multi-user.target and 5 to graphical.target (which
13141 previously was already the default behaviour).
13142
13143 * The auto-mounter logic gained support for mount point
13144 expiry, using a new TimeoutIdleSec= setting in .automount
13145 units. (Also available as x-systemd.idle-timeout= in /etc/fstab).
13146
13147 * The EFI System Partition (ESP) as mounted to /boot by
13148 systemd-efi-boot-generator will now be unmounted
29d1fcb4 13149 automatically after 2 minutes of not being used. This should
481a0aa2
LP		 13150 minimize the risk of ESP corruptions.
13151
13152 * New /etc/fstab options x-systemd.requires= and
13153 x-systemd.requires-mounts-for= are now supported to express
13154 additional dependencies for mounts. This is useful for
28423d9a 13155 journaling file systems that support external journal
481a0aa2
LP		 13156 devices or overlay file systems that require underlying file
13157 systems to be mounted.
13158
13159 * systemd does not support direct live-upgrades (via systemctl
13160 daemon-reexec) from versions older than v44 anymore. As no
13161 distribution we are aware of shipped such old versions in a
13162 stable release this should not be problematic.
13163
13164 * When systemd forks off a new per-connection service instance
13165 it will now set the $REMOTE_ADDR environment variable to the
13166 remote IP address, and $REMOTE_PORT environment variable to
13167 the remote IP port. This behaviour is similar to the
13168 corresponding environment variables defined by CGI.
13169
13170 * systemd-networkd gained support for uplink failure
13171 detection. The BindCarrier= option allows binding interface
13172 configuration dynamically to the link sense of other
13173 interfaces. This is useful to achieve behaviour like in
13174 network switches.
13175
13176 * systemd-networkd gained support for configuring the DHCP
13177 client identifier to use when requesting leases.
13178
13179 * systemd-networkd now has a per-network UseNTP= option to
13180 configure whether NTP server information acquired via DHCP
13181 is passed on to services like systemd-timesyncd.
13182
13183 * systemd-networkd gained support for vti6 tunnels.
13184
1579dd2c
LP		 13185 * Note that systemd-networkd manages the sysctl variable
13186 /proc/sys/net/ipv[46]/conf/*/forwarding for each interface
13187 it is configured for since v219. The variable controls IP
13188 forwarding, and is a per-interface alternative to the global
13189 /proc/sys/net/ipv[46]/ip_forward. This setting is
13190 configurable in the IPForward= option, which defaults to
13191 "no". This means if networkd is used for an interface it is
13192 no longer sufficient to set the global sysctl option to turn
13193 on IP forwarding! Instead, the .network file option
13194 IPForward= needs to be turned on! Note that the
13195 implementation of this behaviour was broken in v219 and has
13196 been fixed in v220.
13197
481a0aa2
LP		 13198 * Many bonding and vxlan options are now configurable in
13199 systemd-networkd.
13200
13201 * systemd-nspawn gained a new --property= setting to set unit
13202 properties for the container scope. This is useful for
ce830873 13203 setting resource parameters (e.g. "CPUShares=500") on
481a0aa2
LP		 13204 containers started from the command line.
13205
13206 * systemd-nspawn gained a new --private-users= switch to make
13207 use of user namespacing available on recent Linux kernels.
13208
13209 * systemd-nspawn may now be called as part of a shell pipeline
13210 in which case the pipes used for stdin and stdout are passed
13211 directly to the process invoked in the container, without
13212 indirection via a pseudo tty.
13213
13214 * systemd-nspawn gained a new switch to control the UNIX
13215 signal to use when killing the init process of the container
13216 when shutting down.
13217
13218 * systemd-nspawn gained a new --overlay= switch for mounting
13219 overlay file systems into the container using the new kernel
13220 overlayfs support.
13221
13222 * When a container image is imported via systemd-importd and
13223 the host file system is not btrfs, a loopback block device
13224 file is created in /var/lib/machines.raw with a btrfs file
13225 system inside. It is then mounted to /var/lib/machines to
13226 enable btrfs features for container management. The loopback
13227 file and btrfs file system is grown as needed when container
13228 images are imported via systemd-importd.
13229
13230 * systemd-machined/systemd-importd gained support for btrfs
13231 quota, to enforce container disk space limits on disk. This
13232 is exposed in "machinectl set-limit".
13233
13234 * systemd-importd now can import containers from local .tar,
13235 .raw and .qcow2 images, and export them to .tar and .raw. It
13236 can also import dkr v2 images now from the network (on top
13237 of v1 as before).
13238
13239 * systemd-importd gained support for verifying downloaded
13240 images with gpg2 (previously only gpg1 was supported).
13241
d35f51ea
ZJS		 13242 * systemd-machined, systemd-logind, systemd: most bus calls are
13243 now accessible to unprivileged processes via polkit. Also,
13244 systemd-logind will now allow users to kill their own sessions
13245 without further privileges or authorization.
481a0aa2
LP		 13246
13247 * systemd-shutdownd has been removed. This service was
13248 previously responsible for implementing scheduled shutdowns
13249 as exposed in /usr/bin/shutdown's time parameter. This
13250 functionality has now been moved into systemd-logind and is
13251 accessible via a bus interface.
13252
13253 * "systemctl reboot" gained a new switch --firmware-setup that
13254 can be used to reboot into the EFI firmware setup, if that
13255 is available. systemd-logind now exposes an API on the bus
13256 to trigger such reboots, in case graphical desktop UIs want
13257 to cover this functionality.
13258
13259 * "systemctl enable", "systemctl disable" and "systemctl mask"
1579dd2c 13260 now support a new "--now" switch. If specified the units
481a0aa2
LP		 13261 that are enabled will also be started, and the ones
13262 disabled/masked also stopped.
13263
13264 * The Gummiboot EFI boot loader tool has been merged into
1a2d5fbe
DH		 13265 systemd, and renamed to "systemd-boot". The bootctl tool has been
13266 updated to support systemd-boot.
481a0aa2
LP		 13267
13268 * An EFI kernel stub has been added that may be used to create
13269 kernel EFI binaries that contain not only the actual kernel,
13270 but also an initrd, boot splash, command line and OS release
13271 information. This combined binary can then be signed as a
13272 single image, so that the firmware can verify it all in one
1a2d5fbe 13273 step. systemd-boot has special support for EFI binaries created
481a0aa2
LP		 13274 like this and can extract OS release information from them
13275 and show them in the boot menu. This functionality is useful
13276 to implement cryptographically verified boot schemes.
13277
13278 * Optional support has been added to systemd-fsck to pass
13279 fsck's progress report to an AF_UNIX socket in the file
13280 system.
13281
6b000af4
LP		 13282 * udev will no longer create device symlinks for all block devices by
13283 default. A deny list for excluding special block devices from this
387f6955 13284 logic has been turned into an allow list that requires picking block
6b000af4 13285 devices explicitly that require device symlinks.
481a0aa2
LP		 13286
13287 * A new (currently still internal) API sd-device.h has been
13288 added to libsystemd. This modernized API is supposed to
13289 replace libudev eventually. In fact, already much of libudev
13290 is now just a wrapper around sd-device.h.
13291
13292 * A new hwdb database for storing metadata about pointing
13293 stick devices has been added.
13294
13295 * systemd-tmpfiles gained support for setting file attributes
13296 similar to the "chattr" tool with new 'h' and 'H' lines.
13297
13298 * systemd-journald will no longer unconditionally set the
13299 btrfs NOCOW flag on new journal files. This is instead done
13300 with tmpfiles snippet using the new 'h' line type. This
13301 allows easy disabling of this logic, by masking the
13302 journal-nocow.conf tmpfiles file.
13303
13304 * systemd-journald will now translate audit message types to
13305 human readable identifiers when writing them to the
13306 journal. This should improve readability of audit messages.
13307
13308 * The LUKS logic gained support for the offset= and skip=
13309 options in /etc/crypttab, as previously implemented by
13310 Debian.
13311
13312 * /usr/lib/os-release gained a new optional field VARIANT= for
13313 distributions that support multiple variants (such as a
1d3a473b 13314 desktop edition, a server edition, …)
481a0aa2
LP		 13315
13316 Contributions from: Aaro Koskinen, Adam Goode, Alban Crequy,
13317 Alberto Fanjul Alonso, Alexander Sverdlin, Alex Puchades, Alin
13318 Rauta, Alison Chaiken, Andrew Jones, Arend van Spriel,
13319 Benedikt Morbach, Benjamin Franzke, Benjamin Tissoires, Blaž
13320 Tomažič, Chris Morgan, Chris Morin, Colin Walters, Cristian
13321 Rodríguez, Daniel Buch, Daniel Drake, Daniele Medri, Daniel
13322 Mack, Daniel Mustieles, daurnimator, Davide Bettio, David
13323 Herrmann, David Strauss, Didier Roche, Dimitri John Ledkov,
13324 Eric Cook, Gavin Li, Goffredo Baroncelli, Hannes Reinecke,
13325 Hans de Goede, Hans-Peter Deifel, Harald Hoyer, Iago López
13326 Galeiras, Ivan Shapovalov, Jan Engelhardt, Jan Janssen, Jan
13327 Pazdziora, Jan Synacek, Jasper St. Pierre, Jay Faulkner, John
13328 Paul Adrian Glaubitz, Jonathon Gilbert, Karel Zak, Kay
13329 Sievers, Koen Kooi, Lennart Poettering, Lubomir Rintel, Lucas
13330 De Marchi, Lukas Nykryn, Lukas Rusak, Lukasz Skalski, Łukasz
13331 Stelmach, Mantas Mikulėnas, Marc-Antoine Perennou, Marcel
13332 Holtmann, Martin Pitt, Mathieu Chevrier, Matthew Garrett,
13333 Michael Biebl, Michael Marineau, Michael Olbrich, Michal
13334 Schmidt, Michal Sekletar, Mirco Tischler, Nir Soffer, Patrik
13335 Flykt, Pavel Odvody, Peter Hutterer, Peter Lemenkov, Peter
13336 Waller, Piotr Drąg, Raul Gutierrez S, Richard Maw, Ronny
13337 Chevalier, Ross Burton, Sebastian Rasmussen, Sergey Ptashnick,
13338 Seth Jennings, Shawn Landden, Simon Farnsworth, Stefan Junker,
13339 Stephen Gallagher, Susant Sahani, Sylvain Plantefève, Thomas
13340 Haller, Thomas Hindoe Paaboel Andersen, Tobias Hunger, Tom
13341 Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Will
13342 Woods, Zachary Cook, Zbigniew Jędrzejewski-Szmek
13343
ccddd104 13344 — Berlin, 2015-05-22
481a0aa2 13345
615aaf41
LP		 13346CHANGES WITH 219:
13347
615aaf41
LP		 13348 * Introduce a new API "sd-hwdb.h" for querying the hardware
13349 metadata database. With this minimal interface one can query
13350 and enumerate the udev hwdb, decoupled from the old libudev
13351 library. libudev's interface for this is now only a wrapper
13352 around sd-hwdb. A new tool systemd-hwdb has been added to
13353 interface with and update the database.
13354
13355 * When any of systemd's tools copies files (for example due to
13356 tmpfiles' C lines) a btrfs reflink will attempted first,
13357 before bytewise copying is done.
13358
13359 * systemd-nspawn gained a new --ephemeral switch. When
13360 specified a btrfs snapshot is taken of the container's root
13361 directory, and immediately removed when the container
13362 terminates again. Thus, a container can be started whose
13363 changes never alter the container's root directory, and are
13364 lost on container termination. This switch can also be used
13365 for starting a container off the root file system of the
13366 host without affecting the host OS. This switch is only
13367 available on btrfs file systems.
13368
13369 * systemd-nspawn gained a new --template= switch. It takes the
13370 path to a container tree to use as template for the tree
7edecf21 13371 specified via --directory=, should that directory be
615aaf41
LP		 13372 missing. This allows instantiating containers dynamically,
13373 on first run. This switch is only available on btrfs file
13374 systems.
13375
13376 * When a .mount unit refers to a mount point on which multiple
13377 mounts are stacked, and the .mount unit is stopped all of
13378 the stacked mount points will now be unmounted until no
13379 mount point remains.
13380
13381 * systemd now has an explicit notion of supported and
13382 unsupported unit types. Jobs enqueued for unsupported unit
13383 types will now fail with an "unsupported" error code. More
13384 specifically .swap, .automount and .device units are not
13385 supported in containers, .busname units are not supported on
13386 non-kdbus systems. .swap and .automount are also not
13387 supported if their respective kernel compile time options
13388 are disabled.
13389
13390 * machinectl gained support for two new "copy-from" and
13391 "copy-to" commands for copying files from a running
13392 container to the host or vice versa.
13393
13394 * machinectl gained support for a new "bind" command to bind
13395 mount host directories into local containers. This is
13396 currently only supported for nspawn containers.
13397
13398 * networkd gained support for configuring bridge forwarding
13399 database entries (fdb) from .network files.
13400
13401 * A new tiny daemon "systemd-importd" has been added that can
13402 download container images in tar, raw, qcow2 or dkr formats,
13403 and make them available locally in /var/lib/machines, so
13404 that they can run as nspawn containers. The daemon can GPG
13405 verify the downloads (not supported for dkr, since it has no
13406 provisions for verifying downloads). It will transparently
13407 decompress bz2, xz, gzip compressed downloads if necessary,
13408 and restore sparse files on disk. The daemon uses privilege
13409 separation to ensure the actual download logic runs with
94e5ba37 13410 fewer privileges than the daemon itself. machinectl has
615aaf41
LP		 13411 gained new commands "pull-tar", "pull-raw" and "pull-dkr" to
13412 make the functionality of importd available to the
13413 user. With this in place the Fedora and Ubuntu "Cloud"
13414 images can be downloaded and booted as containers unmodified
13415 (the Fedora images lack the appropriate GPG signature files
13416 currently, so they cannot be verified, but this will change
13417 soon, hopefully). Note that downloading images is currently
13418 only fully supported on btrfs.
13419
13420 * machinectl is now able to list container images found in
13421 /var/lib/machines, along with some metadata about sizes of
13422 disk and similar. If the directory is located on btrfs and
13423 quota is enabled, this includes quota display. A new command
13424 "image-status" has been added that shows additional
13425 information about images.
13426
13427 * machinectl is now able to clone container images
13428 efficiently, if the underlying file system (btrfs) supports
f59dba26 13429 it, with the new "machinectl clone" command. It also
615aaf41
LP		 13430 gained commands for renaming and removing images, as well as
13431 marking them read-only or read-write (supported also on
13432 legacy file systems).
13433
13434 * networkd gained support for collecting LLDP network
13435 announcements, from hardware that supports this. This is
13436 shown in networkctl output.
13437
13438 * systemd-run gained support for a new -t (--pty) switch for
13439 invoking a binary on a pty whose input and output is
13440 connected to the invoking terminal. This allows executing
13441 processes as system services while interactively
13442 communicating with them via the terminal. Most interestingly
13443 this is supported across container boundaries. Invoking
13444 "systemd-run -t /bin/bash" is an alternative to running a
13445 full login session, the difference being that the former
13446 will not register a session, nor go through the PAM session
13447 setup.
13448
13449 * tmpfiles gained support for a new "v" line type for creating
13450 btrfs subvolumes. If the underlying file system is a legacy
13451 file system, this automatically degrades to creating a
13452 normal directory. Among others /var/lib/machines is now
13453 created like this at boot, should it be missing.
13454
13455 * The directory /var/lib/containers/ has been deprecated and
13456 been replaced by /var/lib/machines. The term "machines" has
13457 been used in the systemd context as generic term for both
13458 VMs and containers, and hence appears more appropriate for
13459 this, as the directory can also contain raw images bootable
13460 via qemu/kvm.
13461
13462 * systemd-nspawn when invoked with -M but without --directory=
13463 or --image= is now capable of searching for the container
13464 root directory, subvolume or disk image automatically, in
13465 /var/lib/machines. systemd-nspawn@.service has been updated
13466 to make use of this, thus allowing it to be used for raw
13467 disk images, too.
13468
13469 * A new machines.target unit has been introduced that is
13470 supposed to group all containers/VMs invoked as services on
13471 the system. systemd-nspawn@.service has been updated to
13472 integrate with that.
13473
13474 * machinectl gained a new "start" command, for invoking a
13475 container as a service. "machinectl start foo" is mostly
13476 equivalent to "systemctl start systemd-nspawn@foo.service",
13477 but handles escaping in a nicer way.
13478
13479 * systemd-nspawn will now mount most of the cgroupfs tree
13480 read-only into each container, with the exception of the
13481 container's own subtree in the name=systemd hierarchy.
13482
13483 * journald now sets the special FS_NOCOW file flag for its
13484 journal files. This should improve performance on btrfs, by
13485 avoiding heavy fragmentation when journald's write-pattern
13486 is used on COW file systems. It degrades btrfs' data
13487 integrity guarantees for the files to the same levels as for
13488 ext3/ext4 however. This should be OK though as journald does
13489 its own data integrity checks and all its objects are
13490 checksummed on disk. Also, journald should handle btrfs disk
13491 full events a lot more gracefully now, by processing SIGBUS
13492 errors, and not relying on fallocate() anymore.
13493
13494 * When journald detects that journal files it is writing to
13495 have been deleted it will immediately start new journal
13496 files.
13497
13498 * systemd now provides a way to store file descriptors
4c37970d 13499 per-service in PID 1. This is useful for daemons to ensure
615aaf41 13500 that fds they require are not lost during a daemon
94e5ba37 13501 restart. The fds are passed to the daemon on the next
615aaf41
LP		 13502 invocation in the same way socket activation fds are
13503 passed. This is now used by journald to ensure that the
13504 various sockets connected to all the system's stdout/stderr
13505 are not lost when journald is restarted. File descriptors
13506 may be stored in PID 1 via the sd_pid_notify_with_fds() API,
13507 an extension to sd_notify(). Note that a limit is enforced
13508 on the number of fds a service can store in PID 1, and it
13509 defaults to 0, so that no fds may be stored, unless this is
13510 explicitly turned on.
13511
13512 * The default TERM variable to use for units connected to a
13513 terminal, when no other value is explicitly is set is now
13514 vt220 rather than vt102. This should be fairly safe still,
13515 but allows PgUp/PgDn work.
13516
13517 * The /etc/crypttab option header= as known from Debian is now
13518 supported.
13519
13520 * "loginctl user-status" and "loginctl session-status" will
13521 now show the last 10 lines of log messages of the
13522 user/session following the status output. Similar,
13523 "machinectl status" will show the last 10 log lines
13524 associated with a virtual machine or container
13525 service. (Note that this is usually not the log messages
13526 done in the VM/container itself, but simply what the
13527 container manager logs. For nspawn this includes all console
13528 output however.)
13529
13530 * "loginctl session-status" without further argument will now
13531 show the status of the session of the caller. Similar,
13532 "lock-session", "unlock-session", "activate",
13533 "enable-linger", "disable-linger" may now be called without
13534 session/user parameter in which case they apply to the
13535 caller's session/user.
13536
13537 * An X11 session scriptlet is now shipped that uploads
13538 $DISPLAY and $XAUTHORITY into the environment of the systemd
13539 --user daemon if a session begins. This should improve
13540 compatibility with X11 enabled applications run as systemd
13541 user services.
13542
13543 * Generators are now subject to masking via /etc and /run, the
13544 same way as unit files.
13545
13546 * networkd .network files gained support for configuring
13547 per-link IPv4/IPv6 packet forwarding as well as IPv4
13548 masquerading. This is by default turned on for veth links to
13549 containers, as registered by systemd-nspawn. This means that
13550 nspawn containers run with --network-veth will now get
13551 automatic routed access to the host's networks without any
13552 further configuration or setup, as long as networkd runs on
13553 the host.
13554
13555 * systemd-nspawn gained the --port= (-p) switch to expose TCP
13556 or UDP posts of a container on the host. With this in place
13557 it is possible to run containers with private veth links
13558 (--network-veth), and have their functionality exposed on
13559 the host as if their services were running directly on the
13560 host.
13561
dd2fd155 13562 * systemd-nspawn's --network-veth switch now gained a short
615aaf41
LP		 13563 version "-n", since with the changes above it is now truly
13564 useful out-of-the-box. The systemd-nspawn@.service has been
13565 updated to make use of it too by default.
13566
13567 * systemd-nspawn will now maintain a per-image R/W lock, to
13568 ensure that the same image is not started more than once
13569 writable. (It's OK to run an image multiple times
13570 simultaneously in read-only mode.)
13571
13572 * systemd-nspawn's --image= option is now capable of
13573 dissecting and booting MBR and GPT disk images that contain
13574 only a single active Linux partition. Previously it
13575 supported only GPT disk images with proper GPT type
13576 IDs. This allows running cloud images from major
13577 distributions directly with systemd-nspawn, without
13578 modification.
13579
13580 * In addition to collecting mouse dpi data in the udev
13581 hardware database, there's now support for collecting angle
13582 information for mouse scroll wheels. The database is
7edecf21 13583 supposed to guarantee similar scrolling behavior on mice
615aaf41
LP		 13584 that it knows about. There's also support for collecting
13585 information about Touchpad types.
13586
13587 * udev's input_id built-in will now also collect touch screen
13588 dimension data and attach it to probed devices.
13589
13590 * /etc/os-release gained support for a Distribution Privacy
13591 Policy link field.
13592
13593 * networkd gained support for creating "ipvlan", "gretap",
13594 "ip6gre", "ip6gretap" and "ip6tnl" network devices.
13595
13596 * systemd-tmpfiles gained support for "a" lines for setting
13597 ACLs on files.
13598
13599 * systemd-nspawn will now mount /tmp in the container to
13600 tmpfs, automatically.
13601
13602 * systemd now exposes the memory.usage_in_bytes cgroup
13603 attribute and shows it for each service in the "systemctl
13604 status" output, if available.
13605
13606 * When the user presses Ctrl-Alt-Del more than 7x within 2s an
13607 immediate reboot is triggered. This useful if shutdown is
13608 hung and is unable to complete, to expedite the
13609 operation. Note that this kind of reboot will still unmount
13610 all file systems, and hence should not result in fsck being
13611 run on next reboot.
13612
13613 * A .device unit for an optical block device will now be
13614 considered active only when a medium is in the drive. Also,
13615 mount units are now bound to their backing devices thus
13616 triggering automatic unmounting when devices become
13617 unavailable. With this in place systemd will now
13618 automatically unmount left-over mounts when a CD-ROM is
5bc9ea07 13619 ejected or a USB stick is yanked from the system.
615aaf41
LP		 13620
13621 * networkd-wait-online now has support for waiting for
13622 specific interfaces only (with globbing), and for giving up
13623 after a configurable timeout.
13624
13625 * networkd now exits when idle. It will be automatically
13626 restarted as soon as interfaces show up, are removed or
13627 change state. networkd will stay around as long as there is
13628 at least one DHCP state machine or similar around, that keep
13629 it non-idle.
13630
13631 * networkd may now configure IPv6 link-local addressing in
13632 addition to IPv4 link-local addressing.
13633
13634 * The IPv6 "token" for use in SLAAC may now be configured for
13635 each .network interface in networkd.
13636
13637 * Routes configured with networkd may now be assigned a scope
13638 in .network files.
13639
13640 * networkd's [Match] sections now support globbing and lists
13641 of multiple space-separated matches per item.
13642
11ea2781 13643 Contributions from: Alban Crequy, Alin Rauta, Andrey Chaser,
d2c643c6
LP		 13644 Bastien Nocera, Bruno Bottazzini, Carlos Garnacho, Carlos
13645 Morata Castillo, Chris Atkinson, Chris J. Arges, Christian
13646 Kirbach, Christian Seiler, Christoph Brill, Colin Guthrie,
13647 Colin Walters, Cristian Rodríguez, Daniele Medri, Daniel Mack,
13648 Dave Reisner, David Herrmann, Djalal Harouni, Erik Auerswald,
13649 Filipe Brandenburger, Frank Theile, Gabor Kelemen, Gabriel de
13650 Perthuis, Harald Hoyer, Hui Wang, Ivan Shapovalov, Jan
13651 Engelhardt, Jan Synacek, Jay Faulkner, Johannes Hölzl, Jonas
13652 Ådahl, Jonathan Boulle, Josef Andersson, Kay Sievers, Ken
13653 Werner, Lennart Poettering, Lucas De Marchi, Lukas Märdian,
13654 Lukas Nykryn, Lukasz Skalski, Luke Shumaker, Mantas Mikulėnas,
13655 Manuel Mendez, Marcel Holtmann, Marc Schmitzer, Marko
13656 Myllynen, Martin Pitt, Maxim Mikityanskiy, Michael Biebl,
13657 Michael Marineau, Michael Olbrich, Michal Schmidt, Mindaugas
11ea2781
LP		 13658 Baranauskas, Moez Bouhlel, Naveen Kumar, Patrik Flykt, Paul
13659 Martin, Peter Hutterer, Peter Mattern, Philippe De Swert,
13660 Piotr Drąg, Rafael Ferreira, Rami Rosen, Robert Milasan, Ronny
13661 Chevalier, Sangjung Woo, Sebastien Bacher, Sergey Ptashnick,
13662 Shawn Landden, Stéphane Graber, Susant Sahani, Sylvain
13663 Plantefève, Thomas Hindoe Paaboel Andersen, Tim JP, Tom
13664 Gundersen, Topi Miettinen, Torstein Husebø, Umut Tezduyar
d2c643c6
LP		 13665 Lindskog, Veres Lajos, Vincent Batts, WaLyong Cho, Wieland
13666 Hoffmann, Zbigniew Jędrzejewski-Szmek
11ea2781 13667
ccddd104 13668 — Berlin, 2015-02-16
11ea2781 13669
d4f5a1f4
DH		 13670CHANGES WITH 218:
13671
f9e00a9f
LP		 13672 * When querying unit file enablement status (for example via
13673 "systemctl is-enabled"), a new state "indirect" is now known
13674 which indicates that a unit might not be enabled itself, but
c7683ffb 13675 another unit listed in its Also= setting might be.
f9e00a9f
LP		 13676
13677 * Similar to the various existing ConditionXYZ= settings for
b938cb90 13678 units, there are now matching AssertXYZ= settings. While
f9e00a9f
LP		 13679 failing conditions cause a unit to be skipped, but its job
13680 to succeed, failing assertions declared like this will cause
13681 a unit start operation and its job to fail.
13682
13683 * hostnamed now knows a new chassis type "embedded".
13684
13685 * systemctl gained a new "edit" command. When used on a unit
b938cb90 13686 file, this allows extending unit files with .d/ drop-in
f9e00a9f
LP		 13687 configuration snippets or editing the full file (after
13688 copying it from /usr/lib to /etc). This will invoke the
13689 user's editor (as configured with $EDITOR), and reload the
13690 modified configuration after editing.
13691
13692 * "systemctl status" now shows the suggested enablement state
13693 for a unit, as declared in the (usually vendor-supplied)
13694 system preset files.
13695
38b38500 13696 * nss-myhostname will now resolve the single-label hostname
f9e00a9f
LP		 13697 "gateway" to the locally configured default IP routing
13698 gateways, ordered by their metrics. This assigns a stable
13699 name to the used gateways, regardless which ones are
13700 currently configured. Note that the name will only be
13701 resolved after all other name sources (if nss-myhostname is
13702 configured properly) and should hence not negatively impact
38b38500 13703 systems that use the single-label hostname "gateway" in
f9e00a9f
LP		 13704 other contexts.
13705
13706 * systemd-inhibit now allows filtering by mode when listing
13707 inhibitors.
13708
122676c9 13709 * Scope and service units gained a new "Delegate" boolean
b938cb90 13710 property, which, when set, allows processes running inside the
122676c9
LP		 13711 unit to further partition resources. This is primarily
13712 useful for systemd user instances as well as container
13713 managers.
f9e00a9f
LP		 13714
13715 * journald will now pick up audit messages directly from
13716 the kernel, and log them like any other log message. The
13717 audit fields are split up and fully indexed. This means that
13718 journalctl in many ways is now a (nicer!) alternative to
13719 ausearch, the traditional audit client. Note that this
b938cb90 13720 implements only a minimal audit client. If you want the
f9e00a9f
LP		 13721 special audit modes like reboot-on-log-overflow, please use
13722 the traditional auditd instead, which can be used in
13723 parallel to journald.
13724
13725 * The ConditionSecurity= unit file option now understands the
13726 special string "audit" to check whether auditing is
13727 available.
13728
13729 * journalctl gained two new commands --vacuum-size= and
13730 --vacuum-time= to delete old journal files until the
a8eaaee7 13731 remaining ones take up no more than the specified size on disk,
f9e00a9f
LP		 13732 or are not older than the specified time.
13733
13734 * A new, native PPPoE library has been added to sd-network,
13735 systemd's library of light-weight networking protocols. This
13736 library will be used in a future version of networkd to
13737 enable PPPoE communication without an external pppd daemon.
13738
13739 * The busctl tool now understands a new "capture" verb that
13740 works similar to "monitor", but writes a packet capture
13741 trace to STDOUT that can be redirected to a file which is
13742 compatible with libcap's capture file format. This can then
13743 be loaded in Wireshark and similar tools to inspect bus
13744 communication.
13745
13746 * The busctl tool now understands a new "tree" verb that shows
13747 the object trees of a specific service on the bus, or of all
13748 services.
13749
13750 * The busctl tool now understands a new "introspect" verb that
13751 shows all interfaces and members of objects on the bus,
13752 including their signature and values. This is particularly
13753 useful to get more information about bus objects shown by
13754 the new "busctl tree" command.
13755
13756 * The busctl tool now understands new verbs "call",
13757 "set-property" and "get-property" for invoking bus method
13758 calls, setting and getting bus object properties in a
13759 friendly way.
13760
13761 * busctl gained a new --augment-creds= argument that controls
13762 whether the tool shall augment credential information it
13763 gets from the bus with data from /proc, in a possibly
13764 race-ful way.
13765
13766 * nspawn's --link-journal= switch gained two new values
13767 "try-guest" and "try-host" that work like "guest" and
17c29493 13768 "host", but do not fail if the host has no persistent
28423d9a 13769 journaling enabled. -j is now equivalent to
f9e00a9f
LP		 13770 --link-journal=try-guest.
13771
13772 * macvlan network devices created by nspawn will now have
13773 stable MAC addresses.
13774
13775 * A new SmackProcessLabel= unit setting has been added, which
13776 controls the SMACK security label processes forked off by
13777 the respective unit shall use.
13778
d4f5a1f4
DH		 13779 * If compiled with --enable-xkbcommon, systemd-localed will
13780 verify x11 keymap settings by compiling the given keymap. It
13781 will spew out warnings if the compilation fails. This
13782 requires libxkbcommon to be installed.
13783
b938cb90 13784 * When a coredump is collected, a larger number of metadata
f9e00a9f 13785 fields is now collected and included in the journal records
b938cb90 13786 created for it. More specifically, control group membership,
f9e00a9f
LP		 13787 environment variables, memory maps, working directory,
13788 chroot directory, /proc/$PID/status, and a list of open file
13789 descriptors is now stored in the log entry.
13790
17c29493 13791 * The udev hwdb now contains DPI information for mice. For
f9e00a9f
LP		 13792 details see:
13793
13794 http://who-t.blogspot.de/2014/12/building-a-dpi-database-for-mice.html
13795
13796 * All systemd programs that read standalone configuration
13797 files in /etc now also support a corresponding series of
997b2b43
JT		 13798 .conf.d configuration directories in /etc/, /run/,
13799 /usr/local/lib/, /usr/lib/, and (if configured with
33db1b90 13800 --enable-split-usr) /lib/. In particular, the following
997b2b43
JT		 13801 configuration files now have corresponding configuration
13802 directories: system.conf user.conf, logind.conf,
13803 journald.conf, sleep.conf, bootchart.conf, coredump.conf,
13804 resolved.conf, timesyncd.conf, journal-remote.conf, and
33db1b90 13805 journal-upload.conf. Note that distributions should use the
997b2b43
JT		 13806 configuration directories in /usr/lib/; the directories in
13807 /etc/ are reserved for the system administrator.
13808
f9e00a9f
LP		 13809 * systemd-rfkill will no longer take the rfkill device name
13810 into account when storing rfkill state on disk, as the name
13811 might be dynamically assigned and not stable. Instead, the
13812 ID_PATH udev variable combined with the rfkill type (wlan,
1d3a473b 13813 bluetooth, …) is used.
f9e00a9f
LP		 13814
13815 * A new service systemd-machine-id-commit.service has been
13816 added. When used on systems where /etc is read-only during
13817 boot, and /etc/machine-id is not initialized (but an empty
13818 file), this service will copy the temporary machine ID
13819 created as replacement into /etc after the system is fully
13820 booted up. This is useful for systems that are freshly
13821 installed with a non-initialized machine ID, but should get
13822 a fixed machine ID for subsequent boots.
13823
13824 * networkd's .netdev files now provide a large set of
a8eaaee7 13825 configuration parameters for VXLAN devices. Similarly, the
f9e00a9f
LP		 13826 bridge port cost parameter is now configurable in .network
13827 files. There's also new support for configuring IP source
13828 routing. networkd .link files gained support for a new
13829 OriginalName= match that is useful to match against the
13830 original interface name the kernel assigned. .network files
13831 may include MTU= and MACAddress= fields for altering the MTU
13832 and MAC address while being connected to a specific network
13833 interface.
13834
13835 * The LUKS logic gained supported for configuring
13836 UUID-specific key files. There's also new support for naming
13837 LUKS device from the kernel command line, using the new
13838 luks.name= argument.
13839
13840 * Timer units may now be transiently created via the bus API
13841 (this was previously already available for scope and service
13842 units). In addition it is now possible to create multiple
13843 transient units at the same time with a single bus call. The
13844 "systemd-run" tool has been updated to make use of this for
13845 running commands on a specified time, in at(1)-style.
13846
13847 * tmpfiles gained support for "t" lines, for assigning
13848 extended attributes to files. Among other uses this may be
13849 used to assign SMACK labels to files.
13850
13e92f39
LP		 13851 Contributions from: Alin Rauta, Alison Chaiken, Andrej
13852 Manduch, Bastien Nocera, Chris Atkinson, Chris Leech, Chris
13853 Mayo, Colin Guthrie, Colin Walters, Cristian Rodríguez,
13854 Daniele Medri, Daniel Mack, Dan Williams, Dan Winship, Dave
13855 Reisner, David Herrmann, Didier Roche, Felipe Sateler, Gavin
13856 Li, Hans de Goede, Harald Hoyer, Iago López Galeiras, Ivan
13857 Shapovalov, Jakub Filak, Jan Janssen, Jan Synacek, Joe
13858 Lawrence, Josh Triplett, Kay Sievers, Lennart Poettering,
13859 Lukas Nykryn, Łukasz Stelmach, Maciej Wereski, Mantas
13860 Mikulėnas, Marcel Holtmann, Martin Pitt, Maurizio Lombardi,
13861 Michael Biebl, Michael Chapman, Michael Marineau, Michal
7da81d33
LP		 13862 Schmidt, Michal Sekletar, Olivier Brunel, Patrik Flykt, Peter
13863 Hutterer, Przemyslaw Kedzierski, Rami Rosen, Ray Strode,
13864 Richard Schütz, Richard W.M. Jones, Ronny Chevalier, Ross
13865 Lagerwall, Sean Young, Stanisław Pitucha, Susant Sahani,
13866 Thomas Haller, Thomas Hindoe Paaboel Andersen, Tom Gundersen,
13867 Torstein Husebø, Umut Tezduyar Lindskog, Vicente Olivert
13868 Riera, WaLyong Cho, Wesley Dawson, Zbigniew Jędrzejewski-Szmek
13e92f39 13869
ccddd104 13870 — Berlin, 2014-12-10
f9e00a9f 13871
b62a309a
ZJS		 13872CHANGES WITH 217:
13873
78b6b7ce
LP		 13874 * journalctl gained the new options -t/--identifier= to match
13875 on the syslog identifier (aka "tag"), as well as --utc to
13876 show log timestamps in the UTC timezone. journalctl now also
13877 accepts -n/--lines=all to disable line capping in a pager.
b62a309a 13878
a65b8245
ZJS		 13879 * journalctl gained a new switch, --flush, that synchronously
13880 flushes logs from /run/log/journal to /var/log/journal if
13881 persistent storage is enabled. systemd-journal-flush.service
13882 now waits until the operation is complete.
2a97b03b 13883
b62a309a
ZJS		 13884 * Services can notify the manager before they start a reload
13885 (by sending RELOADING=1) or shutdown (by sending
4bdc60cb
LP		 13886 STOPPING=1). This allows the manager to track and show the
13887 internal state of daemons and closes a race condition when
78b6b7ce 13888 the process is still running but has closed its D-Bus
4bdc60cb 13889 connection.
b62a309a 13890
78b6b7ce
LP		 13891 * Services with Type=oneshot do not have to have any ExecStart
13892 commands anymore.
b62a309a
ZJS		 13893
13894 * User units are now loaded also from
13895 $XDG_RUNTIME_DIR/systemd/user/. This is similar to the
13896 /run/systemd/user directory that was already previously
13897 supported, but is under the control of the user.
13898
3f9a0a52 13899 * Job timeouts (i.e. timeouts on the time a job that is
4ffd29fd
LP		 13900 queued stays in the run queue) can now optionally result in
13901 immediate reboot or power-off actions (JobTimeoutAction= and
13902 JobTimeoutRebootArgument=). This is useful on ".target"
13903 units, to limit the maximum time a target remains
13904 undispatched in the run queue, and to trigger an emergency
13905 operation in such a case. This is now used by default to
13906 turn off the system if boot-up (as defined by everything in
13907 basic.target) hangs and does not complete for at least
13908 15min. Also, if power-off or reboot hang for at least 30min
13909 an immediate power-off/reboot operation is triggered. This
13910 functionality is particularly useful to increase reliability
13911 on embedded devices, but also on laptops which might
13912 accidentally get powered on when carried in a backpack and
13913 whose boot stays stuck in a hard disk encryption passphrase
13914 question.
13915
b62a309a
ZJS		 13916 * systemd-logind can be configured to also handle lid switch
13917 events even when the machine is docked or multiple displays
13918 are attached (HandleLidSwitchDocked= option).
13919
13920 * A helper binary and a service have been added which can be
13921 used to resume from hibernation in the initramfs. A
13922 generator will parse the resume= option on the kernel
81c7dd89 13923 command line to trigger resume.
b62a309a 13924
78b6b7ce
LP		 13925 * A user console daemon systemd-consoled has been
13926 added. Currently, it is a preview, and will so far open a
13927 single terminal on each session of the user marked as
09077149 13928 Desktop=systemd-console.
b62a309a
ZJS		 13929
13930 * Route metrics can be specified for DHCP routes added by
13931 systemd-networkd.
13932
ba8df74b 13933 * The SELinux context of socket-activated services can be set
78b6b7ce 13934 from the information provided by the networking stack
b62a309a
ZJS		 13935 (SELinuxContextFromNet= option).
13936
13937 * Userspace firmware loading support has been removed and
13938 the minimum supported kernel version is thus bumped to 3.7.
13939
13940 * Timeout for udev workers has been increased from 1 to 3
13941 minutes, but a warning will be printed after 1 minute to
13942 help diagnose kernel modules that take a long time to load.
13943
78b6b7ce 13944 * Udev rules can now remove tags on devices with TAG-="foobar".
b62a309a 13945
4bdc60cb 13946 * systemd's readahead implementation has been removed. In many
f6d1de85 13947 circumstances it didn't give expected benefits even for
b62a309a 13948 rotational disk drives and was becoming less relevant in the
78b6b7ce
LP		 13949 age of SSDs. As none of the developers has been using
13950 rotating media anymore, and nobody stepped up to actively
13951 maintain this component of systemd it has now been removed.
b62a309a 13952
c4ac9900 13953 * Swap units can use Options= to specify discard options.
b62a309a
ZJS		 13954 Discard options specified for swaps in /etc/fstab are now
13955 respected.
13956
13957 * Docker containers are now detected as a separate type of
13958 virtualization.
13959
13960 * The Password Agent protocol gained support for queries where
ba8df74b 13961 the user input is shown, useful e.g. for user names.
78b6b7ce
LP		 13962 systemd-ask-password gained a new --echo option to turn that
13963 on.
b62a309a 13964
e6c253e3
MS		 13965 * The default sysctl.d/ snippets will now set:
13966
13967 net.core.default_qdisc = fq_codel
13968
ba8df74b
KS		 13969 This selects Fair Queuing Controlled Delay as the default
13970 queuing discipline for network interfaces. fq_codel helps
e6c253e3
MS		 13971 fight the network bufferbloat problem. It is believed to be
13972 a good default with no tuning required for most workloads.
13973 Downstream distributions may override this choice. On 10Gbit
13974 servers that do not do forwarding, "fq" may perform better.
13975 Systems without a good clocksource should use "pfifo_fast".
13976
4bdc60cb
LP		 13977 * If kdbus is enabled during build a new option BusPolicy= is
13978 available for service units, that allows locking all service
13979 processes into a stricter bus policy, in order to limit
13980 access to various bus services, or even hide most of them
13981 from the service's view entirely.
13982
13983 * networkctl will now show the .network and .link file
13984 networkd has applied to a specific interface.
13985
13986 * sd-login gained a new API call sd_session_get_desktop() to
13987 query which desktop environment has been selected for a
13988 session.
13989
13990 * UNIX utmp support is now compile-time optional to support
13991 legacy-free systems.
13992
78b6b7ce
LP		 13993 * systemctl gained two new commands "add-wants" and
13994 "add-requires" for pulling in units from specific targets
13995 easily.
13996
13997 * If the word "rescue" is specified on the kernel command line
13998 the system will now boot into rescue mode (aka
13999 rescue.target), which was previously available only by
14000 specifying "1" or "systemd.unit=rescue.target" on the kernel
14001 command line. This new kernel command line option nicely
14002 mirrors the already existing "emergency" kernel command line
14003 option.
14004
14005 * New kernel command line options mount.usr=, mount.usrflags=,
d4474c41 14006 mount.usrfstype= have been added that match root=, rootflags=,
78b6b7ce
LP		 14007 rootfstype= but allow mounting a specific file system to
14008 /usr.
14009
f6d1de85 14010 * The $NOTIFY_SOCKET is now also passed to control processes of
78b6b7ce
LP		 14011 services, not only the main process.
14012
14013 * This version reenables support for fsck's -l switch. This
14014 means at least version v2.25 of util-linux is required for
14015 operation, otherwise dead-locks on device nodes may
14016 occur. Again: you need to update util-linux to at least
14017 v2.25 when updating systemd to v217.
14018
3769415e
TT		 14019 * The "multi-seat-x" tool has been removed from systemd, as
14020 its functionality has been integrated into X servers 1.16,
14021 and the tool is hence redundant. It is recommended to update
14022 display managers invoking this tool to simply invoke X
14023 directly from now on, again.
14024
fae9332b 14025 * Support for the new ALLOW_INTERACTIVE_AUTHORIZATION D-Bus
d35f51ea
ZJS		 14026 message flag has been added for all of systemd's polkit
14027 authenticated method calls has been added. In particular this
14028 now allows optional interactive authorization via polkit for
14029 many of PID1's privileged operations such as unit file
14030 enabling and disabling.
fae9332b 14031
cfa1571b
LP		 14032 * "udevadm hwdb --update" learnt a new switch "--usr" for
14033 placing the rebuilt hardware database in /usr instead of
14034 /etc. When used only hardware database entries stored in
14035 /usr will be used, and any user database entries in /etc are
14036 ignored. This functionality is useful for vendors to ship a
14037 pre-built database on systems where local configuration is
14038 unnecessary or unlikely.
14039
7e63dd10
LP		 14040 * Calendar time specifications in .timer units now also
14041 understand the strings "semi-annually", "quarterly" and
ba8df74b 14042 "minutely" as shortcuts (in addition to the preexisting
1d3a473b 14043 "annually", "hourly", …).
7e63dd10 14044
d4474c41
TG		 14045 * systemd-tmpfiles will now correctly create files in /dev
14046 at boot which are marked for creation only at boot. It is
14047 recommended to always create static device nodes with 'c!'
14048 and 'b!', so that they are created only at boot and not
14049 overwritten at runtime.
14050
3b187c5c
LP		 14051 * When the watchdog logic is used for a service (WatchdogSec=)
14052 and the watchdog timeout is hit the service will now be
14053 terminated with SIGABRT (instead of just SIGTERM), in order
14054 to make sure a proper coredump and backtrace is
14055 generated. This ensures that hanging services will result in
14056 similar coredump/backtrace behaviour as services that hit a
14057 segmentation fault.
14058
4b08dd87
LP		 14059 Contributions from: Andreas Henriksson, Andrei Borzenkov,
14060 Angus Gibson, Ansgar Burchardt, Ben Wolsieffer, Brandon L.
14061 Black, Christian Hesse, Cristian Rodríguez, Daniel Buch,
14062 Daniele Medri, Daniel Mack, Dan Williams, Dave Reisner, David
14063 Herrmann, David Sommerseth, David Strauss, Emil Renner
14064 Berthing, Eric Cook, Evangelos Foutras, Filipe Brandenburger,
14065 Gustavo Sverzut Barbieri, Hans de Goede, Harald Hoyer, Hristo
14066 Venev, Hugo Grostabussiat, Ivan Shapovalov, Jan Janssen, Jan
14067 Synacek, Jonathan Liu, Juho Son, Karel Zak, Kay Sievers, Klaus
14068 Purer, Koen Kooi, Lennart Poettering, Lukas Nykryn, Lukasz
14069 Skalski, Łukasz Stelmach, Mantas Mikulėnas, Marcel Holtmann,
14070 Marius Tessmann, Marko Myllynen, Martin Pitt, Michael Biebl,
14071 Michael Marineau, Michael Olbrich, Michael Scherer, Michal
14072 Schmidt, Michal Sekletar, Miroslav Lichvar, Patrik Flykt,
14073 Philippe De Swert, Piotr Drąg, Rahul Sundaram, Richard
14074 Weinberger, Robert Milasan, Ronny Chevalier, Ruben Kerkhof,
14075 Santiago Vila, Sergey Ptashnick, Simon McVittie, Sjoerd
14076 Simons, Stefan Brüns, Steven Allen, Steven Noonan, Susant
14077 Sahani, Sylvain Plantefève, Thomas Hindoe Paaboel Andersen,
14078 Timofey Titovets, Tobias Hunger, Tom Gundersen, Torstein
14079 Husebø, Umut Tezduyar Lindskog, WaLyong Cho, Zbigniew
13e92f39 14080 Jędrzejewski-Szmek
4b08dd87 14081
ccddd104 14082 — Berlin, 2014-10-28
4b08dd87 14083
b72ddf0f 14084CHANGES WITH 216:
b2ca0d63
LP		 14085
14086 * timedated no longer reads NTP implementation unit names from
b72ddf0f 14087 /usr/lib/systemd/ntp-units.d/*.list. Alternative NTP
b2ca0d63
LP		 14088 implementations should add a
14089
b72ddf0f 14090 Conflicts=systemd-timesyncd.service
b2ca0d63
LP		 14091
14092 to their unit files to take over and replace systemd's NTP
14093 default functionality.
14094
14095 * systemd-sysusers gained a new line type "r" for configuring
14096 which UID/GID ranges to allocate system users/groups
14097 from. Lines of type "u" may now add an additional column
14098 that specifies the home directory for the system user to be
14099 created. Also, systemd-sysusers may now optionally read user
14100 information from STDIN instead of a file. This is useful for
14101 invoking it from RPM preinst scriptlets that need to create
14102 users before the first RPM file is installed since these
14103 files might need to be owned by them. A new
14104 %sysusers_create_inline RPM macro has been introduced to do
14105 just that. systemd-sysusers now updates the shadow files as
14106 well as the user/group databases, which should enhance
14107 compatibility with certain tools like grpck.
14108
d35f51ea
ZJS		 14109 * A number of bus APIs of PID 1 now optionally consult polkit to
14110 permit access for otherwise unprivileged clients under certain
14111 conditions. Note that this currently doesn't support
14112 interactive authentication yet, but this is expected to be
14113 added eventually, too.
b2ca0d63
LP		 14114
14115 * /etc/machine-info now has new fields for configuring the
14116 deployment environment of the machine, as well as the
14117 location of the machine. hostnamectl has been updated with
14118 new command to update these fields.
14119
14120 * systemd-timesyncd has been updated to automatically acquire
14121 NTP server information from systemd-networkd, which might
14122 have been discovered via DHCP.
14123
14124 * systemd-resolved now includes a caching DNS stub resolver
14125 and a complete LLMNR name resolution implementation. A new
daa05349
AB		 14126 NSS module "nss-resolve" has been added which can be used
14127 instead of glibc's own "nss-dns" to resolve hostnames via
b2ca0d63
LP		 14128 systemd-resolved. Hostnames, addresses and arbitrary RRs may
14129 be resolved via systemd-resolved D-Bus APIs. In contrast to
14130 the glibc internal resolver systemd-resolved is aware of
14131 multi-homed system, and keeps DNS server and caches separate
5f02e26c 14132 and per-interface. Queries are sent simultaneously on all
b2ca0d63
LP		 14133 interfaces that have DNS servers configured, in order to
14134 properly handle VPNs and local LANs which might resolve
14135 separate sets of domain names. systemd-resolved may acquire
a1a4a25e 14136 DNS server information from systemd-networkd automatically,
b2ca0d63
LP		 14137 which in turn might have discovered them via DHCP. A tool
14138 "systemd-resolve-host" has been added that may be used to
14139 query the DNS logic in resolved. systemd-resolved implements
14140 IDNA and automatically uses IDNA or UTF-8 encoding depending
14141 on whether classic DNS or LLMNR is used as transport. In the
14142 next releases we intend to add a DNSSEC and mDNS/DNS-SD
14143 implementation to systemd-resolved.
14144
14145 * A new NSS module nss-mymachines has been added, that
14146 automatically resolves the names of all local registered
14147 containers to their respective IP addresses.
14148
14149 * A new client tool "networkctl" for systemd-networkd has been
14150 added. It currently is entirely passive and will query
14151 networking configuration from udev, rtnetlink and networkd,
5f02e26c 14152 and present it to the user in a very friendly
b2ca0d63
LP		 14153 way. Eventually, we hope to extend it to become a full
14154 control utility for networkd.
14155
14156 * .socket units gained a new DeferAcceptSec= setting that
14157 controls the kernels' TCP_DEFER_ACCEPT sockopt for
a8eaaee7 14158 TCP. Similarly, support for controlling TCP keep-alive
b2ca0d63
LP		 14159 settings has been added (KeepAliveTimeSec=,
14160 KeepAliveIntervalSec=, KeepAliveProbes=). Also, support for
14161 turning off Nagle's algorithm on TCP has been added
14162 (NoDelay=).
14163
a1a4a25e 14164 * logind learned a new session type "web", for use in projects
b2ca0d63
LP		 14165 like Cockpit which register web clients as PAM sessions.
14166
14167 * timer units with at least one OnCalendar= setting will now
46ae28d8 14168 be started only after time-sync.target has been
b2ca0d63
LP		 14169 reached. This way they will not elapse before the system
14170 clock has been corrected by a local NTP client or
14171 similar. This is particular useful on RTC-less embedded
14172 machines, that come up with an invalid system clock.
14173
14174 * systemd-nspawn's --network-veth= switch should now result in
14175 stable MAC addresses for both the outer and the inner side
14176 of the link.
14177
14178 * systemd-nspawn gained a new --volatile= switch for running
14179 container instances with /etc or /var unpopulated.
14180
14181 * The kdbus client code has been updated to use the new Linux
14182 3.17 memfd subsystem instead of the old kdbus-specific one.
14183
14184 * systemd-networkd's DHCP client and server now support
01da80b1
LP		 14185 FORCERENEW. There are also new configuration options to
14186 configure the vendor client identifier and broadcast mode
14187 for DHCP.
b2ca0d63
LP		 14188
14189 * systemd will no longer inform the kernel about the current
14190 timezone, as this is necessarily incorrect and racy as the
14191 kernel has no understanding of DST and similar
14192 concepts. This hence means FAT timestamps will be always
14193 considered UTC, similar to what Android is already
14194 doing. Also, when the RTC is configured to the local time
14195 (rather than UTC) systemd will never synchronize back to it,
14196 as this might confuse Windows at a later boot.
14197
14198 * systemd-analyze gained a new command "verify" for offline
14199 validation of unit files.
14200
14201 * systemd-networkd gained support for a couple of additional
14202 settings for bonding networking setups. Also, the metric for
14203 statically configured routes may now be configured. For
14204 network interfaces where this is appropriate the peer IP
14205 address may now be configured.
14206
26568403
TG		 14207 * systemd-networkd's DHCP client will no longer request
14208 broadcasting by default, as this tripped up some networks.
14209 For hardware where broadcast is required the feature should
14210 be switched back on using RequestBroadcast=yes.
14211
14212 * systemd-networkd will now set up IPv4LL addresses (when
14213 enabled) even if DHCP is configured successfully.
14214
14215 * udev will now default to respect network device names given
14216 by the kernel when the kernel indicates that these are
14217 predictable. This behavior can be tweaked by changing
14218 NamePolicy= in the relevant .link file.
14219
b2ca0d63
LP		 14220 * A new library systemd-terminal has been added that
14221 implements full TTY stream parsing and rendering. This
14222 library is supposed to be used later on for implementing a
14223 full userspace VT subsystem, replacing the current kernel
14224 implementation.
14225
14226 * A new tool systemd-journal-upload has been added to push
14227 journal data to a remote system running
14228 systemd-journal-remote.
14229
14230 * journald will no longer forward all local data to another
14231 running syslog daemon. This change has been made because
14232 rsyslog (which appears to be the most commonly used syslog
14233 implementation these days) no longer makes use of this, and
14234 instead pulls the data out of the journal on its own. Since
5f02e26c 14235 forwarding the messages to a non-existent syslog server is
b2ca0d63
LP		 14236 more expensive than we assumed we have now turned this
14237 off. If you run a syslog server that is not a recent rsyslog
14238 version, you have to turn this option on again
14239 (ForwardToSyslog= in journald.conf).
14240
14241 * journald now optionally supports the LZ4 compressor for
14242 larger journal fields. This compressor should perform much
14243 better than XZ which was the previous default.
14244
14245 * machinectl now shows the IP addresses of local containers,
14246 if it knows them, plus the interface name of the container.
14247
14248 * A new tool "systemd-escape" has been added that makes it
14249 easy to escape strings to build unit names and similar.
14250
14251 * sd_notify() messages may now include a new ERRNO= field
14252 which is parsed and collected by systemd and shown among the
14253 "systemctl status" output for a service.
14254
14255 * A new component "systemd-firstboot" has been added that
14256 queries the most basic systemd information (timezone,
a1a4a25e 14257 hostname, root password) interactively on first
b2ca0d63
LP		 14258 boot. Alternatively it may also be used to provision these
14259 things offline on OS images installed into directories.
14260
01da80b1
LP		 14261 * The default sysctl.d/ snippets will now set
14262
14263 net.ipv4.conf.default.promote_secondaries=1
14264
14265 This has the benefit of no flushing secondary IP addresses
14266 when primary addresses are removed.
14267
b2ca0d63
LP		 14268 Contributions from: Ansgar Burchardt, Bastien Nocera, Colin
14269 Walters, Dan Dedrick, Daniel Buch, Daniel Korostil, Daniel
14270 Mack, Dan Williams, Dave Reisner, David Herrmann, Denis
14271 Kenzior, Eelco Dolstra, Eric Cook, Hannes Reinecke, Harald
14272 Hoyer, Hong Shick Pak, Hui Wang, Jean-André Santoni, Jóhann
14273 B. Guðmundsson, Jon Severinsson, Karel Zak, Kay Sievers, Kevin
14274 Wells, Lennart Poettering, Lukas Nykryn, Mantas Mikulėnas,
14275 Marc-Antoine Perennou, Martin Pitt, Michael Biebl, Michael
14276 Marineau, Michael Olbrich, Michal Schmidt, Michal Sekletar,
14277 Miguel Angel Ajo, Mike Gilbert, Olivier Brunel, Robert
14278 Schiele, Ronny Chevalier, Simon McVittie, Sjoerd Simons, Stef
14279 Walter, Steven Noonan, Susant Sahani, Tanu Kaskinen, Thomas
14280 Blume, Thomas Hindoe Paaboel Andersen, Timofey Titovets,
14281 Tobias Geerinckx-Rice, Tomasz Torcz, Tom Gundersen, Umut
14282 Tezduyar Lindskog, Zbigniew Jędrzejewski-Szmek
14283
ccddd104 14284 — Berlin, 2014-08-19
b72ddf0f 14285
3dff3e00 14286CHANGES WITH 215:
24a2bf4c
LP		 14287
14288 * A new tool systemd-sysusers has been added. This tool
14289 creates system users and groups in /etc/passwd and
14290 /etc/group, based on static declarative system user/group
14291 definitions in /usr/lib/sysusers.d/. This is useful to
14292 enable factory resets and volatile systems that boot up with
14293 an empty /etc directory, and thus need system users and
14294 groups created during early boot. systemd now also ships
14295 with two default sysusers.d/ files for the most basic
14296 users and groups systemd and the core operating system
14297 require.
14298
14299 * A new tmpfiles snippet has been added that rebuilds the
14300 essential files in /etc on boot, should they be missing.
14301
14302 * A directive for ensuring automatic clean-up of
14303 /var/cache/man/ has been removed from the default
14304 configuration. This line should now be shipped by the man
14305 implementation. The necessary change has been made to the
14306 man-db implementation. Note that you need to update your man
14307 implementation to one that ships this line, otherwise no
14308 automatic clean-up of /var/cache/man will take place.
14309
14310 * A new condition ConditionNeedsUpdate= has been added that
14311 may conditionalize services to only run when /etc or /var
14312 are "older" than the vendor operating system resources in
14313 /usr. This is useful for reconstructing or updating /etc
14314 after an offline update of /usr or a factory reset, on the
14315 next reboot. Services that want to run once after such an
14316 update or reset should use this condition and order
14317 themselves before the new systemd-update-done.service, which
14318 will mark the two directories as fully updated. A number of
14319 service files have been added making use of this, to rebuild
14320 the udev hardware database, the journald message catalog and
14321 dynamic loader cache (ldconfig). The systemd-sysusers tool
14322 described above also makes use of this now. With this in
14323 place it is now possible to start up a minimal operating
ce1dde29 14324 system with /etc empty cleanly. For more information on the
24a2bf4c
LP		 14325 concepts involved see this recent blog story:
14326
dc7e580e 14327 https://0pointer.de/blog/projects/stateless.html
24a2bf4c
LP		 14328
14329 * A new system group "input" has been introduced, and all
14330 input device nodes get this group assigned. This is useful
14331 for system-level software to get access to input devices. It
3dff3e00
KS		 14332 complements what is already done for "audio" and "video".
14333
24a2bf4c
LP		 14334 * systemd-networkd learnt minimal DHCPv4 server support in
14335 addition to the existing DHCPv4 client support. It also
14336 learnt DHCPv6 client and IPv6 Router Solicitation client
14337 support. The DHCPv4 client gained support for static routes
14338 passed in from the server. Note that the [DHCPv4] section
14339 known in older systemd-networkd versions has been renamed to
14340 [DHCP] and is now also used by the DHCPv6 client. Existing
c7435cc9
LP		 14341 .network files using settings of this section should be
14342 updated, though compatibility is maintained. Optionally, the
14343 client hostname may now be sent to the DHCP server.
24a2bf4c 14344
c7435cc9
LP		 14345 * networkd gained support for vxlan virtual networks as well
14346 as tun/tap and dummy devices.
24a2bf4c
LP		 14347
14348 * networkd gained support for automatic allocation of address
14349 ranges for interfaces from a system-wide pool of
14350 addresses. This is useful for dynamically managing a large
14351 number of interfaces with a single network configuration
14352 file. In particular this is useful to easily assign
14353 appropriate IP addresses to the veth links of a large number
14354 of nspawn instances.
14355
14356 * RPM macros for processing sysusers, sysctl and binfmt
14357 drop-in snippets at package installation time have been
14358 added.
14359
14360 * The /etc/os-release file should now be placed in
14361 /usr/lib/os-release. The old location is automatically
14362 created as symlink. /usr/lib is the more appropriate
14363 location of this file, since it shall actually describe the
14364 vendor operating system shipped in /usr, and not the
14365 configuration stored in /etc.
14366
14367 * .mount units gained a new boolean SloppyOptions= setting
14368 that maps to mount(8)'s -s option which enables permissive
14369 parsing of unknown mount options.
14370
14371 * tmpfiles learnt a new "L+" directive which creates a symlink
14372 but (unlike "L") deletes a pre-existing file first, should
14373 it already exist and not already be the correct
a8eaaee7 14374 symlink. Similarly, "b+", "c+" and "p+" directives have been
24a2bf4c
LP		 14375 added as well, which create block and character devices, as
14376 well as fifos in the filesystem, possibly removing any
14377 pre-existing files of different types.
14378
14379 * For tmpfiles' "L", "L+", "C" and "C+" directives the final
14380 'argument' field (which so far specified the source to
ce1dde29 14381 symlink/copy the files from) is now optional. If omitted the
24a2bf4c
LP		 14382 same file os copied from /usr/share/factory/ suffixed by the
14383 full destination path. This is useful for populating /etc
14384 with essential files, by copying them from vendor defaults
14385 shipped in /usr/share/factory/etc.
14386
14387 * A new command "systemctl preset-all" has been added that
14388 applies the service preset settings to all installed unit
14389 files. A new switch --preset-mode= has been added that
14390 controls whether only enable or only disable operations
14391 shall be executed.
14392
14393 * A new command "systemctl is-system-running" has been added
14394 that allows checking the overall state of the system, for
ce1dde29 14395 example whether it is fully up and running.
24a2bf4c
LP		 14396
14397 * When the system boots up with an empty /etc, the equivalent
14398 to "systemctl preset-all" is executed during early boot, to
14399 make sure all default services are enabled after a factory
14400 reset.
14401
14402 * systemd now contains a minimal preset file that enables the
14403 most basic services systemd ships by default.
14404
14405 * Unit files' [Install] section gained a new DefaultInstance=
14406 field for defining the default instance to create if a
14407 template unit is enabled with no instance specified.
14408
14409 * A new passive target cryptsetup-pre.target has been added
14410 that may be used by services that need to make they run and
14411 finish before the first LUKS cryptographic device is set up.
14412
14413 * The /dev/loop-control and /dev/btrfs-control device nodes
14414 are now owned by the "disk" group by default, opening up
14415 access to this group.
14416
14417 * systemd-coredump will now automatically generate a
14418 stack trace of all core dumps taking place on the system,
14419 based on elfutils' libdw library. This stack trace is logged
14420 to the journal.
14421
14422 * systemd-coredump may now optionally store coredumps directly
14423 on disk (in /var/lib/systemd/coredump, possibly compressed),
14424 instead of storing them unconditionally in the journal. This
14425 mode is the new default. A new configuration file
14426 /etc/systemd/coredump.conf has been added to configure this
14427 and other parameters of systemd-coredump.
14428
14429 * coredumpctl gained a new "info" verb to show details about a
14430 specific coredump. A new switch "-1" has also been added
14431 that makes sure to only show information about the most
14432 recent entry instead of all entries. Also, as the tool is
14433 generally useful now the "systemd-" prefix of the binary
14434 name has been removed. Distributions that want to maintain
14435 compatibility with the old name should add a symlink from
14436 the old name to the new name.
14437
14438 * journald's SplitMode= now defaults to "uid". This makes sure
ce1dde29 14439 that unprivileged users can access their own coredumps with
24a2bf4c
LP		 14440 coredumpctl without restrictions.
14441
14442 * New kernel command line options "systemd.wants=" (for
14443 pulling an additional unit during boot), "systemd.mask="
14444 (for masking a specific unit for the boot), and
14445 "systemd.debug-shell" (for enabling the debug shell on tty9)
14446 have been added. This is implemented in the new generator
14447 "systemd-debug-generator".
14448
14449 * systemd-nspawn will now by default filter a couple of
14450 syscalls for containers, among them those required for
14451 kernel module loading, direct x86 IO port access, swap
14452 management, and kexec. Most importantly though
14453 open_by_handle_at() is now prohibited for containers,
14454 closing a hole similar to a recently discussed vulnerability
14455 in docker regarding access to files on file hierarchies the
b938cb90
JE		 14456 container should normally not have access to. Note that, for
14457 nspawn, we generally make no security claims anyway (and
24a2bf4c
LP		 14458 this is explicitly documented in the man page), so this is
14459 just a fix for one of the most obvious problems.
14460
14461 * A new man page file-hierarchy(7) has been added that
14462 contains a minimized, modernized version of the file system
14463 layout systemd expects, similar in style to the FHS
c7435cc9
LP		 14464 specification or hier(5). A new tool systemd-path(1) has
14465 been added to query many of these paths for the local
14466 machine and user.
24a2bf4c
LP		 14467
14468 * Automatic time-based clean-up of $XDG_RUNTIME_DIR is no
14469 longer done. Since the directory now has a per-user size
14470 limit, and is cleaned on logout this appears unnecessary,
14471 in particular since this now brings the lifecycle of this
14472 directory closer in line with how IPC objects are handled.
14473
14474 * systemd.pc now exports a number of additional directories,
14475 including $libdir (which is useful to identify the library
14476 path for the primary architecture of the system), and a
14477 couple of drop-in directories.
14478
3058e017
TLSC		 14479 * udev's predictable network interface names now use the dev_port
14480 sysfs attribute, introduced in linux 3.15 instead of dev_id to
14481 distinguish between ports of the same PCI function. dev_id should
14482 only be used for ports using the same HW address, hence the need
14483 for dev_port.
14484
c7435cc9
LP		 14485 * machined has been updated to export the OS version of a
14486 container (read from /etc/os-release and
14487 /usr/lib/os-release) on the bus. This is now shown in
14488 "machinectl status" for a machine.
14489
14490 * A new service setting RestartForceExitStatus= has been
14491 added. If configured to a set of exit signals or process
14492 return values, the service will be restarted when the main
14493 daemon process exits with any of them, regardless of the
14494 Restart= setting.
14495
14496 * systemctl's -H switch for connecting to remote systemd
14497 machines has been extended so that it may be used to
14498 directly connect to a specific container on the
14499 host. "systemctl -H root@foobar:waldi" will now connect as
14500 user "root" to host "foobar", and then proceed directly to
14501 the container named "waldi". Note that currently you have to
14502 authenticate as user "root" for this to work, as entering
14503 containers is a privileged operation.
14504
14505 Contributions from: Andreas Henriksson, Benjamin Steinwender,
14506 Carl Schaefer, Christian Hesse, Colin Ian King, Cristian
14507 Rodríguez, Daniel Mack, Dave Reisner, David Herrmann, Eugene
14508 Yakubovich, Filipe Brandenburger, Frederic Crozat, Hristo
14509 Venev, Jan Engelhardt, Jonathan Boulle, Kay Sievers, Lennart
14510 Poettering, Luke Shumaker, Mantas Mikulėnas, Marc-Antoine
14511 Perennou, Marcel Holtmann, Michael Marineau, Michael Olbrich,
14512 Michał Bartoszkiewicz, Michal Sekletar, Patrik Flykt, Ronan Le
14513 Martret, Ronny Chevalier, Ruediger Oertel, Steven Noonan,
14514 Susant Sahani, Thadeu Lima de Souza Cascardo, Thomas Hindoe
14515 Paaboel Andersen, Tom Gundersen, Tom Hirst, Umut Tezduyar
14516 Lindskog, Uoti Urpala, Zbigniew Jędrzejewski-Szmek
14517
ccddd104 14518 — Berlin, 2014-07-03
c7435cc9 14519
4196a3ea
KS		 14520CHANGES WITH 214:
14521
14522 * As an experimental feature, udev now tries to lock the
14523 disk device node (flock(LOCK_SH|LOCK_NB)) while it
14524 executes events for the disk or any of its partitions.
14525 Applications like partitioning programs can lock the
14526 disk device node (flock(LOCK_EX)) and claim temporary
14527 device ownership that way; udev will entirely skip all event
14528 handling for this disk and its partitions. If the disk
14529 was opened for writing, the close will trigger a partition
14530 table rescan in udev's "watch" facility, and if needed
71449caf 14531 synthesize "change" events for the disk and all its partitions.
8d0e0ddd 14532 This is now unconditionally enabled, and if it turns out to
4196a3ea 14533 cause major problems, we might turn it on only for specific
45df8656 14534 devices, or might need to disable it entirely. Device Mapper
4196a3ea
KS		 14535 devices are excluded from this logic.
14536
04e91da2
LP		 14537 * We temporarily dropped the "-l" switch for fsck invocations,
14538 since they collide with the flock() logic above. util-linux
14539 upstream has been changed already to avoid this conflict,
5238e957 14540 and we will re-add "-l" as soon as util-linux with this
04e91da2
LP		 14541 change has been released.
14542
14543 * The dependency on libattr has been removed. Since a long
8d0e0ddd 14544 time, the extended attribute calls have moved to glibc, and
04e91da2
LP		 14545 libattr is thus unnecessary.
14546
ce830873 14547 * Virtualization detection works without privileges now. This
04e91da2
LP		 14548 means the systemd-detect-virt binary no longer requires
14549 CAP_SYS_PTRACE file capabilities, and our daemons can run
71449caf 14550 with fewer privileges.
04e91da2
LP		 14551
14552 * systemd-networkd now runs under its own "systemd-network"
14553 user. It retains the CAP_NET_ADMIN, CAP_NET_BIND_SERVICE,
14554 CAP_NET_BROADCAST, CAP_NET_RAW capabilities though, but
14555 loses the ability to write to files owned by root this way.
14556
a8eaaee7 14557 * Similarly, systemd-resolved now runs under its own
04e91da2
LP		 14558 "systemd-resolve" user with no capabilities remaining.
14559
a8eaaee7 14560 * Similarly, systemd-bus-proxyd now runs under its own
04e91da2
LP		 14561 "systemd-bus-proxy" user with only CAP_IPC_OWNER remaining.
14562
14563 * systemd-networkd gained support for setting up "veth"
a8eaaee7 14564 virtual Ethernet devices for container connectivity, as well
04e91da2
LP		 14565 as GRE and VTI tunnels.
14566
14567 * systemd-networkd will no longer automatically attempt to
14568 manually load kernel modules necessary for certain tunnel
8d0e0ddd 14569 transports. Instead, it is assumed the kernel loads them
04e91da2
LP		 14570 automatically when required. This only works correctly on
14571 very new kernels. On older kernels, please consider adding
c54bed5d 14572 the kernel modules to /etc/modules-load.d/ as a work-around.
04e91da2 14573
cd14eda3 14574 * The resolv.conf file systemd-resolved generates has been
8d0e0ddd
JE		 14575 moved to /run/systemd/resolve/. If you have a symlink from
14576 /etc/resolv.conf, it might be necessary to correct it.
cd14eda3 14577
ef392da6 14578 * Two new service settings, ProtectHome= and ProtectSystem=,
8d0e0ddd 14579 have been added. When enabled, they will make the user data
04e91da2
LP		 14580 (such as /home) inaccessible or read-only and the system
14581 (such as /usr) read-only, for specific services. This allows
14582 very light-weight per-service sandboxing to avoid
14583 modifications of user data or system files from
14584 services. These two new switches have been enabled for all
14585 of systemd's long-running services, where appropriate.
14586
14587 * Socket units gained new SocketUser= and SocketGroup=
14588 settings to set the owner user and group of AF_UNIX sockets
14589 and FIFOs in the file system.
14590
8d0e0ddd 14591 * Socket units gained a new RemoveOnStop= setting. If enabled,
04e91da2
LP		 14592 all FIFOS and sockets in the file system will be removed
14593 when the specific socket unit is stopped.
14594
14595 * Socket units gained a new Symlinks= setting. It takes a list
14596 of symlinks to create to file system sockets or FIFOs
45df8656 14597 created by the specific Unix sockets. This is useful to
de04bbdc 14598 manage symlinks to socket nodes with the same lifecycle as
04e91da2
LP		 14599 the socket itself.
14600
14601 * The /dev/log socket and /dev/initctl FIFO have been moved to
14602 /run, and have been replaced by symlinks. This allows
14603 connecting to these facilities even if PrivateDevices=yes is
14604 used for a service (which makes /dev/log itself unavailable,
14605 but /run is left). This also has the benefit of ensuring
14606 that /dev only contains device nodes, directories and
14607 symlinks, and nothing else.
14608
14609 * sd-daemon gained two new calls sd_pid_notify() and
14610 sd_pid_notifyf(). They are similar to sd_notify() and
14611 sd_notifyf(), but allow overriding of the source PID of
14612 notification messages if permissions permit this. This is
14613 useful to send notify messages on behalf of a different
14614 process (for example, the parent process). The
14615 systemd-notify tool has been updated to make use of this
14616 when sending messages (so that notification messages now
14617 originate from the shell script invoking systemd-notify and
14618 not the systemd-notify process itself. This should minimize
14619 a race where systemd fails to associate notification
14620 messages to services when the originating process already
14621 vanished.
14622
14623 * A new "on-abnormal" setting for Restart= has been added. If
8d0e0ddd 14624 set, it will result in automatic restarts on all "abnormal"
04e91da2
LP		 14625 reasons for a process to exit, which includes unclean
14626 signals, core dumps, timeouts and watchdog timeouts, but
14627 does not include clean and unclean exit codes or clean
14628 signals. Restart=on-abnormal is an alternative for
14629 Restart=on-failure for services that shall be able to
14630 terminate and avoid restarts on certain errors, by
14631 indicating so with an unclean exit code. Restart=on-failure
14632 or Restart=on-abnormal is now the recommended setting for
14633 all long-running services.
14634
14635 * If the InaccessibleDirectories= service setting points to a
14636 mount point (or if there are any submounts contained within
14637 it), it is now attempted to completely unmount it, to make
14638 the file systems truly unavailable for the respective
14639 service.
14640
14641 * The ReadOnlyDirectories= service setting and
14642 systemd-nspawn's --read-only parameter are now recursively
14643 applied to all submounts, too.
14644
14645 * Mount units may now be created transiently via the bus APIs.
14646
14647 * The support for SysV and LSB init scripts has been removed
14648 from the systemd daemon itself. Instead, it is now
14649 implemented as a generator that creates native systemd units
14650 from these scripts when needed. This enables us to remove a
14651 substantial amount of legacy code from PID 1, following the
14652 fact that many distributions only ship a very small number
14653 of LSB/SysV init scripts nowadays.
14654
cc98b302 14655 * Privileged Xen (dom0) domains are not considered
04e91da2
LP		 14656 virtualization anymore by the virtualization detection
14657 logic. After all, they generally have unrestricted access to
71449caf 14658 the hardware and usually are used to manage the unprivileged
04e91da2
LP		 14659 (domU) domains.
14660
14661 * systemd-tmpfiles gained a new "C" line type, for copying
14662 files or entire directories.
14663
14664 * systemd-tmpfiles "m" lines are now fully equivalent to "z"
8d0e0ddd
JE		 14665 lines. So far, they have been non-globbing versions of the
14666 latter, and have thus been redundant. In future, it is
14667 recommended to only use "z". "m" has hence been removed
04e91da2
LP		 14668 from the documentation, even though it stays supported.
14669
14670 * A tmpfiles snippet to recreate the most basic structure in
14671 /var has been added. This is enough to create the /var/run →
14672 /run symlink and create a couple of structural
14673 directories. This allows systems to boot up with an empty or
8d0e0ddd
JE		 14674 volatile /var. Of course, while with this change, the core OS
14675 now is capable with dealing with a volatile /var, not all
04e91da2 14676 user services are ready for it. However, we hope that sooner
8d0e0ddd 14677 or later, many service daemons will be changed upstream so
04e91da2
LP		 14678 that they are able to automatically create their necessary
14679 directories in /var at boot, should they be missing. This is
14680 the first step to allow state-less systems that only require
14681 the vendor image for /usr to boot.
14682
14683 * systemd-nspawn has gained a new --tmpfs= switch to mount an
14684 empty tmpfs instance to a specific directory. This is
14685 particularly useful for making use of the automatic
14686 reconstruction of /var (see above), by passing --tmpfs=/var.
14687
14688 * Access modes specified in tmpfiles snippets may now be
14689 prefixed with "~", which indicates that they shall be masked
daa05349 14690 by whether the existing file or directory is currently
8d0e0ddd 14691 writable, readable or executable at all. Also, if specified,
04e91da2
LP		 14692 the sgid/suid/sticky bits will be masked for all
14693 non-directories.
14694
14695 * A new passive target unit "network-pre.target" has been
14696 added which is useful for services that shall run before any
14697 network is configured, for example firewall scripts.
14698
4c0d13bd
LP		 14699 * The "floppy" group that previously owned the /dev/fd*
14700 devices is no longer used. The "disk" group is now used
14701 instead. Distributions should probably deprecate usage of
14702 this group.
14703
dc1d6c02
LP		 14704 Contributions from: Camilo Aguilar, Christian Hesse, Colin Ian
14705 King, Cristian Rodríguez, Daniel Buch, Dave Reisner, David
14706 Strauss, Denis Tikhomirov, John, Jonathan Liu, Kay Sievers,
14707 Lennart Poettering, Mantas Mikulėnas, Mark Eichin, Ronny
14708 Chevalier, Susant Sahani, Thomas Blume, Thomas Hindoe Paaboel
14709 Andersen, Tom Gundersen, Umut Tezduyar Lindskog, Zbigniew
14710 Jędrzejewski-Szmek
14711
ccddd104 14712 — Berlin, 2014-06-11
dc1d6c02 14713
6936cd89
LP		 14714CHANGES WITH 213:
14715
14716 * A new "systemd-timesyncd" daemon has been added for
69beda1f 14717 synchronizing the system clock across the network. It
6936cd89 14718 implements an SNTP client. In contrast to NTP
8d0e0ddd 14719 implementations such as chrony or the NTP reference server,
6936cd89 14720 this only implements a client side, and does not bother with
c9679c65
LP		 14721 the full NTP complexity, focusing only on querying time from
14722 one remote server and synchronizing the local clock to
6936cd89 14723 it. Unless you intend to serve NTP to networked clients or
8d0e0ddd 14724 want to connect to local hardware clocks, this simple NTP
6936cd89
LP		 14725 client should be more than appropriate for most
14726 installations. The daemon runs with minimal privileges, and
14727 has been hooked up with networkd to only operate when
14728 network connectivity is available. The daemon saves the
14729 current clock to disk every time a new NTP sync has been
14730 acquired, and uses this to possibly correct the system clock
69beda1f 14731 early at bootup, in order to accommodate for systems that
6936cd89 14732 lack an RTC such as the Raspberry Pi and embedded devices,
8d0e0ddd 14733 and to make sure that time monotonically progresses on these
c9679c65 14734 systems, even if it is not always correct. To make use of
8d0e0ddd 14735 this daemon, a new system user and group "systemd-timesync"
c9679c65 14736 needs to be created on installation of systemd.
6936cd89 14737
69beda1f
KS		 14738 * The queue "seqnum" interface of libudev has been disabled, as
14739 it was generally incompatible with device namespacing as
6936cd89
LP		 14740 sequence numbers of devices go "missing" if the devices are
14741 part of a different namespace.
14742
14743 * "systemctl list-timers" and "systemctl list-sockets" gained
14744 a --recursive switch for showing units of these types also
499b604b
ZJS		 14745 for all local containers, similar in style to the already
14746 supported --recursive switch for "systemctl list-units".
6936cd89
LP		 14747
14748 * A new RebootArgument= setting has been added for service
14749 units, which may be used to specify a kernel reboot argument
499b604b 14750 to use when triggering reboots with StartLimitAction=.
6936cd89
LP		 14751
14752 * A new FailureAction= setting has been added for service
14753 units which may be used to specify an operation to trigger
499b604b 14754 when a service fails. This works similarly to
8d0e0ddd 14755 StartLimitAction=, but unlike it, controls what is done
6936cd89
LP		 14756 immediately rather than only after several attempts to
14757 restart the service in question.
14758
14759 * hostnamed got updated to also expose the kernel name,
499b604b
ZJS		 14760 release, and version on the bus. This is useful for
14761 executing commands like hostnamectl with the -H switch.
14762 systemd-analyze makes use of this to properly display
14763 details when running non-locally.
6936cd89
LP		 14764
14765 * The bootchart tool can now show cgroup information in the
14766 graphs it generates.
14767
14768 * The CFS CPU quota cgroup attribute is now exposed for
14769 services. The new CPUQuota= switch has been added for this
14770 which takes a percentage value. Setting this will have the
14771 result that a service may never get more CPU time than the
14772 specified percentage, even if the machine is otherwise idle.
14773
14774 * systemd-networkd learned IPIP and SIT tunnel support.
14775
14776 * LSB init scripts exposing a dependency on $network will now
14777 get a dependency on network-online.target rather than simply
14778 network.target. This should bring LSB handling closer to
14779 what it was on SysV systems.
14780
14781 * A new fsck.repair= kernel option has been added to control
14782 how fsck shall deal with unclean file systems at boot.
14783
2ad98889
ZJS		 14784 * The (.ini) configuration file parser will now silently ignore
14785 sections whose names begin with "X-". This may be used to maintain
14786 application-specific extension sections in unit files.
6936cd89
LP		 14787
14788 * machined gained a new API to query the IP addresses of
14789 registered containers. "machinectl status" has been updated
14790 to show these addresses in its output.
14791
14792 * A new call sd_uid_get_display() has been added to the
14793 sd-login APIs for querying the "primary" session of a
14794 user. The "primary" session of the user is elected from the
14795 user's sessions and generally a graphical session is
14796 preferred over a text one.
14797
14798 * A minimal systemd-resolved daemon has been added. It
14799 currently simply acts as a companion to systemd-networkd and
14800 manages resolv.conf based on per-interface DNS
14801 configuration, possibly supplied via DHCP. In the long run
14802 we hope to extend this into a local DNSSEC enabled DNS and
14803 mDNS cache.
14804
68dd0956
TG		 14805 * The systemd-networkd-wait-online tool is now enabled by
14806 default. It will delay network-online.target until a network
14807 connection has been configured. The tool primarily integrates
14808 with networkd, but will also make a best effort to make sense
14809 of network configuration performed in some other way.
14810
6936cd89 14811 * Two new service options StartupCPUShares= and
499b604b 14812 StartupBlockIOWeight= have been added that work similarly to
6936cd89 14813 CPUShares= and BlockIOWeight= however only apply during
69beda1f 14814 system startup. This is useful to prioritize certain services
6936cd89
LP		 14815 differently during bootup than during normal runtime.
14816
8e7acf67
LP		 14817 * hostnamed has been changed to prefer the statically
14818 configured hostname in /etc/hostname (unless set to
14819 'localhost' or empty) over any dynamic one supplied by
8d0e0ddd 14820 dhcp. With this change, the rules for picking the hostname
8e7acf67
LP		 14821 match more closely the rules of other configuration settings
14822 where the local administrator's configuration in /etc always
14823 overrides any other settings.
14824
5238e957 14825 Contributions from: Ali H. Caliskan, Alison Chaiken, Bas van
6936cd89
LP		 14826 den Berg, Brandon Philips, Cristian Rodríguez, Daniel Buch,
14827 Dan Kilman, Dave Reisner, David Härdeman, David Herrmann,
14828 David Strauss, Dimitris Spingos, Djalal Harouni, Eelco
14829 Dolstra, Evan Nemerson, Florian Albrechtskirchinger, Greg
14830 Kroah-Hartman, Harald Hoyer, Holger Hans Peter Freyther, Jan
14831 Engelhardt, Jani Nikula, Jason St. John, Jeffrey Clark,
14832 Jonathan Boulle, Kay Sievers, Lennart Poettering, Lukas
14833 Nykryn, Lukasz Skalski, Łukasz Stelmach, Mantas Mikulėnas,
8e7acf67
LP		 14834 Marcel Holtmann, Martin Pitt, Matthew Monaco, Michael
14835 Marineau, Michael Olbrich, Michal Sekletar, Mike Gilbert, Nis
14836 Martensen, Patrik Flykt, Philip Lorenz, poma, Ray Strode,
14837 Reyad Attiyat, Robert Milasan, Scott Thrasher, Stef Walter,
14838 Steven Siloti, Susant Sahani, Tanu Kaskinen, Thomas Bächler,
14839 Thomas Hindoe Paaboel Andersen, Tom Gundersen, Umut Tezduyar
14840 Lindskog, WaLyong Cho, Will Woods, Zbigniew
6936cd89
LP		 14841 Jędrzejewski-Szmek
14842
ccddd104 14843 — Beijing, 2014-05-28
6936cd89 14844
51c61cda
LP		 14845CHANGES WITH 212:
14846
14847 * When restoring the screen brightness at boot, stay away from
14848 the darkest setting or from the lowest 5% of the available
14849 range, depending on which is the larger value of both. This
14850 should effectively protect the user from rebooting into a
14851 black screen, should the brightness have been set to minimum
14852 by accident.
14853
14854 * sd-login gained a new sd_machine_get_class() call to
14855 determine the class ("vm" or "container") of a machine
14856 registered with machined.
14857
14858 * sd-login gained new calls
14859 sd_peer_get_{session,owner_uid,unit,user_unit,slice,machine_name}(),
14860 to query the identity of the peer of a local AF_UNIX
499b604b 14861 connection. They operate similarly to their sd_pid_get_xyz()
51c61cda
LP		 14862 counterparts.
14863
14864 * PID 1 will now maintain a system-wide system state engine
14865 with the states "starting", "running", "degraded",
14866 "maintenance", "stopping". These states are bound to system
14867 startup, normal runtime, runtime with at least one failed
14868 service, rescue/emergency mode and system shutdown. This
14869 state is shown in the "systemctl status" output when no unit
14870 name is passed. It is useful to determine system state, in
14871 particularly when doing so for many systems or containers at
14872 once.
14873
14874 * A new command "list-machines" has been added to "systemctl"
14875 that lists all local OS containers and shows their system
14876 state (see above), if systemd runs inside of them.
14877
14878 * systemctl gained a new "-r" switch to recursively enumerate
14879 units on all local containers, when used with the
14880 "list-unit" command (which is the default one that is
14881 executed when no parameters are specified).
14882
14883 * The GPT automatic partition discovery logic will now honour
14884 two GPT partition flags: one may be set on a partition to
14885 cause it to be mounted read-only, and the other may be set
14886 on a partition to ignore it during automatic discovery.
14887
14888 * Two new GPT type UUIDs have been added for automatic root
70a44afe 14889 partition discovery, for 32-bit and 64-bit ARM. This is not
51c61cda
LP		 14890 particularly useful for discovering the root directory on
14891 these architectures during bare-metal boots (since UEFI is
14892 not common there), but still very useful to allow booting of
14893 ARM disk images in nspawn with the -i option.
14894
14895 * MAC addresses of interfaces created with nspawn's
14896 --network-interface= switch will now be generated from the
14897 machine name, and thus be stable between multiple invocations
14898 of the container.
14899
14900 * logind will now automatically remove all IPC objects owned
14901 by a user if she or he fully logs out. This makes sure that
14902 users who are logged out cannot continue to consume IPC
14903 resources. This covers SysV memory, semaphores and message
14904 queues as well as POSIX shared memory and message
de04bbdc 14905 queues. Traditionally, SysV and POSIX IPC had no lifecycle
b8bde116
JE		 14906 limits. With this functionality, that is corrected. This may
14907 be turned off by using the RemoveIPC= switch of logind.conf.
51c61cda
LP		 14908
14909 * The systemd-machine-id-setup and tmpfiles tools gained a
14910 --root= switch to operate on a specific root directory,
14911 instead of /.
14912
14913 * journald can now forward logged messages to the TTYs of all
14914 logged in users ("wall"). This is the default for all
14915 emergency messages now.
14916
14917 * A new tool systemd-journal-remote has been added to stream
14918 journal log messages across the network.
14919
14920 * /sys/fs/cgroup/ is now mounted read-only after all cgroup
14921 controller trees are mounted into it. Note that the
14922 directories mounted beneath it are not read-only. This is a
14923 security measure and is particularly useful because glibc
14924 actually includes a search logic to pick any tmpfs it can
14925 find to implement shm_open() if /dev/shm is not available
14926 (which it might very well be in namespaced setups).
14927
14928 * machinectl gained a new "poweroff" command to cleanly power
14929 down a local OS container.
14930
14931 * The PrivateDevices= unit file setting will now also drop the
14932 CAP_MKNOD capability from the capability bound set, and
14933 imply DevicePolicy=closed.
14934
14935 * PrivateDevices=, PrivateNetwork= and PrivateTmp= is now used
14936 comprehensively on all long-running systemd services where
14937 this is appropriate.
14938
14939 * systemd-udevd will now run in a disassociated mount
b8bde116 14940 namespace. To mount directories from udev rules, make sure to
51c61cda
LP		 14941 pull in mount units via SYSTEMD_WANTS properties.
14942
14943 * The kdbus support gained support for uploading policy into
14944 the kernel. sd-bus gained support for creating "monitoring"
14945 connections that can eavesdrop into all bus communication
14946 for debugging purposes.
14947
14948 * Timestamps may now be specified in seconds since the UNIX
14949 epoch Jan 1st, 1970 by specifying "@" followed by the value
14950 in seconds.
14951
14952 * Native tcpwrap support in systemd has been removed. tcpwrap
14953 is old code, not really maintained anymore and has serious
14954 shortcomings, and better options such as firewalls
14955 exist. For setups that require tcpwrap usage, please
14956 consider invoking your socket-activated service via tcpd,
14957 like on traditional inetd.
14958
14959 * A new system.conf configuration option
14960 DefaultTimerAccuracySec= has been added that controls the
14961 default AccuracySec= setting of .timer units.
14962
b8bde116 14963 * Timer units gained a new WakeSystem= switch. If enabled,
51c61cda
LP		 14964 timers configured this way will cause the system to resume
14965 from system suspend (if the system supports that, which most
14966 do these days).
14967
b8bde116 14968 * Timer units gained a new Persistent= switch. If enabled,
51c61cda
LP		 14969 timers configured this way will save to disk when they have
14970 been last triggered. This information is then used on next
14971 reboot to possible execute overdue timer events, that
d28315e4
JE		 14972 could not take place because the system was powered off.
14973 This enables simple anacron-like behaviour for timer units.
51c61cda
LP		 14974
14975 * systemctl's "list-timers" will now also list the time a
14976 timer unit was last triggered in addition to the next time
14977 it will be triggered.
14978
14979 * systemd-networkd will now assign predictable IPv4LL
14980 addresses to its local interfaces.
14981
14982 Contributions from: Brandon Philips, Daniel Buch, Daniel Mack,
14983 Dave Reisner, David Herrmann, Gerd Hoffmann, Greg
14984 Kroah-Hartman, Hendrik Brueckner, Jason St. John, Josh
14985 Triplett, Kay Sievers, Lennart Poettering, Marc-Antoine
14986 Perennou, Michael Marineau, Michael Olbrich, Miklos Vajna,
14987 Patrik Flykt, poma, Sebastian Thorarensen, Thomas Bächler,
14988 Thomas Hindoe Paaboel Andersen, Tomasz Torcz, Tom Gundersen,
14989 Umut Tezduyar Lindskog, Wieland Hoffmann, Zbigniew
14990 Jędrzejewski-Szmek
14991
ccddd104 14992 — Berlin, 2014-03-25
51c61cda 14993
699b6b34
LP		 14994CHANGES WITH 211:
14995
14996 * A new unit file setting RestrictAddressFamilies= has been
14997 added to restrict which socket address families unit
14998 processes gain access to. This takes address family names
14999 like "AF_INET" or "AF_UNIX", and is useful to minimize the
15000 attack surface of services via exotic protocol stacks. This
15001 is built on seccomp system call filters.
15002
15003 * Two new unit file settings RuntimeDirectory= and
15004 RuntimeDirectoryMode= have been added that may be used to
15005 manage a per-daemon runtime directories below /run. This is
15006 an alternative for setting up directory permissions with
15007 tmpfiles snippets, and has the advantage that the runtime
15008 directory's lifetime is bound to the daemon runtime and that
15009 the daemon starts up with an empty directory each time. This
15010 is particularly useful when writing services that drop
f1721625 15011 privileges using the User= or Group= setting.
699b6b34
LP		 15012
15013 * The DeviceAllow= unit setting now supports globbing for
15014 matching against device group names.
15015
15016 * The systemd configuration file system.conf gained new
15017 settings DefaultCPUAccounting=, DefaultBlockIOAccounting=,
15018 DefaultMemoryAccounting= to globally turn on/off accounting
15019 for specific resources (cgroups) for all units. These
22e7062d 15020 settings may still be overridden individually in each unit
699b6b34
LP		 15021 though.
15022
15023 * systemd-gpt-auto-generator is now able to discover /srv and
15024 root partitions in addition to /home and swap partitions. It
15025 also supports LUKS-encrypted partitions now. With this in
b8bde116 15026 place, automatic discovery of partitions to mount following
699b6b34 15027 the Discoverable Partitions Specification
a794a4d8 15028 (https://systemd.io/DISCOVERABLE_PARTITIONS/)
699b6b34
LP		 15029 is now a lot more complete. This allows booting without
15030 /etc/fstab and without root= on the kernel command line on
b8bde116 15031 systems prepared appropriately.
699b6b34
LP		 15032
15033 * systemd-nspawn gained a new --image= switch which allows
15034 booting up disk images and Linux installations on any block
15035 device that follow the Discoverable Partitions Specification
15036 (see above). This means that installations made with
15037 appropriately updated installers may now be started and
15038 deployed using container managers, completely
15039 unmodified. (We hope that libvirt-lxc will add support for
15040 this feature soon, too.)
15041
15042 * systemd-nspawn gained a new --network-macvlan= setting to
15043 set up a private macvlan interface for the
499b604b 15044 container. Similarly, systemd-networkd gained a new
699b6b34
LP		 15045 Kind=macvlan setting in .netdev files.
15046
15047 * systemd-networkd now supports configuring local addresses
15048 using IPv4LL.
15049
15050 * A new tool systemd-network-wait-online has been added to
15051 synchronously wait for network connectivity using
15052 systemd-networkd.
15053
15054 * The sd-bus.h bus API gained a new sd_bus_track object for
de04bbdc 15055 tracking the lifecycle of bus peers. Note that sd-bus.h is
699b6b34
LP		 15056 still not a public API though (unless you specify
15057 --enable-kdbus on the configure command line, which however
15058 voids your warranty and you get no API stability guarantee).
15059
15060 * The $XDG_RUNTIME_DIR runtime directories for each user are
15061 now individual tmpfs instances, which has the benefit of
15062 introducing separate pools for each user, with individual
4ef6e535 15063 size limits, and thus making sure that unprivileged clients
699b6b34
LP		 15064 can no longer negatively impact the system or other users by
15065 filling up their $XDG_RUNTIME_DIR. A new logind.conf setting
15066 RuntimeDirectorySize= has been introduced that allows
15067 controlling the default size limit for all users. It
15068 defaults to 10% of the available physical memory. This is no
15069 replacement for quotas on tmpfs though (which the kernel
15070 still does not support), as /dev/shm and /tmp are still
4ef6e535 15071 shared resources used by both the system and unprivileged
699b6b34
LP		 15072 users.
15073
15074 * logind will now automatically turn off automatic suspending
15075 on laptop lid close when more than one display is
15076 connected. This was previously expected to be implemented
15077 individually in desktop environments (such as GNOME),
15078 however has been added to logind now, in order to fix a
15079 boot-time race where a desktop environment might not have
15080 been started yet and thus not been able to take an inhibitor
15081 lock at the time where logind already suspends the system
15082 due to a closed lid.
15083
15084 * logind will now wait at least 30s after each system
15085 suspend/resume cycle, and 3min after system boot before
15086 suspending the system due to a closed laptop lid. This
15087 should give USB docking stations and similar enough time to
4ef6e535 15088 be probed and configured after system resume and boot in
699b6b34
LP		 15089 order to then act as suspend blocker.
15090
15091 * systemd-run gained a new --property= setting which allows
15092 initialization of resource control properties (and others)
15093 for the created scope or service unit. Example: "systemd-run
15094 --property=BlockIOWeight=10 updatedb" may be used to run
15095 updatedb at a low block IO scheduling weight.
15096
15097 * systemd-run's --uid=, --gid=, --setenv=, --setenv= switches
15098 now also work in --scope mode.
15099
15100 * When systemd is compiled with kdbus support, basic support
15101 for enforced policies is now in place. (Note that enabling
15102 kdbus still voids your warranty and no API compatibility
15103 promises are made.)
15104
15105 Contributions from: Andrey Borzenkov, Ansgar Burchardt, Armin
15106 K., Daniel Mack, Dave Reisner, David Herrmann, Djalal Harouni,
15107 Harald Hoyer, Henrik Grindal Bakken, Jasper St. Pierre, Kay
15108 Sievers, Kieran Clancy, Lennart Poettering, Lukas Nykryn,
15109 Mantas Mikulėnas, Marcel Holtmann, Mark Oteiza, Martin Pitt,
15110 Mike Gilbert, Peter Rajnoha, poma, Samuli Suominen, Stef
15111 Walter, Susant Sahani, Tero Roponen, Thomas Andersen, Thomas
15112 Bächler, Thomas Hindoe Paaboel Andersen, Tomasz Torcz, Tom
15113 Gundersen, Umut Tezduyar Lindskog, Uoti Urpala, Zachary Cook,
15114 Zbigniew Jędrzejewski-Szmek
15115
ccddd104 15116 — Berlin, 2014-03-12
699b6b34 15117
43c71255
LP		 15118CHANGES WITH 210:
15119
15120 * systemd will now relabel /dev after loading the SMACK policy
15121 according to SMACK rules.
15122
67dd87c5 15123 * A new unit file option AppArmorProfile= has been added to
43c71255
LP		 15124 set the AppArmor profile for the processes of a unit.
15125
15126 * A new condition check ConditionArchitecture= has been added
15127 to conditionalize units based on the system architecture, as
15128 reported by uname()'s "machine" field.
15129
15130 * systemd-networkd now supports matching on the system
38b38500 15131 virtualization, architecture, kernel command line, hostname
43c71255
LP		 15132 and machine ID.
15133
ed28905e 15134 * logind is now a lot more aggressive when suspending the
43c71255 15135 machine due to a closed laptop lid. Instead of acting only
b8bde116 15136 on the lid close action, it will continuously watch the lid
43c71255
LP		 15137 status and act on it. This is useful for laptops where the
15138 power button is on the outside of the chassis so that it can
ed28905e 15139 be reached without opening the lid (such as the Lenovo
b8bde116 15140 Yoga). On those machines, logind will now immediately
ed28905e 15141 re-suspend the machine if the power button has been
43c71255
LP		 15142 accidentally pressed while the laptop was suspended and in a
15143 backpack or similar.
15144
15145 * logind will now watch SW_DOCK switches and inhibit reaction
15146 to the lid switch if it is pressed. This means that logind
d27893ef 15147 will not suspend the machine anymore if the lid is closed
949138cc 15148 and the system is docked, if the laptop supports SW_DOCK
43c71255
LP		 15149 notifications via the input layer. Note that ACPI docking
15150 stations do not generate this currently. Also note that this
15151 logic is usually not fully sufficient and Desktop
15152 Environments should take a lid switch inhibitor lock when an
15153 external display is connected, as systemd will not watch
15154 this on its own.
15155
15156 * nspawn will now make use of the devices cgroup controller by
15157 default, and only permit creation of and access to the usual
15158 API device nodes like /dev/null or /dev/random, as well as
15159 access to (but not creation of) the pty devices.
15160
15161 * We will now ship a default .network file for
15162 systemd-networkd that automatically configures DHCP for
15163 network interfaces created by nspawn's --network-veth or
15164 --network-bridge= switches.
15165
15166 * systemd will now understand the usual M, K, G, T suffixes
15167 according to SI conventions (i.e. to the base 1000) when
15168 referring to throughput and hardware metrics. It will stay
15169 with IEC conventions (i.e. to the base 1024) for software
15170 metrics, according to what is customary according to
15171 Wikipedia. We explicitly document which base applies for
15172 each configuration option.
15173
6b000af4
LP		 15174 * The DeviceAllow= setting in unit files now supports a syntax to
15175 allow-list an entire group of devices node majors at once, based on
15176 the /proc/devices listing. For example, with the string "char-pts",
15177 it is now possible to allow-list all current and future pseudo-TTYs
15178 at once.
43c71255
LP		 15179
15180 * sd-event learned a new "post" event source. Event sources of
15181 this type are triggered by the dispatching of any event
15182 source of a type that is not "post". This is useful for
15183 implementing clean-up and check event sources that are
15184 triggered by other work being done in the program.
15185
15186 * systemd-networkd is no longer statically enabled, but uses
15187 the usual [Install] sections so that it can be
15188 enabled/disabled using systemctl. It still is enabled by
15189 default however.
15190
b8bde116 15191 * When creating a veth interface pair with systemd-nspawn, the
43c71255
LP		 15192 host side will now be prefixed with "vb-" if
15193 --network-bridge= is used, and with "ve-" if --network-veth
b8bde116 15194 is used. This way, it is easy to distinguish these cases on
43c71255
LP		 15195 the host, for example to apply different configuration to
15196 them with systemd-networkd.
15197
d27893ef
LP		 15198 * The compatibility libraries for libsystemd-journal.so,
15199 libsystem-id128.so, libsystemd-login.so and
15200 libsystemd-daemon.so do not make use of IFUNC
b8bde116 15201 anymore. Instead, we now build libsystemd.so multiple times
d27893ef
LP		 15202 under these alternative names. This means that the footprint
15203 is drastically increased, but given that these are
b8bde116 15204 transitional compatibility libraries, this should not matter
d27893ef
LP		 15205 much. This change has been made necessary to support the ARM
15206 platform for these compatibility libraries, as the ARM
d28315e4 15207 toolchain is not really at the same level as the toolchain
ed28905e 15208 for other architectures like x86 and does not support
d27893ef
LP		 15209 IFUNC. Please make sure to use --enable-compat-libs only
15210 during a transitional period!
15211
f26ad321
ZJS		 15212 * The .include syntax has been deprecated and is not documented
15213 anymore. Drop-in files in .d directories should be used instead.
15214
13b28d82 15215 Contributions from: Andreas Fuchs, Armin K., Colin Walters,
43c71255
LP		 15216 Daniel Mack, Dave Reisner, David Herrmann, Djalal Harouni,
15217 Holger Schurig, Jason A. Donenfeld, Jason St. John, Jasper
15218 St. Pierre, Kay Sievers, Lennart Poettering, Łukasz Stelmach,
15219 Marcel Holtmann, Michael Scherer, Michal Sekletar, Mike
15220 Gilbert, Samuli Suominen, Thomas Bächler, Thomas Hindoe
15221 Paaboel Andersen, Tom Gundersen, Umut Tezduyar Lindskog,
15222 Zbigniew Jędrzejewski-Szmek
15223
ccddd104 15224 — Berlin, 2014-02-24
43c71255 15225
e49b5aad
LP		 15226CHANGES WITH 209:
15227
15228 * A new component "systemd-networkd" has been added that can
15229 be used to configure local network interfaces statically or
8b7d0494
JSJ		 15230 via DHCP. It is capable of bringing up bridges, VLANs, and
15231 bonding. Currently, no hook-ups for interactive network
4670e9d5 15232 configuration are provided. Use this for your initrd,
8b7d0494
JSJ		 15233 container, embedded, or server setup if you need a simple,
15234 yet powerful, network configuration solution. This
4670e9d5 15235 configuration subsystem is quite nifty, as it allows wildcard
1e190502 15236 hotplug matching in interfaces. For example, with a single
4670e9d5 15237 configuration snippet, you can configure that all Ethernet
1e190502
ZJS		 15238 interfaces showing up are automatically added to a bridge,
15239 or similar. It supports link-sensing and more.
e49b5aad
LP		 15240
15241 * A new tool "systemd-socket-proxyd" has been added which can
4c2413bf 15242 act as a bidirectional proxy for TCP sockets. This is
e49b5aad
LP		 15243 useful for adding socket activation support to services that
15244 do not actually support socket activation, including virtual
4c2413bf 15245 machines and the like.
e49b5aad
LP		 15246
15247 * Add a new tool to save/restore rfkill state on
15248 shutdown/boot.
15249
8b7d0494
JSJ		 15250 * Save/restore state of keyboard backlights in addition to
15251 display backlights on shutdown/boot.
e49b5aad
LP		 15252
15253 * udev learned a new SECLABEL{} construct to label device
15254 nodes with a specific security label when they appear. For
4c2413bf 15255 now, only SECLABEL{selinux} is supported, but the syntax is
e49b5aad
LP		 15256 prepared for additional security frameworks.
15257
15258 * udev gained a new scheme to configure link-level attributes
15259 from files in /etc/systemd/network/*.link. These files can
8b7d0494 15260 match against MAC address, device path, driver name and type,
4c2413bf 15261 and will apply attributes like the naming policy, link speed,
8b7d0494 15262 MTU, duplex settings, Wake-on-LAN settings, MAC address, MAC
1d3a473b 15263 address assignment policy (randomized, …).
e49b5aad 15264
dfb08b05
ZJS		 15265 * The configuration of network interface naming rules for
15266 "permanent interface names" has changed: a new NamePolicy=
15267 setting in the [Link] section of .link files determines the
a8eaaee7 15268 priority of possible naming schemes (onboard, slot, MAC,
dfb08b05
ZJS		 15269 path). The default value of this setting is determined by
15270 /usr/lib/net/links/99-default.link. Old
15271 80-net-name-slot.rules udev configuration file has been
15272 removed, so local configuration overriding this file should
ce830873 15273 be adapted to override 99-default.link instead.
dfb08b05 15274
e49b5aad 15275 * When the User= switch is used in a unit file, also
4c2413bf 15276 initialize $SHELL= based on the user database entry.
e49b5aad
LP		 15277
15278 * systemd no longer depends on libdbus. All communication is
15279 now done with sd-bus, systemd's low-level bus library
15280 implementation.
15281
15282 * kdbus support has been added to PID 1 itself. When kdbus is
4c2413bf 15283 enabled, this causes PID 1 to set up the system bus and
e49b5aad
LP		 15284 enable support for a new ".busname" unit type that
15285 encapsulates bus name activation on kdbus. It works a little
15286 bit like ".socket" units, except for bus names. A new
15287 generator has been added that converts classic dbus1 service
15288 activation files automatically into native systemd .busname
15289 and .service units.
15290
15291 * sd-bus: add a light-weight vtable implementation that allows
15292 defining objects on the bus with a simple static const
15293 vtable array of its methods, signals and properties.
15294
8b7d0494 15295 * systemd will not generate or install static dbus
e49b5aad 15296 introspection data anymore to /usr/share/dbus-1/interfaces,
1e190502 15297 as the precise format of these files is unclear, and
e49b5aad
LP		 15298 nothing makes use of it.
15299
15300 * A proxy daemon is now provided to proxy clients connecting
15301 via classic D-Bus AF_UNIX sockets to kdbus, to provide full
15302 compatibility with classic D-Bus.
15303
15304 * A bus driver implementation has been added that supports the
15305 classic D-Bus bus driver calls on kdbus, also for
15306 compatibility purposes.
15307
15308 * A new API "sd-event.h" has been added that implements a
15309 minimal event loop API built around epoll. It provides a
15310 couple of features that direct epoll usage is lacking:
b9761003 15311 prioritization of events, scales to large numbers of timer
e49b5aad
LP		 15312 events, per-event timer slack (accuracy), system-wide
15313 coalescing of timer events, exit handlers, watchdog
15314 supervision support using systemd's sd_notify() API, child
15315 process handling.
15316
15317 * A new API "sd-rntl.h" has been added that provides an API
15318 around the route netlink interface of the kernel, similar in
15319 style to "sd-bus.h".
15320
7e95eda5
PF		 15321 * A new API "sd-dhcp-client.h" has been added that provides a
15322 small DHCPv4 client-side implementation. This is used by
e49b5aad
LP		 15323 "systemd-networkd".
15324
4c2413bf 15325 * There is a new kernel command line option
8b7d0494
JSJ		 15326 "systemd.restore_state=0|1". When set to "0", none of the
15327 systemd tools will restore saved runtime state to hardware
15328 devices. More specifically, the rfkill and backlight states
15329 are not restored.
e49b5aad
LP		 15330
15331 * The FsckPassNo= compatibility option in mount/service units
15332 has been removed. The fstab generator will now add the
15333 necessary dependencies automatically, and does not require
15334 PID1's support for that anymore.
15335
8b7d0494 15336 * journalctl gained a new switch, --list-boots, that lists
e49b5aad
LP		 15337 recent boots with their times and boot IDs.
15338
15339 * The various tools like systemctl, loginctl, timedatectl,
1d3a473b 15340 busctl, systemd-run, … have gained a new switch "-M" to
e49b5aad
LP		 15341 connect to a specific, local OS container (as direct
15342 connection, without requiring SSH). This works on any
15343 container that is registered with machined, such as those
15344 created by libvirt-lxc or nspawn.
15345
15346 * systemd-run and systemd-analyze also gained support for "-H"
4c2413bf 15347 to connect to remote hosts via SSH. This is particularly
8b7d0494
JSJ		 15348 useful for systemd-run because it enables queuing of jobs
15349 onto remote systems.
e49b5aad
LP		 15350
15351 * machinectl gained a new command "login" to open a getty
15352 login in any local container. This works with any container
15353 that is registered with machined (such as those created by
8e420494 15354 libvirt-lxc or nspawn), and which runs systemd inside.
e49b5aad
LP		 15355
15356 * machinectl gained a new "reboot" command that may be used to
15357 trigger a reboot on a specific container that is registered
15358 with machined. This works on any container that runs an init
15359 system of some kind.
15360
15361 * systemctl gained a new "list-timers" command to print a nice
15362 listing of installed timer units with the times they elapse
15363 next.
15364
15365 * Alternative reboot() parameters may now be specified on the
15366 "systemctl reboot" command line and are passed to the
15367 reboot() system call.
15368
15369 * systemctl gained a new --job-mode= switch to configure the
15370 mode to queue a job with. This is a more generic version of
8b7d0494 15371 --fail, --irreversible, and --ignore-dependencies, which are
e49b5aad
LP		 15372 still available but not advertised anymore.
15373
e49b5aad
LP		 15374 * /etc/systemd/system.conf gained new settings to configure
15375 various default timeouts of units, as well as the default
b9761003 15376 start limit interval and burst. These may still be overridden
e49b5aad
LP		 15377 within each Unit.
15378
270f1624
LP		 15379 * PID1 will now export on the bus profile data of the security
15380 policy upload process (such as the SELinux policy upload to
8e420494 15381 the kernel).
e49b5aad 15382
4670e9d5 15383 * journald: when forwarding logs to the console, include
1e190502
ZJS		 15384 timestamps (following the setting in
15385 /sys/module/printk/parameters/time).
e49b5aad
LP		 15386
15387 * OnCalendar= in timer units now understands the special
15388 strings "yearly" and "annually". (Both are equivalent)
15389
15390 * The accuracy of timer units is now configurable with the new
15391 AccuracySec= setting. It defaults to 1min.
15392
15393 * A new dependency type JoinsNamespaceOf= has been added that
15394 allows running two services within the same /tmp and network
15395 namespace, if PrivateNetwork= or PrivateTmp= are used.
15396
15397 * A new command "cat" has been added to systemctl. It outputs
15398 the original unit file of a unit, and concatenates the
1e190502
ZJS		 15399 contents of additional "drop-in" unit file snippets, so that
15400 the full configuration is shown.
e49b5aad
LP		 15401
15402 * systemctl now supports globbing on the various "list-xyz"
15403 commands, like "list-units" or "list-sockets", as well as on
1e190502
ZJS		 15404 those commands which take multiple unit names.
15405
15406 * journalctl's --unit= switch gained support for globbing.
e49b5aad
LP		 15407
15408 * All systemd daemons now make use of the watchdog logic so
15409 that systemd automatically notices when they hang.
15410
4c2413bf 15411 * If the $container_ttys environment variable is set,
e49b5aad
LP		 15412 getty-generator will automatically spawn a getty for each
15413 listed tty. This is useful for container managers to request
15414 login gettys to be spawned on as many ttys as needed.
15415
15416 * %h, %s, %U specifier support is not available anymore when
15417 used in unit files for PID 1. This is because NSS calls are
15418 not safe from PID 1. They stay available for --user
15419 instances of systemd, and as special case for the root user.
15420
e49b5aad
LP		 15421 * loginctl gained a new "--no-legend" switch to turn off output
15422 of the legend text.
15423
15424 * The "sd-login.h" API gained three new calls:
15425 sd_session_is_remote(), sd_session_get_remote_user(),
15426 sd_session_get_remote_host() to query information about
15427 remote sessions.
15428
8e420494
LP		 15429 * The udev hardware database now also carries vendor/product
15430 information of SDIO devices.
e49b5aad
LP		 15431
15432 * The "sd-daemon.h" API gained a new sd_watchdog_enabled() to
15433 determine whether watchdog notifications are requested by
15434 the system manager.
15435
1e190502 15436 * Socket-activated per-connection services now include a
e49b5aad
LP		 15437 short description of the connection parameters in the
15438 description.
15439
4c2413bf 15440 * tmpfiles gained a new "--boot" option. When this is not used,
e49b5aad 15441 only lines where the command character is not suffixed with
4670e9d5 15442 "!" are executed. When this option is specified, those
1e190502
ZJS		 15443 options are executed too. This partitions tmpfiles
15444 directives into those that can be safely executed at any
15445 time, and those which should be run only at boot (for
15446 example, a line that creates /run/nologin).
e49b5aad 15447
c0c5af00 15448 * A new API "sd-resolve.h" has been added which provides a simple
38b38500 15449 asynchronous wrapper around glibc NSS hostname resolution
e49b5aad 15450 calls, such as getaddrinfo(). In contrast to glibc's
4c2413bf
JE		 15451 getaddrinfo_a(), it does not use signals. In contrast to most
15452 other asynchronous name resolution libraries, this one does
15453 not reimplement DNS, but reuses NSS, so that alternate
38b38500 15454 hostname resolution systems continue to work, such as mDNS,
8b7d0494 15455 LDAP, etc. This API is based on libasyncns, but it has been
e49b5aad
LP		 15456 cleaned up for inclusion in systemd.
15457
6300b3ec
LP		 15458 * The APIs "sd-journal.h", "sd-login.h", "sd-id128.h",
15459 "sd-daemon.h" are no longer found in individual libraries
15460 libsystemd-journal.so, libsystemd-login.so,
15461 libsystemd-id128.so, libsystemd-daemon.so. Instead, we have
8b7d0494
JSJ		 15462 merged them into a single library, libsystemd.so, which
15463 provides all symbols. The reason for this is cyclic
e49b5aad 15464 dependencies, as these libraries tend to use each other's
d28315e4 15465 symbols. So far, we have managed to workaround that by linking
6300b3ec
LP		 15466 a copy of a good part of our code into each of these
15467 libraries again and again, which, however, makes certain
15468 things hard to do, like sharing static variables. Also, it
15469 substantially increases footprint. With this change, there
15470 is only one library for the basic APIs systemd
15471 provides. Also, "sd-bus.h", "sd-memfd.h", "sd-event.h",
15472 "sd-rtnl.h", "sd-resolve.h", "sd-utf8.h" are found in this
15473 library as well, however are subject to the --enable-kdbus
15474 switch (see below). Note that "sd-dhcp-client.h" is not part
15475 of this library (this is because it only consumes, never
15476 provides, services of/to other APIs). To make the transition
8b7d0494 15477 easy from the separate libraries to the unified one, we
4c2413bf 15478 provide the --enable-compat-libs compile-time switch which
e49b5aad
LP		 15479 will generate stub libraries that are compatible with the
15480 old ones but redirect all calls to the new one.
15481
8b7d0494 15482 * All of the kdbus logic and the new APIs "sd-bus.h",
e49b5aad 15483 "sd-memfd.h", "sd-event.h", "sd-rtnl.h", "sd-resolve.h",
8b7d0494
JSJ		 15484 and "sd-utf8.h" are compile-time optional via the
15485 "--enable-kdbus" switch, and they are not compiled in by
15486 default. To make use of kdbus, you have to explicitly enable
4c2413bf 15487 the switch. Note however, that neither the kernel nor the
e49b5aad
LP		 15488 userspace API for all of this is considered stable yet. We
15489 want to maintain the freedom to still change the APIs for
4c2413bf 15490 now. By specifying this build-time switch, you acknowledge
e49b5aad 15491 that you are aware of the instability of the current
ad42cf73
KS		 15492 APIs.
15493
15494 * Also, note that while kdbus is pretty much complete,
e49b5aad 15495 it lacks one thing: proper policy support. This means you
8b7d0494 15496 can build a fully working system with all features; however,
4c2413bf
JE		 15497 it will be highly insecure. Policy support will be added in
15498 one of the next releases, at the same time that we will
15499 declare the APIs stable.
e49b5aad 15500
81c7dd89 15501 * When the kernel command line argument "kdbus" is specified,
ad42cf73 15502 systemd will automatically load the kdbus.ko kernel module. At
8b7d0494 15503 this stage of development, it is only useful for testing kdbus
ad42cf73 15504 and should not be used in production. Note: if "--enable-kdbus"
8b7d0494 15505 is specified, and the kdbus.ko kernel module is available, and
ad42cf73
KS		 15506 "kdbus" is added to the kernel command line, the entire system
15507 runs with kdbus instead of dbus-daemon, with the above mentioned
15508 problem of missing the system policy enforcement. Also a future
15509 version of kdbus.ko or a newer systemd will not be compatible with
15510 each other, and will unlikely be able to boot the machine if only
15511 one of them is updated.
15512
e49b5aad 15513 * systemctl gained a new "import-environment" command which
4c2413bf 15514 uploads the caller's environment (or parts thereof) into the
e49b5aad
LP		 15515 service manager so that it is inherited by services started
15516 by the manager. This is useful to upload variables like
15517 $DISPLAY into the user service manager.
15518
15519 * A new PrivateDevices= switch has been added to service units
15520 which allows running a service with a namespaced /dev
15521 directory that does not contain any device nodes for
4c2413bf 15522 physical devices. More specifically, it only includes devices
8b7d0494 15523 such as /dev/null, /dev/urandom, and /dev/zero which are API
e49b5aad
LP		 15524 entry points.
15525
15526 * logind has been extended to support behaviour like VT
15527 switching on seats that do not support a VT. This makes
15528 multi-session available on seats that are not the first seat
15529 (seat0), and on systems where kernel support for VTs has
8b7d0494 15530 been disabled at compile-time.
e49b5aad
LP		 15531
15532 * If a process holds a delay lock for system sleep or shutdown
1e190502 15533 and fails to release it in time, we will now log its
e49b5aad
LP		 15534 identity. This makes it easier to identify processes that
15535 cause slow suspends or power-offs.
15536
1e190502
ZJS		 15537 * When parsing /etc/crypttab, support for a new key-slot=
15538 option as supported by Debian is added. It allows indicating
15539 which LUKS slot to use on disk, speeding up key loading.
e49b5aad 15540
000b1ba5 15541 * The sd_journal_sendv() API call has been checked and
1e190502
ZJS		 15542 officially declared to be async-signal-safe so that it may
15543 be invoked from signal handlers for logging purposes.
e49b5aad
LP		 15544
15545 * Boot-time status output is now enabled automatically after a
15546 short timeout if boot does not progress, in order to give
8e420494 15547 the user an indication what she or he is waiting for.
1e190502
ZJS		 15548
15549 * The boot-time output has been improved to show how much time
15550 remains until jobs expire.
e49b5aad
LP		 15551
15552 * The KillMode= switch in service units gained a new possible
8b7d0494 15553 value "mixed". If set, and the unit is shut down, then the
e49b5aad 15554 initial SIGTERM signal is sent only to the main daemon
8e420494 15555 process, while the following SIGKILL signal is sent to
e49b5aad
LP		 15556 all remaining processes of the service.
15557
4c2413bf
JE		 15558 * When a scope unit is registered, a new property "Controller"
15559 may be set. If set to a valid bus name, systemd will send a
e49b5aad
LP		 15560 RequestStop() signal to this name when it would like to shut
15561 down the scope. This may be used to hook manager logic into
15562 the shutdown logic of scope units. Also, scope units may now
8b7d0494 15563 be put in a special "abandoned" state, in which case the
e49b5aad
LP		 15564 manager process which created them takes no further
15565 responsibilities for it.
15566
1e190502 15567 * When reading unit files, systemd will now verify
e49b5aad
LP		 15568 the access mode of these files, and warn about certain
15569 suspicious combinations. This has been added to make it
15570 easier to track down packaging bugs where unit files are
15571 marked executable or world-writable.
15572
15573 * systemd-nspawn gained a new "--setenv=" switch to set
8b7d0494 15574 container-wide environment variables. The similar option in
1e190502
ZJS		 15575 systemd-activate was renamed from "--environment=" to
15576 "--setenv=" for consistency.
e49b5aad
LP		 15577
15578 * systemd-nspawn has been updated to create a new kdbus domain
15579 for each container that is invoked, thus allowing each
b9761003 15580 container to have its own set of system and user buses,
8b7d0494 15581 independent of the host.
e49b5aad
LP		 15582
15583 * systemd-nspawn gained a new --drop-capability= switch to run
15584 the container with less capabilities than the default. Both
b9761003 15585 --drop-capability= and --capability= now take the special
e49b5aad
LP		 15586 string "all" for dropping or keeping all capabilities.
15587
15588 * systemd-nspawn gained new switches for executing containers
15589 with specific SELinux labels set.
15590
15591 * systemd-nspawn gained a new --quiet switch to not generate
15592 any additional output but the container's own console
15593 output.
15594
15595 * systemd-nspawn gained a new --share-system switch to run a
15596 container without PID namespacing enabled.
15597
15598 * systemd-nspawn gained a new --register= switch to control
1e190502 15599 whether the container is registered with systemd-machined or
8e420494 15600 not. This is useful for containers that do not run full
e49b5aad
LP		 15601 OS images, but only specific apps.
15602
15603 * systemd-nspawn gained a new --keep-unit which may be used
8b7d0494 15604 when invoked as the only program from a service unit, and
e49b5aad 15605 results in registration of the unit service itself in
1e190502 15606 systemd-machined, instead of a newly opened scope unit.
e49b5aad
LP		 15607
15608 * systemd-nspawn gained a new --network-interface= switch for
15609 moving arbitrary interfaces to the container. The new
4c2413bf 15610 --network-veth switch creates a virtual Ethernet connection
8b7d0494
JSJ		 15611 between host and container. The new --network-bridge=
15612 switch then allows assigning the host side of this virtual
15613 Ethernet connection to a bridge device.
e49b5aad 15614
6afc95b7
LP		 15615 * systemd-nspawn gained a new --personality= switch for
15616 setting the kernel personality for the container. This is
70a44afe 15617 useful when running a 32-bit container on a 64-bit host. A
b8bde116
JE		 15618 similar option Personality= is now also available for service
15619 units to use.
6afc95b7 15620
e49b5aad
LP		 15621 * logind will now also track a "Desktop" identifier for each
15622 session which encodes the desktop environment of it. This is
15623 useful for desktop environments that want to identify
15624 multiple running sessions of itself easily.
15625
15626 * A new SELinuxContext= setting for service units has been
15627 added that allows setting a specific SELinux execution
15628 context for a service.
15629
15630 * Most systemd client tools will now honour $SYSTEMD_LESS for
15631 settings of the "less" pager. By default, these tools will
8b7d0494
JSJ		 15632 override $LESS to allow certain operations to work, such as
15633 jump-to-the-end. With $SYSTEMD_LESS, it is possible to
e49b5aad
LP		 15634 influence this logic.
15635
15636 * systemd's "seccomp" hook-up has been changed to make use of
15637 the libseccomp library instead of using its own
15638 implementation. This has benefits for portability among
15639 other things.
15640
4c2413bf 15641 * For usage together with SystemCallFilter=, a new
8b7d0494 15642 SystemCallErrorNumber= setting has been introduced that
b8bde116
JE		 15643 allows configuration of a system error number to be returned
15644 on filtered system calls, instead of immediately killing the
e49b5aad
LP		 15645 process. Also, SystemCallArchitectures= has been added to
15646 limit access to system calls of a particular architecture
15647 (in order to turn off support for unused secondary
4c2413bf 15648 architectures). There is also a global
8b7d0494 15649 SystemCallArchitectures= setting in system.conf now to turn
e49b5aad
LP		 15650 off support for non-native system calls system-wide.
15651
210054d7
KS		 15652 * systemd requires a kernel with a working name_to_handle_at(),
15653 please see the kernel config requirements in the README file.
15654
e49b5aad
LP		 15655 Contributions from: Adam Williamson, Alex Jia, Anatol Pomozov,
15656 Ansgar Burchardt, AppleBloom, Auke Kok, Bastien Nocera,
15657 Chengwei Yang, Christian Seiler, Colin Guthrie, Colin Walters,
15658 Cristian Rodríguez, Daniel Buch, Daniele Medri, Daniel J
15659 Walsh, Daniel Mack, Dan McGee, Dave Reisner, David Coppa,
15660 David Herrmann, David Strauss, Djalal Harouni, Dmitry Pisklov,
15661 Elia Pinto, Florian Weimer, George McCollister, Goffredo
15662 Baroncelli, Greg Kroah-Hartman, Hendrik Brueckner, Igor
15663 Zhbanov, Jan Engelhardt, Jan Janssen, Jason A. Donenfeld,
15664 Jason St. John, Jasper St. Pierre, Jóhann B. Guðmundsson, Jose
15665 Ignacio Naranjo, Karel Zak, Kay Sievers, Kristian Høgsberg,
15666 Lennart Poettering, Lubomir Rintel, Lukas Nykryn, Lukasz
15667 Skalski, Łukasz Stelmach, Luke Shumaker, Mantas Mikulėnas,
15668 Marc-Antoine Perennou, Marcel Holtmann, Marcos Felipe Rasia de
15669 Mello, Marko Myllynen, Martin Pitt, Matthew Monaco, Michael
15670 Marineau, Michael Scherer, Michał Górny, Michal Sekletar,
15671 Michele Curti, Oleksii Shevchuk, Olivier Brunel, Patrik Flykt,
15672 Pavel Holica, Raudi, Richard Marko, Ronny Chevalier, Sébastien
15673 Luttringer, Sergey Ptashnick, Shawn Landden, Simon Peeters,
15674 Stefan Beller, Susant Sahani, Sylvain Plantefeve, Sylvia Else,
15675 Tero Roponen, Thomas Bächler, Thomas Hindoe Paaboel Andersen,
15676 Tom Gundersen, Umut Tezduyar Lindskog, Unai Uribarri, Václav
15677 Pavlín, Vincent Batts, WaLyong Cho, William Giokas, Yang
15678 Zhiyong, Yin Kangkai, Yuxuan Shui, Zbigniew Jędrzejewski-Szmek
15679
ccddd104 15680 — Berlin, 2014-02-20
e49b5aad 15681
cd4010b3
LP		 15682CHANGES WITH 208:
15683
15684 * logind has gained support for facilitating privileged input
15685 and drm device access for unprivileged clients. This work is
15686 useful to allow Wayland display servers (and similar
15687 programs, such as kmscon) to run under the user's ID and
15688 access input and drm devices which are normally
15689 protected. When this is used (and the kernel is new enough)
15690 logind will "mute" IO on the file descriptors passed to
15691 Wayland as long as it is in the background and "unmute" it
15692 if it returns into the foreground. This allows secure
15693 session switching without allowing background sessions to
15694 eavesdrop on input and display data. This also introduces
15695 session switching support if VT support is turned off in the
15696 kernel, and on seats that are not seat0.
15697
15698 * A new kernel command line option luks.options= is understood
06b643e7 15699 now which allows specifying LUKS options for usage for LUKS
cd4010b3
LP		 15700 encrypted partitions specified with luks.uuid=.
15701
15702 * tmpfiles.d(5) snippets may now use specifier expansion in
15703 path names. More specifically %m, %b, %H, %v, are now
15704 replaced by the local machine id, boot id, hostname, and
15705 kernel version number.
15706
15707 * A new tmpfiles.d(5) command "m" has been introduced which
15708 may be used to change the owner/group/access mode of a file
d28315e4 15709 or directory if it exists, but do nothing if it does not.
cd4010b3
LP		 15710
15711 * This release removes high-level support for the
15712 MemorySoftLimit= cgroup setting. The underlying kernel
15713 cgroup attribute memory.soft_limit= is currently badly
15714 designed and likely to be removed from the kernel API in its
d28315e4 15715 current form, hence we should not expose it for now.
cd4010b3
LP		 15716
15717 * The memory.use_hierarchy cgroup attribute is now enabled for
15718 all cgroups systemd creates in the memory cgroup
15719 hierarchy. This option is likely to be come the built-in
cc98b302
TH		 15720 default in the kernel anyway, and the non-hierarchical mode
15721 never made much sense in the intrinsically hierarchical
cd4010b3
LP		 15722 cgroup system.
15723
15724 * A new field _SYSTEMD_SLICE= is logged along with all journal
15725 messages containing the slice a message was generated
15726 from. This is useful to allow easy per-customer filtering of
15727 logs among other things.
15728
15729 * systemd-journald will no longer adjust the group of journal
15730 files it creates to the "systemd-journal" group. Instead we
15731 rely on the journal directory to be owned by the
15732 "systemd-journal" group, and its setgid bit set, so that the
15733 kernel file system layer will automatically enforce that
15734 journal files inherit this group assignment. The reason for
15735 this change is that we cannot allow NSS look-ups from
15736 journald which would be necessary to resolve
15737 "systemd-journal" to a numeric GID, because this might
15738 create deadlocks if NSS involves synchronous queries to
15739 other daemons (such as nscd, or sssd) which in turn are
15740 logging clients of journald and might block on it, which
15741 would then dead lock. A tmpfiles.d(5) snippet included in
15742 systemd will make sure the setgid bit and group are
15743 properly set on the journal directory if it exists on every
15744 boot. However, we recommend adjusting it manually after
15745 upgrades too (or from RPM scriptlets), so that the change is
15746 not delayed until next reboot.
15747
15748 * Backlight and random seed files in /var/lib/ have moved into
15749 the /var/lib/systemd/ directory, in order to centralize all
15750 systemd generated files in one directory.
15751
15752 * Boot time performance measurements (as displayed by
15753 "systemd-analyze" for example) will now read ACPI 5.0 FPDT
15754 performance information if that's available to determine how
15755 much time BIOS and boot loader initialization required. With
15756 a sufficiently new BIOS you hence no longer need to boot
15757 with Gummiboot to get access to such information.
15758
15759 Contributions from: Andrey Borzenkov, Chen Jie, Colin Walters,
15760 Cristian Rodríguez, Dave Reisner, David Herrmann, David
15761 Mackey, David Strauss, Eelco Dolstra, Evan Callicoat, Gao
15762 feng, Harald Hoyer, Jimmie Tauriainen, Kay Sievers, Lennart
15763 Poettering, Lukas Nykryn, Mantas Mikulėnas, Martin Pitt,
15764 Michael Scherer, Michał Górny, Mike Gilbert, Patrick McCarty,
15765 Sebastian Ott, Tom Gundersen, Zbigniew Jędrzejewski-Szmek
15766
ccddd104 15767 — Berlin, 2013-10-02
cd4010b3 15768
4f0be680
LP		 15769CHANGES WITH 207:
15770
15771 * The Restart= option for services now understands a new
f3a165b0 15772 on-watchdog setting, which will restart the service
4f0be680
LP		 15773 automatically if the service stops sending out watchdog keep
15774 alive messages (as configured with WatchdogSec=).
15775
15776 * The getty generator (which is responsible for bringing up a
15777 getty on configured serial consoles) will no longer only
15778 start a getty on the primary kernel console but on all
15779 others, too. This makes the order in which console= is
15780 specified on the kernel command line less important.
15781
15782 * libsystemd-logind gained a new sd_session_get_vt() call to
15783 retrieve the VT number of a session.
15784
15785 * If the option "tries=0" is set for an entry of /etc/crypttab
15786 its passphrase is queried indefinitely instead of any
15787 maximum number of tries.
15788
15789 * If a service with a configure PID file terminates its PID
15790 file will now be removed automatically if it still exists
15791 afterwards. This should put an end to stale PID files.
15792
15793 * systemd-run will now also take relative binary path names
15794 for execution and no longer insists on absolute paths.
15795
15796 * InaccessibleDirectories= and ReadOnlyDirectories= now take
15797 paths that are optionally prefixed with "-" to indicate that
d28315e4 15798 it should not be considered a failure if they do not exist.
4f0be680 15799
f3a165b0
KS		 15800 * journalctl -o (and similar commands) now understands a new
15801 output mode "short-precise", it is similar to "short" but
4f0be680
LP		 15802 shows timestamps with usec accuracy.
15803
15804 * The option "discard" (as known from Debian) is now
15805 synonymous to "allow-discards" in /etc/crypttab. In fact,
387abf80 15806 "discard" is preferred now (since it is easier to remember
4f0be680
LP		 15807 and type).
15808
f3a165b0 15809 * Some licensing clean-ups were made, so that more code is now
4f0be680
LP		 15810 LGPL-2.1 licensed than before.
15811
15812 * A minimal tool to save/restore the display backlight
15813 brightness across reboots has been added. It will store the
f3a165b0 15814 backlight setting as late as possible at shutdown, and
4f0be680
LP		 15815 restore it as early as possible during reboot.
15816
15817 * A logic to automatically discover and enable home and swap
15818 partitions on GPT disks has been added. With this in place
15819 /etc/fstab becomes optional for many setups as systemd can
15820 discover certain partitions located on the root disk
15821 automatically. Home partitions are recognized under their
15822 GPT type ID 933ac7e12eb44f13b8440e14e2aef915. Swap
15823 partitions are recognized under their GPT type ID
15824 0657fd6da4ab43c484e50933c84b4f4f.
15825
15826 * systemd will no longer pass any environment from the kernel
15827 or initrd to system services. If you want to set an
15828 environment for all services, do so via the kernel command
15829 line systemd.setenv= assignment.
15830
387abf80
LP		 15831 * The systemd-sysctl tool no longer natively reads the file
15832 /etc/sysctl.conf. If desired, the file should be symlinked
15833 from /etc/sysctl.d/99-sysctl.conf. Apart from providing
15834 legacy support by a symlink rather than built-in code, it
15835 also makes the otherwise hidden order of application of the
15836 different files visible. (Note that this partly reverts to a
15837 pre-198 application order of sysctl knobs!)
04bf3c1a 15838
4f0be680
LP		 15839 * The "systemctl set-log-level" and "systemctl dump" commands
15840 have been moved to systemd-analyze.
15841
15842 * systemd-run learned the new --remain-after-exit switch,
15843 which causes the scope unit not to be cleaned up
15844 automatically after the process terminated.
15845
15846 * tmpfiles learned a new --exclude-prefix= switch to exclude
15847 certain paths from operation.
15848
15849 * journald will now automatically flush all messages to disk
f47ad593
ZJS		 15850 as soon as a message at the log level CRIT, ALERT or EMERG
15851 is received.
4f0be680
LP		 15852
15853 Contributions from: Andrew Cook, Brandon Philips, Christian
15854 Hesse, Christoph Junghans, Colin Walters, Daniel Schaal,
15855 Daniel Wallace, Dave Reisner, David Herrmann, Gao feng, George
15856 McCollister, Giovanni Campagna, Hannes Reinecke, Harald Hoyer,
15857 Herczeg Zsolt, Holger Hans Peter Freyther, Jan Engelhardt,
15858 Jesper Larsen, Kay Sievers, Khem Raj, Lennart Poettering,
15859 Lukas Nykryn, Maciej Wereski, Mantas Mikulėnas, Marcel
15860 Holtmann, Martin Pitt, Michael Biebl, Michael Marineau,
15861 Michael Scherer, Michael Stapelberg, Michal Sekletar, Michał
15862 Górny, Olivier Brunel, Ondrej Balaz, Ronny Chevalier, Shawn
15863 Landden, Steven Hiscocks, Thomas Bächler, Thomas Hindoe
15864 Paaboel Andersen, Tom Gundersen, Umut Tezduyar, WANG Chao,
15865 William Giokas, Zbigniew Jędrzejewski-Szmek
15866
ccddd104 15867 — Berlin, 2013-09-13
4f0be680 15868
408f281b
LP		 15869CHANGES WITH 206:
15870
15871 * The documentation has been updated to cover the various new
15872 concepts introduced with 205.
15873
15874 * Unit files now understand the new %v specifier which
15875 resolves to the kernel version string as returned by "uname
15876 -r".
15877
15878 * systemctl now supports filtering the unit list output by
15879 load state, active state and sub state, using the new
33b521be 15880 --state= parameter.
408f281b
LP		 15881
15882 * "systemctl status" will now show the results of the
15883 condition checks (like ConditionPathExists= and similar) of
15884 the last start attempts of the unit. They are also logged to
15885 the journal.
15886
15887 * "journalctl -b" may now be used to look for boot output of a
15888 specific boot. Try "journalctl -b -1" for the previous boot,
15889 but the syntax is substantially more powerful.
15890
15891 * "journalctl --show-cursor" has been added which prints the
15892 cursor string the last shown log line. This may then be used
15893 with the new "journalctl --after-cursor=" switch to continue
15894 browsing logs from that point on.
15895
15896 * "journalctl --force" may now be used to force regeneration
15897 of an FSS key.
15898
251cc819
LP		 15899 * Creation of "dead" device nodes has been moved from udev
15900 into kmod and tmpfiles. Previously, udev would read the kmod
15901 databases to pre-generate dead device nodes based on meta
15902 information contained in kernel modules, so that these would
15903 be auto-loaded on access rather then at boot. As this
d28315e4 15904 does not really have much to do with the exposing actual
251cc819
LP		 15905 kernel devices to userspace this has always been slightly
15906 alien in the udev codebase. Following the new scheme kmod
15907 will now generate a runtime snippet for tmpfiles from the
15908 module meta information and it now is tmpfiles' job to the
15909 create the nodes. This also allows overriding access and
15910 other parameters for the nodes using the usual tmpfiles
15911 facilities. As side effect this allows us to remove the
15912 CAP_SYS_MKNOD capability bit from udevd entirely.
15913
15914 * logind's device ACLs may now be applied to these "dead"
15915 devices nodes too, thus finally allowing managed access to
ce830873 15916 devices such as /dev/snd/sequencer without loading the
251cc819 15917 backing module right-away.
408f281b
LP		 15918
15919 * A new RPM macro has been added that may be used to apply
15920 tmpfiles configuration during package installation.
15921
15922 * systemd-detect-virt and ConditionVirtualization= now can
15923 detect User-Mode-Linux machines (UML).
15924
251cc819
LP		 15925 * journald will now implicitly log the effective capabilities
15926 set of processes in the message metadata.
408f281b
LP		 15927
15928 * systemd-cryptsetup has gained support for TrueCrypt volumes.
15929
15930 * The initrd interface has been simplified (more specifically,
15931 support for passing performance data via environment
15932 variables and fsck results via files in /run has been
15933 removed). These features were non-essential, and are
15934 nowadays available in a much nicer way by having systemd in
15935 the initrd serialize its state and have the hosts systemd
15936 deserialize it again.
15937
28f5c779
KS		 15938 * The udev "keymap" data files and tools to apply keyboard
15939 specific mappings of scan to key codes, and force-release
15940 scan code lists have been entirely replaced by a udev
15941 "keyboard" builtin and a hwdb data file.
408f281b 15942
251cc819
LP		 15943 * systemd will now honour the kernel's "quiet" command line
15944 argument also during late shutdown, resulting in a
15945 completely silent shutdown when used.
15946
15947 * There's now an option to control the SO_REUSEPORT socket
15948 option in .socket units.
15949
15950 * Instance units will now automatically get a per-template
15951 subslice of system.slice unless something else is explicitly
15952 configured. For example, instances of sshd@.service will now
15953 implicitly be placed in system-sshd.slice rather than
15954 system.slice as before.
15955
15956 * Test coverage support may now be enabled at build time.
15957
15958 Contributions from: Dave Reisner, Frederic Crozat, Harald
15959 Hoyer, Holger Hans Peter Freyther, Jan Engelhardt, Jan
15960 Janssen, Jason St. John, Jesper Larsen, Kay Sievers, Lennart
15961 Poettering, Lukas Nykryn, Maciej Wereski, Martin Pitt, Michael
15962 Olbrich, Ramkumar Ramachandra, Ross Lagerwall, Shawn Landden,
15963 Thomas H.P. Andersen, Tom Gundersen, Tomasz Torcz, William
15964 Giokas, Zbigniew Jędrzejewski-Szmek
15965
ccddd104 15966 — Berlin, 2013-07-23
4f0be680 15967
00aa832b
LP		 15968CHANGES WITH 205:
15969
15970 * Two new unit types have been introduced:
15971
15972 Scope units are very similar to service units, however, are
ccddd104 15973 created out of pre-existing processes — instead of PID 1
00aa832b
LP		 15974 forking off the processes. By using scope units it is
15975 possible for system services and applications to group their
15976 own child processes (worker processes) in a powerful way
15977 which then maybe used to organize them, or kill them
15978 together, or apply resource limits on them.
15979
15980 Slice units may be used to partition system resources in an
cc98b302 15981 hierarchical fashion and then assign other units to them. By
00aa832b
LP		 15982 default there are now three slices: system.slice (for all
15983 system services), user.slice (for all user sessions),
15984 machine.slice (for VMs and containers).
15985
15986 Slices and scopes have been introduced primarily in
15987 context of the work to move cgroup handling to a
15988 single-writer scheme, where only PID 1
15989 creates/removes/manages cgroups.
15990
15991 * There's a new concept of "transient" units. In contrast to
15992 normal units these units are created via an API at runtime,
15993 not from configuration from disk. More specifically this
15994 means it is now possible to run arbitrary programs as
15995 independent services, with all execution parameters passed
15996 in via bus APIs rather than read from disk. Transient units
15997 make systemd substantially more dynamic then it ever was,
15998 and useful as a general batch manager.
15999
16000 * logind has been updated to make use of scope and slice units
16001 for managing user sessions. As a user logs in he will get
16002 his own private slice unit, to which all sessions are added
16003 as scope units. We also added support for automatically
16004 adding an instance of user@.service for the user into the
16005 slice. Effectively logind will no longer create cgroup
16006 hierarchies on its own now, it will defer entirely to PID 1
16007 for this by means of scope, service and slice units. Since
16008 user sessions this way become entities managed by PID 1
16009 the output of "systemctl" is now a lot more comprehensive.
16010
16011 * A new mini-daemon "systemd-machined" has been added which
16012 may be used by virtualization managers to register local
16013 VMs/containers. nspawn has been updated accordingly, and
16014 libvirt will be updated shortly. machined will collect a bit
16015 of meta information about the VMs/containers, and assign
16016 them their own scope unit (see above). The collected
16017 meta-data is then made available via the "machinectl" tool,
16018 and exposed in "ps" and similar tools. machined/machinectl
16019 is compile-time optional.
16020
16021 * As discussed earlier, the low-level cgroup configuration
16022 options ControlGroup=, ControlGroupModify=,
16023 ControlGroupPersistent=, ControlGroupAttribute= have been
16024 removed. Please use high-level attribute settings instead as
16025 well as slice units.
16026
16027 * A new bus call SetUnitProperties() has been added to alter
16028 various runtime parameters of a unit. This is primarily
16029 useful to alter cgroup parameters dynamically in a nice way,
16030 but will be extended later on to make more properties
16031 modifiable at runtime. systemctl gained a new set-properties
16032 command that wraps this call.
16033
16034 * A new tool "systemd-run" has been added which can be used to
16035 run arbitrary command lines as transient services or scopes,
16036 while configuring a number of settings via the command
16037 line. This tool is currently very basic, however already
16038 very useful. We plan to extend this tool to even allow
16039 queuing of execution jobs with time triggers from the
16040 command line, similar in fashion to "at".
16041
16042 * nspawn will now inform the user explicitly that kernels with
16043 audit enabled break containers, and suggest the user to turn
16044 off audit.
16045
16046 * Support for detecting the IMA and AppArmor security
16047 frameworks with ConditionSecurity= has been added.
16048
16049 * journalctl gained a new "-k" switch for showing only kernel
1fda0ab5
ZJS		 16050 messages, mimicking dmesg output; in addition to "--user"
16051 and "--system" switches for showing only user's own logs
16052 and system logs.
00aa832b
LP		 16053
16054 * systemd-delta can now show information about drop-in
16055 snippets extending unit files.
16056
16057 * libsystemd-bus has been substantially updated but is still
16058 not available as public API.
16059
16060 * systemd will now look for the "debug" argument on the kernel
499b604b 16061 command line and enable debug logging, similar to what
00aa832b
LP		 16062 "systemd.log_level=debug" already did before.
16063
16064 * "systemctl set-default", "systemctl get-default" has been
16065 added to configure the default.target symlink, which
16066 controls what to boot into by default.
16067
1fda0ab5
ZJS		 16068 * "systemctl set-log-level" has been added as a convenient
16069 way to raise and lower systemd logging threshold.
16070
00aa832b
LP		 16071 * "systemd-analyze plot" will now show the time the various
16072 generators needed for execution, as well as information
16073 about the unit file loading.
16074
00aa832b
LP		 16075 * libsystemd-journal gained a new sd_journal_open_files() call
16076 for opening specific journal files. journactl also gained a
16077 new switch to expose this new functionality. Previously we
16078 only supported opening all files from a directory, or all
16079 files from the system, as opening individual files only is
16080 racy due to journal file rotation.
16081
16082 * systemd gained the new DefaultEnvironment= setting in
16083 /etc/systemd/system.conf to set environment variables for
16084 all services.
16085
16086 * If a privileged process logs a journal message with the
16087 OBJECT_PID= field set, then journald will automatically
16088 augment this with additional OBJECT_UID=, OBJECT_GID=,
1d3a473b 16089 OBJECT_COMM=, OBJECT_EXE=, … fields. This is useful if
00aa832b
LP		 16090 system services want to log events about specific client
16091 processes. journactl/systemctl has been updated to make use
16092 of this information if all log messages regarding a specific
16093 unit is requested.
16094
16095 Contributions from: Auke Kok, Chengwei Yang, Colin Walters,
16096 Cristian Rodríguez, Daniel Albers, Daniel Wallace, Dave
16097 Reisner, David Coppa, David King, David Strauss, Eelco
16098 Dolstra, Gabriel de Perthuis, Harald Hoyer, Jan Alexander
16099 Steffens, Jan Engelhardt, Jan Janssen, Jason St. John, Johan
16100 Heikkilä, Karel Zak, Karol Lewandowski, Kay Sievers, Lennart
16101 Poettering, Lukas Nykryn, Mantas Mikulėnas, Marius Vollmer,
16102 Martin Pitt, Michael Biebl, Michael Olbrich, Michael Tremer,
16103 Michal Schmidt, Michał Bartoszkiewicz, Nirbheek Chauhan,
16104 Pierre Neidhardt, Ross Burton, Ross Lagerwall, Sean McGovern,
16105 Thomas Hindoe Paaboel Andersen, Tom Gundersen, Umut Tezduyar,
16106 Václav Pavlín, Zachary Cook, Zbigniew Jędrzejewski-Szmek,
16107 Łukasz Stelmach, 장동준
16108
606c24e3
LP		 16109CHANGES WITH 204:
16110
16111 * The Python bindings gained some minimal support for the APIs
16112 exposed by libsystemd-logind.
16113
16114 * ConditionSecurity= gained support for detecting SMACK. Since
16115 this condition already supports SELinux and AppArmor we only
16116 miss IMA for this. Patches welcome!
16117
16118 Contributions from: Karol Lewandowski, Lennart Poettering,
16119 Zbigniew Jędrzejewski-Szmek
16120
2f3fcf85
LP		 16121CHANGES WITH 203:
16122
16123 * systemd-nspawn will now create /etc/resolv.conf if
16124 necessary, before bind-mounting the host's file onto it.
16125
16126 * systemd-nspawn will now store meta information about a
16127 container on the container's cgroup as extended attribute
16128 fields, including the root directory.
16129
16130 * The cgroup hierarchy has been reworked in many ways. All
16131 objects any of the components systemd creates in the cgroup
b82eed9a 16132 tree are now suffixed. More specifically, user sessions are
2f3fcf85
LP		 16133 now placed in cgroups suffixed with ".session", users in
16134 cgroups suffixed with ".user", and nspawn containers in
16135 cgroups suffixed with ".nspawn". Furthermore, all cgroup
16136 names are now escaped in a simple scheme to avoid collision
16137 of userspace object names with kernel filenames. This work
16138 is preparation for making these objects relocatable in the
16139 cgroup tree, in order to allow easy resource partitioning of
16140 these objects without causing naming conflicts.
16141
16142 * systemctl list-dependencies gained the new switches
16143 --plain, --reverse, --after and --before.
16144
16145 * systemd-inhibit now shows the process name of processes that
16146 have taken an inhibitor lock.
16147
16148 * nss-myhostname will now also resolve "localhost"
16149 implicitly. This makes /etc/hosts an optional file and
16150 nicely handles that on IPv6 ::1 maps to both "localhost" and
16151 the local hostname.
16152
16153 * libsystemd-logind.so gained a new call
16154 sd_get_machine_names() to enumerate running containers and
16155 VMs (currently only supported by very new libvirt and
16156 nspawn). sd_login_monitor can now be used to watch
16157 VMs/containers coming and going.
16158
16159 * .include is not allowed recursively anymore, and only in
16160 unit files. Usually it is better to use drop-in snippets in
16161 .d/*.conf anyway, as introduced with systemd 198.
16162
16163 * systemd-analyze gained a new "critical-chain" command that
16164 determines the slowest chain of units run during system
16165 boot-up. It is very useful for tracking down where
16166 optimizing boot time is the most beneficial.
16167
16168 * systemd will no longer allow manipulating service paths in
16169 the name=systemd:/system cgroup tree using ControlGroup= in
16170 units. (But is still fine with it in all other dirs.)
16171
16172 * There's a new systemd-nspawn@.service service file that may
16173 be used to easily run nspawn containers as system
16174 services. With the container's root directory in
16175 /var/lib/container/foobar it is now sufficient to run
16176 "systemctl start systemd-nspawn@foobar.service" to boot it.
16177
16178 * systemd-cgls gained a new parameter "--machine" to list only
16179 the processes within a certain container.
16180
16181 * ConditionSecurity= now can check for "apparmor". We still
16182 are lacking checks for SMACK and IMA for this condition
16183 check though. Patches welcome!
16184
16185 * A new configuration file /etc/systemd/sleep.conf has been
16186 added that may be used to configure which kernel operation
16187 systemd is supposed to execute when "suspend", "hibernate"
16188 or "hybrid-sleep" is requested. This makes the new kernel
16189 "freeze" state accessible to the user.
16190
16191 * ENV{SYSTEMD_WANTS} in udev rules will now implicitly escape
16192 the passed argument if applicable.
16193
16194 Contributions from: Auke Kok, Colin Guthrie, Colin Walters,
16195 Cristian Rodríguez, Daniel Buch, Daniel Wallace, Dave Reisner,
16196 Evangelos Foutras, Greg Kroah-Hartman, Harald Hoyer, Josh
16197 Triplett, Kay Sievers, Lennart Poettering, Lukas Nykryn,
16198 MUNEDA Takahiro, Mantas Mikulėnas, Mirco Tischler, Nathaniel
16199 Chen, Nirbheek Chauhan, Ronny Chevalier, Ross Lagerwall, Tom
16200 Gundersen, Umut Tezduyar, Ville Skyttä, Zbigniew
16201 Jędrzejewski-Szmek
16202
ef3b5246
LP		 16203CHANGES WITH 202:
16204
16205 * The output of 'systemctl list-jobs' got some polishing. The
16206 '--type=' argument may now be passed more than once. A new
16207 command 'systemctl list-sockets' has been added which shows
16208 a list of kernel sockets systemd is listening on with the
16209 socket units they belong to, plus the units these socket
16210 units activate.
16211
16212 * The experimental libsystemd-bus library got substantial
16213 updates to work in conjunction with the (also experimental)
16214 kdbus kernel project. It works well enough to exchange
16215 messages with some sophistication. Note that kdbus is not
16216 ready yet, and the library is mostly an elaborate test case
16217 for now, and not installable.
16218
16219 * systemd gained a new unit 'systemd-static-nodes.service'
16220 that generates static device nodes earlier during boot, and
16221 can run in conjunction with udev.
16222
16223 * libsystemd-login gained a new call sd_pid_get_user_unit()
16224 to retrieve the user systemd unit a process is running
16225 in. This is useful for systems where systemd is used as
16226 session manager.
16227
16228 * systemd-nspawn now places all containers in the new /machine
16229 top-level cgroup directory in the name=systemd
16230 hierarchy. libvirt will soon do the same, so that we get a
16231 uniform separation of /system, /user and /machine for system
16232 services, user processes and containers/virtual
16233 machines. This new cgroup hierarchy is also useful to stick
16234 stable names to specific container instances, which can be
7c04ad2d 16235 recognized later this way (this name may be controlled
ef3b5246
LP		 16236 via systemd-nspawn's new -M switch). libsystemd-login also
16237 gained a new call sd_pid_get_machine_name() to retrieve the
16238 name of the container/VM a specific process belongs to.
16239
16240 * bootchart can now store its data in the journal.
16241
16242 * libsystemd-journal gained a new call
16243 sd_journal_add_conjunction() for AND expressions to the
16244 matching logic. This can be used to express more complex
16245 logical expressions.
16246
16247 * journactl can now take multiple --unit= and --user-unit=
16248 switches.
16249
16250 * The cryptsetup logic now understands the "luks.key=" kernel
16251 command line switch for specifying a file to read the
7c04ad2d 16252 decryption key from. Also, if a configured key file is not
ef3b5246
LP		 16253 found the tool will now automatically fall back to prompting
16254 the user.
16255
cbeabcfb
ZJS		 16256 * Python systemd.journal module was updated to wrap recently
16257 added functions from libsystemd-journal. The interface was
16258 changed to bring the low level interface in s.j._Reader
16259 closer to the C API, and the high level interface in
16260 s.j.Reader was updated to wrap and convert all data about
16261 an entry.
16262
ef3b5246
LP		 16263 Contributions from: Anatol Pomozov, Auke Kok, Harald Hoyer,
16264 Henrik Grindal Bakken, Josh Triplett, Kay Sievers, Lennart
16265 Poettering, Lukas Nykryn, Mantas Mikulėnas Marius Vollmer,
16266 Martin Jansa, Martin Pitt, Michael Biebl, Michal Schmidt,
16267 Mirco Tischler, Pali Rohar, Simon Peeters, Steven Hiscocks,
16268 Tom Gundersen, Zbigniew Jędrzejewski-Szmek
16269
d3a86981
LP		 16270CHANGES WITH 201:
16271
16272 * journalctl --update-catalog now understands a new --root=
16273 option to operate on catalogs found in a different root
16274 directory.
16275
16276 * During shutdown after systemd has terminated all running
16277 services a final killing loop kills all remaining left-over
16278 processes. We will now print the name of these processes
16279 when we send SIGKILL to them, since this usually indicates a
16280 problem.
16281
16282 * If /etc/crypttab refers to password files stored on
16283 configured mount points automatic dependencies will now be
16284 generated to ensure the specific mount is established first
16285 before the key file is attempted to be read.
16286
16287 * 'systemctl status' will now show information about the
16288 network sockets a socket unit is listening on.
16289
16290 * 'systemctl status' will also shown information about any
16291 drop-in configuration file for units. (Drop-In configuration
16292 files in this context are files such as
5ada98cd 16293 /etc/systemd/system/foobar.service.d/*.conf)
d3a86981
LP		 16294
16295 * systemd-cgtop now optionally shows summed up CPU times of
16296 cgroups. Press '%' while running cgtop to switch between
16297 percentage and absolute mode. This is useful to determine
16298 which cgroups use up the most CPU time over the entire
16299 runtime of the system. systemd-cgtop has also been updated
16300 to be 'pipeable' for processing with further shell tools.
16301
16302 * 'hostnamectl set-hostname' will now allow setting of FQDN
16303 hostnames.
16304
16305 * The formatting and parsing of time span values has been
16306 changed. The parser now understands fractional expressions
16307 such as "5.5h". The formatter will now output fractional
16308 expressions for all time spans under 1min, i.e. "5.123456s"
16309 rather than "5s 123ms 456us". For time spans under 1s
16310 millisecond values are shown, for those under 1ms
16311 microsecond values are shown. This should greatly improve
16312 all time-related output of systemd.
16313
16314 * libsystemd-login and libsystemd-journal gained new
16315 functions for querying the poll() events mask and poll()
16316 timeout value for integration into arbitrary event
16317 loops.
16318
16319 * localectl gained the ability to list available X11 keymaps
16320 (models, layouts, variants, options).
16321
16322 * 'systemd-analyze dot' gained the ability to filter for
16323 specific units via shell-style globs, to create smaller,
d28315e4 16324 more useful graphs. I.e. it is now possible to create simple
d3a86981
LP		 16325 graphs of all the dependencies between only target units, or
16326 of all units that Avahi has dependencies with.
16327
16328 Contributions from: Cristian Rodríguez, Dr. Tilmann Bubeck,
16329 Harald Hoyer, Holger Hans Peter Freyther, Kay Sievers, Kelly
16330 Anderson, Koen Kooi, Lennart Poettering, Maksim Melnikau,
16331 Marc-Antoine Perennou, Marius Vollmer, Martin Pitt, Michal
16332 Schmidt, Oleksii Shevchuk, Ronny Chevalier, Simon McVittie,
16333 Steven Hiscocks, Thomas Weißschuh, Umut Tezduyar, Václav
16334 Pavlín, Zbigniew Jędrzejewski-Szmek, Łukasz Stelmach
16335
9ca3c17f
LP		 16336CHANGES WITH 200:
16337
16338 * The boot-time readahead implementation for rotating media
16339 will now read the read-ahead data in multiple passes which
16340 consist of all read requests made in equidistant time
16341 intervals. This means instead of strictly reading read-ahead
16342 data in its physical order on disk we now try to find a
16343 middle ground between physical and access time order.
16344
16345 * /etc/os-release files gained a new BUILD_ID= field for usage
16346 on operating systems that provide continuous builds of OS
16347 images.
16348
16349 Contributions from: Auke Kok, Eelco Dolstra, Kay Sievers,
16350 Lennart Poettering, Lukas Nykryn, Martin Pitt, Václav Pavlín
16351 William Douglas, Zbigniew Jędrzejewski-Szmek
16352
35911459
LP		 16353CHANGES WITH 199:
16354
16355 * systemd-python gained an API exposing libsystemd-daemon.
16356
16357 * The SMACK setup logic gained support for uploading CIPSO
16358 security policy.
16359
16360 * Behaviour of PrivateTmp=, ReadWriteDirectories=,
16361 ReadOnlyDirectories= and InaccessibleDirectories= has
16362 changed. The private /tmp and /var/tmp directories are now
16363 shared by all processes of a service (which means
16364 ExecStartPre= may now leave data in /tmp that ExecStart= of
16365 the same service can still access). When a service is
16366 stopped its temporary directories are immediately deleted
a87197f5 16367 (normal clean-up with tmpfiles is still done in addition to
35911459
LP		 16368 this though).
16369
16370 * By default, systemd will now set a couple of sysctl
16371 variables in the kernel: the safe sysrq options are turned
16372 on, IP route verification is turned on, and source routing
16373 disabled. The recently added hardlink and softlink
16374 protection of the kernel is turned on. These settings should
16375 be reasonably safe, and good defaults for all new systems.
16376
16377 * The predictable network naming logic may now be turned off
a87197f5 16378 with a new kernel command line switch: net.ifnames=0.
35911459
LP		 16379
16380 * A new libsystemd-bus module has been added that implements a
16381 pretty complete D-Bus client library. For details see:
16382
56cadcb6 16383 https://lists.freedesktop.org/archives/systemd-devel/2013-March/009797.html
35911459 16384
c20d8298 16385 * journald will now explicitly flush the journal files to disk
a87197f5
ZJS		 16386 at the latest 5min after each write. The file will then also
16387 be marked offline until the next write. This should increase
16388 reliability in case of a crash. The synchronization delay
16389 can be configured via SyncIntervalSec= in journald.conf.
35911459
LP		 16390
16391 * There's a new remote-fs-setup.target unit that can be used
16392 to pull in specific services when at least one remote file
16393 system is to be mounted.
16394
16395 * There are new targets timers.target and paths.target as
16396 canonical targets to pull user timer and path units in
16397 from. This complements sockets.target with a similar
16398 purpose for socket units.
16399
6a7d3d68
LP		 16400 * libudev gained a new call udev_device_set_attribute_value()
16401 to set sysfs attributes of a device.
16402
a87197f5
ZJS		 16403 * The udev daemon now sets the default number of worker
16404 processes executed in parallel based on the number of available
c20d8298 16405 CPUs instead of the amount of available RAM. This is supposed
ab06eef8 16406 to provide a more reliable default and limit a too aggressive
ce830873 16407 parallelism for setups with 1000s of devices connected.
c20d8298 16408
35911459
LP		 16409 Contributions from: Auke Kok, Colin Walters, Cristian
16410 Rodríguez, Daniel Buch, Dave Reisner, Frederic Crozat, Hannes
16411 Reinecke, Harald Hoyer, Jan Alexander Steffens, Jan
16412 Engelhardt, Josh Triplett, Kay Sievers, Lennart Poettering,
16413 Mantas Mikulėnas, Martin Pitt, Mathieu Bridon, Michael Biebl,
16414 Michal Schmidt, Michal Sekletar, Miklos Vajna, Nathaniel Chen,
16415 Oleksii Shevchuk, Ozan Çağlayan, Thomas Hindoe Paaboel
16416 Andersen, Tollef Fog Heen, Tom Gundersen, Umut Tezduyar,
16417 Zbigniew Jędrzejewski-Szmek
16418
85d68397
LP		 16419CHANGES WITH 198:
16420
16421 * Configuration of unit files may now be extended via drop-in
16422 files without having to edit/override the unit files
16423 themselves. More specifically, if the administrator wants to
16424 change one value for a service file foobar.service he can
16425 now do so by dropping in a configuration snippet into
ad88e758 16426 /etc/systemd/system/foobar.service.d/*.conf. The unit logic
85d68397
LP		 16427 will load all these snippets and apply them on top of the
16428 main unit configuration file, possibly extending or
16429 overriding its settings. Using these drop-in snippets is
40e21da8
KS		 16430 generally nicer than the two earlier options for changing
16431 unit files locally: copying the files from
85d68397
LP		 16432 /usr/lib/systemd/system/ to /etc/systemd/system/ and editing
16433 them there; or creating a new file in /etc/systemd/system/
16434 that incorporates the original one via ".include". Drop-in
16435 snippets into these .d/ directories can be placed in any
fd868975 16436 directory systemd looks for units in, and the usual
85d68397
LP		 16437 overriding semantics between /usr/lib, /etc and /run apply
16438 for them too.
16439
16440 * Most unit file settings which take lists of items can now be
6aa8d43a 16441 reset by assigning the empty string to them. For example,
85d68397
LP		 16442 normally, settings such as Environment=FOO=BAR append a new
16443 environment variable assignment to the environment block,
16444 each time they are used. By assigning Environment= the empty
16445 string the environment block can be reset to empty. This is
16446 particularly useful with the .d/*.conf drop-in snippets
156f7d09
KS		 16447 mentioned above, since this adds the ability to reset list
16448 settings from vendor unit files via these drop-ins.
85d68397
LP		 16449
16450 * systemctl gained a new "list-dependencies" command for
16451 listing the dependencies of a unit recursively.
16452
40e21da8 16453 * Inhibitors are now honored and listed by "systemctl
85d68397
LP		 16454 suspend", "systemctl poweroff" (and similar) too, not only
16455 GNOME. These commands will also list active sessions by
16456 other users.
16457
16458 * Resource limits (as exposed by the various control group
16459 controllers) can now be controlled dynamically at runtime
16460 for all units. More specifically, you can now use a command
16461 like "systemctl set-cgroup-attr foobar.service cpu.shares
16462 2000" to alter the CPU shares a specific service gets. These
6aa8d43a 16463 settings are stored persistently on disk, and thus allow the
85d68397
LP		 16464 administrator to easily adjust the resource usage of
16465 services with a few simple commands. This dynamic resource
6aa8d43a 16466 management logic is also available to other programs via the
85d68397
LP		 16467 bus. Almost any kernel cgroup attribute and controller is
16468 supported.
16469
16470 * systemd-vconsole-setup will now copy all font settings to
6aa8d43a
LP		 16471 all allocated VTs, where it previously applied them only to
16472 the foreground VT.
85d68397
LP		 16473
16474 * libsystemd-login gained the new sd_session_get_tty() API
16475 call.
16476
6aa8d43a
LP		 16477 * This release drops support for a few legacy or
16478 distribution-specific LSB facility names when parsing init
16479 scripts: $x-display-manager, $mail-transfer-agent,
85d68397
LP		 16480 $mail-transport-agent, $mail-transfer-agent, $smtp,
16481 $null. Also, the mail-transfer-agent.target unit backing
16482 this has been removed. Distributions which want to retain
6aa8d43a
LP		 16483 compatibility with this should carry the burden for
16484 supporting this themselves and patch support for these back
16485 in, if they really need to. Also, the facilities $syslog and
16486 $local_fs are now ignored, since systemd does not support
16487 early-boot LSB init scripts anymore, and these facilities
16488 are implied anyway for normal services. syslog.target has
16489 also been removed.
85d68397 16490
40e21da8 16491 * There are new bus calls on PID1's Manager object for
6aa8d43a 16492 cancelling jobs, and removing snapshot units. Previously,
85d68397
LP		 16493 both calls were only available on the Job and Snapshot
16494 objects themselves.
16495
16496 * systemd-journal-gatewayd gained SSL support.
16497
16498 * The various "environment" files, such as /etc/locale.conf
16499 now support continuation lines with a backslash ("\") as
499b604b 16500 last character in the line, similarly in style (but different)
85d68397
LP		 16501 to how this is supported in shells.
16502
16503 * For normal user processes the _SYSTEMD_USER_UNIT= field is
16504 now implicitly appended to every log entry logged. systemctl
16505 has been updated to filter by this field when operating on a
16506 user systemd instance.
16507
16508 * nspawn will now implicitly add the CAP_AUDIT_WRITE and
16509 CAP_AUDIT_CONTROL capabilities to the capabilities set for
16510 the container. This makes it easier to boot unmodified
16511 Fedora systems in a container, which however still requires
16512 audit=0 to be passed on the kernel command line. Auditing in
16513 kernel and userspace is unfortunately still too broken in
16514 context of containers, hence we recommend compiling it out
16515 of the kernel or using audit=0. Hopefully this will be fixed
16516 one day for good in the kernel.
16517
16518 * nspawn gained the new --bind= and --bind-ro= parameters to
16519 bind mount specific directories from the host into the
16520 container.
16521
40e21da8 16522 * nspawn will now mount its own devpts file system instance
6aa8d43a 16523 into the container, in order not to leak pty devices from
85d68397
LP		 16524 the host into the container.
16525
16526 * systemd will now read the firmware boot time performance
6aa8d43a
LP		 16527 information from the EFI variables, if the used boot loader
16528 supports this, and takes it into account for boot performance
16529 analysis via "systemd-analyze". This is currently supported
16530 only in conjunction with Gummiboot, but could be supported
16531 by other boot loaders too. For details see:
85d68397 16532
a794a4d8 16533 https://systemd.io/BOOT_LOADER_INTERFACE
85d68397
LP		 16534
16535 * A new generator has been added that automatically mounts the
16536 EFI System Partition (ESP) to /boot, if that directory
6aa8d43a
LP		 16537 exists, is empty, and no other file system has been
16538 configured to be mounted there.
85d68397
LP		 16539
16540 * logind will now send out PrepareForSleep(false) out
16541 unconditionally, after coming back from suspend. This may be
16542 used by applications as asynchronous notification for
16543 system resume events.
16544
16545 * "systemctl unlock-sessions" has been added, that allows
16546 unlocking the screens of all user sessions at once, similar
499b604b 16547 to how "systemctl lock-sessions" already locked all users
40e21da8 16548 sessions. This is backed by a new D-Bus call UnlockSessions().
85d68397
LP		 16549
16550 * "loginctl seat-status" will now show the master device of a
16551 seat. (i.e. the device of a seat that needs to be around for
16552 the seat to be considered available, usually the graphics
16553 card).
16554
16555 * tmpfiles gained a new "X" line type, that allows
16556 configuration of files and directories (with wildcards) that
16557 shall be excluded from automatic cleanup ("aging").
16558
bf933560
KS		 16559 * udev default rules set the device node permissions now only
16560 at "add" events, and do not change them any longer with a
16561 later "change" event.
85d68397
LP		 16562
16563 * The log messages for lid events and power/sleep keypresses
16564 now carry a message ID.
16565
16566 * We now have a substantially larger unit test suite, but this
16567 continues to be work in progress.
16568
16569 * udevadm hwdb gained a new --root= parameter to change the
16570 root directory to operate relative to.
16571
40e21da8
KS		 16572 * logind will now issue a background sync() request to the kernel
16573 early at shutdown, so that dirty buffers are flushed to disk early
85d68397
LP		 16574 instead of at the last moment, in order to optimize shutdown
16575 times a little.
16576
16577 * A new bootctl tool has been added that is an interface for
16578 certain boot loader operations. This is currently a preview
16579 and is likely to be extended into a small mechanism daemon
16580 like timedated, localed, hostnamed, and can be used by
16581 graphical UIs to enumerate available boot options, and
16582 request boot into firmware operations.
16583
16584 * systemd-bootchart has been relicensed to LGPLv2.1+ to match
16585 the rest of the package. It also has been updated to work
16586 correctly in initrds.
16587
d35f51ea
ZJS		 16588 * polkit previously has been runtime optional, and is now also
16589 compile time optional via a configure switch.
85d68397
LP		 16590
16591 * systemd-analyze has been reimplemented in C. Also "systemctl
16592 dot" has moved into systemd-analyze.
16593
16594 * "systemctl status" with no further parameters will now print
16595 the status of all active or failed units.
16596
16597 * Operations such as "systemctl start" can now be executed
16598 with a new mode "--irreversible" which may be used to queue
16599 operations that cannot accidentally be reversed by a later
6aa8d43a 16600 job queuing. This is by default used to make shutdown
85d68397
LP		 16601 requests more robust.
16602
16603 * The Python API of systemd now gained a new module for
16604 reading journal files.
16605
16606 * A new tool kernel-install has been added that can install
16607 kernel images according to the Boot Loader Specification:
16608
a794a4d8 16609 https://systemd.io/BOOT_LOADER_SPECIFICATION
85d68397
LP		 16610
16611 * Boot time console output has been improved to provide
6aa8d43a 16612 animated boot time output for hanging jobs.
85d68397
LP		 16613
16614 * A new tool systemd-activate has been added which can be used
16615 to test socket activation with, directly from the command
16616 line. This should make it much easier to test and debug
16617 socket activation in daemons.
16618
16619 * journalctl gained a new "--reverse" (or -r) option to show
16620 journal output in reverse order (i.e. newest line first).
16621
43447fb7
LP		 16622 * journalctl gained a new "--pager-end" (or -e) option to jump
16623 to immediately jump to the end of the journal in the
16624 pager. This is only supported in conjunction with "less".
16625
85d68397 16626 * journalctl gained a new "--user-unit=" option, that works
499b604b 16627 similarly to "--unit=" but filters for user units rather than
85d68397
LP		 16628 system units.
16629
16630 * A number of unit files to ease adoption of systemd in
16631 initrds has been added. This moves some minimal logic from
16632 the various initrd implementations into systemd proper.
16633
16634 * The journal files are now owned by a new group
16635 "systemd-journal", which exists specifically to allow access
16636 to the journal, and nothing else. Previously, we used the
6aa8d43a 16637 "adm" group for that, which however possibly covers more
85d68397
LP		 16638 than just journal/log file access. This new group is now
16639 already used by systemd-journal-gatewayd to ensure this
16640 daemon gets access to the journal files and as little else
16641 as possible. Note that "make install" will also set FS ACLs
16642 up for /var/log/journal to give "adm" and "wheel" read
16643 access to it, in addition to "systemd-journal" which owns
16644 the journal files. We recommend that packaging scripts also
6aa8d43a 16645 add read access to "adm" + "wheel" to /var/log/journal, and
85d68397
LP		 16646 all existing/future journal files. To normal users and
16647 administrators little changes, however packagers need to
16648 ensure to create the "systemd-journal" system group at
16649 package installation time.
16650
16651 * The systemd-journal-gatewayd now runs as unprivileged user
16652 systemd-journal-gateway:systemd-journal-gateway. Packaging
16653 scripts need to create these system user/group at
16654 installation time.
16655
16656 * timedated now exposes a new boolean property CanNTP that
16657 indicates whether a local NTP service is available or not.
16658
16659 * systemd-detect-virt will now also detect xen PVs
16660
40e21da8
KS		 16661 * The pstore file system is now mounted by default, if it is
16662 available.
85d68397 16663
1aed4590
LP		 16664 * In addition to the SELinux and IMA policies we will now also
16665 load SMACK policies at early boot.
16666
85d68397
LP		 16667 Contributions from: Adel Gadllah, Aleksander Morgado, Auke
16668 Kok, Ayan George, Bastien Nocera, Colin Walters, Daniel Buch,
16669 Daniel Wallace, Dave Reisner, David Herrmann, David Strauss,
16670 Eelco Dolstra, Enrico Scholz, Frederic Crozat, Harald Hoyer,
16671 Jan Janssen, Jonathan Callen, Kay Sievers, Lennart Poettering,
16672 Lukas Nykryn, Mantas Mikulėnas, Marc-Antoine Perennou, Martin
16673 Pitt, Mauro Dreissig, Max F. Albrecht, Michael Biebl, Michael
16674 Olbrich, Michal Schmidt, Michal Sekletar, Michal Vyskocil,
16675 Michał Bartoszkiewicz, Mirco Tischler, Nathaniel Chen, Nestor
16676 Ovroy, Oleksii Shevchuk, Paul W. Frields, Piotr Drąg, Rob
16677 Clark, Ryan Lortie, Simon McVittie, Simon Peeters, Steven
16678 Hiscocks, Thomas Hindoe Paaboel Andersen, Tollef Fog Heen, Tom
16679 Gundersen, Umut Tezduyar, William Giokas, Zbigniew
16680 Jędrzejewski-Szmek, Zeeshan Ali (Khattak)
16681
8ad26859
LP		 16682CHANGES WITH 197:
16683
16684 * Timer units now support calendar time events in addition to
16685 monotonic time events. That means you can now trigger a unit
16686 based on a calendar time specification such as "Thu,Fri
16687 2013-*-1,5 11:12:13" which refers to 11:12:13 of the first
16688 or fifth day of any month of the year 2013, given that it is
c3fb1e43 16689 a Thursday or a Friday. This brings timer event support
8ad26859
LP		 16690 considerably closer to cron's capabilities. For details on
16691 the supported calendar time specification language see
16692 systemd.time(7).
16693
16694 * udev now supports a number of different naming policies for
16695 network interfaces for predictable names, and a combination
16696 of these policies is now the default. Please see this wiki
16697 document for details:
16698
a794a4d8 16699 https://www.freedesktop.org/software/systemd/man/systemd.net-naming-scheme.html
8ad26859
LP		 16700
16701 * Auke Kok's bootchart implementation has been added to the
d28315e4
JE		 16702 systemd tree. It is an optional component that can graph the
16703 boot in quite some detail. It is one of the best bootchart
8ad26859
LP		 16704 implementations around and minimal in its code and
16705 dependencies.
16706
16707 * nss-myhostname has been integrated into the systemd source
16708 tree. nss-myhostname guarantees that the local hostname
16709 always stays resolvable via NSS. It has been a weak
16710 requirement of systemd-hostnamed since a long time, and
16711 since its code is actually trivial we decided to just
16712 include it in systemd's source tree. It can be turned off
16713 with a configure switch.
16714
16715 * The read-ahead logic is now capable of properly detecting
16716 whether a btrfs file system is on SSD or rotating media, in
16717 order to optimize the read-ahead scheme. Previously, it was
16718 only capable of detecting this on traditional file systems
16719 such as ext4.
16720
16721 * In udev, additional device properties are now read from the
16722 IAB in addition to the OUI database. Also, Bluetooth company
16723 identities are attached to the devices as well.
16724
16725 * In service files %U may be used as specifier that is
16726 replaced by the configured user name of the service.
16727
16728 * nspawn may now be invoked without a controlling TTY. This
16729 makes it suitable for invocation as its own service. This
16730 may be used to set up a simple containerized server system
16731 using only core OS tools.
16732
16733 * systemd and nspawn can now accept socket file descriptors
16734 when they are started for socket activation. This enables
16735 implementation of socket activated nspawn
16736 containers. i.e. think about autospawning an entire OS image
16737 when the first SSH or HTTP connection is received. We expect
16738 that similar functionality will also be added to libvirt-lxc
16739 eventually.
16740
16741 * journalctl will now suppress ANSI color codes when
16742 presenting log data.
16743
16744 * systemctl will no longer show control group information for
ce830873 16745 a unit if the control group is empty anyway.
8ad26859
LP		 16746
16747 * logind can now automatically suspend/hibernate/shutdown the
16748 system on idle.
16749
16750 * /etc/machine-info and hostnamed now also expose the chassis
16751 type of the system. This can be used to determine whether
16752 the local system is a laptop, desktop, handset or
16753 tablet. This information may either be configured by the
16754 user/vendor or is automatically determined from ACPI and DMI
16755 information if possible.
16756
d35f51ea
ZJS		 16757 * A number of polkit actions are now bound together with "imply"
16758 rules. This should simplify creating UIs because many actions
16759 will now authenticate similar ones as well.
8ad26859
LP		 16760
16761 * Unit files learnt a new condition ConditionACPower= which
16762 may be used to conditionalize a unit depending on whether an
16763 AC power source is connected or not, of whether the system
16764 is running on battery power.
16765
16766 * systemctl gained a new "is-failed" verb that may be used in
16767 shell scripts and suchlike to check whether a specific unit
16768 is in the "failed" state.
16769
16770 * The EnvironmentFile= setting in unit files now supports file
16771 globbing, and can hence be used to easily read a number of
16772 environment files at once.
16773
16774 * systemd will no longer detect and recognize specific
16775 distributions. All distribution-specific #ifdeffery has been
16776 removed, systemd is now fully generic and
16777 distribution-agnostic. Effectively, not too much is lost as
16778 a lot of the code is still accessible via explicit configure
16779 switches. However, support for some distribution specific
16780 legacy configuration file formats has been dropped. We
16781 recommend distributions to simply adopt the configuration
16782 files everybody else uses now and convert the old
16783 configuration from packaging scripts. Most distributions
16784 already did that. If that's not possible or desirable,
16785 distributions are welcome to forward port the specific
16786 pieces of code locally from the git history.
16787
16788 * When logging a message about a unit systemd will now always
16789 log the unit name in the message meta data.
16790
16791 * localectl will now also discover system locale data that is
16792 not stored in locale archives, but directly unpacked.
16793
16794 * logind will no longer unconditionally use framebuffer
16795 devices as seat masters, i.e. as devices that are required
16796 to be existing before a seat is considered preset. Instead,
16797 it will now look for all devices that are tagged as
b938cb90
JE		 16798 "seat-master" in udev. By default, framebuffer devices will
16799 be marked as such, but depending on local systems, other
8ad26859
LP		 16800 devices might be marked as well. This may be used to
16801 integrate graphics cards using closed source drivers (such
16802 as NVidia ones) more nicely into logind. Note however, that
16803 we recommend using the open source NVidia drivers instead,
16804 and no udev rules for the closed-source drivers will be
16805 shipped from us upstream.
16806
16807 Contributions from: Adam Williamson, Alessandro Crismani, Auke
16808 Kok, Colin Walters, Daniel Wallace, Dave Reisner, David
16809 Herrmann, David Strauss, Dimitrios Apostolou, Eelco Dolstra,
16810 Eric Benoit, Giovanni Campagna, Hannes Reinecke, Henrik
16811 Grindal Bakken, Hermann Gausterer, Kay Sievers, Lennart
16812 Poettering, Lukas Nykryn, Mantas Mikulėnas, Marcel Holtmann,
16813 Martin Pitt, Matthew Monaco, Michael Biebl, Michael Terry,
16814 Michal Schmidt, Michal Sekletar, Michał Bartoszkiewicz, Oleg
16815 Samarin, Pekka Lundstrom, Philip Nilsson, Ramkumar
16816 Ramachandra, Richard Yao, Robert Millan, Sami Kerola, Shawn
16817 Landden, Thomas Hindoe Paaboel Andersen, Thomas Jarosch,
16818 Tollef Fog Heen, Tom Gundersen, Umut Tezduyar, Zbigniew
16819 Jędrzejewski-Szmek
16820
0428ddb7
LP		 16821CHANGES WITH 196:
16822
16823 * udev gained support for loading additional device properties
16824 from an indexed database that is keyed by vendor/product IDs
16825 and similar device identifiers. For the beginning this
16826 "hwdb" is populated with data from the well-known PCI and
16827 USB database, but also includes PNP, ACPI and OID data. In
16828 the longer run this indexed database shall grow into
16829 becoming the one central database for non-essential
16830 userspace device metadata. Previously, data from the PCI/USB
96ec33c0 16831 database was only attached to select devices, since the
0428ddb7 16832 lookup was a relatively expensive operation due to O(n) time
96ec33c0
LP		 16833 complexity (with n being the number of entries in the
16834 database). Since this is now O(1), we decided to add in this
16835 data for all devices where this is available, by
0428ddb7
LP		 16836 default. Note that the indexed database needs to be rebuilt
16837 when new data files are installed. To achieve this you need
16838 to update your packaging scripts to invoke "udevadm hwdb
16839 --update" after installation of hwdb data files. For
16840 RPM-based distributions we introduced the new
16841 %udev_hwdb_update macro for this purpose.
16842
16843 * The Journal gained support for the "Message Catalog", an
16844 indexed database to link up additional information with
16845 journal entries. For further details please check:
16846
03d35b5d 16847 https://systemd.io/CATALOG
0428ddb7
LP		 16848
16849 The indexed message catalog database also needs to be
16850 rebuilt after installation of message catalog files. Use
16851 "journalctl --update-catalog" for this. For RPM-based
16852 distributions we introduced the %journal_catalog_update
16853 macro for this purpose.
16854
16855 * The Python Journal bindings gained support for the standard
16856 Python logging framework.
16857
16858 * The Journal API gained new functions for checking whether
16859 the underlying file system of a journal file is capable of
16860 properly reporting file change notifications, or whether
16861 applications that want to reflect journal changes "live"
ab06eef8 16862 need to recheck journal files continuously in appropriate
0428ddb7
LP		 16863 time intervals.
16864
16865 * It is now possible to set the "age" field for tmpfiles
16866 entries to 0, indicating that files matching this entry
16867 shall always be removed when the directories are cleaned up.
16868
16869 * coredumpctl gained a new "gdb" verb which invokes gdb
16870 right-away on the selected coredump.
16871
16872 * There's now support for "hybrid sleep" on kernels that
16873 support this, in addition to "suspend" and "hibernate". Use
16874 "systemctl hybrid-sleep" to make use of this.
16875
16876 * logind's HandleSuspendKey= setting (and related settings)
16877 now gained support for a new "lock" setting to simply
16878 request the screen lock on all local sessions, instead of
16879 actually executing a suspend or hibernation.
16880
16881 * systemd will now mount the EFI variables file system by
16882 default.
16883
16884 * Socket units now gained support for configuration of the
16885 SMACK security label.
16886
16887 * timedatectl will now output the time of the last and next
16888 daylight saving change.
16889
16890 * We dropped support for various legacy and distro-specific
16891 concepts, such as insserv, early-boot SysV services
16892 (i.e. those for non-standard runlevels such as 'b' or 'S')
16893 or ArchLinux /etc/rc.conf support. We recommend the
16894 distributions who still need support this to either continue
16895 to maintain the necessary patches downstream, or find a
16896 different solution. (Talk to us if you have questions!)
16897
d35f51ea
ZJS		 16898 * Various systemd components will now bypass polkit checks for
16899 root and otherwise handle properly if polkit is not found to
16900 be around. This should fix most issues for polkit-less
16901 systems. Quite frankly this should have been this way since
16902 day one. It is absolutely our intention to make systemd work
16903 fine on polkit-less systems, and we consider it a bug if
16904 something does not work as it should if polkit is not around.
0428ddb7
LP		 16905
16906 * For embedded systems it is now possible to build udev and
16907 systemd without blkid and/or kmod support.
16908
16909 * "systemctl switch-root" is now capable of switching root
16910 more than once. I.e. in addition to transitions from the
16911 initrd to the host OS it is now possible to transition to
16912 further OS images from the host. This is useful to implement
16913 offline updating tools.
16914
16915 * Various other additions have been made to the RPM macros
16916 shipped with systemd. Use %udev_rules_update() after
16917 installing new udev rules files. %_udevhwdbdir,
16918 %_udevrulesdir, %_journalcatalogdir, %_tmpfilesdir,
16919 %_sysctldir are now available which resolve to the right
16920 directories for packages to place various data files in.
16921
16922 * journalctl gained the new --full switch (in addition to
16923 --all, to disable ellipsation for long messages.
16924
16925 Contributions from: Anders Olofsson, Auke Kok, Ben Boeckel,
16926 Colin Walters, Cosimo Cecchi, Daniel Wallace, Dave Reisner,
16927 Eelco Dolstra, Holger Hans Peter Freyther, Kay Sievers,
16928 Chun-Yi Lee, Lekensteyn, Lennart Poettering, Mantas Mikulėnas,
16929 Marti Raudsepp, Martin Pitt, Mauro Dreissig, Michael Biebl,
16930 Michal Schmidt, Michal Sekletar, Miklos Vajna, Nis Martensen,
16931 Oleksii Shevchuk, Olivier Brunel, Ramkumar Ramachandra, Thomas
16932 Bächler, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Tony
16933 Camuso, Umut Tezduyar, Zbigniew Jędrzejewski-Szmek
16934
139ee8cc
LP		 16935CHANGES WITH 195:
16936
6827101a 16937 * journalctl gained new --since= and --until= switches to
139ee8cc
LP		 16938 filter by time. It also now supports nice filtering for
16939 units via --unit=/-u.
16940
6827101a 16941 * Type=oneshot services may use ExecReload= and do the
139ee8cc
LP		 16942 right thing.
16943
16944 * The journal daemon now supports time-based rotation and
16945 vacuuming, in addition to the usual disk-space based
16946 rotation.
16947
16948 * The journal will now index the available field values for
16949 each field name. This enables clients to show pretty drop
16950 downs of available match values when filtering. The bash
16951 completion of journalctl has been updated
16952 accordingly. journalctl gained a new switch -F to list all
16953 values a certain field takes in the journal database.
16954
16955 * More service events are now written as structured messages
16956 to the journal, and made recognizable via message IDs.
16957
16958 * The timedated, localed and hostnamed mini-services which
16959 previously only provided support for changing time, locale
16960 and hostname settings from graphical DEs such as GNOME now
16961 also have a minimal (but very useful) text-based client
16962 utility each. This is probably the nicest way to changing
16963 these settings from the command line now, especially since
16964 it lists available options and is fully integrated with bash
16965 completion.
16966
16967 * There's now a new tool "systemd-coredumpctl" to list and
16968 extract coredumps from the journal.
16969
16970 * We now install a README each in /var/log/ and
16971 /etc/rc.d/init.d explaining where the system logs and init
16972 scripts went. This hopefully should help folks who go to
16973 that dirs and look into the otherwise now empty void and
16974 scratch their heads.
16975
16976 * When user-services are invoked (by systemd --user) the
16977 $MANAGERPID env var is set to the PID of systemd.
16978
16979 * SIGRTMIN+24 when sent to a --user instance will now result
16980 in immediate termination of systemd.
16981
16982 * gatewayd received numerous feature additions such as a
16983 "follow" mode, for live syncing and filtering.
16984
16985 * browse.html now allows filtering and showing detailed
16986 information on specific entries. Keyboard navigation and
16987 mouse screen support has been added.
16988
16989 * gatewayd/journalctl now supports HTML5/JSON
16990 Server-Sent-Events as output.
16991
1cb88f2c 16992 * The SysV init script compatibility logic will now
139ee8cc
LP		 16993 heuristically determine whether a script supports the
16994 "reload" verb, and only then make this available as
16995 "systemctl reload".
16996
15f47220 16997 * "systemctl status --follow" has been removed, use "journalctl
139ee8cc
LP		 16998 -u" instead.
16999
17000 * journald.conf's RuntimeMinSize=, PersistentMinSize= settings
17001 have been removed since they are hardly useful to be
17002 configured.
17003
17004 * And I'd like to take the opportunity to specifically mention
17005 Zbigniew for his great contributions. Zbigniew, you rock!
17006
17007 Contributions from: Andrew Eikum, Christian Hesse, Colin
17008 Guthrie, Daniel J Walsh, Dave Reisner, Eelco Dolstra, Ferenc
4d92e078
LP		 17009 Wágner, Kay Sievers, Lennart Poettering, Lukas Nykryn, Mantas
17010 Mikulėnas, Martin Mikkelsen, Martin Pitt, Michael Olbrich,
17011 Michael Stapelberg, Michal Schmidt, Sebastian Ott, Thomas
17012 Bächler, Umut Tezduyar, Will Woods, Wulf C. Krueger, Zbigniew
17013 Jędrzejewski-Szmek, Сковорода Никита Андреевич
139ee8cc 17014
f9b55720
LP		 17015CHANGES WITH 194:
17016
17017 * If /etc/vconsole.conf is non-existent or empty we will no
17018 longer load any console font or key map at boot by
17019 default. Instead the kernel defaults will be left
17020 intact. This is definitely the right thing to do, as no
17021 configuration should mean no configuration, and hard-coding
17022 font names that are different on all archs is probably a bad
17023 idea. Also, the kernel default key map and font should be
17024 good enough for most cases anyway, and mostly identical to
17025 the userspace fonts/key maps we previously overloaded them
17026 with. If distributions want to continue to default to a
17027 non-kernel font or key map they should ship a default
17028 /etc/vconsole.conf with the appropriate contents.
17029
17030 Contributions from: Colin Walters, Daniel J Walsh, Dave
17031 Reisner, Kay Sievers, Lennart Poettering, Lukas Nykryn, Tollef
17032 Fog Heen, Tom Gundersen, Zbigniew Jędrzejewski-Szmek
17033
597c52cf
LP		 17034CHANGES WITH 193:
17035
17036 * journalctl gained a new --cursor= switch to show entries
17037 starting from the specified location in the journal.
17038
17039 * We now enforce a size limit on journal entry fields exported
17040 with "-o json" in journalctl. Fields larger than 4K will be
17041 assigned null. This can be turned off with --all.
17042
17043 * An (optional) journal gateway daemon is now available as
17044 "systemd-journal-gatewayd.service". This service provides
17045 access to the journal via HTTP and JSON. This functionality
17046 will be used to implement live log synchronization in both
17047 pull and push modes, but has various other users too, such
17048 as easy log access for debugging of embedded devices. Right
17049 now it is already useful to retrieve the journal via HTTP:
17050
17051 # systemctl start systemd-journal-gatewayd.service
17052 # wget http://localhost:19531/entries
17053
17054 This will download the journal contents in a
17055 /var/log/messages compatible format. The same as JSON:
17056
17057 # curl -H"Accept: application/json" http://localhost:19531/entries
17058
17059 This service is also accessible via a web browser where a
17060 single static HTML5 app is served that uses the JSON logic
17061 to enable the user to do some basic browsing of the
17062 journal. This will be extended later on. Here's an example
17063 screenshot of this app in its current state:
17064
dc7e580e 17065 https://0pointer.de/public/journal-gatewayd
597c52cf
LP		 17066
17067 Contributions from: Kay Sievers, Lennart Poettering, Robert
17068 Milasan, Tom Gundersen
17069
075d4ecb
LP		 17070CHANGES WITH 192:
17071
17072 * The bash completion logic is now available for journalctl
17073 too.
17074
d28315e4 17075 * We do not mount the "cpuset" controller anymore together with
075d4ecb
LP		 17076 "cpu" and "cpuacct", as "cpuset" groups generally cannot be
17077 started if no parameters are assigned to it. "cpuset" hence
61233823 17078 broke code that assumed it could create "cpu" groups and
075d4ecb
LP		 17079 just start them.
17080
17081 * journalctl -f will now subscribe to terminal size changes,
17082 and line break accordingly.
17083
597c52cf
LP		 17084 Contributions from: Dave Reisner, Kay Sievers, Lennart
17085 Poettering, Lukas Nykrynm, Mirco Tischler, Václav Pavlín
075d4ecb 17086
b6a86739
LP		 17087CHANGES WITH 191:
17088
17089 * nspawn will now create a symlink /etc/localtime in the
17090 container environment, copying the host's timezone
17091 setting. Previously this has been done via a bind mount, but
17092 since symlinks cannot be bind mounted this has now been
17093 changed to create/update the appropriate symlink.
17094
17095 * journalctl -n's line number argument is now optional, and
17096 will default to 10 if omitted.
17097
17098 * journald will now log the maximum size the journal files may
17099 take up on disk. This is particularly useful if the default
17100 built-in logic of determining this parameter from the file
17101 system size is used. Use "systemctl status
6563b535 17102 systemd-journald.service" to see this information.
b6a86739
LP		 17103
17104 * The multi-seat X wrapper tool has been stripped down. As X
17105 is now capable of enumerating graphics devices via udev in a
17106 seat-aware way the wrapper is not strictly necessary
17107 anymore. A stripped down temporary stop-gap is still shipped
17108 until the upstream display managers have been updated to
17109 fully support the new X logic. Expect this wrapper to be
6563b535 17110 removed entirely in one of the next releases.
b6a86739
LP		 17111
17112 * HandleSleepKey= in logind.conf has been split up into
17113 HandleSuspendKey= and HandleHibernateKey=. The old setting
6563b535 17114 is not available anymore. X11 and the kernel are
45afd519 17115 distinguishing between these keys and we should too. This
b6a86739
LP		 17116 also means the inhibition lock for these keys has been split
17117 into two.
17118
597c52cf
LP		 17119 Contributions from: Dave Airlie, Eelco Dolstra, Lennart
17120 Poettering, Lukas Nykryn, Václav Pavlín
b6a86739 17121
0c11f949
LP		 17122CHANGES WITH 190:
17123
d28315e4 17124 * Whenever a unit changes state we will now log this to the
0c11f949
LP		 17125 journal and show along the unit's own log output in
17126 "systemctl status".
17127
17128 * ConditionPathIsMountPoint= can now properly detect bind
17129 mount points too. (Previously, a bind mount of one file
8d0256b7 17130 system to another place in the same file system could not be
0c11f949
LP		 17131 detected as mount, since they shared struct stat's st_dev
17132 field.)
17133
17134 * We will now mount the cgroup controllers cpu, cpuacct,
17135 cpuset and the controllers net_cls, net_prio together by
17136 default.
17137
17138 * nspawn containers will now have a virtualized boot
17139 ID. (i.e. /proc/sys/kernel/random/boot_id is now mounted
17140 over with a randomized ID at container initialization). This
17141 has the effect of making "journalctl -b" do the right thing
17142 in a container.
17143
17144 * The JSON output journal serialization has been updated not
17145 to generate "endless" list objects anymore, but rather one
17146 JSON object per line. This is more in line how most JSON
17147 parsers expect JSON objects. The new output mode
17148 "json-pretty" has been added to provide similar output, but
17149 neatly aligned for readability by humans.
17150
17151 * We dropped all explicit sync() invocations in the shutdown
17152 code. The kernel does this implicitly anyway in the kernel
17153 reboot() syscall. halt(8)'s -n option is now a compatibility
17154 no-op.
17155
17156 * We now support virtualized reboot() in containers, as
17157 supported by newer kernels. We will fall back to exit() if
17158 CAP_SYS_REBOOT is not available to the container. Also,
17159 nspawn makes use of this now and will actually reboot the
17160 container if the containerized OS asks for that.
17161
17162 * journalctl will only show local log output by default
17163 now. Use --merge (-m) to show remote log output, too.
17164
17165 * libsystemd-journal gained the new sd_journal_get_usage()
17166 call to determine the current disk usage of all journal
17167 files. This is exposed in the new "journalctl --disk-usage"
17168 command.
17169
17170 * journald gained a new configuration setting SplitMode= in
17171 journald.conf which may be used to control how user journals
17172 are split off. See journald.conf(5) for details.
17173
17174 * A new condition type ConditionFileNotEmpty= has been added.
17175
17176 * tmpfiles' "w" lines now support file globbing, to write
17177 multiple files at once.
17178
17179 * We added Python bindings for the journal submission
17180 APIs. More Python APIs for a number of selected APIs will
17181 likely follow. Note that we intend to add native bindings
17182 only for the Python language, as we consider it common
17183 enough to deserve bindings shipped within systemd. There are
17184 various projects outside of systemd that provide bindings
17185 for languages such as PHP or Lua.
17186
a98d5d64
LP		 17187 * Many conditions will now resolve specifiers such as %i. In
17188 addition, PathChanged= and related directives of .path units
17189 now support specifiers as well.
0c11f949
LP		 17190
17191 * There's now a new RPM macro definition for the system preset
17192 dir: %_presetdir.
17193
d28315e4 17194 * journald will now warn if it ca not forward a message to the
dca348bc 17195 syslog daemon because its socket is full.
0c11f949
LP		 17196
17197 * timedated will no longer write or process /etc/timezone,
17198 except on Debian. As we do not support late mounted /usr
17199 anymore /etc/localtime always being a symlink is now safe,
17200 and hence the information in /etc/timezone is not necessary
17201 anymore.
17202
aaccc32c 17203 * logind will now always reserve one VT for a text getty (VT6
0c11f949
LP		 17204 by default). Previously if more than 6 X sessions where
17205 started they took up all the VTs with auto-spawned gettys,
17206 so that no text gettys were available anymore.
17207
17208 * udev will now automatically inform the btrfs kernel logic
17209 about btrfs RAID components showing up. This should make
17210 simple hotplug based btrfs RAID assembly work.
17211
17212 * PID 1 will now increase its RLIMIT_NOFILE to 64K by default
17213 (but not for its children which will stay at the kernel
17214 default). This should allow setups with a lot more listening
17215 sockets.
17216
17217 * systemd will now always pass the configured timezone to the
17218 kernel at boot. timedated will do the same when the timezone
17219 is changed.
17220
17221 * logind's inhibition logic has been updated. By default,
17222 logind will now handle the lid switch, the power and sleep
17223 keys all the time, even in graphical sessions. If DEs want
17224 to handle these events on their own they should take the new
17225 handle-power-key, handle-sleep-key and handle-lid-switch
f131770b 17226 inhibitors during their runtime. A simple way to achieve
0c11f949
LP		 17227 that is to invoke the DE wrapped in an invocation of:
17228
1d3a473b 17229 systemd-inhibit --what=handle-power-key:handle-sleep-key:handle-lid-switch …
0c11f949
LP		 17230
17231 * Access to unit operations is now checked via SELinux taking
17232 the unit file label and client process label into account.
17233
aad803af
LP		 17234 * systemd will now notify the administrator in the journal
17235 when he over-mounts a non-empty directory.
17236
17237 * There are new specifiers that are resolved in unit files,
38b38500 17238 for the hostname (%H), the machine ID (%m) and the boot ID
aad803af
LP		 17239 (%b).
17240
b6a86739 17241 Contributions from: Allin Cottrell, Auke Kok, Brandon Philips,
0c11f949
LP		 17242 Colin Guthrie, Colin Walters, Daniel J Walsh, Dave Reisner,
17243 Eelco Dolstra, Jan Engelhardt, Kay Sievers, Lennart
17244 Poettering, Lucas De Marchi, Lukas Nykryn, Mantas Mikulėnas,
17245 Martin Pitt, Matthias Clasen, Michael Olbrich, Pierre Schmitz,
17246 Shawn Landden, Thomas Hindoe Paaboel Andersen, Tom Gundersen,
17247 Václav Pavlín, Yin Kangkai, Zbigniew Jędrzejewski-Szmek
17248
38a60d71
LP		 17249CHANGES WITH 189:
17250
17251 * Support for reading structured kernel messages from
17252 /dev/kmsg has now been added and is enabled by default.
17253
17254 * Support for reading kernel messages from /proc/kmsg has now
17255 been removed. If you want kernel messages in the journal
17256 make sure to run a recent kernel (>= 3.5) that supports
17257 reading structured messages from /dev/kmsg (see
17258 above). /proc/kmsg is now exclusive property of classic
17259 syslog daemons again.
17260
17261 * The libudev API gained the new
17262 udev_device_new_from_device_id() call.
17263
17264 * The logic for file system namespace (ReadOnlyDirectory=,
17265 ReadWriteDirectoy=, PrivateTmp=) has been reworked not to
17266 require pivot_root() anymore. This means fewer temporary
17267 directories are created below /tmp for this feature.
17268
17269 * nspawn containers will now see and receive all submounts
17270 made on the host OS below the root file system of the
17271 container.
17272
17273 * Forward Secure Sealing is now supported for Journal files,
17274 which provide cryptographical sealing of journal files so
17275 that attackers cannot alter log history anymore without this
17276 being detectable. Lennart will soon post a blog story about
17277 this explaining it in more detail.
17278
17279 * There are two new service settings RestartPreventExitStatus=
17280 and SuccessExitStatus= which allow configuration of exit
17281 status (exit code or signal) which will be excepted from the
17282 restart logic, resp. consider successful.
17283
17284 * journalctl gained the new --verify switch that can be used
17285 to check the integrity of the structure of journal files and
17286 (if Forward Secure Sealing is enabled) the contents of
17287 journal files.
17288
17289 * nspawn containers will now be run with /dev/stdin, /dev/fd/
17290 and similar symlinks pre-created. This makes running shells
17291 as container init process a lot more fun.
17292
17293 * The fstab support can now handle PARTUUID= and PARTLABEL=
17294 entries.
17295
17296 * A new ConditionHost= condition has been added to match
17297 against the hostname (with globs) and machine ID. This is
17298 useful for clusters where a single OS image is used to
17299 provision a large number of hosts which shall run slightly
17300 different sets of services.
17301
17302 * Services which hit the restart limit will now be placed in a
17303 failure state.
17304
b6a86739 17305 Contributions from: Bertram Poettering, Dave Reisner, Huang
38a60d71
LP		 17306 Hang, Kay Sievers, Lennart Poettering, Lukas Nykryn, Martin
17307 Pitt, Simon Peeters, Zbigniew Jędrzejewski-Szmek
17308
c269cec3
LP		 17309CHANGES WITH 188:
17310
17311 * When running in --user mode systemd will now become a
17312 subreaper (PR_SET_CHILD_SUBREAPER). This should make the ps
17313 tree a lot more organized.
17314
17315 * A new PartOf= unit dependency type has been introduced that
17316 may be used to group services in a natural way.
17317
17318 * "systemctl enable" may now be used to enable instances of
17319 services.
17320
17321 * journalctl now prints error log levels in red, and
17322 warning/notice log levels in bright white. It also supports
17323 filtering by log level now.
17324
17325 * cgtop gained a new -n switch (similar to top), to configure
17326 the maximum number of iterations to run for. It also gained
17327 -b, to run in batch mode (accepting no input).
17328
ab06eef8 17329 * The suffix ".service" may now be omitted on most systemctl
c269cec3
LP		 17330 command lines involving service unit names.
17331
17332 * There's a new bus call in logind to lock all sessions, as
17333 well as a loginctl verb for it "lock-sessions".
17334
17335 * libsystemd-logind.so gained a new call sd_journal_perror()
17336 that works similar to libc perror() but logs to the journal
17337 and encodes structured information about the error number.
17338
17339 * /etc/crypttab entries now understand the new keyfile-size=
17340 option.
17341
17342 * shutdown(8) now can send a (configurable) wall message when
17343 a shutdown is cancelled.
17344
17345 * The mount propagation mode for the root file system will now
17346 default to "shared", which is useful to make containers work
17347 nicely out-of-the-box so that they receive new mounts from
17348 the host. This can be undone locally by running "mount
17349 --make-rprivate /" if needed.
17350
17351 * The prefdm.service file has been removed. Distributions
17352 should maintain this unit downstream if they intend to keep
17353 it around. However, we recommend writing normal unit files
17354 for display managers instead.
17355
17356 * Since systemd is a crucial part of the OS we will now
17357 default to a number of compiler switches that improve
17358 security (hardening) such as read-only relocations, stack
17359 protection, and suchlike.
17360
17361 * The TimeoutSec= setting for services is now split into
17362 TimeoutStartSec= and TimeoutStopSec= to allow configuration
17363 of individual time outs for the start and the stop phase of
17364 the service.
17365
17366 Contributions from: Artur Zaprzala, Arvydas Sidorenko, Auke
17367 Kok, Bryan Kadzban, Dave Reisner, David Strauss, Harald Hoyer,
17368 Jim Meyering, Kay Sievers, Lennart Poettering, Mantas
17369 Mikulėnas, Martin Pitt, Michal Schmidt, Michal Sekletar, Peter
17370 Alfredsen, Shawn Landden, Simon Peeters, Terence Honles, Tom
17371 Gundersen, Zbigniew Jędrzejewski-Szmek
17372
c4f1b862
LP		 17373CHANGES WITH 187:
17374
17375 * The journal and id128 C APIs are now fully documented as man
17376 pages.
17377
17378 * Extra safety checks have been added when transitioning from
17379 the initial RAM disk to the main system to avoid accidental
17380 data loss.
17381
c269cec3 17382 * /etc/crypttab entries now understand the new keyfile-offset=
c4f1b862
LP		 17383 option.
17384
17385 * systemctl -t can now be used to filter by unit load state.
17386
17387 * The journal C API gained the new sd_journal_wait() call to
17388 make writing synchronous journal clients easier.
17389
17390 * journalctl gained the new -D switch to show journals from a
17391 specific directory.
17392
17393 * journalctl now displays a special marker between log
17394 messages of two different boots.
17395
17396 * The journal is now explicitly flushed to /var via a service
17397 systemd-journal-flush.service, rather than implicitly simply
17398 by seeing /var/log/journal to be writable.
17399
17400 * journalctl (and the journal C APIs) can now match for much
17401 more complex expressions, with alternatives and
17402 disjunctions.
17403
17404 * When transitioning from the initial RAM disk to the main
17405 system we will now kill all processes in a killing spree to
17406 ensure no processes stay around by accident.
17407
17408 * Three new specifiers may be used in unit files: %u, %h, %s
17409 resolve to the user name, user home directory resp. user
17410 shell. This is useful for running systemd user instances.
17411
17412 * We now automatically rotate journal files if their data
17413 object hash table gets a fill level > 75%. We also size the
17414 hash table based on the configured maximum file size. This
17415 together should lower hash collisions drastically and thus
17416 speed things up a bit.
17417
17418 * journalctl gained the new "--header" switch to introspect
17419 header data of journal files.
17420
6b000af4
LP		 17421 * A new setting SystemCallFilters= has been added to services which may
17422 be used to apply deny lists or allow lists to system calls. This is
17423 based on SECCOMP Mode 2 of Linux 3.5.
c4f1b862
LP		 17424
17425 * nspawn gained a new --link-journal= switch (and quicker: -j)
17426 to link the container journal with the host. This makes it
17427 very easy to centralize log viewing on the host for all
17428 guests while still keeping the journal files separated.
17429
17430 * Many bugfixes and optimizations
17431
17432 Contributions from: Auke Kok, Eelco Dolstra, Harald Hoyer, Kay
17433 Sievers, Lennart Poettering, Malte Starostik, Paul Menzel, Rex
17434 Tsai, Shawn Landden, Tom Gundersen, Ville Skyttä, Zbigniew
17435 Jędrzejewski-Szmek
17436
b5b4c94a
LP		 17437CHANGES WITH 186:
17438
17439 * Several tools now understand kernel command line arguments,
17440 which are only read when run in an initial RAM disk. They
17441 usually follow closely their normal counterparts, but are
17442 prefixed with rd.
17443
17444 * There's a new tool to analyze the readahead files that are
17445 automatically generated at boot. Use:
17446
17447 /usr/lib/systemd/systemd-readahead analyze /.readahead
17448
17449 * We now provide an early debug shell on tty9 if this enabled. Use:
17450
d1f9edaf 17451 systemctl enable debug-shell.service
b5b4c94a
LP		 17452
17453 * All plymouth related units have been moved into the Plymouth
17454 package. Please make sure to upgrade your Plymouth version
17455 as well.
17456
17457 * systemd-tmpfiles now supports getting passed the basename of
17458 a configuration file only, in which case it will look for it
17459 in all appropriate directories automatically.
17460
17461 * udevadm info now takes a /dev or /sys path as argument, and
17462 does the right thing. Example:
17463
17464 udevadm info /dev/sda
17465 udevadm info /sys/class/block/sda
17466
17467 * systemctl now prints a warning if a unit is stopped but a
17468 unit that might trigger it continues to run. Example: a
17469 service is stopped but the socket that activates it is left
17470 running.
17471
17472 * "systemctl status" will now mention if the log output was
17473 shortened due to rotation since a service has been started.
17474
17475 * The journal API now exposes functions to determine the
17476 "cutoff" times due to rotation.
17477
17478 * journald now understands SIGUSR1 and SIGUSR2 for triggering
17479 immediately flushing of runtime logs to /var if possible,
17480 resp. for triggering immediate rotation of the journal
17481 files.
17482
17483 * It is now considered an error if a service is attempted to
17484 be stopped that is not loaded.
17485
17486 * XDG_RUNTIME_DIR now uses numeric UIDs instead of usernames.
17487
17488 * systemd-analyze now supports Python 3
17489
17490 * tmpfiles now supports cleaning up directories via aging
17491 where the first level dirs are always kept around but
17492 directories beneath it automatically aged. This is enabled
17493 by prefixing the age field with '~'.
17494
17495 * Seat objects now expose CanGraphical, CanTTY properties
17496 which is required to deal with very fast bootups where the
17497 display manager might be running before the graphics drivers
17498 completed initialization.
17499
17500 * Seat objects now expose a State property.
17501
17502 * We now include RPM macros for service enabling/disabling
17503 based on the preset logic. We recommend RPM based
17504 distributions to make use of these macros if possible. This
17505 makes it simpler to reuse RPM spec files across
17506 distributions.
17507
17508 * We now make sure that the collected systemd unit name is
17509 always valid when services log to the journal via
17510 STDOUT/STDERR.
17511
17512 * There's a new man page kernel-command-line(7) detailing all
17513 command line options we understand.
17514
17515 * The fstab generator may now be disabled at boot by passing
17516 fstab=0 on the kernel command line.
17517
91ac7425 17518 * A new kernel command line option modules-load= is now understood
b5b4c94a
LP		 17519 to load a specific kernel module statically, early at boot.
17520
17521 * Unit names specified on the systemctl command line are now
17522 automatically escaped as needed. Also, if file system or
17523 device paths are specified they are automatically turned
17524 into the appropriate mount or device unit names. Example:
17525
17526 systemctl status /home
17527 systemctl status /dev/sda
17528
17529 * The SysVConsole= configuration option has been removed from
17530 system.conf parsing.
17531
17532 * The SysV search path is no longer exported on the D-Bus
17533 Manager object.
17534
ce830873 17535 * The Names= option has been removed from unit file parsing.
b5b4c94a
LP		 17536
17537 * There's a new man page bootup(7) detailing the boot process.
17538
17539 * Every unit and every generator we ship with systemd now
17540 comes with full documentation. The self-explanatory boot is
17541 complete.
17542
17543 * A couple of services gained "systemd-" prefixes in their
17544 name if they wrap systemd code, rather than only external
17545 code. Among them fsck@.service which is now
17546 systemd-fsck@.service.
17547
17548 * The HaveWatchdog property has been removed from the D-Bus
17549 Manager object.
17550
17551 * systemd.confirm_spawn= on the kernel command line should now
17552 work sensibly.
17553
17554 * There's a new man page crypttab(5) which details all options
17555 we actually understand.
17556
17557 * systemd-nspawn gained a new --capability= switch to pass
17558 additional capabilities to the container.
17559
17560 * timedated will now read known NTP implementation unit names
5b00c016 17561 from /usr/lib/systemd/ntp-units.d/*.list,
b5b4c94a
LP		 17562 systemd-timedated-ntp.target has been removed.
17563
17564 * journalctl gained a new switch "-b" that lists log data of
17565 the current boot only.
17566
17567 * The notify socket is in the abstract namespace again, in
17568 order to support daemons which chroot() at start-up.
17569
17570 * There is a new Storage= configuration option for journald
17571 which allows configuration of where log data should go. This
17572 also provides a way to disable journal logging entirely, so
17573 that data collected is only forwarded to the console, the
17574 kernel log buffer or another syslog implementation.
17575
c4f1b862 17576 * Many bugfixes and optimizations
b5b4c94a 17577
2d938ac7
LP		 17578 Contributions from: Auke Kok, Colin Guthrie, Dave Reisner,
17579 David Strauss, Eelco Dolstra, Kay Sievers, Lennart Poettering,
17580 Lukas Nykryn, Michal Schmidt, Michal Sekletar, Paul Menzel,
17581 Shawn Landden, Tom Gundersen
b5b4c94a 17582
2d197285 17583CHANGES WITH 185:
b6a86739 17584
2d197285
KS		 17585 * "systemctl help <unit>" now shows the man page if one is
17586 available.
17587
17588 * Several new man pages have been added.
17589
b5b4c94a
LP		 17590 * MaxLevelStore=, MaxLevelSyslog=, MaxLevelKMsg=,
17591 MaxLevelConsole= can now be specified in
17592 journald.conf. These options allow reducing the amount of
17593 data stored on disk or forwarded by the log level.
2d197285 17594
b5b4c94a
LP		 17595 * TimerSlackNSec= can now be specified in system.conf for
17596 PID1. This allows system-wide power savings.
2d197285
KS		 17597
17598 Contributions from: Dave Reisner, Kay Sievers, Lauri Kasanen,
17599 Lennart Poettering, Malte Starostik, Marc-Antoine Perennou,
17600 Matthias Clasen
17601
4c8cd173 17602CHANGES WITH 184:
b6a86739 17603
4c8cd173
LP		 17604 * logind is now capable of (optionally) handling power and
17605 sleep keys as well as the lid switch.
17606
17607 * journalctl now understands the syntax "journalctl
17608 /usr/bin/avahi-daemon" to get all log output of a specific
17609 daemon.
17610
17611 * CapabilityBoundingSet= in system.conf now also influences
17612 the capability bound set of usermode helpers of the kernel.
17613
17614 Contributions from: Daniel Drake, Daniel J. Walsh, Gert
17615 Michael Kulyk, Harald Hoyer, Jean Delvare, Kay Sievers,
17616 Lennart Poettering, Matthew Garrett, Matthias Clasen, Paul
17617 Menzel, Shawn Landden, Tero Roponen, Tom Gundersen
17618
ea5943d3 17619CHANGES WITH 183:
b6a86739 17620
187076d4
LP		 17621 * Note that we skipped 139 releases here in order to set the
17622 new version to something that is greater than both udev's
17623 and systemd's most recent version number.
17624
194bbe33
KS		 17625 * udev: all udev sources are merged into the systemd source tree now.
17626 All future udev development will happen in the systemd tree. It
17627 is still fully supported to use the udev daemon and tools without
17628 systemd running, like in initramfs or other init systems. Building
17629 udev though, will require the *build* of the systemd tree, but
ea5943d3 17630 udev can be properly *run* without systemd.
07cd4fc1 17631
91cf7e5c 17632 * udev: /lib/udev/devices/ are not read anymore; systemd-tmpfiles
f13b388f
KS		 17633 should be used to create dead device nodes as workarounds for broken
17634 subsystems.
64661ee7 17635
1d3a473b 17636 * udev: RUN+="socket:…" and udev_monitor_new_from_socket() is
2d13da88
KS		 17637 no longer supported. udev_monitor_new_from_netlink() needs to be
17638 used to subscribe to events.
17639
194bbe33
KS		 17640 * udev: when udevd is started by systemd, processes which are left
17641 behind by forking them off of udev rules, are unconditionally cleaned
17642 up and killed now after the event handling has finished. Services or
17643 daemons must be started as systemd services. Services can be
ea5943d3 17644 pulled-in by udev to get started, but they can no longer be directly
194bbe33
KS		 17645 forked by udev rules.
17646
f13b388f
KS		 17647 * udev: the daemon binary is called systemd-udevd now and installed
17648 in /usr/lib/systemd/. Standalone builds or non-systemd systems need
17649 to adapt to that, create symlink, or rename the binary after building
17650 it.
17651
ea5943d3 17652 * libudev no longer provides these symbols:
c1959569
KS		 17653 udev_monitor_from_socket()
17654 udev_queue_get_failed_list_entry()
17655 udev_get_{dev,sys,run}_path()
ea5943d3 17656 The versions number was bumped and symbol versioning introduced.
c1959569 17657
ea5943d3 17658 * systemd-loginctl and systemd-journalctl have been renamed
9ae9afce 17659 to loginctl and journalctl to match systemctl.
18b754d3
KS		 17660
17661 * The config files: /etc/systemd/systemd-logind.conf and
17662 /etc/systemd/systemd-journald.conf have been renamed to
17663 logind.conf and journald.conf. Package updates should rename
17664 the files to the new names on upgrade.
17665
ea5943d3
LP		 17666 * For almost all files the license is now LGPL2.1+, changed
17667 from the previous GPL2.0+. Exceptions are some minor stuff
17668 of udev (which will be changed to LGPL2.1 eventually, too),
17669 and the MIT licensed sd-daemon.[ch] library that is suitable
17670 to be used as drop-in files.
17671
17672 * systemd and logind now handle system sleep states, in
49f43d5f 17673 particular suspending and hibernating.
ea5943d3
LP		 17674
17675 * logind now implements a sleep/shutdown/idle inhibiting logic
17676 suitable for a variety of uses. Soonishly Lennart will blog
17677 about this in more detail.
17678
17679 * var-run.mount and var-lock.mount are no longer provided
ce830873 17680 (which previously bind mounted these directories to their new
ea5943d3
LP		 17681 places). Distributions which have not converted these
17682 directories to symlinks should consider stealing these files
17683 from git history and add them downstream.
17684
17685 * We introduced the Documentation= field for units and added
17686 this to all our shipped units. This is useful to make it
3943231c 17687 easier to explore the boot and the purpose of the various
ea5943d3
LP		 17688 units.
17689
17690 * All smaller setup units (such as
17691 systemd-vconsole-setup.service) now detect properly if they
17692 are run in a container and are skipped when
17693 appropriate. This guarantees an entirely noise-free boot in
17694 Linux container environments such as systemd-nspawn.
17695
17696 * A framework for implementing offline system updates is now
17697 integrated, for details see:
a794a4d8 17698 https://www.freedesktop.org/software/systemd/man/systemd.offline-updates.html
ea5943d3
LP		 17699
17700 * A new service type Type=idle is available now which helps us
17701 avoiding ugly interleaving of getty output and boot status
17702 messages.
17703
439d6dfd
LP		 17704 * There's now a system-wide CapabilityBoundingSet= option to
17705 globally reduce the set of capabilities for the
ea5943d3
LP		 17706 system. This is useful to drop CAP_SYS_MKNOD, CAP_SYS_RAWIO,
17707 CAP_NET_RAW, CAP_SYS_MODULE, CAP_SYS_TIME, CAP_SYS_PTRACE or
17708 even CAP_NET_ADMIN system-wide for secure systems.
17709
17710 * There are now system-wide DefaultLimitXXX= options to
17711 globally change the defaults of the various resource limits
17712 for all units started by PID 1.
17713
17714 * Harald Hoyer's systemd test suite has been integrated into
17715 systemd which allows easy testing of systemd builds in qemu
17716 and nspawn. (This is really awesome! Ask us for details!)
17717
3943231c
LP		 17718 * The fstab parser is now implemented as generator, not inside
17719 of PID 1 anymore.
ea5943d3
LP		 17720
17721 * systemctl will now warn you if .mount units generated from
17722 /etc/fstab are out of date due to changes in fstab that
d28315e4 17723 have not been read by systemd yet.
ea5943d3
LP		 17724
17725 * systemd is now suitable for usage in initrds. Dracut has
17726 already been updated to make use of this. With this in place
17727 initrds get a slight bit faster but primarily are much
17728 easier to introspect and debug since "systemctl status" in
17729 the host system can be used to introspect initrd services,
17730 and the journal from the initrd is kept around too.
17731
17732 * systemd-delta has been added, a tool to explore differences
17733 between user/admin configuration and vendor defaults.
17734
17735 * PrivateTmp= now affects both /tmp and /var/tmp.
17736
17737 * Boot time status messages are now much prettier and feature
17738 proper english language. Booting up systemd has never been
17739 so sexy.
17740
17741 * Read-ahead pack files now include the inode number of all
17742 files to pre-cache. When the inode changes the pre-caching
17743 is not attempted. This should be nicer to deal with updated
17744 packages which might result in changes of read-ahead
17745 patterns.
17746
17747 * We now temporaritly lower the kernel's read_ahead_kb variable
17748 when collecting read-ahead data to ensure the kernel's
17749 built-in read-ahead does not add noise to our measurements
17750 of necessary blocks to pre-cache.
17751
17752 * There's now RequiresMountsFor= to add automatic dependencies
17753 for all mounts necessary for a specific file system path.
17754
17755 * MountAuto= and SwapAuto= have been removed from
17756 system.conf. Mounting file systems at boot has to take place
17757 in systemd now.
17758
17759 * nspawn now learned a new switch --uuid= to set the machine
17760 ID on the command line.
17761
f8c0a2cb 17762 * nspawn now learned the -b switch to automatically search
ea5943d3
LP		 17763 for an init system.
17764
17765 * vt102 is now the default TERM for serial TTYs, upgraded from
17766 vt100.
17767
17768 * systemd-logind now works on VT-less systems.
17769
17770 * The build tree has been reorganized. The individual
3943231c 17771 components now have directories of their own.
ea5943d3
LP		 17772
17773 * A new condition type ConditionPathIsReadWrite= is now available.
17774
17775 * nspawn learned the new -C switch to create cgroups for the
17776 container in other hierarchies.
17777
17778 * We now have support for hardware watchdogs, configurable in
17779 system.conf.
17780
17781 * The scheduled shutdown logic now has a public API.
17782
17783 * We now mount /tmp as tmpfs by default, but this can be
17784 masked and /etc/fstab can override it.
17785
d28315e4 17786 * Since udisks does not make use of /media anymore we are not
ea5943d3
LP		 17787 mounting a tmpfs on it anymore.
17788
17789 * journalctl gained a new --local switch to only interleave
17790 locally generated journal files.
17791
17792 * We can now load the IMA policy at boot automatically.
17793
17794 * The GTK tools have been split off into a systemd-ui.
17795
79849bf9
LP		 17796 Contributions from: Andreas Schwab, Auke Kok, Ayan George,
17797 Colin Guthrie, Daniel Mack, Dave Reisner, David Ward, Elan
17798 Ruusamäe, Frederic Crozat, Gergely Nagy, Guillermo Vidal,
17799 Hannes Reinecke, Harald Hoyer, Javier Jardón, Kay Sievers,
17800 Lennart Poettering, Lucas De Marchi, Léo Gillot-Lamure,
17801 Marc-Antoine Perennou, Martin Pitt, Matthew Monaco, Maxim
17802 A. Mikityanskiy, Michael Biebl, Michael Olbrich, Michal
17803 Schmidt, Nis Martensen, Patrick McCarty, Roberto Sassu, Shawn
17804 Landden, Sjoerd Simons, Sven Anders, Tollef Fog Heen, Tom
17805 Gundersen
17806
16f1239e 17807CHANGES WITH 44:
b6a86739 17808
16f1239e
LP		 17809 * This is mostly a bugfix release
17810
17811 * Support optional initialization of the machine ID from the
17812 KVM or container configured UUID.
17813
17814 * Support immediate reboots with "systemctl reboot -ff"
17815
17816 * Show /etc/os-release data in systemd-analyze output
17817
ab06eef8 17818 * Many bugfixes for the journal, including endianness fixes and
16f1239e
LP		 17819 ensuring that disk space enforcement works
17820
ce830873 17821 * sd-login.h is C++ compatible again
16f1239e
LP		 17822
17823 * Extend the /etc/os-release format on request of the Debian
17824 folks
17825
17826 * We now refuse non-UTF8 strings used in various configuration
d28315e4 17827 and unit files. This is done to ensure we do not pass invalid
16f1239e
LP		 17828 data over D-Bus or expose it elsewhere.
17829
17830 * Register Mimo USB Screens as suitable for automatic seat
17831 configuration
17832
17833 * Read SELinux client context from journal clients in a race
17834 free fashion
17835
17836 * Reorder configuration file lookup order. /etc now always
17837 overrides /run in order to allow the administrator to always
b938cb90 17838 and unconditionally override vendor-supplied or
16f1239e
LP		 17839 automatically generated data.
17840
17841 * The various user visible bits of the journal now have man
17842 pages. We still lack man pages for the journal API calls
17843 however.
17844
17845 * We now ship all man pages in HTML format again in the
17846 tarball.
17847
17848 Contributions from: Dave Reisner, Dirk Eibach, Frederic
17849 Crozat, Harald Hoyer, Kay Sievers, Lennart Poettering, Marti
17850 Raudsepp, Michal Schmidt, Shawn Landden, Tero Roponen, Thierry
17851 Reding
17852
437b7dee 17853CHANGES WITH 43:
b6a86739 17854
437b7dee
LP		 17855 * This is mostly a bugfix release
17856
17857 * systems lacking /etc/os-release are no longer supported.
17858
17859 * Various functionality updates to libsystemd-login.so
17860
45afd519 17861 * Track class of PAM logins to distinguish greeters from
437b7dee
LP		 17862 normal user logins.
17863
17864 Contributions from: Kay Sievers, Lennart Poettering, Michael
17865 Biebl
17866
204fa33c 17867CHANGES WITH 42:
b6a86739 17868
204fa33c
LP		 17869 * This is an important bugfix release for v41.
17870
17871 * Building man pages is now optional which should be useful
17872 for those building systemd from git but unwilling to install
17873 xsltproc.
17874
17875 * Watchdog support for supervising services is now usable. In
17876 a future release support for hardware watchdogs
17877 (i.e. /dev/watchdog) will be added building on this.
17878
17879 * Service start rate limiting is now configurable and can be
17880 turned off per service. When a start rate limit is hit a
17881 reboot can automatically be triggered.
17882
17883 * New CanReboot(), CanPowerOff() bus calls in systemd-logind.
17884
17885 Contributions from: Benjamin Franzke, Bill Nottingham,
17886 Frederic Crozat, Lennart Poettering, Michael Olbrich, Michal
17887 Schmidt, Michał Górny, Piotr Drąg
17888
e0d25329 17889CHANGES WITH 41:
b6a86739 17890
e0d25329
KS		 17891 * The systemd binary is installed /usr/lib/systemd/systemd now;
17892 An existing /sbin/init symlink needs to be adapted with the
17893 package update.
17894
b13df964
LP		 17895 * The code that loads kernel modules has been ported to invoke
17896 libkmod directly, instead of modprobe. This means we do not
17897 support systems with module-init-tools anymore.
17898
17899 * Watchdog support is now already useful, but still not
17900 complete.
17901
17902 * A new kernel command line option systemd.setenv= is
17903 understood to set system wide environment variables
17904 dynamically at boot.
17905
e9c1ea9d 17906 * We now limit the set of capabilities of systemd-journald.
ccd07a08 17907
353e12c2
LP		 17908 * We now set SIGPIPE to ignore by default, since it only is
17909 useful in shell pipelines, and has little use in general
17910 code. This can be disabled with IgnoreSIPIPE=no in unit
17911 files.
17912
b13df964
LP		 17913 Contributions from: Benjamin Franzke, Kay Sievers, Lennart
17914 Poettering, Michael Olbrich, Michal Schmidt, Tom Gundersen,
17915 William Douglas
17916
d26e4270 17917CHANGES WITH 40:
b6a86739 17918
d26e4270
LP		 17919 * This is mostly a bugfix release
17920
17921 * We now expose the reason why a service failed in the
17922 "Result" D-Bus property.
17923
17924 * Rudimentary service watchdog support (will be completed over
17925 the next few releases.)
17926
17927 * When systemd forks off in order execute some service we will
17928 now immediately changes its argv[0] to reflect which process
17929 it will execute. This is useful to minimize the time window
17930 with a generic argv[0], which makes bootcharts more useful
17931
b13df964
LP		 17932 Contributions from: Alvaro Soliverez, Chris Paulson-Ellis, Kay
17933 Sievers, Lennart Poettering, Michael Olbrich, Michal Schmidt,
17934 Mike Kazantsev, Ray Strode
17935
220a21d3 17936CHANGES WITH 39:
b6a86739 17937
220a21d3
LP		 17938 * This is mostly a test release, but incorporates many
17939 bugfixes.
17940
17941 * New systemd-cgtop tool to show control groups by their
17942 resource usage.
17943
17944 * Linking against libacl for ACLs is optional again. If
17945 disabled, support tracking device access for active logins
17946 goes becomes unavailable, and so does access to the user
17947 journals by the respective users.
17948
17949 * If a group "adm" exists, journal files are automatically
17950 owned by them, thus allow members of this group full access
17951 to the system journal as well as all user journals.
17952
17953 * The journal now stores the SELinux context of the logging
17954 client for all entries.
17955
17956 * Add C++ inclusion guards to all public headers
17957
17958 * New output mode "cat" in the journal to print only text
17959 messages, without any meta data like date or time.
17960
17961 * Include tiny X server wrapper as a temporary stop-gap to
17962 teach XOrg udev display enumeration. This is used by display
17963 managers such as gdm, and will go away as soon as XOrg
17964 learned native udev hotplugging for display devices.
17965
17966 * Add new systemd-cat tool for executing arbitrary programs
17967 with STDERR/STDOUT connected to the journal. Can also act as
17968 BSD logger replacement, and does so by default.
17969
17970 * Optionally store all locally generated coredumps in the
17971 journal along with meta data.
17972
17973 * systemd-tmpfiles learnt four new commands: n, L, c, b, for
17974 writing short strings to files (for usage for /sys), and for
17975 creating symlinks, character and block device nodes.
17976
17977 * New unit file option ControlGroupPersistent= to make cgroups
17978 persistent, following the mechanisms outlined in
56cadcb6 17979 https://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups
220a21d3
LP		 17980
17981 * Support multiple local RTCs in a sane way
17982
17983 * No longer monopolize IO when replaying readahead data on
17984 rotating disks, since we might starve non-file-system IO to
17985 death, since fanotify() will not see accesses done by blkid,
17986 or fsck.
17987
d28315e4 17988 * Do not show kernel threads in systemd-cgls anymore, unless
220a21d3
LP		 17989 requested with new -k switch.
17990
17991 Contributions from: Dan Horák, Kay Sievers, Lennart
17992 Poettering, Michal Schmidt
17993
17994CHANGES WITH 38:
b6a86739 17995
220a21d3
LP		 17996 * This is mostly a test release, but incorporates many
17997 bugfixes.
17998
17999 * The git repository moved to:
18000 git://anongit.freedesktop.org/systemd/systemd
18001 ssh://git.freedesktop.org/git/systemd/systemd
18002
18003 * First release with the journal
dc7e580e 18004 https://0pointer.de/blog/projects/the-journal.html
220a21d3
LP		 18005
18006 * The journal replaces both systemd-kmsg-syslogd and
18007 systemd-stdout-bridge.
18008
18009 * New sd_pid_get_unit() API call in libsystemd-logind
18010
18011 * Many systemadm clean-ups
18012
18013 * Introduce remote-fs-pre.target which is ordered before all
18014 remote mounts and may be used to start services before all
18015 remote mounts.
18016
18017 * Added Mageia support
18018
18019 * Add bash completion for systemd-loginctl
18020
18021 * Actively monitor PID file creation for daemons which exit in
18022 the parent process before having finished writing the PID
18023 file in the daemon process. Daemons which do this need to be
18024 fixed (i.e. PID file creation must have finished before the
18025 parent exits), but we now react a bit more gracefully to them.
18026
18027 * Add colourful boot output, mimicking the well-known output
18028 of existing distributions.
18029
18030 * New option PassCredentials= for socket units, for
18031 compatibility with a recent kernel ABI breakage.
18032
18033 * /etc/rc.local is now hooked in via a generator binary, and
18034 thus will no longer act as synchronization point during
18035 boot.
18036
18037 * systemctl list-unit-files now supports --root=.
18038
18039 * systemd-tmpfiles now understands two new commands: z, Z for
18040 relabelling files according to the SELinux database. This is
18041 useful to apply SELinux labels to specific files in /sys,
18042 among other things.
18043
18044 * Output of SysV services is now forwarded to both the console
18045 and the journal by default, not only just the console.
18046
18047 * New man pages for all APIs from libsystemd-login.
18048
ce830873 18049 * The build tree got reorganized and the build system is a
220a21d3
LP		 18050 lot more modular allowing embedded setups to specifically
18051 select the components of systemd they are interested in.
18052
18053 * Support for Linux systems lacking the kernel VT subsystem is
18054 restored.
18055
18056 * configure's --with-rootdir= got renamed to
18057 --with-rootprefix= to follow the naming used by udev and
18058 kmod
18059
d28315e4 18060 * Unless specified otherwise we will now install to /usr instead
220a21d3
LP		 18061 of /usr/local by default.
18062
18063 * Processes with '@' in argv[0][0] are now excluded from the
18064 final shut-down killing spree, following the logic explained
18065 in:
a794a4d8 18066 https://systemd.io/ROOT_STORAGE_DAEMONS/
220a21d3
LP		 18067
18068 * All processes remaining in a service cgroup when we enter
18069 the START or START_PRE states are now killed with
18070 SIGKILL. That means it is no longer possible to spawn
18071 background processes from ExecStart= lines (which was never
18072 supported anyway, and bad style).
18073
18074 * New PropagateReloadTo=/PropagateReloadFrom= options to bind
18075 reloading of units together.
18076
4c8cd173 18077 Contributions from: Bill Nottingham, Daniel J. Walsh, Dave
220a21d3
LP		 18078 Reisner, Dexter Morgan, Gregs Gregs, Jonathan Nieder, Kay
18079 Sievers, Lennart Poettering, Michael Biebl, Michal Schmidt,
18080 Michał Górny, Ran Benita, Thomas Jarosch, Tim Waugh, Tollef
18081 Fog Heen, Tom Gundersen, Zbigniew Jędrzejewski-Szmek
Unnamed repository; edit this file 'description' to name the repository.