1 systemd System and Service Manager
3 CHANGES WITH 256 in spe:
5 Announcements of Future Feature Removals and Incompatible Changes:
7 * Previously, systemd-networkd did not explicitly remove any bridge VLAN
8 IDs assigned on bridge master and ports. Since v256, if a .network
9 file for an interface has at least one valid settings in [BridgeVLAN]
10 section, then all assigned VLAN IDs on the interface that are not
11 configured in the .network file are removed.
15 Announcements of Future Feature Removals and Incompatible Changes:
17 * Support for split-usr (/usr/ mounted separately during late boot,
18 instead of being mounted by the initrd before switching to the rootfs)
19 and unmerged-usr (parallel directories /bin/ and /usr/bin/, /lib/ and
20 /usr/lib/, …) has been removed. For more details, see:
21 https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html
23 * We intend to remove cgroup v1 support from a systemd release after
24 the end of 2023. If you run services that make explicit use of
25 cgroup v1 features (i.e. the "legacy hierarchy" with separate
26 hierarchies for each controller), please implement compatibility with
27 cgroup v2 (i.e. the "unified hierarchy") sooner rather than later.
28 Most of Linux userspace has been ported over already.
30 * Support for System V service scripts is now deprecated and will be
31 removed in a future release. Please make sure to update your software
32 *now* to include a native systemd unit file instead of a legacy
33 System V script to retain compatibility with future systemd releases.
35 * Support for the SystemdOptions EFI variable is deprecated.
36 'bootctl systemd-efi-options' will emit a warning when used. It seems
37 that this feature is little-used and it is better to use alternative
38 approaches like credentials and confexts. The plan is to drop support
39 altogether at a later point, but this might be revisited based on
42 * systemd-run's switch --expand-environment= which currently is disabled
43 by default when combined with --scope, will be changed in a future
44 release to be enabled by default.
46 * "systemctl switch-root" is now restricted to initrd transitions only.
48 Transitions between real systems should be done with
49 "systemctl soft-reboot" instead.
51 * The "ip=off" and "ip=none" kernel command line options interpreted by
52 systemd-network-generator will now result in IPv6RA + link-local
53 addressing being disabled, too. Previously DHCP was turned off, but
54 IPv6RA and IPv6 link-local addressing was left enabled.
56 * The NAMING_BRIDGE_MULTIFUNCTION_SLOT naming scheme has been deprecated
59 * SuspendMode=, HibernateState= and HybridSleepState= in the [Sleep]
60 section of systemd-sleep.conf are now deprecated and have no effect.
61 They did not (and could not) take any value other than the respective
62 default. HybridSleepMode= is also deprecated, and will now always use
63 the 'suspend' disk mode.
67 * The way services are spawned has been overhauled. Previously, a
68 process was forked that shared all of the manager's memory (via
69 copy-on-write) while doing all the required setup (e.g.: mount
70 namespaces, CGroup configuration, etc.) before exec'ing the target
71 executable. This was problematic for various reasons: several glibc
72 APIs were called that are not supposed to be used after a fork but
73 before an exec, copy-on-write meant that if either process (the
74 manager or the child) touched a memory page a copy was triggered, and
75 also the memory footprint of the child process was that of the
76 manager, but with the memory limits of the service. From this version
77 onward, the new process is spawned using CLONE_VM and CLONE_VFORK
78 semantics via posix_spawn(3), and it immediately execs a new internal
79 binary, systemd-executor, that receives the configuration to apply
80 via memfd, and sets up the process before exec'ing the target
81 executable. The systemd-executor binary is pinned by file descriptor
82 by each manager instance (system and users), and the reference is
83 updated on daemon-reexec - it is thus important to reexec all running
84 manager instances when the systemd-executor and/or libsystemd*
85 libraries are updated on the filesystem.
87 * Most of the internal process tracking is being changed to use PIDFDs
88 instead of PIDs when the kernel supports it, to improve robustness
91 * A new option SurviveFinalKillSignal= can be used to configure the
92 unit to be skipped in the final SIGTERM/SIGKILL spree on shutdown.
93 This is part of the required configuration to let a unit's processes
94 survive a soft-reboot operation.
96 * System extension images (sysext) can now set
97 EXTENSION_RELOAD_MANAGER=1 in their extension-release files to
98 automatically reload the service manager (PID 1) when
99 merging/refreshing/unmerging on boot. Generally, while this can be
100 used to ship services in system extension images it's recommended to
101 do that via portable services instead.
103 * The ExtensionImages= and ExtensionDirectories= options now support
104 confexts images/directories.
106 * A new option NFTSet= provides a method for integrating dynamic cgroup
107 IDs into firewall rules with NFT sets. The benefit of using this
108 setting is to be able to use control group as a selector in firewall
109 rules easily and this in turn allows more fine grained filtering.
110 Also, NFT rules for cgroup matching use numeric cgroup IDs, which
111 change every time a service is restarted, making them hard to use in
114 * A new option CoredumpReceive= can be set for service and scope units,
115 together with Delegate=yes, to make systemd-coredump on the host
116 forward core files from processes crashing inside the delegated
117 CGroup subtree to systemd-coredump running in the container. This new
118 option is by default used by systemd-nspawn containers that use the
121 * A new ConditionSecurity=measured-uki option is now available, to ensure
122 a unit can only run when the system has been booted from a measured UKI.
124 * MemoryAvailable= now considers physical memory if there are no CGroup
125 memory limits set anywhere in the tree.
127 * The $USER environment variable is now always set for services, while
128 previously it was only set if User= was specified. A new option
129 SetLoginEnvironment= is now supported to determine whether to also set
130 $HOME, $LOGNAME, and $SHELL.
132 * Socket units now support a new pair of
133 PollLimitBurst=/PollLimitInterval= options to configure a limit on
134 how often polling events on the file descriptors backing this unit
135 will be considered within a time window.
137 * Scope units can now be created using PIDFDs instead of PIDs to select
138 the processes they should include.
140 * Sending SIGRTMIN+18 with 0x500 as sigqueue() value will now cause the
141 manager to dump the list of currently pending jobs.
143 * If the kernel supports MOVE_MOUNT_BENEATH, the systemctl and
144 machinectl bind and mount-image verbs will now cause the new mount to
145 replace the old mount (if any), instead of overmounting it.
147 * Units now have MemoryPeak, MemorySwapPeak, MemorySwapCurrent and
148 MemoryZSwapCurrent properties, which respectively contain the values
149 of the cgroup v2's memory.peak, memory.swap.peak, memory.swap.current
150 and memory.zswap.current properties. This information is also shown in
151 "systemctl status" output, if available.
153 TPM2 Support + Disk Encryption & Authentication:
155 * systemd-cryptenroll now allows specifying a PCR bank and explicit hash
156 value in the --tpm2-pcrs= option.
158 * systemd-cryptenroll now allows specifying a TPM2 key handle (nv
159 index) to be used instead of the default SRK via the new
160 --tpm2-seal-key-handle= option.
162 * systemd-cryptenroll now allows TPM2 enrollment using only a TPM2
163 public key (in TPM2B_PUBLIC format) – without access to the TPM2
164 device itself – which enables offline sealing of LUKS images for a
165 specific TPM2 chip, as long as the SRK public key is known. Pass the
166 public to the tool via the new --tpm2-device-key= switch.
168 * systemd-cryptsetup is now installed in /usr/bin/ and is no longer an
169 internal-only executable.
171 * The TPM2 Storage Root Key will now be set up, if not already present,
172 by a new systemd-tpm2-setup.service early boot service. The SRK will
173 be stored in PEM format and TPM2_PUBLIC format (the latter is useful
174 for systemd-cryptenroll --tpm2-device-key=, as mentioned above) for
175 easier access. A new "srk" verb has been added to systemd-analyze to
176 allow extracting it on demand if it is already set up.
178 * The internal systemd-pcrphase executable has been renamed to
181 * The systemd-pcrextend tool gained a new --pcr= switch to override
182 which PCR to measure into.
184 * systemd-pcrextend now exposes a Varlink interface at
185 io.systemd.PCRExtend that can be used to do measurements and event
188 * TPM measurements are now also written to an event log at
189 /run/log/systemd/tpm2-measure.log, using a derivative of the TCG
190 Canonical Event Log format. Previously we'd only log them to the
191 journal, where they however were subject to rotation and similar.
193 * A new component "systemd-pcrlock" has been added that allows managing
194 local TPM2 PCR policies for PCRs 0-7 and similar, which are hard to
195 predict by the OS vendor because of the inherently local nature of
196 what measurements they contain, such as firmware versions of the
197 system and extension cards and suchlike. pcrlock can predict PCR
198 measurements ahead of time based on various inputs, such as the local
199 TPM2 event log, GPT partition tables, PE binaries, UKI kernels, and
200 various other things. It can then pre-calculate a TPM2 policy from
201 this, which it stores in an TPM2 NV index. TPM2 objects (such as disk
202 encryption keys) can be locked against this NV index, so that they
203 are locked against a specific combination of system firmware and
204 state. Alternatives for each component are supported to allowlist
205 multiple kernel versions or boot loader version simultaneously
206 without losing access to the disk encryption keys. The tool can also
207 be used to analyze and validate the local TPM2 event log.
208 systemd-cryptsetup, systemd-cryptenroll, systemd-repart have all been
209 updated to support such policies. There's currently no support for
210 locking the system's root disk against a pcrlock policy, this will be
211 added soon. Moreover, it is currently not possible to combine a
212 pcrlock policy with a signed PCR policy. This component is
213 experimental and its public interface is subject to change.
215 systemd-boot, systemd-stub, ukify, bootctl, kernel-install:
217 * bootctl will now show whether the system was booted from a UKI in its
220 * systemd-boot and systemd-stub now use different project keys in their
221 respective SBAT sections, so that they can be revoked individually if
224 * systemd-boot will no longer load unverified Devicetree blobs when UEFI
225 SecureBoot is enabled. For more details see:
226 https://github.com/systemd/systemd/security/advisories/GHSA-6m6p-rjcq-334c
228 * systemd-boot gained new hotkeys to reboot and power off the system
229 from the boot menu ("B" and "O"). If the "auto-poweroff" and
230 "auto-reboot" options in loader.conf are set these entries are also
231 shown as menu items (which is useful on devices lacking a regular
234 * systemd-boot gained a new configuration value "menu-disabled" for the
235 set-timeout option, to allow completely disabling the boot menu,
236 including the hotkey.
238 * systemd-boot will now measure the content of loader.conf in TPM2
241 * systemd-stub will now concatenate the content of all kernel
242 command-line addons before measuring them in TPM2 PCR 12, in a single
243 measurement, instead of measuring them individually.
245 * systemd-stub will now measure and load Devicetree Blob addons, which
246 are searched and loaded following the same model as the existing
247 kernel command-line addons.
249 * systemd-stub will now ignore unauthenticated kernel command line options
250 passed from systemd-boot when running inside Confidential VMs with UEFI
253 * systemd-stub will now load a Devicetree blob even if the firmware did
254 not load any beforehand (e.g.: for ACPI systems).
256 * ukify is no longer considered experimental, and now ships in /usr/bin/.
258 * ukify gained a new verb inspect to describe the sections of a UKI and
259 print the contents of the well-known sections.
261 * ukify gained a new verb genkey to generate a set of key pairs for
262 signing UKIs and their PCR data.
264 * The 90-loaderentry kernel-install hook now supports installing device
267 * kernel-install now supports the --json=, --root=, --image=, and
268 --image-policy= options for the inspect verb.
270 * kernel-install now supports new list and add-all verbs. The former
271 lists all installed kernel images (if those are available in
272 /usr/lib/modules/). The latter will install all the kernels it can
277 * A new option --copy-from= has been added that synthesizes partition
278 definitions from the given image, which are then applied by the
279 systemd-repart algorithm.
281 * A new option --copy-source= has been added, which can be used to specify
282 a directory to which CopyFiles= is considered relative to.
284 * New --make-ddi=confext, --make-ddi=sysext, and --make-ddi=portable
285 options have been added to make it easier to generate these types of
286 DDIs, without having to provide repart.d definitions for them.
288 * The dm-verity salt and UUID will now be derived from the specified
291 * New VerityDataBlockSizeBytes= and VerityHashBlockSizeBytes= can now be
292 configured in repart.d/ configuration files.
294 * A new Subvolumes= setting is now supported in repart.d/ configuration
295 files, to indicate which directories in the target partition should be
298 * A new --tpm2-device-key= option can be used to lock a disk against a
299 specific TPM2 public key. This matches the same switch the
300 systemd-cryptenroll tool now supports (see above).
304 * The journalctl --lines= parameter now accepts +N to show the oldest N
305 entries instead of the newest.
307 * journald now ensures that sealing happens once per epoch, and sets a
308 new compatibility flag to distinguish old journal files that were
309 created before this change, for backward compatibility.
313 * udev will now create symlinks to loopback block devices in the
314 /dev/disk/by-loop-ref/ directory that are based on the .lo_file_name
315 string field selected during allocation. The systemd-dissect tool and
316 the util-linux losetup command now supports a complementing new switch
317 --loop-ref= for selecting the string. This means a loopback block
318 device may now be allocated under a caller-chosen reference and can
319 subsequently be referenced without first having to look up the block
320 device name the caller ended up with.
322 * udev also creates symlinks to loopback block devices in the
323 /dev/disk/by-loop-inode/ directory based on the .st_dev/st_ino fields
324 of the inode attached to the loopback block device. This means that
325 attaching a file to a loopback device will implicitly make a handle
326 available to be found via that file's inode information.
328 * udevadm info gained support for JSON output via a new --json= flag, and
329 for filtering output using the same mechanism that udevadm trigger
332 * The predictable network interface naming logic is extended to include
333 the SR-IOV-R "representor" information in network interface names.
334 This feature was intended for v254, but even though the code was
335 merged, the part that actually enabled the feature was forgotten.
336 It is now enabled by default and is part of the new "v255" naming
339 * A new hwdb/rules file has been added that sets the
340 ID_NET_AUTO_LINK_LOCAL_ONLY=1 udev property on all network interfaces
341 that should usually only be configured with link-local addressing
342 (IPv4LL + IPv6LL), i.e. for PC-to-PC cables ("laplink") or
343 Thunderbolt networking. systemd-networkd and NetworkManager (soon)
344 will make use of this information to apply an appropriate network
345 configuration by default.
347 * The ID_NET_DRIVER property on network interfaces is now set
348 relatively early in the udev rule set so that other rules may rely on
349 its use. This is implemented in a new "net-driver" udev built-in.
353 * The "duid-only" option for DHCPv4 client's ClientIdentifier= setting
354 is now dropped, as it never worked, hence it should not be used by
357 * The 'prefixstable' ipv6 address generation mode now considers the SSID
358 when generating stable addresses, so that a different stable address
359 is used when roaming between wireless networks. If you already use
360 'prefixstable' addresses with wireless networks, the stable address
361 will be changed by the update.
363 * The DHCPv4 client gained a RapidCommit option, true by default, which
364 enables RFC4039 Rapid Commit behavior to obtain a lease in a
365 simplified 2-message exchange instead of the typical 4-message
366 exchange, if also supported by the DHCP server.
368 * The DHCPv4 client gained new InitialCongestionWindow= and
369 InitialAdvertisedReceiveWindow= options for route configurations.
371 * The DHCPv4 client gained a new RequestAddress= option that allows
372 to send a preferred IP address in the initial DHCPDISCOVER message.
374 * The DHCPv4 server and client gained support for IPv6-only mode
377 * The SendHostname= and Hostname= options are now available for the
378 DHCPv6 client, independently of the DHCPv4= option, so that these
379 configuration values can be set independently for each client.
381 * The DHCPv4 and DHCPv6 client state can now be queried via D-Bus,
382 including lease information.
384 * The DHCPv6 client can now be configured to use a custom DUID type.
386 * .network files gained a new IPv4ReversePathFilter= setting in the
387 [Network] section, to control sysctl's rp_filter setting.
389 * .network files gaiend a new HopLimit= setting in the [Route] section,
390 to configure a per-route hop limit.
392 * .network files gained a new TCPRetransmissionTimeoutSec= setting in
393 the [Route] section, to configure a per-route TCP retransmission
396 * A new directive NFTSet= provides a method for integrating network
397 configuration into firewall rules with NFT sets. The benefit of using
398 this setting is that static network configuration or dynamically
399 obtained network addresses can be used in firewall rules with the
400 indirection of NFT set types.
402 * The [IPv6AcceptRA] section supports the following new options:
403 UsePREF64=, UseHopLimit=, UseICMP6RateLimit=, and NFTSet=.
405 * The [IPv6SendRA] section supports the following new options:
406 RetransmitSec=, HopLimit=, HomeAgent=, HomeAgentLifetimeSec=, and
407 HomeAgentPreference=.
409 * A new [IPv6PREF64Prefix] set of options, containing Prefix= and
410 LifetimeSec=, has been introduced to append pref64 options in router
411 advertisements (RFC8781).
413 * The network generator now configures the interfaces with only
414 link-local addressing if "ip=link-local" is specified on the kernel
417 * The prefix of the configuration files generated by the network
418 generator from the kernel command line is now prefixed with '70-',
419 to make them have higher precedence over the default configuration
422 * Added a new -Ddefault-network=BOOL meson option, that causes more
423 .network files to be installed as enabled by default. These configuration
424 files will which match generic setups, e.g. 89-ethernet.network matches
425 all Ethernet interfaces and enables both DHCPv4 and DHCPv6 clients.
427 * If a ID_NET_MANAGED_BY= udev property is set on a network device and
428 it is any other string than "io.systemd.Network" then networkd will
429 not manage this device. This may be used to allow multiple network
430 management services to run in parallel and assign ownership of
431 specific devices explicitly. NetworkManager will soon implement a
436 * systemctl is-failed now checks the system state if no unit is
439 * systemctl will now automatically soft-reboot if a new root file system
440 is found under /run/nextroot/ when a reboot operation is invoked.
444 * Wall messages now work even when utmp support is disabled, using
445 systemd-logind to query the necessary information.
447 * systemd-logind now sends a new PrepareForShutdownWithMetadata D-Bus
448 signal before shutdown/reboot/soft-reboot that includes additional
449 information compared to the PrepareForShutdown signal. Currently the
450 additional information is the type of operation that is about to be
453 Hibernation & Suspend:
455 * The kernel and OS versions will no longer be checked on resume from
458 * Hibernation into swap files backed by btrfs are now
459 supported. (Previously this was supported only for other file
464 * A new systemd-vmspawn tool has been added, that aims to provide for VMs
465 the same interfaces and functionality that systemd-nspawn provides for
466 containers. For now it supports QEMU as a backend, and exposes some of
467 its options to the user. This component is experimental and its public
468 interface is subject to change.
470 * "systemd-analyze plot" has gained tooltips on each unit name with
471 related-unit information in its svg output, such as Before=,
472 Requires=, and similar properties.
474 * A new varlinkctl tool has been added to allow interfacing with
475 Varlink services, and introspection has been added to all such
476 services. This component is experimental and its public interface is
479 * systemd-sysext and systemd-confext now expose a Varlink service
480 at io.systemd.sysext.
482 * portable services now accept confexts as extensions.
484 * systemd-sysupdate now accepts directories in the MatchPattern= option.
486 * systemd-run will now output the invocation ID of the launched
487 transient unit and its peak memory usage.
489 * systemd-analyze, systemd-tmpfiles, systemd-sysusers, systemd-sysctl,
490 and systemd-binfmt gained a new --tldr option that can be used instead
491 of --cat-config to suppress uninteresting configuration lines, such as
492 comments and whitespace.
494 * resolvectl gained a new "show-server-state" command that shows
495 current statistics of the resolver. This is backed by a new
496 DumpStatistics() Varlink method provided by systemd-resolved.
498 * systemd-timesyncd will now emit a D-Bus signal when the LinkNTPServers
501 * vconsole now supports KEYMAP=@kernel for preserving the kernel keymap
504 * seccomp now supports the LoongArch64 architecture.
506 * seccomp may now be enabled for services running as a non-root User=
507 without NoNewPrivileges=yes.
509 * systemd-id128 now supports a new -P option to show only values. The
510 combination of -P and --app options is also supported.
512 * A new pam_systemd_loadkey.so PAM module is now available, which will
513 automatically fetch the passphrase used by cryptsetup to unlock the
514 root file system and set it as the PAM authtok. This enables, among
515 other things, configuring auto-unlock of the GNOME Keyring / KDE
516 Wallet when autologin is configured.
518 * Many meson options now use the 'feature' type, which means they
519 take enabled/disabled/auto as values.
521 * A new meson option -Dconfigfiledir= can be used to change where
522 configuration files with default values are installed to.
524 * Options and verbs in man pages are now tagged with the version they
525 were first introduced in.
527 * A new component "systemd-storagetm" has been added, which exposes all
528 local block devices as NVMe-TCP devices, fully automatically. It's
529 hooked into a new target unit storage-target-mode.target that is
530 suppsoed to be booted into via
531 rd.systemd.unit=storage-target-mode.target on the kernel command
532 line. This is intended to be used for installers and debugging to
533 quickly get access to the local disk. It's inspired by MacOS "target
534 disk mode". This component is experimental and its public interface is
537 * A new component "systemd-bsod" has been added, which can show logged
538 error messages full screen, if they have a log level of LOG_EMERG log
539 level. This component is experimental and its public interface is
542 * The systemd-dissect tool's --with command will now set the
543 $SYSTEMD_DISSECT_DEVICE environment variable to the block device it
544 operates on for the invoked process.
546 * The systemd-mount tool gained a new --tmpfs switch for mounting a new
547 'tmpfs' instance. This is useful since it does so via .mount units
548 and thus can be executed remotely or in containers.
550 * The various tools in systemd that take "verbs" (such as systemctl,
551 loginctl, machinectl, …) now will suggest a close verb name in case
552 the user specified an unrecognized one.
554 * libsystemd now exports a new function sd_id128_get_app_specific()
555 that generates "app-specific" 128bit IDs from any ID. It's similar to
556 sd_id128_get_machine_app_specific() and
557 sd_id128_get_boot_app_specific() but takes the ID to base calculation
558 on as input. This new functionality is also exposed in the
559 "systemd-id128" tool where you can now combine --app= with `show`.
561 * All tools that parse timestamps now can also parse RFC3339 style
562 timestamps that include the "T" and Z" characters.
564 * New documentation has been added:
566 https://systemd.io/FILE_DESCRIPTOR_STORE
567 https://systemd.io/TPM2_PCR_MEASUREMENTS
568 https://systemd.io/MOUNT_REQUIREMENTS
570 * The codebase now recognizes the suffix .confext.raw and .sysext.raw
571 as alternative to the .raw suffix generally accepted for DDIs. It is
572 recommended to name configuration extensions and system extensions
573 with such suffixes, to indicate their purpose in the name.
575 * The sd-device API gained a new function
576 sd_device_enumerator_add_match_property_required() which allows
577 configuring matches on properties that are strictly required. This is
578 different from the existing sd_device_enumerator_add_match_property()
579 matches of which one one needs to apply.
581 * The MAC address the veth side of an nspawn container shall get
582 assigned may now be controlled via the $SYSTEMD_NSPAWN_NETWORK_MAC
583 environment variable.
585 * The libiptc dependency is now implemented via dlopen(), so that tools
586 such as networkd and nspawn no longer have a hard dependency on the
587 shared library when compiled with support for libiptc.
589 * New rpm macros have been added: %systemd_user_daemon_reexec does
590 daemon-reexec for all user managers, and %systemd_postun_with_reload
591 and %systemd_user_postun_with_reload do a reload for system and user
594 * coredumpctl now propagates SIGTERM to the debugger process.
596 Contributions from: 김인수, Abderrahim Kitouni, Adam Goldman,
597 Adam Williamson, Alexandre Peixoto Ferreira, Alex Hudspith,
598 Alvin Alvarado, André Paiusco, Antonio Alvarez Feijoo,
599 Anton Lundin, Arian van Putten, Arseny Maslennikov, Arthur Shau,
600 Balázs Úr, beh_10257, Benjamin Peterson, Bertrand Jacquin,
601 Brian Norris, Charles Lee, Cheng-Chia Tseng, Chris Patterson,
602 Christian Hergert, Christian Hesse, Christian Kirbach,
603 Clayton Craft, commondservice, cunshunxia, Curtis Klein, cvlc12,
604 Daan De Meyer, Daniele Medri, Daniel P. Berrangé, Daniel Rusek,
605 Daniel Thompson, Dan Nicholson, Dan Streetman, David Rheinsberg,
606 David Santamaría Rogado, David Tardon, dependabot[bot],
607 Diego Viola, Dmitry V. Levin, Emanuele Giuseppe Esposito,
608 Emil Renner Berthing, Emil Velikov, Etienne Dechamps, Fabian Vogt,
609 felixdoerre, Felix Dörre, Florian Schmaus, Franck Bui,
610 Frantisek Sumsal, G2-Games, Gioele Barabucci, Hugo Carvalho,
611 huyubiao, Iago López Galeiras, IllusionMan1212, Jade Lovelace,
612 janana, Jan Janssen, Jan Kuparinen, Jan Macku, Jeremy Fleischman,
613 Jin Liu, jjimbo137, Joerg Behrmann, Johannes Segitz, Jordan Rome,
614 Jordan Williams, Julien Malka, Juno Computers, Khem Raj, khm,
615 Kingbom Dou, Kiran Vemula, Krzesimir Nowak, Laszlo Gombos,
616 Lennart Poettering, linuxlion, Luca Boccassi, Lucas Adriano Salles,
617 Lukas, Lukáš Nykrýn, Maanya Goenka, Maarten, Malte Poll,
618 Marc Pervaz Boocha, Martin Beneš, Martin Joerg, Martin Wilck,
619 Mathieu Tortuyaux, Matthias Schiffer, Maxim Mikityanskiy,
620 Max Kellermann, Michael A Cassaniti, Michael Biebl, Michael Kuhn,
621 Michael Vasseur, Michal Koutný, Michal Sekletár, Mike Yuan,
622 Milton D. Miller II, mordner, msizanoen, NAHO, Nandakumar Raghavan,
623 Neil Wilson, Nick Rosbrook, Nils K, NRK, Oğuz Ersen,
624 Omojola Joshua, onenowy, Paul Meyer, Paymon MARANDI, pelaufer,
625 Peter Hutterer, PhylLu, Pierre GRASSER, Piotr Drąg, Priit Laes,
626 Rahil Bhimjiani, Raito Bezarius, Raul Cheleguini, Reto Schneider,
627 Richard Maw, Robby Red, RoepLuke, Roland Hieber, Roland Singer,
628 Ronan Pigott, Sam James, Sam Leonard, Sergey A, Susant Sahani,
629 Sven Joachim, Tad Fisher, Takashi Sakamoto, Thorsten Kukuk, Tj,
630 Tomasz Świątek, Topi Miettinen, Valentin David,
631 Valentin Lefebvre, Victor Westerhuis, Vincent Haupert,
632 Vishal Chillara Srinivas, Vito Caputo, Warren, Weblate,
633 Xiaotian Wu, xinpeng wang, Yaron Shahrabani, Yo-Jung Lin,
634 Yu Watanabe, Zbigniew Jędrzejewski-Szmek, zeroskyx,
635 Дамјан Георгиевски, наб
637 — Edinburgh, 2023-12-06
641 Announcements of Future Feature Removals and Incompatible Changes:
643 * The next release (v255) will remove support for split-usr (/usr/
644 mounted separately during late boot, instead of being mounted by the
645 initrd before switching to the rootfs) and unmerged-usr (parallel
646 directories /bin/ and /usr/bin/, /lib/ and /usr/lib/, …). For more
648 https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html
650 * We intend to remove cgroup v1 support from a systemd release after
651 the end of 2023. If you run services that make explicit use of
652 cgroup v1 features (i.e. the "legacy hierarchy" with separate
653 hierarchies for each controller), please implement compatibility with
654 cgroup v2 (i.e. the "unified hierarchy") sooner rather than later.
655 Most of Linux userspace has been ported over already.
657 * Support for System V service scripts is now deprecated and will be
658 removed in a future release. Please make sure to update your software
659 *now* to include a native systemd unit file instead of a legacy
660 System V script to retain compatibility with future systemd releases.
662 * Support for the SystemdOptions EFI variable is deprecated.
663 'bootctl systemd-efi-options' will emit a warning when used. It seems
664 that this feature is little-used and it is better to use alternative
665 approaches like credentials and confexts. The plan is to drop support
666 altogether at a later point, but this might be revisited based on
669 * EnvironmentFile= now treats the line following a comment line
670 trailing with escape as a non comment line. For details, see:
671 https://github.com/systemd/systemd/issues/27975
673 * PrivateNetwork=yes and NetworkNamespacePath= now imply
674 PrivateMounts=yes unless PrivateMounts=no is explicitly specified.
676 * Behaviour of sandboxing options for the per-user service manager
677 units has changed. They now imply PrivateUsers=yes, which means user
678 namespaces will be implicitly enabled when a sandboxing option is
679 enabled in a user unit. Enabling user namespaces has the drawback
680 that system users will no longer be visible (and processes/files will
681 appear as owned by 'nobody') in the user unit.
683 By definition a sandboxed user unit should run with reduced
684 privileges, so impact should be small. This will remove a great
685 source of confusion that has been reported by users over the years,
686 due to how these options require an extra setting to be manually
687 enabled when used in the per-user service manager, which is not
688 needed in the system service manager. For more details, see:
689 https://lists.freedesktop.org/archives/systemd-devel/2022-December/048682.html
691 * systemd-run's switch --expand-environment= which currently is disabled
692 by default when combined with --scope, will be changed in a future
693 release to be enabled by default.
695 Security Relevant Changes:
697 * pam_systemd will now by default pass the CAP_WAKE_ALARM ambient
698 process capability to invoked session processes of regular users on
699 local seats (as well as to systemd --user), unless configured
700 otherwise via data from JSON user records, or via the PAM module's
701 parameter list. This is useful in order allow desktop tools such as
702 GNOME's Alarm Clock application to set a timer for
703 CLOCK_REALTIME_ALARM that wakes up the system when it elapses. A
704 per-user service unit file may thus use AmbientCapability= to pass
705 the capability to invoked processes. Note that this capability is
706 relatively narrow in focus (in particular compared to other process
707 capabilities such as CAP_SYS_ADMIN) and we already — by default —
708 permit more impactful operations such as system suspend to local
713 * Memory limits that apply while the unit is activating are now
714 supported. Previously IO and CPU settings were already supported via
715 StartupCPUWeight= and similar. The same logic has been added for the
716 various manager and unit memory settings (DefaultStartupMemoryLow=,
717 StartupMemoryLow=, StartupMemoryHigh=, StartupMemoryMax=,
718 StartupMemorySwapMax=, StartupMemoryZSwapMax=).
720 * The service manager gained support for enqueuing POSIX signals to
721 services that carry an additional integer value, exposing the
722 sigqueue() system call. This is accessible via new D-Bus calls
723 org.freedesktop.systemd1.Manager.QueueSignalUnit() and
724 org.freedesktop.systemd1.Unit.QueueSignal(), as well as in systemctl
725 via the new --kill-value= option.
727 * systemctl gained a new "list-paths" verb, which shows all currently
728 active .path units, similarly to how "systemctl list-timers" shows
729 active timers, and "systemctl list-sockets" shows active sockets.
731 * systemctl gained a new --when= switch which is honoured by the various
732 forms of shutdown (i.e. reboot, kexec, poweroff, halt) and allows
733 scheduling these operations by time, similar in fashion to how this
734 has been supported by SysV shutdown.
736 * If MemoryDenyWriteExecute= is enabled for a service and the kernel
737 supports the new PR_SET_MDWE prctl() call, it is used instead of the
738 seccomp()-based system call filter to achieve the same effect.
740 * A new set of kernel command line options is now understood:
741 systemd.tty.term.<name>=, systemd.tty.rows.<name>=,
742 systemd.tty.columns.<name>= allow configuring the TTY type and
743 dimensions for the tty specified via <name>. When systemd invokes a
744 service on a tty (via TTYName=) it will look for these and configure
745 the TTY accordingly. This is particularly useful in VM environments
746 to propagate host terminal settings into the appropriate TTYs of the
749 * A new RootEphemeral= setting is now understood in service units. It
750 takes a boolean argument. If enabled for services that use RootImage=
751 or RootDirectory= an ephemeral copy of the disk image or directory
752 tree is made when the service is started. It is removed automatically
753 when the service is stopped. That ephemeral copy is made using
754 btrfs/xfs reflinks or btrfs snapshots, if available.
756 * The service activation logic gained new settings RestartSteps= and
757 RestartMaxDelaySec= which allow exponentially-growing restart
758 intervals for Restart=.
760 * The service activation logic gained a new setting RestartMode= which
761 can be set to 'direct' to skip the inactive/failed states when
762 restarting, so that dependent units are not notified until the service
763 converges to a final (successful or failed) state. For example, this
764 means that OnSuccess=/OnFailure= units will not be triggered until the
765 service state has converged.
767 * PID 1 will now automatically load the virtio_console kernel module
768 during early initialization if running in a suitable VM. This is done
769 so that early-boot logging can be written to the console if available.
771 * Similarly, virtio-vsock support is loaded early in suitable VM
772 environments. PID 1 will send sd_notify() notifications via AF_VSOCK
773 to the VMM if configured, thus loading this early is beneficial.
775 * A new verb "fdstore" has been added to systemd-analyze to show the
776 current contents of the file descriptor store of a unit. This is
777 backed by a new D-Bus call DumpUnitFileDescriptorStore() provided by
780 * The service manager will now set a new $FDSTORE environment variable
781 when invoking processes for services that have the file descriptor
784 * A new service option FileDescriptorStorePreserve= has been added that
785 allows tuning the lifecycle of the per-service file descriptor store.
786 If set to "yes", the entries in the fd store are retained even after
787 the service has been fully stopped.
789 * The "systemctl clean" command may now be used to clear the fdstore of
792 * Unit *.preset files gained a new directive "ignore", in addition to
793 the existing "enable" and "disable". As the name suggests, matching
794 units are left unchanged, i.e. neither enabled nor disabled.
796 * Service units gained a new setting DelegateSubgroup=. It takes the
797 name of a sub-cgroup to place any processes the service manager forks
798 off in. Previously, the service manager would place all service
799 processes directly in the top-level cgroup it created for the
800 service. This usually meant that main process in a service with
801 delegation enabled would first have to create a subgroup and move
802 itself down into it, in order to not conflict with the "no processes
803 in inner cgroups" rule of cgroup v2. With this option, this step is
804 now handled by PID 1.
806 * The service manager will now look for .upholds/ directories,
807 similarly to the existing support for .wants/ and .requires/
808 directories. Symlinks in this directory result in Upholds=
811 The [Install] section of unit files gained support for a new
812 UpheldBy= directive to generate .upholds/ symlinks automatically when
815 * The service manager now supports a new kernel command line option
816 systemd.default_device_timeout_sec=, which may be used to override
817 the default timeout for .device units.
819 * A new "soft-reboot" mechanism has been added to the service manager.
820 A "soft reboot" is similar to a regular reboot, except that it
821 affects userspace only: the service manager shuts down any running
822 services and other units, then optionally switches into a new root
823 file system (mounted to /run/nextroot/), and then passes control to a
824 systemd instance in the new file system which then starts the system
825 up again. The kernel is not rebooted and neither is the hardware,
826 firmware or boot loader. This provides a fast, lightweight mechanism
827 to quickly reset or update userspace, without the latency that a full
828 system reset involves. Moreover, open file descriptors may be passed
829 across the soft reboot into the new system where they will be passed
830 back to the originating services. This allows pinning resources
831 across the reboot, thus minimizing grey-out time further. This new
832 reboot mechanism is accessible via the new "systemctl soft-reboot"
835 * Services using RootDirectory= or RootImage= will now have read-only
836 access to a copy of the host's os-release file under
837 /run/host/os-release, which will be kept up-to-date on 'soft-reboot'.
838 This was already the case for Portable Services, and the feature has
839 now been extended to all services that do not run off the host's
842 * A new service setting MemoryKSM= has been added to enable kernel
843 same-page merging individually for services.
845 * A new service setting ImportCredentials= has been added that augments
846 LoadCredential= and LoadCredentialEncrypted= and searches for
847 credentials to import from the system, and supports globbing.
849 * A new job mode "restart-dependencies" has been added to the service
850 manager (exposed via systemctl --job-mode=). It is only valid when
851 used with "start" jobs, and has the effect that the "start" job will
852 be propagated as "restart" jobs to currently running units that have
853 a BindsTo= or Requires= dependency on the started unit.
855 * A new verb "whoami" has been added to "systemctl" which determines as
856 part of which unit the command is being invoked. It writes the unit
857 name to standard output. If one or more PIDs are specified reports
858 the unit names the processes referenced by the PIDs belong to.
860 * The system and service credential logic has been improved: there's
861 now a clearly defined place where system provisioning tools running
862 in the initrd can place credentials that will be imported into the
863 system's set of credentials during the initrd → host transition: the
864 /run/credentials/@initrd/ directory. Once the credentials placed
865 there are imported into the system credential set they are deleted
866 from this directory, and the directory itself is deleted afterwards
869 * A new kernel command line option systemd.set_credential_binary= has
870 been added, that is similar to the pre-existing
871 systemd.set_credential= but accepts arbitrary binary credential data,
872 encoded in Base64. Note that the kernel command line is not a
873 recommend way to transfer credentials into a system, since it is
874 world-readable from userspace.
876 * The default machine ID to use may now be configured via the
877 system.machine_id system credential. It will only be used if no
878 machine ID was set yet on the host.
880 * On Linux kernel 6.4 and newer system and service credentials will now
881 be placed in a tmpfs instance that has the "noswap" mount option
882 set. Previously, a "ramfs" instance was used. By switching to tmpfs
883 ACL support and overall size limits can now be enforced, without
884 compromising on security, as the memory is never paged out either
887 * The service manager now can detect when it is running in a
888 'Confidential Virtual Machine', and a corresponding 'cvm' value is now
889 accepted by ConditionSecurity= for units that want to conditionalize
890 themselves on this. systemd-detect-virt gained new 'cvm' and
891 '--list-cvm' switches to respectively perform the detection or list
892 all known flavours of confidential VM, depending on the vendor. The
893 manager will publish a 'ConfidentialVirtualization' D-Bus property,
894 and will also set a SYSTEMD_CONFIDENTIAL_VIRTUALIZATION= environment
895 variable for unit generators. Finally, udev rules can match on a new
896 'cvm' key that will be set when in a confidential VM.
897 Additionally, when running in a 'Confidential Virtual Machine', SMBIOS
898 strings and QEMU's fw_cfg protocol will not be used to import
899 credentials and kernel command line parameters by the system manager,
900 systemd-boot and systemd-stub, because the hypervisor is considered
901 untrusted in this particular setting.
905 * The sd-journal API gained a new call sd_journal_get_seqnum() to
906 retrieve the current log record's sequence number and sequence number
907 ID, which allows applications to order records the same way as
908 journal does internally. The sequence number is now also exported in
909 the JSON and "export" output of the journal.
911 * journalctl gained a new switch --truncate-newline. If specified
912 multi-line log records will be truncated at the first newline,
913 i.e. only the first line of each log message will be shown.
915 * systemd-journal-upload gained support for --namespace=, similar to
916 the switch of the same name of journalctl.
920 * systemd-repart's drop-in files gained a new ExcludeFiles= option which
921 may be used to exclude certain files from the effect of CopyFiles=.
923 * systemd-repart's Verity support now implements the Minimize= setting
924 to minimize the size of the resulting partition.
926 * systemd-repart gained a new --offline= switch, which may be used to
927 control whether images shall be built "online" or "offline",
928 i.e. whether to make use of kernel facilities such as loopback block
929 devices and device mapper or not.
931 * If systemd-repart is told to populate a newly created ESP or XBOOTLDR
932 partition with some files, it will now default to VFAT rather than
935 * systemd-repart gained a new --architecture= switch. If specified, the
936 per-architecture GPT partition types (i.e. the root and /usr/
937 partitions) configured in the partition drop-in files are
938 automatically adjusted to match the specified CPU architecture, in
939 order to simplify cross-architecture DDI building.
941 * systemd-repart will now default to a minimum size of 300MB for XFS
942 filesystems if no size parameter is specified. This matches what the
943 XFS tools (xfsprogs) can support.
945 systemd-boot, systemd-stub, ukify, bootctl, kernel-install:
947 * gnu-efi is no longer required to build systemd-boot and systemd-stub.
948 Instead, pyelftools is now needed, and it will be used to perform the
949 ELF -> PE relocations at build time.
951 * bootctl gained a new switch --print-root-device/-R that prints the
952 block device the root file system is backed by. If specified twice,
953 it returns the whole disk block device (as opposed to partition block
954 device) the root file system is on. It's useful for invocations such
955 as "cfdisk $(bootctl -RR)" to quickly show the partition table of the
958 * systemd-stub will now look for the SMBIOS Type 1 field
959 "io.systemd.stub.kernel-cmdline-extra" and append its value to the
960 kernel command line it invokes. This is useful for VMMs such as qemu
961 to pass additional kernel command lines into the system even when
962 booting via full UEFI. The contents of the field are measured into
965 * The KERNEL_INSTALL_LAYOUT= setting for kernel-install gained a new
966 value "auto". With this value, a kernel will be automatically
967 analyzed, and if it qualifies as UKI, it will be installed as if the
968 setting was to set to "uki", otherwise as "bls".
970 * systemd-stub can now optionally load UEFI PE "add-on" images that may
971 contain additional kernel command line information. These "add-ons"
972 superficially look like a regular UEFI executable, and are expected
973 to be signed via SecureBoot/shim. However, they do not actually
974 contain code, but instead a subset of the PE sections that UKIs
975 support. They are supposed to provide a way to extend UKIs with
976 additional resources in a secure and authenticated way. Currently,
977 only the .cmdline PE section may be used in add-ons, in which case
978 any specified string is appended to the command line embedded into
979 the UKI itself. A new 'addon<EFI-ARCH>.efi.stub' is now provided that
980 can be used to trivially create addons, via 'ukify' or 'objcopy'. In
981 the future we expect other sections to be made extensible like this as
984 * ukify has been updated to allow building these UEFI PE "add-on"
985 images, using the new 'addon<EFI-ARCH>.efi.stub'.
987 * ukify now accepts SBAT information to place in the .sbat PE section
988 of UKIs and addons. If a UKI is built the SBAT information from the
989 inner kernel is merged with any SBAT information associated with
990 systemd-stub and the SBAT data specified on the ukify command line.
992 * The kernel-install script has been rewritten in C, and reuses much of
993 the infrastructure of existing tools such as bootctl. It also gained
994 --esp-path= and --boot-path= options to override the path to the ESP,
995 and the $BOOT partition. Options --make-entry-directory= and
996 --entry-token= have been added as well, similar to bootctl's options
999 * A new kernel-install plugin 60-ukify has been added which will
1000 combine kernel/initrd locally into a UKI and optionally sign them
1001 with a local key. This may be used to switch to UKI mode even on
1002 systems where a local kernel or initrd is used. (Typically UKIs are
1003 built and signed by the vendor.)
1005 * The ukify tool now supports "pesign" in addition to the pre-existing
1006 "sbsign" for signing UKIs.
1008 * systemd-measure and systemd-stub now look for the .uname PE section
1009 that should contain the kernel's "uname -r" string.
1011 * systemd-measure and ukify now calculate expected PCR hashes for a UKI
1012 "offline", i.e. without access to a TPM (physical or
1015 Memory Pressure & Control:
1017 * The sd-event API gained new calls sd_event_add_memory_pressure(),
1018 sd_event_source_set_memory_pressure_type(),
1019 sd_event_source_set_memory_pressure_period() to create and configure
1020 an event source that is called whenever the OS signals memory
1021 pressure. Another call sd_event_trim_memory() is provided that
1022 compacts the process' memory use by releasing allocated but unused
1023 malloc() memory back to the kernel. Services can also provide their
1024 own custom callback to do memory trimming. This should improve system
1025 behaviour under memory pressure, as on Linux traditionally provided
1026 no mechanism to return process memory back to the kernel if the
1027 kernel was under memory pressure. This makes use of the kernel's PSI
1028 interface. Most long-running services in systemd have been hooked up
1029 with this, and in particular systems with low memory should benefit
1032 * Service units gained new settings MemoryPressureWatch= and
1033 MemoryPressureThresholdSec= to configure the PSI memory pressure
1034 logic individually. If these options are used, the
1035 $MEMORY_PRESSURE_WATCH and $MEMORY_PRESSURE_WRITE environment
1036 variables will be set for the invoked processes to inform them about
1037 the requested memory pressure behaviour. (This is used by the
1038 aforementioned sd-events API additions, if set.)
1040 * systemd-analyze gained a new "malloc" verb that shows the output
1041 generated by glibc's malloc_info() on services that support it. Right
1042 now, only the service manager has been updated accordingly. This
1043 call requires privileges.
1045 User & Session Management:
1047 * The sd-login API gained a new call sd_session_get_username() to
1048 return the user name of the owner of a login session. It also gained
1049 a new call sd_session_get_start_time() to retrieve the time the login
1050 session started. A new call sd_session_get_leader() has been added to
1051 return the PID of the "leader" process of a session. A new call
1052 sd_uid_get_login_time() returns the time since the specified user has
1053 most recently been continuously logged in with at least one session.
1055 * JSON user records gained a new set of fields capabilityAmbientSet and
1056 capabilityBoundingSet which contain a list of POSIX capabilities to
1057 set for the logged in users in the ambient and bounding sets,
1058 respectively. homectl gained the ability to configure these two sets
1059 for users via --capability-bounding-set=/--capability-ambient-set=.
1061 * pam_systemd learnt two new module options
1062 default-capability-bounding-set= and default-capability-ambient-set=,
1063 which configure the default bounding sets for users as they are
1064 logging in, if the JSON user record doesn't specify this explicitly
1065 (see above). The built-in default for the ambient set now contains
1066 the CAP_WAKE_ALARM, thus allowing regular users who may log in
1067 locally to resume from a system suspend via a timer.
1069 * The Session D-Bus objects systemd-logind gained a new SetTTY() method
1070 call to update the TTY of a session after it has been allocated. This
1071 is useful for SSH sessions which are typically allocated first, and
1072 for which a TTY is added later.
1074 * The sd-login API gained a new call sd_pid_notifyf_with_fds() which
1075 combines the various other sd_pid_notify() flavours into one: takes a
1076 format string, an overriding PID, and a set of file descriptors to
1077 send. It also gained a new call sd_pid_notify_barrier() call which is
1078 equivalent to sd_notify_barrier() but allows the originating PID to
1081 * "loginctl list-users" and "loginctl list-sessions" will now show the
1082 state of each logged in user/session in their tabular output. It will
1083 also show the current idle state of sessions.
1087 * systemd-dissect will now show the intended CPU architecture of an
1090 * systemd-dissect will now install itself as mount helper for the "ddi"
1091 pseudo-file system type. This means you may now mount DDIs directly
1092 via /bin/mount or /etc/fstab, making full use of embedded Verity
1093 information and all other DDI features.
1095 Example: mount -t ddi myimage.raw /some/where
1097 * The systemd-dissect tool gained the new switches --attach/--detach to
1098 attach/detach a DDI to a loopback block device without mounting it.
1099 It will automatically derive the right sector size from the image
1100 and set up Verity and similar, but not mount the file systems in it.
1102 * When systemd-gpt-auto-generator or the DDI mounting logic mount an
1103 ESP or XBOOTLDR partition the MS_NOSYMFOLLOW mount option is now
1104 implied. Given that these file systems are typically untrusted, this
1105 should make mounting them automatically have less of a security
1108 * All tools that parse DDIs (such as systemd-nspawn, systemd-dissect,
1109 systemd-tmpfiles, …) now understand a new switch --image-policy= which
1110 takes a string encoding image dissection policy. With this mechanism
1111 automatic discovery and use of specific partition types and the
1112 cryptographic requirements on the partitions (Verity, LUKS, …) can be
1113 restricted, permitting better control of the exposed attack surfaces
1114 when mounting disk images. systemd-gpt-auto-generator will honour such
1115 an image policy too, configurable via the systemd.image_policy= kernel
1116 command line option. Unit files gained the RootImagePolicy=,
1117 MountImagePolicy= and ExtensionImagePolicy= to configure the same for
1118 disk images a service runs off.
1120 * systemd-analyze gained a new verb "image-policy" to validate and
1121 parse image policy strings.
1123 * systemd-dissect gained support for a new --validate switch to
1124 superficially validate DDI structure, and check whether a specific
1125 image policy allows the DDI.
1127 * systemd-dissect gained support for a new --mtree-hash switch to
1128 optionally disable calculating mtree hashes, which can be slow on
1131 * systemd-dissect --copy-to, --copy-from, --list and --mtree switches
1132 are now able to operate on directories too, other than images.
1136 * networkd's GENEVE support as gained a new .network option
1137 InheritInnerProtocol=.
1139 * The [Tunnel] section in .netdev files has gained a new setting
1140 IgnoreDontFragment for controlling the IPv4 "DF" flag of datagrams.
1142 * A new global IPv6PrivacyExtensions= setting has been added that
1143 selects the default value of the per-network setting of the same
1146 * The predictable network interface naming logic was extended to
1147 include SR-IOV-R "representor" information in network interface
1148 names. Unfortunately, this feature was not enabled by default and can
1149 only be enabled at compilation time by setting
1150 -Ddefault-net-naming-scheme=v254.
1152 * The DHCPv4 + DHCPv6 + IPv6 RA logic in networkd gained support for
1153 the RFC8910 captive portal option.
1157 * udevadm gained the new "verify" verb for validating udev rules files
1160 * udev gained a new tool "iocost" that can be used to configure QoS IO
1161 cost data based on hwdb information onto suitable block devices. Also
1162 see https://github.com/iocost-benchmark/iocost-benchmarks.
1164 TPM2 Support + Disk Encryption & Authentication:
1166 * systemd-cryptenroll/systemd-cryptsetup will now install a TPM2 SRK
1167 ("Storage Root Key") as first step in the TPM2, and then use that
1168 for binding FDE to, if TPM2 support is used. This matches
1169 recommendations of TCG (see
1170 https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-v2.0-Provisioning-Guidance-Published-v1r1.pdf)
1172 * systemd-cryptenroll and other tools that take TPM2 PCR parameters now
1173 understand textual identifiers for these PCRs.
1175 * systemd-veritysetup + /etc/veritytab gained support for a series of
1176 new options: hash-offset=, superblock=, format=, data-block-size=,
1177 hash-block-size=, data-blocks=, salt=, uuid=, hash=, fec-device=,
1178 fec-offset=, fec-roots= to configure various aspects of a Verity
1181 * systemd-cryptsetup + /etc/crypttab gained support for a new
1182 veracrypt-pim= option for setting the Personal Iteration Multiplier
1183 of veracrypt volumes.
1185 * systemd-integritysetup + /etc/integritytab gained support for a new
1186 mode= setting for controlling the dm-integrity mode (journal, bitmap,
1187 direct) for the volume.
1189 * systemd-analyze gained a new verb "pcrs" that shows the known TPM PCR
1190 registers, their symbolic names and current values.
1194 * The ACL support in tmpfiles.d/ has been updated: if an uppercase "X"
1195 access right is specified this is equivalent to "x" but only if the
1196 inode in question already has the executable bit set for at least
1197 some user/group. Otherwise the "x" bit will be turned off.
1199 * tmpfiles.d/'s C line type now understands a new modifier "+": a line
1200 with C+ will result in a "merge" copy, i.e. all files of the source
1201 tree are copied into the target tree, even if that tree already
1202 exists, resulting in a combined tree of files already present in the
1203 target tree and those copied in.
1205 * systemd-tmpfiles gained a new --graceful switch. If specified lines
1206 with unknown users/groups will silently be skipped.
1210 * systemd-notify gained two new options --fd= and --fdname= for sending
1211 arbitrary file descriptors to the service manager (while specifying an
1212 explicit name for it).
1214 * systemd-notify gained a new --exec switch, which makes it execute the
1215 specified command line after sending the requested messages. This is
1216 useful for sending out READY=1 first, and then continuing invocation
1217 without changing process ID, so that the tool can be nicely used
1218 within an ExecStart= line of a unit file that uses Type=notify.
1220 sd-event + sd-bus APIs:
1222 * The sd-event API gained a new call sd_event_source_leave_ratelimit()
1223 which may be used to explicitly end a rate-limit state an event
1224 source might be in, resetting all rate limiting counters.
1226 * When the sd-bus library is used to make connections to AF_UNIX D-Bus
1227 sockets, it will now encode the "description" set via
1228 sd_bus_set_description() into the source socket address. It will also
1229 look for this information when accepting a connection. This is useful
1230 to track individual D-Bus connections on a D-Bus broker for debug
1235 * systemd-resolved gained a new resolved.conf setting
1236 StateRetentionSec= which may be used to retain cached DNS records
1237 even after their nominal TTL, and use them in case upstream DNS
1238 servers cannot be reached. This can be used to make name resolution
1239 more resilient in case of network problems.
1241 * resolvectl gained a new verb "show-cache" to show the current cache
1242 contents of systemd-resolved. This verb communicates with the
1243 systemd-resolved daemon and requires privileges.
1247 * Meson >= 0.60.0 is now required to build systemd.
1249 * The default keymap to apply may now be chosen at build-time via the
1250 new -Ddefault-keymap= meson option.
1252 * Most of systemd's long-running services now have a generic handler of
1253 the SIGRTMIN+18 signal handler which executes various operations
1254 depending on the sigqueue() parameter sent along. For example, values
1255 0x100…0x107 allow changing the maximum log level of such
1256 services. 0x200…0x203 allow changing the log target of such
1257 services. 0x300 make the services trim their memory similarly to the
1258 automatic PSI-triggered action, see above. 0x301 make the services
1259 output their malloc_info() data to the logs.
1261 * machinectl gained new "edit" and "cat" verbs for editing .nspawn
1262 files, inspired by systemctl's verbs of the same name which edit unit
1263 files. Similarly, networkctl gained the same verbs for editing
1264 .network, .netdev, .link files.
1266 * A new syscall filter group "@sandbox" has been added that contains
1267 syscalls for sandboxing system calls such as those for seccomp and
1270 * New documentation has been added:
1272 https://systemd.io/COREDUMP
1273 https://systemd.io/MEMORY_PRESSURE
1276 * systemd-firstboot gained a new --reset option. If specified, the
1277 settings in /etc/ it knows how to initialize are reset.
1279 * systemd-sysext is now a multi-call binary and is also installed under
1280 the systemd-confext alias name (via a symlink). When invoked that way
1281 it will operate on /etc/ instead of /usr/ + /opt/. It thus becomes a
1282 powerful, atomic, secure configuration management of sorts, that
1283 locally can merge configuration from multiple confext configuration
1284 images into a single immutable tree.
1286 * The --network-macvlan=, --network-ipvlan=, --network-interface=
1287 switches of systemd-nspawn may now optionally take the intended
1288 network interface inside the container.
1290 * All our programs will now send an sd_notify() message with their exit
1291 status in the EXIT_STATUS= field when exiting, using the usual
1292 protocol, including PID 1. This is useful for VMMs and container
1293 managers to collect an exit status from a system as it shuts down, as
1294 set via "systemctl exit …". This is particularly useful in test cases
1295 and similar, as invocations via a VM can now nicely propagate an exit
1296 status to the host, similar to local processes.
1298 * systemd-run gained a new switch --expand-environment=no to disable
1299 server-side environment variable expansion in specified command
1300 lines. Expansion defaults to enabled for all execution types except
1301 --scope, where it defaults to off (and prints a warning) for backward
1302 compatibility reasons. --scope will be flipped to enabled by default
1303 too in a future release. If you are using --scope and passing a '$'
1304 character in the payload you should start explicitly using
1305 --expand-environment=yes/no according to the use case.
1307 * The systemd-system-update-generator has been updated to also look for
1308 the special flag file /etc/system-update in addition to the existing
1309 support for /system-update to decide whether to enter system update
1312 * The /dev/hugepages/ file system is now mounted with nosuid + nodev
1313 mount options by default.
1315 * systemd-fstab-generator now understands two new kernel command line
1316 options systemd.mount-extra= and systemd.swap-extra=, which configure
1317 additional mounts or swaps in a format similar to /etc/fstab. 'fsck'
1318 will be ran on these block devices, like it already happens for
1319 'root='. It also now supports the new fstab.extra and
1320 fstab.extra.initrd credentials that may contain additional /etc/fstab
1321 lines to apply at boot.
1323 * systemd-getty-generator now understands two new credentials
1324 getty.ttys.container and getty.ttys.serial. These credentials may
1325 contain a list of TTY devices – one per line – to instantiate
1326 container-getty@.service and serial-getty@.service on.
1328 * The getty/serial-getty/container-getty units now import the 'agetty.*'
1329 and 'login.*' credentials, which are consumed by the 'login' and
1330 'agetty' programs starting from util-linux v2.40.
1332 * systemd-sysupdate's sysupdate.d/ drop-ins gained a new setting
1333 PathRelativeTo=, which can be set to "esp", "xbootldr", "boot", in
1334 which case the Path= setting is taken relative to the ESP or XBOOTLDR
1335 partitions, rather than the system's root directory /. The relevant
1336 directories are automatically discovered.
1338 * The systemd-ac-power tool gained a new switch --low, which reports
1339 whether the battery charge is considered "low", similar to how the
1340 s2h suspend logic checks this state to decide whether to enter system
1341 suspend or hibernation.
1343 * The /etc/os-release file can now have two new optional fields
1344 VENDOR_NAME= and VENDOR_URL= to carry information about the vendor of
1347 * When the system hibernates, information about the device and offset
1348 used is now written to a non-volatile EFI variable. On next boot the
1349 system will attempt to resume from the location indicated in this EFI
1350 variable. This should make hibernation a lot more robust, while
1351 requiring no manual configuration of the resume location.
1353 * The $XDG_STATE_HOME environment variable (added in more recent
1354 versions of the XDG basedir specification) is now honoured to
1355 implement the StateDirectory= setting in user services.
1357 * A new component "systemd-battery-check" has been added. It may run
1358 during early boot (usually in the initrd), and checks the battery
1359 charge level of the system. In case the charge level is very low the
1360 user is notified (graphically via Plymouth – if available – as well
1361 as in text form on the console), and the system is turned off after a
1362 10s delay. The feature can be disabled by passing
1363 systemd.battery-check=0 through the kernel command line.
1365 * The 'passwdqc' library is now supported as an alternative to the
1366 'pwquality' library and can be selected at build time.
1368 Contributions from: 김인수, 07416, Addison Snelling, Adrian Vovk,
1369 Aidan Dang, Alexander Krabler, Alfred Klomp, Anatoli Babenia,
1370 Andrei Stepanov, Andrew Baxter, Antonio Alvarez Feijoo,
1371 Arian van Putten, Arthur Shau, A S Alam,
1372 Asier Sarasua Garmendia, Balló György, Bastien Nocera,
1373 Benjamin Herrenschmidt, Benjamin Raison, Bill Peterson,
1374 Brad Fitzpatrick, Brett Holman, bri, Chen Qi, Chitoku,
1375 Christian Hesse, Christoph Anton Mitterer, Christopher Gurnee,
1376 Colin Walters, Cornelius Hoffmann, Cristian Rodríguez, cunshunxia,
1377 cvlc12, Cyril Roelandt, Daan De Meyer, Daniele Medri,
1378 Daniel P. Berrangé, Daniel Rusek, Dan Streetman, David Edmundson,
1379 David Schroeder, David Tardon, dependabot[bot],
1380 Dimitri John Ledkov, Dmitrii Fomchenkov, Dmitry V. Levin, dmkUK,
1381 Dominique Martinet, don bright, drosdeck, Edson Juliano Drosdeck,
1382 Egor Ignatov, EinBaum, Emanuele Giuseppe Esposito, Eric Curtin,
1383 Erik Sjölund, Evgeny Vereshchagin, Florian Klink, Franck Bui,
1384 François Rigault, Fran Diéguez, Franklin Yu, Frantisek Sumsal,
1385 Fuminobu TAKEYAMA, Gaël PORTAY, Gerd Hoffmann, Gertalitec,
1386 Gibeom Gwon, Gustavo Noronha Silva, Hannu Lounento,
1387 Hans de Goede, Haochen Tong, HATAYAMA Daisuke, Henrik Holst,
1388 Hoe Hao Cheng, Igor Tsiglyar, Ivan Vecera, James Hilliard,
1389 Jan Engelhardt, Jan Janssen, Jan Luebbe, Jan Macku, Janne Sirén,
1390 jcg, Jeidnx, Joan Bruguera, Joerg Behrmann, jonathanmetzman,
1391 Jordan Rome, Josef Miegl, Joshua Goins, Joyce, Joyce Brum,
1392 Juno Computers, Kai Lueke, Kevin P. Fleming, Kiran Vemula, Klaus,
1393 Klaus Zipfel, Lawrence Thorpe, Lennart Poettering, licunlong,
1394 Lily Foster, Luca Boccassi, Ludwig Nussel, Luna Jernberg,
1395 maanyagoenka, Maanya Goenka, Maksim Kliazovich, Malte Poll,
1396 Marko Korhonen, Masatake YAMATO, Mateusz Poliwczak, Matt Johnston,
1397 Miao Wang, Micah Abbott, Michael A Cassaniti, Michal Koutný,
1398 Michal Sekletár, Mike Yuan, mooo, Morten Linderud, msizanoen,
1399 Nick Rosbrook, nikstur, Olivier Gayot, Omojola Joshua,
1400 Paolo Velati, Paul Barker, Pavel Borecki, Petr Menšík,
1401 Philipp Kern, Philip Withnall, Piotr Drąg, Quintin Hill,
1402 Rene Hollander, Richard Phibel, Robert Meijers, Robert Scheck,
1403 Roger Gammans, Romain Geissler, Ronan Pigott, Russell Harmon,
1404 saikat0511, Samanta Navarro, Sam James, Sam Morris,
1405 Simon Braunschmidt, Sjoerd Simons, Sorah Fukumori,
1406 Stanislaw Gruszka, Stefan Roesch, Steven Luo, Steve Ramage,
1407 Susant Sahani, taniishkaaa, Tanishka, Temuri Doghonadze,
1408 Thierry Martin, Thomas Blume, Thomas Genty, Thomas Weißschuh,
1409 Thorsten Kukuk, Times-Z, Tobias Powalowski, tofylion,
1410 Topi Miettinen, Uwe Kleine-König, Velislav Ivanov,
1411 Vitaly Kuznetsov, Vít Zikmund, Weblate, Will Fancher,
1412 William Roberts, Winterhuman, Wolfgang Müller, Xeonacid,
1413 Xiaotian Wu, Xi Ruoyao, Yuri Chornoivan, Yu Watanabe, Yuxiang Zhu,
1414 Zbigniew Jędrzejewski-Szmek, zhmylove, ZjYwMj,
1415 Дамјан Георгиевски, наб
1417 — Edinburgh, 2023-07-28
1421 Announcements of Future Feature Removals and Incompatible Changes:
1423 * We intend to remove cgroup v1 support from systemd release after the
1424 end of 2023. If you run services that make explicit use of cgroup v1
1425 features (i.e. the "legacy hierarchy" with separate hierarchies for
1426 each controller), please implement compatibility with cgroup v2 (i.e.
1427 the "unified hierarchy") sooner rather than later. Most of Linux
1428 userspace has been ported over already.
1430 * We intend to remove support for split-usr (/usr mounted separately
1431 during boot) and unmerged-usr (parallel directories /bin and
1432 /usr/bin, /lib and /usr/lib, etc). This will happen in the second
1433 half of 2023, in the first release that falls into that time window.
1434 For more details, see:
1435 https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html
1437 * We intend to change behaviour w.r.t. units of the per-user service
1438 manager and sandboxing options, so that they work without having to
1439 manually enable PrivateUsers= as well, which is not required for
1440 system units. To make this work, we will implicitly enable user
1441 namespaces (PrivateUsers=yes) when a sandboxing option is enabled in a
1442 user unit. The drawback is that system users will no longer be visible
1443 (and appear as 'nobody') to the user unit when a sandboxing option is
1444 enabled. By definition a sandboxed user unit should run with reduced
1445 privileges, so impact should be small. This will remove a great source
1446 of confusion that has been reported by users over the years, due to
1447 how these options require an extra setting to be manually enabled when
1448 used in the per-user service manager, as opposed as to the system
1449 service manager. We plan to enable this change in the next release
1450 later this year. For more details, see:
1451 https://lists.freedesktop.org/archives/systemd-devel/2022-December/048682.html
1453 Deprecations and incompatible changes:
1455 * systemctl will now warn when invoked without /proc/ mounted
1456 (e.g. when invoked after chroot() into an directory tree without the
1457 API mount points like /proc/ being set up.) Operation in such an
1458 environment is not fully supported.
1460 * The return value of 'systemctl is-active|is-enabled|is-failed' for
1461 unknown units is changed: previously 1 or 3 were returned, but now 4
1462 (EXIT_PROGRAM_OR_SERVICES_STATUS_UNKNOWN) is used as documented.
1464 * 'udevadm hwdb' subcommand is deprecated and will emit a warning.
1465 systemd-hwdb (added in 2014) should be used instead.
1467 * 'bootctl --json' now outputs a single JSON array, instead of a stream
1468 of newline-separated JSON objects.
1470 * Udev rules in 60-evdev.rules have been changed to load hwdb
1471 properties for all modalias patterns. Previously only the first
1472 matching pattern was used. This could change what properties are
1473 assigned if the user has more and less specific patterns that could
1474 match the same device, but it is expected that the change will have
1475 no effect for most users.
1477 * systemd-networkd-wait-online exits successfully when all interfaces
1478 are ready or unmanaged. Previously, if neither '--any' nor
1479 '--interface=' options were used, at least one interface had to be in
1480 configured state. This change allows the case where systemd-networkd
1481 is enabled, but no interfaces are configured, to be handled
1482 gracefully. It may occur in particular when a different network
1483 manager is also enabled and used.
1485 * Some compatibility helpers were dropped: EmergencyAction= in the user
1486 manager, as well as measuring kernel command line into PCR 8 in
1487 systemd-stub, along with the -Defi-tpm-pcr-compat compile-time
1490 * The '-Dupdate-helper-user-timeout=' build-time option has been
1491 renamed to '-Dupdate-helper-user-timeout-sec=', and now takes an
1492 integer as parameter instead of a string.
1494 * The DDI image dissection logic (which backs RootImage= in service
1495 unit files, the --image= switch in various tools such as
1496 systemd-nspawn, as well as systemd-dissect) will now only mount file
1497 systems of types btrfs, ext4, xfs, erofs, squashfs, vfat. This list
1498 can be overridden via the $SYSTEMD_DISSECT_FILE_SYSTEMS environment
1499 variable. These file systems are fairly well supported and maintained
1500 in current kernels, while others are usually more niche, exotic or
1501 legacy and thus typically do not receive the same level of security
1504 * The default per-link multicast DNS mode is changed to "yes"
1505 (that was previously "no"). As the default global multicast DNS mode
1506 has been "yes" (but can be changed by the build option), now the
1507 multicast DNS is enabled on all links by default. You can disable the
1508 multicast DNS on all links by setting MulticastDNS= in resolved.conf,
1509 or on an interface by calling "resolvectl mdns INTERFACE no".
1513 * A tool 'ukify' tool to build, measure, and sign Unified Kernel Images
1514 (UKIs) has been added. This replaces functionality provided by
1515 'dracut --uefi' and extends it with automatic calculation of PE file
1516 offsets, insertion of signed PCR policies generated by
1517 systemd-measure, support for initrd concatenation, signing of the
1518 embedded Linux image and the combined image with sbsign, and
1519 heuristics to autodetect the kernel uname and verify the splash
1522 Changes in systemd and units:
1524 * A new service type Type=notify-reload is defined. When such a unit is
1525 reloaded a UNIX process signal (typically SIGHUP) is sent to the main
1526 service process. The manager will then wait until it receives a
1527 "RELOADING=1" followed by a "READY=1" notification from the unit as
1528 response (via sd_notify()). Otherwise, this type is the same as
1529 Type=notify. A new setting ReloadSignal= may be used to change the
1530 signal to send from the default of SIGHUP.
1532 user@.service, systemd-networkd.service, systemd-udevd.service, and
1533 systemd-logind have been updated to this type.
1535 * Initrd environments which are not on a pure memory file system (e.g.
1536 overlayfs combination as opposed to tmpfs) are now supported. With
1537 this change, during the initrd → host transition ("switch root")
1538 systemd will erase all files of the initrd only when the initrd is
1539 backed by a memory file system such as tmpfs.
1541 * New per-unit MemoryZSwapMax= option has been added to configure
1542 memory.zswap.max cgroup properties (the maximum amount of zswap
1545 * A new LogFilterPatterns= option has been added for units. It may be
1546 used to specify accept/deny regular expressions for log messages
1547 generated by the unit, that shall be enforced by systemd-journald.
1548 Rejected messages are neither stored in the journal nor forwarded.
1549 This option may be used to suppress noisy or uninteresting messages
1552 * The manager has a new
1553 org.freedesktop.systemd1.Manager.GetUnitByPIDFD() D-Bus method to
1554 query process ownership via a PIDFD, which is more resilient against
1555 PID recycling issues.
1557 * Scope units now support OOMPolicy=. Login session scopes default to
1558 OOMPolicy=continue, allowing login scopes to survive the OOM killer
1559 terminating some processes in the scope.
1561 * systemd-fstab-generator now supports x-systemd.makefs option for
1562 /sysroot/ (in the initrd).
1564 * The maximum rate at which daemon reloads are executed can now be
1565 limited with the new ReloadLimitIntervalSec=/ReloadLimitBurst=
1566 options. (Or the equivalent on the kernel command line:
1567 systemd.reload_limit_interval_sec=/systemd.reload_limit_burst=). In
1568 addition, systemd now logs the originating unit and PID when a reload
1569 request is received over D-Bus.
1571 * When enabling a swap device systemd will now reinitialize the device
1572 when the page size of the swap space does not match the page size of
1573 the running kernel. Note that this requires the 'swapon' utility to
1574 provide the '--fixpgsz' option, as implemented by util-linux, and it
1575 is not supported by busybox at the time of writing.
1577 * systemd now executes generator programs in a mount namespace
1578 "sandbox" with most of the file system read-only and write access
1579 restricted to the output directories, and with a temporary /tmp/
1580 mount provided. This provides a safeguard against programming errors
1581 in the generators, but also fixes here-docs in shells, which
1582 previously didn't work in early boot when /tmp/ wasn't available
1583 yet. (This feature has no security implications, because the code is
1584 still privileged and can trivially exit the sandbox.)
1586 * The system manager will now parse a new "vmm.notify_socket"
1587 system credential, which may be supplied to a VM via SMBIOS. If
1588 found, the manager will send a "READY=1" notification on the
1589 specified socket after boot is complete. This allows readiness
1590 notification to be sent from a VM guest to the VM host over a VSOCK
1593 * The sample PAM configuration file for systemd-user@.service now
1594 includes a call to pam_namespace. This puts children of user@.service
1595 in the expected namespace. (Many distributions replace their file
1596 with something custom, so this change has limited effect.)
1598 * A new environment variable $SYSTEMD_DEFAULT_MOUNT_RATE_LIMIT_BURST
1599 can be used to override the mount units burst late limit for
1600 parsing '/proc/self/mountinfo', which was introduced in v249.
1603 * Drop-ins for init.scope changing control group resource limits are
1604 now applied, while they were previously ignored.
1606 * New build-time configuration options '-Ddefault-timeout-sec=' and
1607 '-Ddefault-user-timeout-sec=' have been added, to let distributions
1608 choose the default timeout for starting/stopping/aborting system and
1609 user units respectively.
1611 * Service units gained a new setting OpenFile= which may be used to
1612 open arbitrary files in the file system (or connect to arbitrary
1613 AF_UNIX sockets in the file system), and pass the open file
1614 descriptor to the invoked process via the usual file descriptor
1615 passing protocol. This is useful to give unprivileged services access
1616 to select files which have restrictive access modes that would
1617 normally not allow this. It's also useful in case RootDirectory= or
1618 RootImage= is used to allow access to files from the host environment
1619 (which is after all not visible from the service if these two options
1624 * The new net naming scheme "v253" has been introduced. In the new
1625 scheme, ID_NET_NAME_PATH is also set for USB devices not connected via
1626 a PCI bus. This extends the coverage of predictable interface names
1627 in some embedded systems.
1629 The "amba" bus path is now included in ID_NET_NAME_PATH, resulting in
1630 a more informative path on some embedded systems.
1632 * Partition block devices will now also get symlinks in
1633 /dev/disk/by-diskseq/<seq>-part<n>, which may be used to reference
1634 block device nodes via the kernel's "diskseq" value. Previously those
1635 symlinks were only created for the main block device.
1637 * A new operator '-=' is supported for SYMLINK variables. This allows
1638 symlinks to be unconfigured even if an earlier rule added them.
1640 * 'udevadm --trigger --settle' now also works for network devices
1641 that are being renamed.
1643 Changes in sd-boot, bootctl, and the Boot Loader Specification:
1645 * systemd-boot now passes its random seed directly to the kernel's RNG
1646 via the LINUX_EFI_RANDOM_SEED_TABLE_GUID configuration table, which
1647 means the RNG gets seeded very early in boot before userspace has
1650 * systemd-boot will pass a disk-backed random seed – even when secure
1651 boot is enabled – if it can additionally get a random seed from EFI
1652 itself (via EFI's RNG protocol), or a prior seed in
1653 LINUX_EFI_RANDOM_SEED_TABLE_GUID from a preceding bootloader.
1655 * systemd-boot-system-token.service was renamed to
1656 systemd-boot-random-seed.service and extended to always save a random
1657 seed to ESP on every boot when a compatible boot loader is used. This
1658 allows a refreshed random seed to be used in the boot loader.
1660 * systemd-boot handles various seed inputs using a domain- and
1661 field-separated hashing scheme.
1663 * systemd-boot's 'random-seed-mode' option has been removed. A system
1664 token is now always required to be present for random seeds to be
1667 * systemd-boot now supports being loaded from other locations than the
1668 ESP, for example for direct kernel boot under QEMU or when embedded
1671 * systemd-boot now parses SMBIOS information to detect
1672 virtualization. This information is used to skip some warnings which
1673 are not useful in a VM and to conditionalize other aspects of
1676 * systemd-boot now supports a new 'if-safe' mode that will perform UEFI
1677 Secure Boot automated certificate enrollment from the ESP only if it
1678 is considered 'safe' to do so. At the moment 'safe' means running in
1681 * systemd-stub now processes random seeds in the same way as
1682 systemd-boot already does, in case a unified kernel image is being
1683 used from a different bootloader than systemd-boot, or without any
1686 * bootctl will now generate a system token on all EFI systems, even
1687 virtualized ones, and is activated in the case that the system token
1688 is missing from either sd-boot and sd-stub booted systems.
1690 * bootctl now implements two new verbs: 'kernel-identify' prints the
1691 type of a kernel image file, and 'kernel-inspect' provides
1692 information about the embedded command line and kernel version of
1695 * bootctl now honours $KERNEL_INSTALL_CONF_ROOT with the same meaning
1696 as for kernel-install.
1698 * The JSON output of "bootctl list" will now contain two more fields:
1699 isDefault and isSelected are boolean fields set to true on the
1700 default and currently booted boot menu entries.
1702 * bootctl gained a new verb "unlink" for removing a boot loader entry
1703 type #1 file from disk in a safe and robust way.
1705 * bootctl also gained a new verb "cleanup" that automatically removes
1706 all files from the ESP's and XBOOTLDR's "entry-token" directory, that
1707 is not referenced anymore by any installed Type #1 boot loader
1708 specification entry. This is particularly useful in environments where
1709 a large number of entries reference the same or partly the same
1710 resources (for example, for snapshot-based setups).
1712 Changes in kernel-install:
1714 * A new "installation layout" can be configured as layout=uki. With
1715 this setting, a Boot Loader Specification Type#1 entry will not be
1716 created. Instead, a new kernel-install plugin 90-uki-copy.install
1717 will copy any .efi files from the staging area into the boot
1718 partition. A plugin to generate the UKI .efi file must be provided
1721 Changes in systemctl:
1723 * 'systemctl reboot' has dropped support for accepting a positional
1724 argument as the argument to the reboot(2) syscall. Please use the
1725 --reboot-argument= option instead.
1727 * 'systemctl disable' will now warn when called on units without
1728 install information. A new --no-warn option has been added that
1729 silences this warning.
1731 * New option '--drop-in=' can be used to tell 'systemctl edit' the name
1732 of the drop-in to edit. (Previously, 'override.conf' was always
1735 * 'systemctl list-dependencies' now respects --type= and --state=.
1737 * 'systemctl kexec' now supports XEN VMM environments.
1739 * 'systemctl edit' will now tell the invoked editor to jump into the
1740 first line with actual unit file data, skipping over synthesized
1743 Changes in systemd-networkd and related tools:
1745 * The [DHCPv4] section in .network file gained new SocketPriority=
1746 setting that assigns the Linux socket priority used by the DHCPv4 raw
1747 socket. This may be used in conjunction with the
1748 EgressQOSMaps=setting in [VLAN] section of .netdev file to send the
1749 desired ethernet 802.1Q frame priority for DHCPv4 initial
1750 packets. This cannot be achieved with netfilter mangle tables because
1751 of the raw socket bypass.
1753 * The [DHCPv4] and [IPv6AcceptRA] sections in .network file gained a
1754 new QuickAck= boolean setting that enables the TCP quick ACK mode for
1755 the routes configured by the acquired DHCPv4 lease or received router
1756 advertisements (RAs).
1758 * The RouteMetric= option (for DHCPv4, DHCPv6, and IPv6 advertised
1759 routes) now accepts three values, for high, medium, and low preference
1760 of the router (which can be set with the RouterPreference=) setting.
1762 * systemd-networkd-wait-online now supports matching via alternative
1765 * The [DHCPv6] section in .network file gained new SendRelease=
1766 setting which enables the DHCPv6 client to send release when
1767 it stops. This is the analog of the [DHCPv4] SendRelease= setting.
1768 It is enabled by default.
1770 * If the Address= setting in [Network] or [Address] sections in .network
1771 specified without its prefix length, then now systemd-networkd assumes
1772 /32 for IPv4 or /128 for IPv6 addresses.
1774 * networkctl shows network and link file dropins in status output.
1776 Changes in systemd-dissect:
1778 * systemd-dissect gained a new option --list, to print the paths of
1779 all files and directories in a DDI.
1781 * systemd-dissect gained a new option --mtree, to generate a file
1782 manifest compatible with BSD mtree(5) of a DDI
1784 * systemd-dissect gained a new option --with, to execute a command with
1785 the specified DDI temporarily mounted and used as working
1786 directory. This is for example useful to convert a DDI to "tar"
1787 simply by running it within a "systemd-dissect --with" invocation.
1789 * systemd-dissect gained a new option --discover, to search for
1790 Discoverable Disk Images (DDIs) in well-known directories of the
1791 system. This will list machine, portable service and system extension
1794 * systemd-dissect now understands 2nd stage initrd images stored as a
1795 Discoverable Disk Image (DDI).
1797 * systemd-dissect will now display the main UUID of GPT DDIs (i.e. the
1798 disk UUID stored in the GPT header) among the other data it can show.
1800 * systemd-dissect gained a new --in-memory switch to operate on an
1801 in-memory copy of the specified DDI file. This is useful to access a
1802 DDI with write access without persisting any changes. It's also
1803 useful for accessing a DDI without keeping the originating file
1806 * The DDI dissection logic will now automatically detect the intended
1807 sector size of disk images stored in files, based on the GPT
1808 partition table arrangement. Loopback block devices for such DDIs
1809 will then be configured automatically for the right sector size. This
1810 is useful to make dealing with modern 4K sector size DDIs fully
1811 automatic. The systemd-dissect tool will now show the detected sector
1812 size among the other DDI information in its output.
1814 Changes in systemd-repart:
1816 * systemd-repart gained new options --include-partitions= and
1817 --exclude-partitions= to filter operation on partitions by type UUID.
1818 This allows systemd-repart to be used to build images in which the
1819 type of one partition is set based on the contents of another
1820 partition (for example when the boot partition shall include a verity
1821 hash of the root partition).
1823 * systemd-repart also gained a --defer-partitions= option that is
1824 similar to --exclude-partitions=, but the size of the partition is
1825 still taken into account when sizing partitions, but without
1828 * systemd-repart gained a new --sector-size= option to specify what
1829 sector size should be used when an image is created.
1831 * systemd-repart now supports generating erofs file systems via
1832 CopyFiles= (a read-only file system similar to squashfs).
1834 * The Minimize= option was extended to accept "best" (which means the
1835 most minimal image possible, but may require multiple attempts) and
1836 "guess" (which means a reasonably small image).
1838 * The systemd-growfs binary now comes with a regular unit file template
1839 systemd-growfs@.service which can be instantiated directly for any
1840 desired file system. (Previously, the unit was generated dynamically
1841 by various generators, but no regular unit file template was
1844 Changes in journal tools:
1846 * Various systemd tools will append extra fields to log messages when
1847 in debug mode, or when SYSTEMD_ENABLE_LOG_CONTEXT=1 is set. Currently
1848 this includes information about D-Bus messages when sd-bus is used,
1849 e.g. DBUS_SENDER=, DBUS_DESTINATION=, and DBUS_PATH=, and information
1850 about devices when sd-device is used, e.g. DEVNAME= and DRIVER=.
1851 Details of what is logged and when are subject to change.
1853 * The systemd-journald-audit.socket can now be disabled via the usual
1854 "systemctl disable" mechanism to stop collection of audit
1855 messages. Please note that it is not enabled statically anymore and
1856 must be handled by the preset/enablement logic in package
1857 installation scripts.
1859 * New options MaxUse=, KeepFree=, MaxFileSize=, and MaxFiles= can
1860 be used to curtail disk use by systemd-journal-remote. This is
1861 similar to the options supported by systemd-journald.
1863 Changes in systemd-cryptenroll, systemd-cryptsetup, and related
1866 * When enrolling new keys systemd-cryptenroll now supports unlocking
1867 via FIDO2 tokens (option --unlock-fido2-device=). Previously, a
1868 password was strictly required to be specified.
1870 * systemd-cryptsetup now supports pre-flight requests for FIDO2 tokens
1871 (except for tokens with user verification, UV) to identify tokens
1872 before authentication. Multiple FIDO2 tokens can now be enrolled at
1873 the same time, and systemd-cryptsetup will automatically select one
1874 that corresponds to one of the available LUKS key slots.
1876 * systemd-cryptsetup now supports new options tpm2-measure-bank= and
1877 tpm2-measure-pcr= in crypttab(5). These allow specifying the TPM2 PCR
1878 bank and number into which the volume key should be measured. This is
1879 automatically enabled for the encrypted root volume discovered and
1880 activated by systemd-gpt-auto-generator.
1882 * systemd-gpt-auto-generator mounts the ESP and XBOOTLDR partitions with
1883 "noexec,nosuid,nodev".
1885 * systemd-gpt-auto-generator will now honour the rootfstype= and
1886 rootflags= kernel command line switches for root file systems it
1887 discovers, to match behaviour in case an explicit root fs is
1888 specified via root=.
1890 * systemd-pcrphase gained new options --machine-id and --file-system=
1891 to measure the machine-id and mount point information into PCR 15.
1892 New service unit files systemd-pcrmachine.service and
1893 systemd-pcrfs@.service have been added that invoke the tool with
1894 these switches during early boot.
1896 * systemd-pcrphase gained a --graceful switch will make it exit cleanly
1897 with a success exit code even if no TPM device is detected.
1899 * systemd-cryptenroll now stores the user-supplied PIN with a salt,
1900 making it harder to brute-force.
1902 Changes in other tools:
1904 * systemd-homed gained support for luksPbkdfForceIterations (the
1905 intended number of iterations for the PBKDF operation on LUKS).
1907 * Environment variables $SYSTEMD_HOME_MKFS_OPTIONS_BTRFS,
1908 $SYSTEMD_HOME_MKFS_OPTIONS_EXT4, and $SYSTEMD_HOME_MKFS_OPTIONS_XFS
1909 may now be used to specify additional arguments for mkfs when
1910 systemd-homed formats a file system.
1912 * systemd-hostnamed now exports the contents of
1913 /sys/class/dmi/id/bios_vendor and /sys/class/dmi/id/bios_date via two
1914 new D-Bus properties: FirmwareVendor and FirmwareDate. This allows
1915 unprivileged code to access those values.
1917 systemd-hostnamed also exports the SUPPORT_END= field from
1918 os-release(5) as OperatingSystemSupportEnd. hostnamectl make uses of
1919 this to show the status of the installed system.
1921 * systemd-measure gained an --append= option to sign multiple phase
1922 paths with different signing keys. This allows secrets to be
1923 accessible only in certain parts of the boot sequence. Note that
1924 'ukify' provides similar functionality in a more accessible form.
1926 * systemd-timesyncd will now write a structured log message with
1927 MESSAGE_ID set to SD_MESSAGE_TIME_BUMP when it bumps the clock based
1928 on a on-disk timestamp, similarly to what it did when reaching
1929 synchronization via NTP.
1931 * systemd-timesyncd will now update the on-disk timestamp file on each
1932 boot at least once, making it more likely that the system time
1933 increases in subsequent boots.
1935 * systemd-vconsole-setup gained support for system/service credentials:
1936 vconsole.keymap/vconsole.keymap_toggle and
1937 vconsole.font/vconsole.font_map/vconsole.font_unimap are analogous
1938 the similarly-named options in vconsole.conf.
1940 * systemd-localed will now save the XKB keyboard configuration to
1941 /etc/vconsole.conf, and also read it from there with a higher
1942 preference than the /etc/X11/xorg.conf.d/00-keyboard.conf config
1943 file. Previously, this information was stored in the former file in
1944 converted form, and only in latter file in the original form. Tools
1945 which want to access keyboard configuration can now do so from a
1948 * systemd-resolved gained support for configuring the nameservers and
1949 search domains via kernel command line (nameserver=, domain=) and
1950 credentials (network.dns, network.search_domains).
1952 * systemd-resolved will now synthesize host names for the DNS stub
1953 addresses it supports. Specifically when "_localdnsstub" is resolved,
1954 127.0.0.53 is returned, and if "_localdnsproxy" is resolved
1955 127.0.0.54 is returned.
1957 * systemd-notify will now send a "RELOADING=1" notification when called
1958 with --reloading, and "STOPPING=1" when called with --stopping. This
1959 can be used to implement notifications from units where it's easier
1960 to call a program than to use the sd-daemon library.
1962 * systemd-analyze's 'plot' command can now output its information in
1963 JSON, controlled via the --json= switch. Also, new --table, and
1964 --no-legend options have been added.
1966 * 'machinectl enable' will now automatically enable machines.target
1967 unit in addition to adding the machine unit to the target.
1969 Similarly, 'machinectl start|stop' gained a --now option to enable or
1970 disable the machine unit when starting or stopping it.
1972 * systemd-sysusers will now create /etc/ if it is missing.
1974 * systemd-sleep 'HibernateDelaySec=' setting is changed back to
1975 pre-v252's behaviour, and a new 'SuspendEstimationSec=' setting is
1976 added to provide the new initial value for the new automated battery
1977 estimation functionality. If 'HibernateDelaySec=' is set to any value,
1978 the automated estimate (and thus the automated hibernation on low
1979 battery to avoid data loss) functionality will be disabled.
1981 * Default tmpfiles.d/ configuration will now automatically create
1982 credentials storage directory '/etc/credstore/' with the appropriate,
1983 secure permissions. If '/run/credstore/' exists, its permissions will
1984 be fixed too in case they are not correct.
1986 Changes in libsystemd and shared code:
1988 * sd-bus gained new convenience functions sd_bus_emit_signal_to(),
1989 sd_bus_emit_signal_tov(), and sd_bus_message_new_signal_to().
1991 * sd-id128 functions now return -EUCLEAN (instead of -EIO) when the
1992 128-bit ID in files such as /etc/machine-id has an invalid
1993 format. They also accept NULL as output parameter in more places,
1994 which is useful when the caller only wants to validate the inputs and
1995 does not need the output value.
1997 * sd-login gained new functions sd_pidfd_get_session(),
1998 sd_pidfd_get_owner_uid(), sd_pidfd_get_unit(),
1999 sd_pidfd_get_user_unit(), sd_pidfd_get_slice(),
2000 sd_pidfd_get_user_slice(), sd_pidfd_get_machine_name(), and
2001 sd_pidfd_get_cgroup(), that are analogous to sd_pid_get_*(),
2002 but accept a PIDFD instead of a PID.
2004 * sd-path (and systemd-path) now export four new paths:
2005 SD_PATH_SYSTEMD_SYSTEM_ENVIRONMENT_GENERATOR,
2006 SD_PATH_SYSTEMD_USER_ENVIRONMENT_GENERATOR,
2007 SD_PATH_SYSTEMD_SEARCH_SYSTEM_ENVIRONMENT_GENERATOR, and
2008 SD_PATH_SYSTEMD_SEARCH_USER_ENVIRONMENT_GENERATOR,
2010 * sd_notify() now supports AF_VSOCK as transport for notification
2011 messages (in addition to the existing AF_UNIX support). This is
2012 enabled if $NOTIFY_SOCKET is set in a "vsock:CID:port" format.
2014 * Detection of chroot() environments now works if /proc/ is not
2015 mounted. This affects systemd-detect-virt --chroot, but also means
2016 that systemd tools will silently skip various operations in such an
2019 * "Lockheed Martin Hardened Security for Intel Processors" (HS SRE)
2020 virtualization is now detected.
2022 Changes in the build system:
2024 * Standalone variants of systemd-repart and systemd-shutdown may now be
2025 built (if -Dstandalone=true).
2027 * systemd-ac-power has been moved from /usr/lib/ to /usr/bin/, to, for
2028 example, allow scripts to conditionalize execution on AC power
2031 * The libp11kit library is now loaded through dlopen(3).
2033 Changes in the documentation:
2035 * Specifications that are not closely tied to systemd have moved to
2036 https://uapi-group.org/specifications/: the Boot Loader Specification
2037 and the Discoverable Partitions Specification.
2039 Contributions from: 김인수, 13r0ck, Aidan Dang, Alberto Planas,
2040 Alvin Šipraga, Andika Triwidada, AndyChi, angus-p, Anita Zhang,
2041 Antonio Alvarez Feijoo, Arsen Arsenović, asavah, Benjamin Fogle,
2042 Benjamin Tissoires, berenddeschouwer, BerndAdameit,
2043 Bernd Steinhauser, blutch112, cake03, Callum Farmer, Carlo Teubner,
2044 Charles Hardin, chris, Christian Brauner, Christian Göttsche,
2045 Cristian Rodríguez, Daan De Meyer, Dan Streetman, DaPigGuy,
2046 Darrell Kavanagh, David Tardon, dependabot[bot], Dirk Su,
2047 Dmitry V. Levin, drosdeck, Edson Juliano Drosdeck, edupont,
2048 Eric DeVolder, Erik Moqvist, Evgeny Vereshchagin, Fabian Gurtner,
2049 Felix Riemann, Franck Bui, Frantisek Sumsal, Geert Lorang,
2050 Gerd Hoffmann, Gio, Hannoskaj, Hans de Goede, Hugo Carvalho,
2051 igo95862, Ilya Leoshkevich, Ivan Shapovalov, Jacek Migacz,
2052 Jade Lovelace, Jan Engelhardt, Jan Janssen, Jan Macku, January,
2053 Jason A. Donenfeld, jcg, Jean-Tiare Le Bigot, Jelle van der Waa,
2054 Jeremy Linton, Jian Zhang, Jiayi Chen, Jia Zhang, Joerg Behrmann,
2055 Jörg Thalheim, Joshua Goins, joshuazivkovic, Joshua Zivkovic,
2056 Kai-Chuan Hsieh, Khem Raj, Koba Ko, Lennart Poettering, lichao,
2057 Li kunyu, Luca Boccassi, Luca BRUNO, Ludwig Nussel,
2058 Łukasz Stelmach, Lycowolf, marcel151, Marcus Schäfer, Marek Vasut,
2059 Mark Laws, Michael Biebl, Michał Kotyla, Michal Koutný,
2060 Michal Sekletár, Mike Gilbert, Mike Yuan, MkfsSion, ml,
2061 msizanoen1, mvzlb, MVZ Ludwigsburg, Neil Moore, Nick Rosbrook,
2062 noodlejetski, Pasha Vorobyev, Peter Cai, p-fpv, Phaedrus Leeds,
2063 Philipp Jungkamp, Quentin Deslandes, Raul Tambre, Ray Strode,
2064 reuben olinsky, Richard E. van der Luit, Richard Phibel,
2065 Ricky Tigg, Robin Humble, rogg, Rudi Heitbaum, Sam James,
2066 Samuel Cabrero, Samuel Thibault, Siddhesh Poyarekar, Simon Brand,
2067 Space Meyer, Spindle Security, Steve Ramage, Takashi Sakamoto,
2068 Thomas Haller, Tonći Galić, Topi Miettinen, Torsten Hilbrich,
2069 Tuetuopay, uerdogan, Ulrich Ölmann, Valentin David,
2070 Vitaly Kuznetsov, Vito Caputo, Waltibaba, Will Fancher,
2071 William Roberts, wouter bolsterlee, Youfu Zhang, Yu Watanabe,
2072 Zbigniew Jędrzejewski-Szmek, Дамјан Георгиевски,
2075 — Warsaw, 2023-02-15
2079 Announcements of Future Feature Removals:
2081 * We intend to remove cgroup v1 support from systemd release after the
2082 end of 2023. If you run services that make explicit use of cgroup v1
2083 features (i.e. the "legacy hierarchy" with separate hierarchies for
2084 each controller), please implement compatibility with cgroup v2 (i.e.
2085 the "unified hierarchy") sooner rather than later. Most of Linux
2086 userspace has been ported over already.
2088 * We intend to remove support for split-usr (/usr mounted separately
2089 during boot) and unmerged-usr (parallel directories /bin and
2090 /usr/bin, /lib and /usr/lib, etc). This will happen in the second
2091 half of 2023, in the first release that falls into that time window.
2092 For more details, see:
2093 https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html
2095 Compatibility Breaks:
2097 * ConditionKernelVersion= checks that use the '=' or '!=' operators
2098 will now do simple string comparisons (instead of version comparisons
2099 à la stverscmp()). Version comparisons are still done for the
2100 ordering operators '<', '>', '<=', '>='. Moreover, if no operator is
2101 specified, a shell-style glob match is now done. This creates a minor
2102 incompatibility compared to older systemd versions when the '*', '?',
2103 '[', ']' characters are used, as these will now match as shell globs
2104 instead of literally. Given that kernel version strings typically do
2105 not include these characters we expect little breakage through this
2108 * The service manager will now read the SELinux label used for SELinux
2109 access checks from the unit file at the time it loads the file.
2110 Previously, the label would be read at the moment of the access
2111 check, which was problematic since at that time the unit file might
2112 already have been updated or removed.
2116 * systemd-measure is a new tool for calculating and signing expected
2117 TPM2 PCR values for a given unified kernel image (UKI) booted via
2118 sd-stub. The public key used for the signature and the signed
2119 expected PCR information can be embedded inside the UKI. This
2120 information can be extracted from the UKI by external tools and code
2121 in the image itself and is made available to userspace in the booted
2124 systemd-cryptsetup, systemd-cryptenroll, and systemd-creds have been
2125 updated to make use of this information if available in the booted
2126 kernel: when locking an encrypted volume/credential to the TPM
2127 systemd-cryptenroll/systemd-creds will use the public key to bind the
2128 volume/credential to any kernel that carries PCR information signed
2129 by the same key pair. When unlocking such volumes/credentials
2130 systemd-cryptsetup/systemd-creds will use the signature embedded in
2131 the booted UKI to gain access.
2133 Binding TPM-based disk encryption to public keys/signatures of PCR
2134 values — instead of literal PCR values — addresses the inherent
2135 "brittleness" of traditional PCR-bound TPM disk encryption schemes:
2136 disks remain accessible even if the UKI is updated, without any TPM
2137 specific preparation during the OS update — as long as each UKI
2138 carries the necessary PCR signature information.
2140 Net effect: if you boot a properly prepared kernel, TPM-bound disk
2141 encryption now defaults to be locked to kernels which carry PCR
2142 signatures from the same key pair. Example: if a hypothetical distro
2143 FooOS prepares its UKIs like this, TPM-based disk encryption is now –
2144 by default – bound to only FooOS kernels, and encrypted volumes bound
2145 to the TPM cannot be unlocked on kernels from other sources. (But do
2146 note this behaviour requires preparation/enabling in the UKI, and of
2147 course users can always enroll non-TPM ways to unlock the volume.)
2149 * systemd-pcrphase is a new tool that is invoked at six places during
2150 system runtime, and measures additional words into TPM2 PCR 11, to
2151 mark milestones of the boot process. This allows binding access to
2152 specific TPM2-encrypted secrets to specific phases of the boot
2153 process. (Example: LUKS2 disk encryption key only accessible in the
2154 initrd, but not later.)
2156 Changes in systemd itself, i.e. the manager and units
2158 * The cpu controller is delegated to user manager units by default, and
2159 CPUWeight= settings are applied to the top-level user slice units
2160 (app.slice, background.slice, session.slice). This provides a degree
2161 of resource isolation between different user services competing for
2164 * Systemd can optionally do a full preset in the "first boot" condition
2165 (instead of just enable-only). This behaviour is controlled by the
2166 compile-time option -Dfirst-boot-full-preset. Right now it defaults
2167 to 'false', but the plan is to switch it to 'true' for the subsequent
2170 * Drop-ins are now allowed for transient units too.
2172 * Systemd will set the taint flag 'support-ended' if it detects that
2173 the OS image is past its end-of-support date. This date is declared
2174 in a new /etc/os-release field SUPPORT_END= described below.
2176 * Two new settings ConditionCredential= and AssertCredential= can be
2177 used to skip or fail units if a certain system credential is not
2180 * ConditionMemory= accepts size suffixes (K, M, G, T, …).
2182 * DefaultSmackProcessLabel= can be used in system.conf and user.conf to
2183 specify the SMACK security label to use when not specified in a unit
2186 * DefaultDeviceTimeoutSec= can be used in system.conf and user.conf to
2187 specify the default timeout when waiting for device units to
2190 * C.UTF-8 is used as the default locale if nothing else has been
2193 * [Condition|Assert]Firmware= have been extended to support certain
2194 SMBIOS fields. For example
2196 ConditionFirmware=smbios-field(board_name = "Custom Board")
2198 conditionalizes the unit to run only when
2199 /sys/class/dmi/id/board_name contains "Custom Board" (without the
2202 * ConditionFirstBoot= now correctly evaluates as true only during the
2203 boot phase of the first boot. A unit executed later, after booting
2204 has completed, will no longer evaluate this condition as true.
2206 * Socket units will now create sockets in the SELinuxContext= of the
2207 associated service unit, if any.
2209 * Boot phase transitions (start initrd → exit initrd → boot complete →
2210 shutdown) will be measured into TPM2 PCR 11, so that secrets can be
2211 bound to a specific runtime phase. E.g.: a LUKS encryption key can be
2212 unsealed only in the initrd.
2214 * Service credentials (i.e. SetCredential=/LoadCredential=/…) will now
2215 also be provided to ExecStartPre= processes.
2217 * Various units are now correctly ordered against
2218 initrd-switch-root.target where previously a conflict without
2219 ordering was configured. A stop job for those units would be queued,
2220 but without the ordering it could be executed only after
2221 initrd-switch-root.service, leading to units not being restarted in
2222 the host system as expected.
2224 * In order to fully support the IPMI watchdog driver, which has not yet
2225 been ported to the new common watchdog device interface,
2226 /dev/watchdog0 will be tried first and systemd will silently fallback
2227 to /dev/watchdog if it is not found.
2229 * New watchdog-related D-Bus properties are now published by systemd:
2230 WatchdogDevice, WatchdogLastPingTimestamp,
2231 WatchdogLastPingTimestampMonotonic.
2233 * At shutdown, API virtual files systems (proc, sys, etc.) will be
2236 * At shutdown, systemd will now log about processes blocking unmounting
2239 * A new meson build option 'clock-valid-range-usec-max' was added to
2240 allow disabling system time correction if RTC returns a timestamp far
2243 * Propagated restart jobs will no longer be discarded while a unit is
2246 * PID 1 will now import system credentials from SMBIOS Type 11 fields
2247 ("OEM vendor strings"), in addition to qemu_fwcfg. This provides a
2248 simple, fast and generic path for supplying credentials to a VM,
2249 without involving external tools such as cloud-init/ignition.
2251 * The CPUWeight= setting of unit files now accepts a new special value
2252 "idle", which configures "idle" level scheduling for the unit.
2254 * Service processes that are activated due to a .timer or .path unit
2255 triggering will now receive information about this via environment
2256 variables. Note that this is information is lossy, as activation
2257 might be coalesced and only one of the activating triggers will be
2258 reported. This is hence more suited for debugging or tracing rather
2259 than for behaviour decisions.
2261 * The riscv_flush_icache(2) system call has been added to the list of
2262 system calls allowed by default when SystemCallFilter= is used.
2264 * The selinux context derived from the target executable, instead of
2265 'init_t' used for the manager itself, is now used when creating
2266 listening sockets for units that specify SELinuxContextFromNet=yes.
2268 Changes in sd-boot, bootctl, and the Boot Loader Specification:
2270 * The Boot Loader Specification has been cleaned up and clarified.
2271 Various corner cases in version string comparisons have been fixed
2272 (e.g. comparisons for empty strings). Boot counting is now part of
2273 the main specification.
2275 * New PCRs measurements are performed during boot: PCR 11 for the
2276 kernel+initrd combo, PCR 13 for any sysext images. If a measurement
2277 took place this is now reported to userspace via the new
2278 StubPcrKernelImage and StubPcrInitRDSysExts EFI variables.
2280 * As before, systemd-stub will measure kernel parameters and system
2281 credentials into PCR 12. It will now report this fact via the
2282 StubPcrKernelParameters EFI variable to userspace.
2284 * The UEFI monotonic boot counter is now included in the updated random
2285 seed file maintained by sd-boot, providing some additional entropy.
2287 * sd-stub will use LoadImage/StartImage to execute the kernel, instead
2288 of arranging the image manually and jumping to the kernel entry
2289 point. sd-stub also installs a temporary UEFI SecurityOverride to
2290 allow the (unsigned) nested image to be booted. This is safe because
2291 the outer (signed) stub+kernel binary must have been verified before
2292 the stub was executed.
2294 * Booting in EFI mixed mode (a 64-bit kernel over 32-bit UEFI firmware)
2295 is now supported by sd-boot.
2297 * bootctl gained a bunch of new options: --all-architectures to install
2298 binaries for all supported EFI architectures, --root= and --image=
2299 options to operate on a directory or disk image, and
2300 --install-source= to specify the source for binaries to install,
2301 --efi-boot-option-description= to control the name of the boot entry.
2303 * The sd-boot stub exports a StubFeatures flag, which is used by
2304 bootctl to show features supported by the stub that was used to boot.
2306 * The PE section offsets that are used by tools that assemble unified
2307 kernel images have historically been hard-coded. This may lead to
2308 overlapping PE sections which may break on boot. The UKI will now try
2309 to detect and warn about this.
2311 Any tools that assemble UKIs must update to calculate these offsets
2312 dynamically. Future sd-stub versions may use offsets that will not
2313 work with the currently used set of hard-coded offsets!
2315 * sd-stub now accepts (and passes to the initrd and then to the full
2316 OS) new PE sections '.pcrsig' and '.pcrkey' that can be used to embed
2317 signatures of expected PCR values, to allow sealing secrets via the
2318 TPM2 against pre-calculated PCR measurements.
2320 Changes in the hardware database:
2322 * 'systemd-hwdb query' now supports the --root= option.
2324 Changes in systemctl:
2326 * systemctl now supports --state= and --type= options for the 'show'
2329 * systemctl gained a new verb 'list-automounts' to list automount
2332 * systemctl gained support for a new --image= switch to be able to
2333 operate on the specified disk image (similar to the existing --root=
2334 which operates relative to some directory).
2336 Changes in systemd-networkd:
2338 * networkd can set Linux NetLabel labels for integration with the
2339 network control in security modules via a new NetLabel= option.
2341 * The RapidCommit= is (re-)introduced to enable faster configuration
2342 via DHCPv6 (RFC 3315).
2344 * networkd gained a new option TCPCongestionControlAlgorithm= that
2345 allows setting a per-route TCP algorithm.
2347 * networkd gained a new option KeepFileDescriptor= to allow keeping a
2348 reference (file descriptor) open on TUN/TAP interfaces, which is
2349 useful to avoid link flaps while the underlying service providing the
2350 interface is being serviced.
2352 * RouteTable= now also accepts route table names.
2354 Changes in systemd-nspawn:
2356 * The --bind= and --overlay= options now support relative paths.
2358 * The --bind= option now supports a 'rootidmap' value, which will
2359 use id-mapped mounts to map the root user inside the container to the
2360 owner of the mounted directory on the host.
2362 Changes in systemd-resolved:
2364 * systemd-resolved now persists DNSOverTLS in its state file too. This
2365 fixes a problem when used in combination with NetworkManager, which
2366 sends the setting only once, causing it to be lost if resolved was
2367 restarted at any point.
2369 * systemd-resolved now exposes a Varlink socket at
2370 /run/systemd/resolve/io.systemd.Resolve.Monitor, accessible only for
2371 root. Processed DNS requests in a JSON format will be published to
2372 any clients connected to this socket.
2374 resolvectl gained a 'monitor' verb to make use of this.
2376 * systemd-resolved now treats unsupported DNSSEC algorithms as INSECURE
2377 instead of returning SERVFAIL, as per RFC:
2378 https://datatracker.ietf.org/doc/html/rfc6840#section-5.2
2380 * OpenSSL is the default crypto backend for systemd-resolved. (gnutls
2381 is still supported.)
2383 Changes in libsystemd and other libraries:
2385 * libsystemd now exports sd_bus_error_setfv() (a convenience function
2386 for setting bus errors), sd_id128_string_equal (a convenience
2387 function for 128-bit ID string comparisons), and
2388 sd_bus_message_read_strv_extend() (a function to incrementally read
2391 * libsystemd now exports sd_device_get_child_first()/_next() as a
2392 high-level interface for enumerating child devices. It also supports
2393 sd_device_new_child() for opening a child device given a device
2396 * libsystemd now exports sd_device_monitor_set()/get_description()
2397 which allow setting a custom description that will be used in log
2398 messages by sd_device_monitor*.
2400 * Private shared libraries (libsystemd-shared-nnn.so,
2401 libsystemd-core-nnn.so) are now installed into arch-specific
2402 directories to allow multi-arch installs.
2404 * A new sd-gpt.h header is now published, listing GUIDs from the
2405 Discoverable Partitions specification. For more details see:
2406 https://systemd.io/DISCOVERABLE_PARTITIONS/
2408 * A new function sd_hwdb_new_from_path() has been added to open a hwdb
2409 database given an explicit path to the file.
2411 * The signal number argument to sd_event_add_signal() now can now be
2412 ORed with the SD_EVENT_SIGNAL_PROCMASK flag, causing sigprocmask() to
2413 be automatically invoked to block the specified signal. This is
2414 useful to simplify invocations as the caller doesn't have to do this
2417 * A new convenience call sd_event_set_signal_exit() has been added to
2418 sd-event to set up signal handling so that the event loop
2419 automatically terminates cleanly on SIGTERM/SIGINT.
2421 Changes in other components:
2423 * systemd-sysusers, systemd-tmpfiles, and systemd-sysctl configuration
2424 can now be provided via the credential mechanism.
2426 * systemd-analyze gained a new verb 'compare-versions' that implements
2427 comparisons for versions strings (similarly to 'rpmdev-vercmp' and
2428 'dpkg --compare-versions').
2430 * 'systemd-analyze dump' is extended to accept glob patterns for unit
2431 names to limit the output to matching units.
2433 * tmpfiles.d/ lines can read file contents to write from a credential.
2434 The new modifier char '^' is used to specify that the argument is a
2435 credential name. This mechanism is used to automatically populate
2436 /etc/motd, /etc/issue, and /etc/hosts from credentials.
2438 * tmpfiles.d/ may now be configured to avoid changing uid/gid/mode of
2439 an inode if the specification is prefixed with ':' and the inode
2442 * Default tmpfiles.d/ configuration now carries a line to automatically
2443 use an 'ssh.authorized_keys.root' credential if provided to set up
2444 the SSH authorized_keys file for the root user.
2446 * systemd-tmpfiles will now gracefully handle absent source of "C" copy
2449 * tmpfiles.d/ F/w lines now optionally permit encoding of the payload
2450 in base64. This is useful to write arbitrary binary data into files.
2452 * The pkgconfig and rpm macros files now export the directory for user
2453 units as 'user_tmpfiles_dir' and '%_user_tmpfilesdir'.
2455 * Detection of Apple Virtualization and detection of Parallels and
2456 KubeVirt virtualization on non-x86 archs have been added.
2458 * os-release gained a new field SUPPORT_END=YYYY-MM-DD to inform the
2459 user when their system will become unsupported.
2461 * When performing suspend-then-hibernate, the system will estimate the
2462 discharge rate and use that to set the delay until hibernation and
2463 hibernate immediately instead of suspending when running from a
2464 battery and the capacity is below 5%.
2466 * systemd-sysctl gained a --strict option to fail when a sysctl
2467 setting is unknown to the kernel.
2469 * machinectl supports --force for the 'copy-to' and 'copy-from'
2472 * coredumpctl gained the --root and --image options to look for journal
2473 files under the specified root directory, image, or block device.
2475 * 'journalctl -o' and similar commands now implement a new output mode
2476 "short-delta". It is similar to "short-monotonic", but also shows the
2477 time delta between subsequent messages.
2479 * journalctl now respects the --quiet flag when verifying consistency
2482 * Journal log messages gained a new implicit field _RUNTIME_SCOPE= that
2483 will indicate whether a message was logged in the 'initrd' phase or
2484 in the 'system' phase of the boot process.
2486 * Journal files gained a new compatibility flag
2487 'HEADER_INCOMPATIBLE_COMPACT'. Files with this flag implement changes
2488 to the storage format that allow reducing size on disk. As with other
2489 compatibility flags, older journalctl versions will not be able to
2490 read journal files using this new format. The environment variable
2491 'SYSTEMD_JOURNAL_COMPACT=0' can be passed to systemd-journald to
2492 disable this functionality. It is enabled by default.
2494 * systemd-run's --working-directory= switch now works when used in
2495 combination with --scope.
2497 * portablectl gained a --force flag to skip certain sanity checks. This
2498 is implemented using new flags accepted by systemd-portabled for the
2499 *WithExtensions() D-Bus methods: SD_SYSTEMD_PORTABLE_FORCE_ATTACH
2500 flag now means that the attach/detach checks whether the units are
2501 already present and running will be skipped. Similarly,
2502 SD_SYSTEMD_PORTABLE_FORCE_SYSEXT flag means that the check whether
2503 image name matches the name declared inside of the image will be
2504 skipped. Callers must be sure to do those checks themselves if
2507 * systemd-portabled will now use the original filename to check
2508 extension-release.NAME for correctness, in case it is passed a
2511 * systemd-portabled now uses PrivateTmp=yes in the 'trusted' profile
2514 * sysext's extension-release files now support '_any' as a special
2515 value for the ID= field, to allow distribution-independent extensions
2516 (e.g.: fully statically compiled binaries, scripts). It also gained
2517 support for a new ARCHITECTURE= field that may be used to explicitly
2518 restrict an image to hosts of a specific architecture.
2520 * systemd-repart now supports creating squashfs partitions. This
2521 requires mksquashfs from squashfs-tools.
2523 * systemd-repart gained a --split flag to also generate split
2524 artifacts, i.e. a separate file for each partition. This is useful in
2525 conjunction with systemd-sysupdate or other tools, or to generate
2526 split dm-verity artifacts.
2528 * systemd-repart is now able to generate dm-verity partitions, including
2531 * systemd-repart can now set a partition UUID to zero, allowing it to
2532 be filled in later, such as when using verity partitions.
2534 * systemd-repart now supports drop-ins for its configuration files.
2536 * Package metadata logged by systemd-coredump in the system journal is
2539 * xdg-autostart-service now expands 'tilde' characters in Exec lines.
2541 * systemd-oomd now automatically links against libatomic, if available.
2543 * systemd-oomd now sends out a 'Killed' D-Bus signal when a cgroup is
2546 * scope units now also provide oom-kill status.
2548 * systemd-pstore will now try to load only the efi_pstore kernel module
2549 before running, ensuring that pstore can be used.
2551 * systemd-logind gained a new StopIdleSessionSec= option to stop an idle
2552 session after a preconfigure timeout.
2554 * systemd-homed will now wait up to 30 seconds for workers to terminate,
2555 rather than indefinitely.
2557 * homectl gained a new '--luks-sector-size=' flag that allows users to
2558 select the preferred LUKS sector size. Must be a power of 2 between 512
2559 and 4096. systemd-userdbd records gained a corresponding field.
2561 * systemd-sysusers will now respect the 'SOURCE_DATE_EPOCH' environment
2562 variable when generating the 'sp_lstchg' field, to ensure an image
2563 build can be reproducible.
2565 * 'udevadm wait' will now listen to kernel uevents too when called with
2568 * When naming network devices udev will now consult the Devicetree
2569 "alias" fields for the device.
2571 * systemd-udev will now create infiniband/by-path and
2572 infiniband/by-ibdev links for Infiniband verbs devices.
2574 * systemd-udev-trigger.service will now also prioritize input devices.
2576 * ConditionACPower= and systemd-ac-power will now assume the system is
2577 running on AC power if no battery can be found.
2579 * All features and tools using the TPM2 will now communicate with it
2580 using a bind key. Beforehand, the tpm2 support used encrypted sessions
2581 by creating a primary key that was used to encrypt traffic. This
2582 creates a problem as the key created for encrypting the traffic could
2583 be faked by an active interposer on the bus. In cases when a pin is
2584 used, a bind key will be used. The pin is used as the auth value for
2585 the seal key, aka the disk encryption key, and that auth value will be
2586 used in the session establishment. An attacker would need the pin
2587 value to create the secure session and thus an active interposer
2588 without the pin cannot interpose on TPM2 traffic.
2590 * systemd-growfs no longer requires udev to run.
2592 * systemd-backlight now will better support systems with multiple
2595 * systemd-cryptsetup's keyfile-timeout= option now also works when a
2596 device is used as a keyfile.
2598 * systemd-cryptenroll gained a new --unlock-key-file= option to get the
2599 unlocking key from a key file (instead of prompting the user). Note
2600 that this is the key for unlocking the volume in order to be able to
2601 enroll a new key, but it is not the key that is enrolled.
2603 * systemd-dissect gained a new --umount switch that will safely and
2604 synchronously unmount all partitions of an image previously mounted
2605 with 'systemd-dissect --mount'.
2607 * When using gcrypt, all systemd tools and services will now configure
2608 it to prefer the OS random number generator if present.
2610 * All example code shipped with documentation has been relicensed from CC0
2613 * Unit tests will no longer fail when running on a system without
2616 Experimental features:
2618 * BPF programs can now be compiled with bpf-gcc (requires libbpf >= 1.0
2619 and bpftool >= 7.0).
2621 * sd-boot can automatically enroll SecureBoot keys from files found on
2622 the ESP. This enrollment can be either automatic ('force' mode) or
2623 controlled by the user ('manual' mode). It is sufficient to place the
2624 SecureBoot keys in the right place in the ESP and they will be picked
2625 up by sd-boot and shown in the boot menu.
2627 * The mkosi config in systemd gained support for automatically
2628 compiling a kernel with the configuration appropriate for testing
2629 systemd. This may be useful when developing or testing systemd in
2630 tandem with the kernel.
2632 Contributions from: 김인수, Adam Williamson, adrian5, Aidan Dang,
2633 Akihiko Odaki, Alban Bedel, Albert Mikaelyan, Aleksey Vasenev,
2634 Alexander Graf, Alexander Shopov, Alexander Wilson,
2635 Alper Nebi Yasak, anarcat, Anders Jonsson, Andre Kalb,
2636 Andrew Stone, Andrey Albershteyn, Anita Zhang, Ansgar Burchardt,
2637 Antonio Alvarez Feijoo, Arnaud Ferraris, Aryan singh, asavah,
2638 Avamander, Avram Lubkin, Balázs Meskó, Bastien Nocera,
2639 Benjamin Franzke, BerndAdameit, bin456789, Celeste Liu,
2640 Chih-Hsuan Yen, Christian Brauner, Christian Göttsche,
2641 Christian Hesse, Clyde Byrd III, codefiles, Colin Walters,
2642 Cristian Rodríguez, Daan De Meyer, Daniel Braunwarth,
2643 Daniel Rusek, Dan Streetman, Darsey Litzenberger, David Edmundson,
2644 David Jaša, David Rheinsberg, David Seifert, David Tardon,
2645 dependabot[bot], Devendra Tewari, Dominique Martinet, drosdeck,
2646 Edson Juliano Drosdeck, Eduard Tolosa, eggfly, Einsler Lee,
2647 Elias Probst, Eli Schwartz, Evgeny Vereshchagin, exploide, Fei Li,
2648 Foster Snowhill, Franck Bui, Frank Dana, Frantisek Sumsal,
2649 Gerd Hoffmann, Gio, Goffredo Baroncelli, gtwang01,
2650 Guillaume W. Bres, H A, Hans de Goede, Heinrich Schuchardt,
2651 Hugo Carvalho, i-do-cpp, igo95862, j00512545, Jacek Migacz,
2652 Jade Bilkey, James Hilliard, Jan B, Janis Goldschmidt,
2653 Jan Janssen, Jan Kuparinen, Jan Luebbe, Jan Macku,
2654 Jason A. Donenfeld, Javkhlanbayar Khongorzul, Jeremy Soller,
2655 JeroenHD, jiangchuangang, João Loureiro,
2656 Joaquín Ignacio Aramendía, Jochen Sprickerhof,
2657 Johannes Schauer Marin Rodrigues, Jonas Kümmerlin,
2658 Jonas Witschel, Jonathan Kang, Jonathan Lebon, Joost Heitbrink,
2659 Jörg Thalheim, josh-gordon-fb, Joyce, Kai Lueke, lastkrick,
2660 Lennart Poettering, Leon M. George, licunlong, Li kunyu,
2661 LockBlock-dev, Loïc Collignon, Lubomir Rintel, Luca Boccassi,
2662 Luca BRUNO, Ludwig Nussel, Łukasz Stelmach, Maccraft123,
2663 Marc Kleine-Budde, Marius Vollmer, Martin Wilck, matoro,
2664 Matthias Lisin, Max Gautier, Maxim Mikityanskiy, Michael Biebl,
2665 Michal Koutný, Michal Sekletár, Michal Stanke, Mike Gilbert,
2666 Mitchell Freiderich, msizanoen1, Nick Rosbrook, nl6720, Oğuz Ersen,
2667 Oleg Solovyov, Olga Smirnova, Pablo Ceballos, Pavel Zhukov,
2668 Phaedrus Leeds, Philipp Gortan, Piotr Drąg, Pyfisch,
2669 Quentin Deslandes, Rahil Bhimjiani, Rene Hollander, Richard Huang,
2670 Richard Phibel, Rudi Heitbaum, Sam James, Sarah Brofeldt,
2671 Sean Anderson, Sebastian Scheibner, Shreenidhi Shedi,
2672 Sonali Srivastava, Steve Ramage, Suraj Krishnan, Swapnil Devesh,
2673 Takashi Sakamoto, Ted X. Toth, Temuri Doghonadze, Thomas Blume,
2674 Thomas Haller, Thomas Hebb, Tomáš Hnyk, Tomasz Paweł Gajc,
2675 Topi Miettinen, Ulrich Ölmann, undef, Uriel Corfa,
2676 Victor Westerhuis, Vincent Dagonneau, Vishal Chillara Srinivas,
2677 Vito Caputo, Weblate, Wenchao Hao, William Roberts, williamsumendap,
2678 wineway, xiaoyang, Yuri Chornoivan, Yu Watanabe,
2679 Zbigniew Jędrzejewski-Szmek, Zhaofeng Li, наб
2681 – The Great Beyond, 2022-10-31 👻
2685 Backwards-incompatible changes:
2687 * The minimum kernel version required has been bumped from 3.13 to 4.15,
2688 and CLOCK_BOOTTIME is now assumed to always exist.
2690 * C11 with GNU extensions (aka "gnu11") is now used to build our
2691 components. Public API headers are still restricted to ISO C89.
2693 * In v250, a systemd-networkd feature that automatically configures
2694 routes to addresses specified in AllowedIPs= was added and enabled by
2695 default. However, this causes network connectivity issues in many
2696 existing setups. Hence, it has been disabled by default since
2697 systemd-stable 250.3. The feature can still be used by explicitly
2698 configuring RouteTable= setting in .netdev files.
2700 * Jobs started via StartUnitWithFlags() will no longer return 'skipped'
2701 when a Condition*= check does not succeed, restoring the JobRemoved
2702 signal to the behaviour it had before v250.
2704 * The org.freedesktop.portable1 methods GetMetadataWithExtensions() and
2705 GetImageMetadataWithExtensions() have been fixed to provide an extra
2706 return parameter, containing the actual extension release metadata.
2707 The current implementation was judged to be broken and unusable, and
2708 thus the usual procedure of adding a new set of methods was skipped,
2709 and backward compatibility broken instead on the assumption that
2710 nobody can be affected given the current state of this interface.
2712 * All kernels supported by systemd mix bytes returned by RDRAND (or
2713 similar) into the entropy pool at early boot. This means that on
2714 those systems, even if /dev/urandom is not yet initialized, it still
2715 returns bytes that are of at least RDRAND quality. For that reason,
2716 we no longer have reason to invoke RDRAND from systemd itself, which
2717 has historically been a source of bugs. Furthermore, kernels ≥5.6
2718 provide the getrandom(GRND_INSECURE) interface for returning random
2719 bytes before the entropy pool is initialized without warning into
2720 kmsg, which is what we attempt to use if available. systemd's direct
2721 usage of RDRAND has been removed. x86 systems ≥Broadwell that are
2722 running an older kernel may experience kmsg warnings that were not
2723 seen with 250. For newer kernels, non-x86 systems, or older x86
2724 systems, there should be no visible changes.
2726 * sd-boot will now measure the kernel command line into TPM PCR 12
2727 rather than PCR 8. This improves usefulness of the measurements on
2728 systems where sd-boot is chainloaded from Grub. Grub measures all
2729 commands its executes into PCR 8, which makes it very hard to use
2730 reasonably, hence separate ourselves from that and use PCR 12
2731 instead, which is what certain Ubuntu editions already do. To retain
2732 compatibility with systems running older systemd systems a new meson
2733 option 'efi-tpm-pcr-compat' has been added (which defaults to false).
2734 If enabled, the measurement is done twice: into the new-style PCR 12
2735 *and* the old-style PCR 8. It's strongly advised to migrate all users
2736 to PCR 12 for this purpose in the long run, as we intend to remove
2737 this compatibility feature in two years' time.
2739 * busctl capture now writes output in the newer pcapng format instead
2742 * A udev rule that imported hwdb matches for USB devices with lowercase
2743 hexadecimal vendor/product ID digits was added in systemd 250. This
2744 has been reverted, since uppercase hexadecimal digits are supposed to
2745 be used, and we already had a rule with the appropriate match.
2747 Users might need to adjust their local hwdb entries.
2749 * arch_prctl(2) has been moved to the @default set in the syscall filters
2750 (as exposed via the SystemCallFilter= setting in service unit files).
2751 It is apparently used by the linker now.
2753 * The tmpfiles entries that create the /run/systemd/netif directory and
2754 its subdirectories were moved from tmpfiles.d/systemd.conf to
2755 tmpfiles.d/systemd-network.conf.
2757 Users might need to adjust their files that override tmpfiles.d/systemd.conf
2758 to account for this change.
2760 * The requirement for Portable Services images to contain a well-formed
2761 os-release file (i.e.: contain at least an ID field) is now enforced.
2762 This applies to base images and extensions, and also to systemd-sysext.
2764 Changes in the Boot Loader Specification, kernel-install and sd-boot:
2766 * kernel-install's and bootctl's Boot Loader Specification Type #1
2767 entry generation logic has been reworked. The user may now pick
2768 explicitly by which "token" string to name the installation's boot
2769 entries, via the new /etc/kernel/entry-token file or the new
2770 --entry-token= switch to bootctl. By default — as before — the
2771 entries are named after the local machine ID. However, in "golden
2772 image" environments, where the machine ID shall be initialized on
2773 first boot (as opposed to at installation time before first boot) the
2774 machine ID will not be available at build time. In this case the
2775 --entry-token= switch to bootctl (or the /etc/kernel/entry-token
2776 file) may be used to override the "token" for the entries, for
2777 example the IMAGE_ID= or ID= fields from /etc/os-release. This will
2778 make the OS images independent of any machine ID, and ensure that the
2779 images will not carry any identifiable information before first boot,
2780 but on the other hand means that multiple parallel installations of
2781 the very same image on the same disk cannot be supported.
2783 Summary: if you are building golden images that shall acquire
2784 identity information exclusively on first boot, make sure to both
2785 remove /etc/machine-id *and* to write /etc/kernel/entry-token to the
2786 value of the IMAGE_ID= or ID= field of /etc/os-release or another
2787 suitable identifier before deploying the image.
2789 * The Boot Loader Specification has been extended with
2790 /loader/entries.srel file located in the EFI System Partition (ESP)
2791 that disambiguates the format of the entries in the /loader/entries/
2792 directory (in order to discern them from incompatible uses of this
2793 directory by other projects). For entries that follow the
2794 Specification, the string "type1" is stored in this file.
2796 bootctl will now write this file automatically when installing the
2797 systemd-boot boot loader.
2799 * kernel-install supports a new initrd_generator= setting in
2800 /etc/kernel/install.conf, that is exported as
2801 $KERNEL_INSTALL_INITRD_GENERATOR to kernel-install plugins. This
2802 allows choosing different initrd generators.
2804 * kernel-install will now create a "staging area" (an initially-empty
2805 directory to gather files for a Boot Loader Specification Type #1
2806 entry). The path to this directory is exported as
2807 $KERNEL_INSTALL_STAGING_AREA to kernel-install plugins, which should
2808 drop files there instead of writing them directly to the final
2809 location. kernel-install will move them when all files have been
2810 prepared successfully.
2812 * New option sort-key= has been added to the Boot Loader Specification
2813 to override the sorting order of the entries in the boot menu. It is
2814 read by sd-boot and bootctl, and will be written by kernel-install,
2815 with the default value of IMAGE_ID= or ID= fields from
2816 os-release. Together, this means that on multiboot installations,
2817 entries should be grouped and sorted in a predictable way.
2819 * The sort order of boot entries has been updated: entries which have
2820 the new field sort-key= are sorted by it first, and all entries
2821 without it are ordered later. After that, entries are sorted by
2822 version so that newest entries are towards the beginning of the list.
2824 * The kernel-install tool gained a new 'inspect' verb which shows the
2825 paths and other settings used.
2827 * sd-boot can now optionally beep when the menu is shown and menu
2828 entries are selected, which can be useful on machines without a
2829 working display. (Controllable via a loader.conf setting.)
2831 * The --make-machine-id-directory= switch to bootctl has been replaced
2832 by --make-entry-directory=, given that the entry directory is not
2833 necessarily named after the machine ID, but after some other suitable
2834 ID as selected via --entry-token= described above. The old name of
2835 the option is still understood to maximize compatibility.
2837 * 'bootctl list' gained support for a new --json= switch to output boot
2838 menu entries in JSON format.
2840 * 'bootctl is-installed' now supports the --graceful, and various verbs
2841 omit output with the new option --quiet.
2843 Changes in systemd-homed:
2845 * Starting with v250 systemd-homed uses UID/GID mapping on the mounts
2846 of activated home directories it manages (if the kernel and selected
2847 file systems support it). So far it mapped three UID ranges: the
2848 range from 0…60000, the user's own UID, and the range 60514…65534,
2849 leaving everything else unmapped (in other words, the 16-bit UID range
2850 is mapped almost fully, with the exception of the UID subrange used
2851 for systemd-homed users, with one exception: the user's own UID).
2852 Unmapped UIDs may not be used for file ownership in the home
2853 directory — any chown() attempts with them will fail. With this
2854 release a fourth range is added to these mappings:
2855 524288…1879048191. This range is the UID range intended for container
2858 https://systemd.io/UIDS-GIDS
2860 This range may be used for container managers that place container OS
2861 trees in the home directory (which is a questionable approach, for
2862 quota, permission, SUID handling and network file system
2863 compatibility reasons, but nonetheless apparently commonplace). Note
2864 that this mapping is mapped 1:1 in a pass-through fashion, i.e. the
2865 UID assignments from the range are not managed or mapped by
2866 `systemd-homed`, and must be managed with other mechanisms, in the
2867 context of the local system.
2869 Typically, a better approach to user namespacing in relevant
2870 container managers would be to leave container OS trees on disk at
2871 UID offset 0, but then map them to a dynamically allocated runtime
2872 UID range via another UID mount map at container invocation
2873 time. That way user namespace UID ranges become strictly a runtime
2874 concept, and do not leak into persistent file systems, persistent
2875 user databases or persistent configuration, thus greatly simplifying
2876 handling, and improving compatibility with home directories intended
2877 to be portable like the ones managed by systemd-homed.
2879 Changes in shared libraries:
2881 * A new libsystemd-core-<version>.so private shared library is
2882 installed under /usr/lib/systemd/system, mirroring the existing
2883 libsystemd-shared-<version>.so library. This allows the total
2884 installation size to be reduced by binary code reuse.
2886 * The <version> tag used in the name of libsystemd-shared.so and
2887 libsystemd-core.so can be configured via the meson option
2888 'shared-lib-tag'. Distributions may build subsequent versions of the
2889 systemd package with unique tags (e.g. the full package version),
2890 thus allowing multiple installations of those shared libraries to be
2891 available at the same time. This is intended to fix an issue where
2892 programs that link to those libraries would fail to execute because
2893 they were installed earlier or later than the appropriate version of
2896 * The sd-id128 API gained a new call sd_id128_to_uuid_string() that is
2897 similar to sd_id128_to_string() but formats the ID in RFC 4122 UUID
2898 format instead of as a simple series of hex characters.
2900 * The sd-device API gained two new calls sd_device_new_from_devname()
2901 and sd_device_new_from_path() which permit allocating an sd_device
2902 object from a device node name or file system path.
2904 * sd-device also gained a new call sd_device_open() which will open the
2905 device node associated with a device for which an sd_device object
2906 has been allocated. The call is supposed to address races around
2907 device nodes being removed/recycled due to hotplug events, or media
2908 change events: the call checks internally whether the major/minor of
2909 the device node and the "diskseq" (in case of block devices) match
2910 with the metadata loaded in the sd_device object, thus ensuring that
2911 the device once opened really matches the provided sd_device object.
2913 Changes in PID1, systemctl, and systemd-oomd:
2915 * A new set of service monitor environment variables will be passed to
2916 OnFailure=/OnSuccess= handlers, but only if exactly one unit lists the
2917 handler unit as OnFailure=/OnSuccess=. The variables are:
2918 $MONITOR_SERVICE_RESULT, $MONITOR_EXIT_CODE, $MONITOR_EXIT_STATUS,
2919 $MONITOR_INVOCATION_ID and $MONITOR_UNIT. For cases when a single
2920 handler needs to watch multiple units, use a templated handler.
2922 * A new ExtensionDirectories= setting in service unit files allows
2923 system extensions to be loaded from a directory. (It is similar to
2924 ExtensionImages=, but takes paths to directories, instead of
2927 'portablectl attach --extension=' now also accepts directory paths.
2929 * The user.delegate and user.invocation_id extended attributes on
2930 cgroups are used in addition to trusted.delegate and
2931 trusted.invocation_id. The latter pair requires privileges to set,
2932 but the former doesn't and can be also set by the unprivileged user
2935 (Only supported on kernels ≥5.6.)
2937 * Units that were killed by systemd-oomd will now have a service result
2938 of 'oom-kill'. The number of times a service was killed is tallied
2939 in the 'user.oomd_ooms' extended attribute.
2941 The OOMPolicy= unit file setting is now also honoured by
2944 * In unit files the new %y/%Y specifiers can be used to refer to
2945 normalized unit file path, which is particularly useful for symlinked
2948 The new %q specifier resolves to the pretty hostname
2949 (i.e. PRETTY_HOSTNAME= from /etc/machine-info).
2951 The new %d specifier resolves to the credentials directory of a
2952 service (same as $CREDENTIALS_DIRECTORY).
2954 * The RootDirectory=, MountAPIVFS=, ExtensionDirectories=,
2955 *Capabilities*=, ProtectHome=, *Directory=, TemporaryFileSystem=,
2956 PrivateTmp=, PrivateDevices=, PrivateNetwork=, NetworkNamespacePath=,
2957 PrivateIPC=, IPCNamespacePath=, PrivateUsers=, ProtectClock=,
2958 ProtectKernelTunables=, ProtectKernelModules=, ProtectKernelLogs=,
2959 MountFlags= service settings now also work in unprivileged user
2960 services, i.e. those run by the user's --user service manager, as long
2961 as user namespaces are enabled on the system.
2963 * Services with Restart=always and a failing ExecCondition= will no
2964 longer be restarted, to bring ExecCondition= behaviour in line with
2965 Condition*= settings.
2967 * LoadCredential= now accepts a directory as the argument; all files
2968 from the directory will be loaded as credentials.
2970 * A new D-Bus property ControlGroupId is now exposed on service units,
2971 that encapsulates the service's numeric cgroup ID that newer kernels
2972 assign to each cgroup.
2974 * PID 1 gained support for configuring the "pre-timeout" of watchdog
2975 devices and the associated governor, via the new
2976 RuntimeWatchdogPreSec= and RuntimeWatchdogPreGovernor= configuration
2977 options in /etc/systemd/system.conf.
2979 * systemctl's --timestamp= option gained a new choice "unix", to show
2980 timestamp as unix times, i.e. seconds since 1970, Jan 1st.
2982 * A new "taint" flag named "old-kernel" is introduced which is set when
2983 the kernel systemd runs on is older then the current baseline version
2984 (see above). The flag is shown in "systemctl status" output.
2986 * Two additional taint flags "short-uid-range" and "short-gid-range"
2987 have been added as well, which are set when systemd notices it is run
2988 within a userns namespace that does not define the full 0…65535 UID
2991 * A new "unmerged-usr" taint flag has been added that is set whenever
2992 running on systems where /bin/ + /sbin/ are *not* symlinks to their
2993 counterparts in /usr/, i.e. on systems where the /usr/-merge has not
2996 * Generators invoked by PID 1 will now have a couple of useful
2997 environment variables set describing the execution context a
2998 bit. $SYSTEMD_SCOPE encodes whether the generator is called from the
2999 system service manager, or from the per-user service
3000 manager. $SYSTEMD_IN_INITRD encodes whether the generator is invoked
3001 in initrd context or on the host. $SYSTEMD_FIRST_BOOT encodes whether
3002 systemd considers the current boot to be a "first"
3003 boot. $SYSTEMD_VIRTUALIZATION encode whether virtualization is
3004 detected and which type of hypervisor/container
3005 manager. $SYSTEMD_ARCHITECTURE indicates which architecture the
3006 kernel is built for.
3008 * PID 1 will now automatically pick up system credentials from qemu's
3009 fw_cfg interface, thus allowing passing arbitrary data into VM
3010 systems similar to how this is already supported for passing them
3011 into `systemd-nspawn` containers. Credentials may now also be passed
3012 in via the new kernel command line option `systemd.set_credential=`
3013 (note that kernel command line options are world-readable during
3014 runtime, and only useful for credentials that require no
3015 confidentiality). The credentials that can be passed to unified
3016 kernels that use the `systemd-stub` UEFI stub are now similarly
3017 picked up automatically. Automatic importing of system credentials
3018 this way can be turned off via the new
3019 `systemd.import_credentials=no` kernel command line option.
3021 * LoadCredential= will now automatically look for credentials in the
3022 /etc/credstore/, /run/credstore/, /usr/lib/credstore/ directories if
3023 the argument is not an absolute path. Similarly,
3024 LoadCredentialEncrypted= will check the same directories plus
3025 /etc/credstore.encrypted/, /run/credstore.encrypted/ and
3026 /usr/lib/credstore.encrypted/. The idea is to use those directories
3027 as the system-wide location for credentials that services should pick
3030 * System and service credentials are described in great detail in a new
3033 https://systemd.io/CREDENTIALS
3035 Changes in systemd-journald:
3037 * The journal JSON export format has been added to listed of stable
3038 interfaces (https://systemd.io/PORTABILITY_AND_STABILITY/).
3040 * journalctl --list-boots now supports JSON output and the --reverse option.
3042 * Under docs/: JOURNAL_EXPORT_FORMATS was imported from the wiki and
3043 updated, BUILDING_IMAGES is new:
3045 https://systemd.io/JOURNAL_EXPORT_FORMATS
3046 https://systemd.io/BUILDING_IMAGES
3050 * Two new hwdb files have been added. One lists "handhelds" (PDAs,
3051 calculators, etc.), the other AV production devices (DJ tables,
3052 keypads, etc.) that should accessible to the seat owner user by
3055 * udevadm trigger gained a new --prioritized-subsystem= option to
3056 process certain subsystems (and all their parent devices) earlier.
3058 systemd-udev-trigger.service now uses this new option to trigger
3059 block and TPM devices first, hopefully making the boot a bit faster.
3061 * udevadm trigger now implements --type=all, --initialized-match,
3062 --initialized-nomatch to trigger both subsystems and devices, only
3063 already-initialized devices, and only devices which haven't been
3064 initialized yet, respectively.
3066 * udevadm gained a new "wait" command for safely waiting for a specific
3067 device to show up in the udev device database. This is useful in
3068 scripts that asynchronously allocate a block device (e.g. through
3069 repartitioning, or allocating a loopback device or similar) and need
3070 to synchronize on the creation to complete.
3072 * udevadm gained a new "lock" command for locking one or more block
3073 devices while formatting it or writing a partition table to it. It is
3074 an implementation of https://systemd.io/BLOCK_DEVICE_LOCKING and
3075 usable in scripts dealing with block devices.
3077 * udevadm info will show a couple of additional device fields in its
3078 output, and will not apply a limited set of coloring to line types.
3080 * udevadm info --tree will now show a tree of objects (i.e. devices and
3081 suchlike) in the /sys/ hierarchy.
3083 * Block devices will now get a new set of device symlinks in
3084 /dev/disk/by-diskseq/<nr>, which may be used to reference block
3085 device nodes via the kernel's "diskseq" value. Note that this does
3086 not guarantee that opening a device by a symlink like this will
3087 guarantee that the opened device actually matches the specified
3088 diskseq value. To be safe against races, the actual diskseq value of
3089 the opened device (BLKGETDISKSEQ ioctl()) must still be compred with
3090 the one in the symlink path.
3092 * .link files gained support for setting MDI/MID-X on a link.
3094 * .link files gained support for [Match] Firmware= setting to match on
3095 the device firmware description string. By mistake, it was previously
3096 only supported in .network files.
3098 * .link files gained support for [Link] SR-IOVVirtualFunctions= setting
3099 and [SR-IOV] section to configure SR-IOV virtual functions.
3101 Changes in systemd-networkd:
3103 * The default scope for unicast routes configured through [Route]
3104 section is changed to "link", to make the behavior consistent with
3105 "ip route" command. The manual configuration of [Route] Scope= is
3108 * A new unit systemd-networkd-wait-online@<interface>.service has been
3109 added that can be used to wait for a specific network interface to be
3112 * systemd-networkd gained a new [Bridge] Isolated=true|false setting
3113 that configures the eponymous kernel attribute on the bridge.
3115 * .netdev files now can be used to create virtual WLAN devices, and
3116 configure various settings on them, via the [WLAN] section.
3118 * .link/.network files gained support for [Match] Kind= setting to match
3119 on device kind ("bond", "bridge", "gre", "tun", "veth", etc.)
3121 This value is also shown by 'networkctl status'.
3123 * The Local= setting in .netdev files for various virtual network
3124 devices gained support for specifying, in addition to the network
3125 address, the name of a local interface which must have the specified
3128 * systemd-networkd gained a new [Tunnel] External= setting in .netdev
3129 files, to configure tunnels in external mode (a.k.a. collect metadata
3132 * [Network] L2TP= setting was removed. Please use interface specifier in
3133 Local= setting in .netdev files of corresponding L2TP interface.
3135 * New [DHCPServer] BootServerName=, BootServerAddress=, and
3136 BootFilename= settings can be used to configure the server address,
3137 server name, and file name sent in the DHCP packet (e.g. to configure
3140 Changes in systemd-resolved:
3142 * systemd-resolved is started earlier (in sysinit.target), so it
3143 available earlier and will also be started in the initrd if installed
3146 Changes in disk encryption:
3148 * systemd-cryptenroll can now control whether to require the user to
3149 enter a PIN when using TPM-based unlocking of a volume via the new
3150 --tpm2-with-pin= option.
3152 Option tpm2-pin= can be used in /etc/crypttab.
3154 * When unlocking devices via TPM, TPM2 parameter encryption is now
3155 used, to ensure that communication between CPU and discrete TPM chips
3156 cannot be eavesdropped to acquire disk encryption keys.
3158 * A new switch --fido2-credential-algorithm= has been added to
3159 systemd-cryptenroll allowing selection of the credential algorithm to
3160 use when binding encryption to FIDO2 tokens.
3162 Changes in systemd-hostnamed:
3164 * HARDWARE_VENDOR= and HARDWARE_MODEL= can be set in /etc/machine-info
3165 to override the values gleaned from the hwdb.
3167 * A ID_CHASSIS property can be set in the hwdb (for the DMI device
3168 /sys/class/dmi/id) to override the chassis that is reported by
3171 * hostnamed's D-Bus interface gained a new method GetHardwareSerial()
3172 for reading the hardware serial number, as reportd by DMI. It also
3173 exposes a new method D-Bus property FirmwareVersion that encode the
3174 firmware version of the system.
3176 Changes in other components:
3178 * /etc/locale.conf is now populated through tmpfiles.d factory /etc/
3179 handling with the values that were configured during systemd build
3180 (if /etc/locale.conf has not been created through some other
3181 mechanism). This means that /etc/locale.conf should always have
3182 reasonable contents and we avoid a potential mismatch in defaults.
3184 * The userdbctl tool will now show UID range information as part of the
3185 list of known users.
3187 * A new build-time configuration setting default-user-shell= can be
3188 used to set the default shell for user records and nspawn shell
3189 invocations (instead of the default /bin/bash).
3191 * systemd-timesyncd now provides a D-Bus API for receiving NTP server
3192 information dynamically at runtime via IPC.
3194 * The systemd-creds tool gained a new "has-tpm2" verb, which reports
3195 whether a functioning TPM2 infrastructure is available, i.e. if
3196 firmware, kernel driver and systemd all have TPM2 support enabled and
3199 * The systemd-creds tool gained support for generating encrypted
3200 credentials that are using an empty encryption key. While this
3201 provides no integrity nor confidentiality it's useful to implement
3202 codeflows that work the same on TPM-ful and TPM2-less systems. The
3203 service manager will only accept credentials "encrypted" that way if
3204 a TPM2 device cannot be detected, to ensure that credentials
3205 "encrypted" like that cannot be used to trick TPM2 systems.
3207 * When deciding whether to colorize output, all systemd programs now
3208 also check $COLORTERM (in addition to $NO_COLOR, $SYSTEMD_COLORS, and
3211 * Meson's new install_tag feature is now in use for several components,
3212 allowing to build and install select binaries only: pam, nss, devel
3213 (pkg-config files), systemd-boot, libsystemd, libudev. Example:
3214 $ meson build systemd-boot
3215 $ meson install --tags systemd-boot --no-rebuild
3216 https://mesonbuild.com/Installing.html#installation-tags
3218 * A new build configuration option has been added, to allow selecting the
3219 default compression algorithm used by systemd-journald and systemd-coredump.
3220 This allows to build-in support for decompressing all supported formats,
3221 but choose a specific one for compression. E.g.:
3222 $ meson -Ddefault-compression=xz
3224 Experimental features:
3226 * sd-boot gained a new *experimental* setting "reboot-for-bitlocker" in
3227 loader.conf that implements booting Microsoft Windows from the
3228 sd-boot in a way that first reboots the system, to reset the TPM
3229 PCRs. This improves compatibility with BitLocker's TPM use, as the
3230 PCRs will only record the Windows boot process, and not sd-boot
3231 itself, thus retaining the PCR measurements not involving sd-boot.
3232 Note that this feature is experimental for now, and is likely going
3233 to be generalized and renamed in a future release, without retaining
3234 compatibility with the current implementation.
3236 * A new systemd-sysupdate component has been added that automatically
3237 discovers, downloads, and installs A/B-style updates for the host
3238 installation itself, or container images, portable service images,
3239 and other assets. See the new systemd-sysupdate man page for updates.
3241 Contributions from: 4piu, Adam Williamson, adrian5, Albert Brox,
3242 AlexCatze, Alex Henrie, Alfonso Sánchez-Beato, Alice S,
3243 Alvin Šipraga, amarjargal, Amarjargal, Andrea Pappacoda,
3244 Andreas Rammhold, Andy Chi, Anita Zhang, Antonio Alvarez Feijoo,
3245 Arfrever Frehtes Taifersar Arahesis, ash, Bastien Nocera, Be,
3246 bearhoney, Ben Efros, Benjamin Berg, Benjamin Franzke,
3247 Brett Holman, Christian Brauner, Clyde Byrd III, Curtis Klein,
3248 Daan De Meyer, Daniele Medri, Daniel Mack, Danilo Krummrich,
3249 David, David Bond, Davide Cavalca, David Tardon, davijosw,
3250 dependabot[bot], Donald Chan, Dorian Clay, Eduard Tolosa,
3251 Elias Probst, Eli Schwartz, Erik Sjölund, Evgeny Vereshchagin,
3252 Federico Ceratto, Franck Bui, Frantisek Sumsal, Gaël PORTAY,
3253 Georges Basile Stavracas Neto, Gibeom Gwon, Goffredo Baroncelli,
3254 Grigori Goronzy, Hans de Goede, Heiko Becker, Hugo Carvalho,
3255 Jakob Lell, James Hilliard, Jan Janssen, Jason A. Donenfeld,
3256 Joan Bruguera, Joerie de Gram, Josh Triplett, Julia Kartseva,
3257 Kazuo Moriwaka, Khem Raj, ksa678491784, Lance, Lan Tian,
3258 Laura Barcziova, Lennart Poettering, Leviticoh, licunlong,
3259 Lidong Zhong, lincoln auster, Lubomir Rintel, Luca Boccassi,
3260 Luca BRUNO, lucagoc, Ludwig Nussel, Marcel Hellwig, march1993,
3261 Marco Scardovi, Mario Limonciello, Mariusz Tkaczyk,
3262 Markus Weippert, Martin, Martin Liska, Martin Wilck, Matija Skala,
3263 Matthew Blythe, Matthias Lisin, Matthijs van Duin, Matt Walton,
3264 Max Gautier, Michael Biebl, Michael Olbrich, Michal Koutný,
3265 Michal Sekletár, Mike Gilbert, MkfsSion, Morten Linderud,
3266 Nick Rosbrook, Nikolai Grigoriev, Nikolai Kostrigin,
3267 Nishal Kulkarni, Noel Kuntze, Pablo Ceballos, Peter Hutterer,
3268 Peter Morrow, Pigmy-penguin, Piotr Drąg, prumian, Richard Neill,
3269 Rike-Benjamin Schuppner, rodin-ia, Romain Naour, Ruben Kerkhof,
3270 Ryan Hendrickson, Santa Wiryaman, Sebastian Pucilowski, Seth Falco,
3271 Simon Ellmann, Sonali Srivastava, Stefan Seering,
3272 Stephen Hemminger, tawefogo, techtino, Temuri Doghonadze,
3273 Thomas Batten, Thomas Haller, Thomas Weißschuh, Tobias Stoeckmann,
3274 Tomasz Pala, Tyson Whitehead, Vishal Chillara Srinivas,
3275 Vivien Didelot, w30023233, wangyuhang, Weblate, Xiaotian Wu,
3276 yangmingtai, YmrDtnJu, Yonathan Randolph, Yutsuten, Yu Watanabe,
3277 Zbigniew Jędrzejewski-Szmek, наб
3279 — Edinburgh, 2022-05-21
3283 * Support for encrypted and authenticated credentials has been added.
3284 This extends the credential logic introduced with v247 to support
3285 non-interactive symmetric encryption and authentication, based on a
3286 key that is stored on the /var/ file system or in the TPM2 chip (if
3287 available), or the combination of both (by default if a TPM2 chip
3288 exists the combination is used, otherwise the /var/ key only). The
3289 credentials are automatically decrypted at the moment a service is
3290 started, and are made accessible to the service itself in unencrypted
3291 form. A new tool 'systemd-creds' encrypts credentials for this
3292 purpose, and two new service file settings LoadCredentialEncrypted=
3293 and SetCredentialEncrypted= configure such credentials.
3295 This feature is useful to store sensitive material such as SSL
3296 certificates, passwords and similar securely at rest and only decrypt
3297 them when needed, and in a way that is tied to the local OS
3298 installation or hardware.
3300 * systemd-gpt-auto-generator can now automatically set up discoverable
3301 LUKS2 encrypted swap partitions.
3303 * The GPT Discoverable Partitions Specification has been substantially
3304 extended with support for root and /usr/ partitions for the majority
3305 of architectures systemd supports. This includes platforms that do
3306 not natively support UEFI, because even though GPT is specified under
3307 UEFI umbrella, it is useful on other systems too. Specifically,
3308 systemd-nspawn, systemd-sysext, systemd-gpt-auto-generator and
3309 Portable Services use the concept without requiring UEFI.
3311 * The GPT Discoverable Partitions Specifications has been extended with
3312 a new set of partitions that may carry PKCS#7 signatures for Verity
3313 partitions, encoded in a simple JSON format. This implements a simple
3314 mechanism for building disk images that are fully authenticated and
3315 can be tested against a set of cryptographic certificates. This is
3316 now implemented for the various systemd tools that can operate with
3317 disk images, such as systemd-nspawn, systemd-sysext, systemd-dissect,
3318 Portable services/RootImage=, systemd-tmpfiles, and systemd-sysusers.
3319 The PKCS#7 signatures are passed to the kernel (where they are
3320 checked against certificates from the kernel keyring), or can be
3321 verified against certificates provided in userspace (via a simple
3322 drop-in file mechanism).
3324 * systemd-dissect's inspection logic will now report for which uses a
3325 disk image is intended. Specifically, it will display whether an
3326 image is suitable for booting on UEFI or in a container (using
3327 systemd-nspawn's --image= switch), whether it can be used as portable
3328 service, or attached as system extension.
3330 * The system-extension.d/ drop-in files now support a new field
3331 SYSEXT_SCOPE= that may encode which purpose a system extension image
3332 is for: one of "initrd", "system" or "portable". This is useful to
3333 make images more self-descriptive, and to ensure system extensions
3334 cannot be attached in the wrong contexts.
3336 * The os-release file learnt a new PORTABLE_PREFIXES= field which may
3337 be used in portable service images to indicate which unit prefixes
3340 * The GPT image dissection logic in systemd-nspawn/systemd-dissect/…
3341 now is able to decode images for non-native architectures as well.
3342 This allows systemd-nspawn to boot images of non-native architectures
3343 if the corresponding user mode emulator is installed and
3344 systemd-binfmtd is running.
3346 * systemd-logind gained new settings HandlePowerKeyLongPress=,
3347 HandleRebootKeyLongPress=, HandleSuspendKeyLongPress= and
3348 HandleHibernateKeyLongPress= which may be used to configure actions
3349 when the relevant keys are pressed for more than 5s. This is useful
3350 on devices that only have hardware for a subset of these keys. By
3351 default, if the reboot key is pressed long the poweroff operation is
3352 now triggered, and when the suspend key is pressed long the hibernate
3353 operation is triggered. Long pressing the other two keys currently
3354 does not trigger any operation by default.
3356 * When showing unit status updates on the console during boot and
3357 shutdown, and a service is slow to start so that the cylon animation
3358 is shown, the most recent sd_notify() STATUS= text is now shown as
3359 well. Services may use this to make the boot/shutdown output easier
3360 to understand, and to indicate what precisely a service that is slow
3361 to start or stop is waiting for. In particular, the per-user service
3362 manager instance now reports what it is doing and which service it is
3363 waiting for this way to the system service manager.
3365 * The service manager will now re-execute on reception of the
3366 SIGRTMIN+25 signal. It previously already did that on SIGTERM — but
3367 only when running as PID 1. There was no signal to request this when
3368 running as per-user service manager, i.e. as any other PID than 1.
3369 SIGRTMIN+25 works for both system and user managers.
3371 * The hardware watchdog logic in PID 1 gained support for operating
3372 with the default timeout configured in the hardware, instead of
3373 insisting on re-configuring it. Set RuntimeWatchdogSec=default to
3374 request this behavior.
3376 * A new kernel command line option systemd.watchdog_sec= is now
3377 understood which may be used to override the hardware watchdog
3378 time-out for the boot.
3380 * A new setting DefaultOOMScoreAdjust= is now supported in
3381 /etc/systemd/system.conf and /etc/systemd/user.conf. It may be used
3382 to set the default process OOM score adjustment value for processes
3383 started by the service manager. For per-user service managers this
3384 now defaults to 100, but for per-system service managers is left as
3385 is. This means that by default now services forked off the user
3386 service manager are more likely to be killed by the OOM killer than
3387 system services or the managers themselves.
3389 * A new per-service setting RestrictFileSystems= as been added that
3390 restricts the file systems a service has access to by their type.
3391 This is based on the new BPF LSM of the Linux kernel. It provides an
3392 effective way to make certain API file systems unavailable to
3393 services (and thus minimizing attack surface). A new command
3394 "systemd-analyze filesystems" has been added that lists all known
3395 file system types (and how they are grouped together under useful
3398 * Services now support a new setting RestrictNetworkInterfaces= for
3399 restricting access to specific network interfaces.
3401 * Service unit files gained new settings StartupAllowedCPUs= and
3402 StartupAllowedMemoryNodes=. These are similar to their counterparts
3403 without the "Startup" prefix and apply during the boot process
3404 only. This is useful to improve boot-time behavior of the system and
3405 assign resources differently during boot than during regular
3406 runtime. This is similar to the preexisting StartupCPUWeight=
3409 * Related to this: the various StartupXYZ= settings
3410 (i.e. StartupCPUWeight=, StartupAllowedCPUs=, …) are now also applied
3411 during shutdown. The settings not prefixed with "Startup" hence apply
3412 during regular runtime, and those that are prefixed like that apply
3413 during boot and shutdown.
3415 * A new per-unit set of conditions/asserts
3416 [Condition|Assert][Memory|CPU|IO]Pressure= have been added to make a
3417 unit skip/fail activation if the system's (or a slice's) memory/cpu/io
3418 pressure is above the configured threshold, using the kernel PSI
3419 feature. For more details see systemd.unit(5) and
3420 https://docs.kernel.org/accounting/psi.html
3422 * The combination of ProcSubset=pid and ProtectKernelTunables=yes and/or
3423 ProtectKernelLogs=yes can now be used.
3425 * The default maximum numbers of inodes have been raised from 64k to 1M
3426 for /dev/, and from 400k to 1M for /tmp/.
3428 * The per-user service manager learnt support for communicating with
3429 systemd-oomd to acquire OOM kill information.
3431 * A new service setting ExecSearchPath= has been added that allows
3432 changing the search path for executables for services. It affects
3433 where we look for the binaries specified in ExecStart= and similar,
3434 and the specified directories are also added the $PATH environment
3435 variable passed to invoked processes.
3437 * A new setting RuntimeRandomizedExtraSec= has been added for service
3438 and scope units that allows extending the runtime time-out as
3439 configured by RuntimeMaxSec= with a randomized amount.
3441 * The syntax of the service unit settings RuntimeDirectory=,
3442 StateDirectory=, CacheDirectory=, LogsDirectory= has been extended:
3443 if the specified value is now suffixed with a colon, followed by
3444 another filename, the latter will be created as symbolic link to the
3445 specified directory. This allows creating these service directories
3446 together with alias symlinks to make them available under multiple
3449 * Service unit files gained two new settings TTYRows=/TTYColumns= for
3450 configuring rows/columns of the TTY device passed to
3451 stdin/stdout/stderr of the service. This is useful to propagate TTY
3452 dimensions to a virtual machine.
3454 * A new service unit file setting ExitType= has been added that
3455 specifies when to assume a service has exited. By default systemd
3456 only watches the main process of a service. By setting
3457 ExitType=cgroup it can be told to wait for the last process in a
3460 * Automount unit files gained a new setting ExtraOptions= that can be
3461 used to configure additional mount options to pass to the kernel when
3462 mounting the autofs instance.
3464 * "Urlification" (generation of ESC sequences that generate clickable
3465 hyperlinks in modern terminals) may now be turned off altogether
3468 * Path units gained new TriggerLimitBurst= and TriggerLimitIntervalSec=
3469 settings that default to 200 and 2 s respectively. The ratelimit
3470 ensures that a path unit cannot cause PID1 to busy-loop when it is
3471 trying to trigger a service that is skipped because of a Condition*=
3472 not being satisfied. This matches the configuration and behaviour of
3475 * The TPM2/FIDO2/PKCS11 support in systemd-cryptsetup is now also built
3476 as a plug-in for cryptsetup. This means the plain cryptsetup command
3477 may now be used to unlock volumes set up this way.
3479 * The TPM2 logic in cryptsetup will now automatically detect systems
3480 where the TPM2 chip advertises SHA256 PCR banks but the firmware only
3481 updates the SHA1 banks. In such a case PCR policies will be
3482 automatically bound to the latter, not the former. This makes the PCR
3483 policies reliable, but of course do not provide the same level of
3484 trust as SHA256 banks.
3486 * The TPM2 logic in systemd-cryptsetup/systemd-cryptsetup now supports
3487 RSA primary keys in addition to ECC, improving compatibility with
3488 TPM2 chips that do not support ECC. RSA keys are much slower to use
3489 than ECC, and hence are only used if ECC is not available.
3491 * /etc/crypttab gained support for a new token-timeout= setting for
3492 encrypted volumes that allows configuration of the maximum time to
3493 wait for PKCS#11/FIDO2 tokens to be plugged in. If the time elapses
3494 the logic will query the user for a regular passphrase/recovery key
3497 * Support for activating dm-integrity volumes at boot via a new file
3498 /etc/integritytab and the tool systemd-integritysetup have been
3499 added. This is similar to /etc/crypttab and /etc/veritytab, but deals
3500 with dm-integrity instead of dm-crypt/dm-verity.
3502 * The systemd-veritysetup-generator now understands a new usrhash=
3503 kernel command line option for specifying the Verity root hash for
3504 the partition backing the /usr/ file system. A matching set of
3505 systemd.verity_usr_* kernel command line options has been added as
3506 well. These all work similar to the corresponding options for the
3509 * The sd-device API gained a new API call sd_device_get_diskseq() to
3510 return the DISKSEQ property of a device structure. The "disk
3511 sequence" concept is a new feature recently introduced to the Linux
3512 kernel that allows detecting reuse cycles of block devices, i.e. can
3513 be used to recognize when loopback block devices are reused for a
3514 different purpose or CD-ROM drives get their media changed.
3516 * A new unit systemd-boot-update.service has been added. If enabled
3517 (the default) and the sd-boot loader is detected to be installed, it
3518 is automatically updated to the newest version when out of date. This
3519 is useful to ensure the boot loader remains up-to-date, and updates
3520 automatically propagate from the OS tree in /usr/.
3522 * sd-boot will now build with SBAT by default in order to facilitate
3523 working with recent versions of Shim that require it to be present.
3525 * sd-boot can now parse Microsoft Windows' Boot Configuration Data.
3526 This is used to robustly generate boot entry titles for Windows.
3528 * A new generic target unit factory-reset.target has been added. It is
3529 hooked into systemd-logind similar in fashion to
3530 reboot/poweroff/suspend/hibernate, and is supposed to be used to
3531 initiate a factory reset operation. What precisely this operation
3532 entails is up for the implementer to decide, the primary goal of the
3533 new unit is provide a framework where to plug in the implementation
3534 and how to trigger it.
3536 * A new meson build-time option 'clock-valid-range-usec-max' has been
3537 added which takes a time in µs and defaults to 15 years. If the RTC
3538 time is noticed to be more than the specified time ahead of the
3539 built-in epoch of systemd (which by default is the release timestamp
3540 of systemd) it is assumed that the RTC is not working correctly, and
3541 the RTC is reset to the epoch. (It already is reset to the epoch when
3542 noticed to be before it.) This should increase the chance that time
3543 doesn't accidentally jump too far ahead due to faulty hardware or
3546 * A new setting SaveIntervalSec= has been added to systemd-timesyncd,
3547 which may be used to automatically save the current system time to
3548 disk in regular intervals. This is useful to maintain a roughly
3549 monotonic clock even without RTC hardware and with some robustness
3550 against abnormal system shutdown.
3552 * systemd-analyze verify gained support for a pair of new --image= +
3553 --root= switches for verifying units below a specific root
3554 directory/image instead of on the host.
3556 * systemd-analyze verify gained support for verifying unit files under
3557 an explicitly specified unit name, independently of what the filename
3560 * systemd-analyze verify gained a new switch --recursive-errors= which
3561 controls whether to only fail on errors found in the specified units
3562 or recursively any dependent units.
3564 * systemd-analyze security now supports a new --offline mode for
3565 analyzing unit files stored on disk instead of loaded units. It may
3566 be combined with --root=/--image to analyze unit files under a root
3567 directory or disk image. It also learnt a new --threshold= parameter
3568 for specifying an exposure level threshold: if the exposure level
3569 exceeds the specified value the call will fail. It also gained a new
3570 --security-policy= switch for configuring security policies to
3571 enforce on the units. A policy is a JSON file that lists which tests
3572 shall be weighted how much to determine the overall exposure
3573 level. Altogether these new features are useful for fully automatic
3574 analysis and enforcement of security policies on unit files.
3576 * systemd-analyze security gain a new --json= switch for JSON output.
3578 * systemd-analyze learnt a new --quiet switch for reducing
3579 non-essential output. It's honored by the "dot", "syscall-filter",
3580 "filesystems" commands.
3582 * systemd-analyze security gained a --profile= option that can be used
3583 to take into account a portable profile when analyzing portable
3584 services, since a lot of the security-related settings are enabled
3587 * systemd-analyze learnt a new inspect-elf verb that parses ELF core
3588 files, binaries and executables and prints metadata information,
3589 including the build-id and other info described on:
3590 https://systemd.io/COREDUMP_PACKAGE_METADATA/
3592 * .network files gained a new UplinkInterface= in the [IPv6SendRA]
3593 section, for automatically propagating DNS settings from other
3596 * The static lease DHCP server logic in systemd-networkd may now serve
3597 IP addresses outside of the configured IP pool range for the server.
3599 * CAN support in systemd-networkd gained four new settings Loopback=,
3600 OneShot=, PresumeAck=, ClassicDataLengthCode= for tweaking CAN
3601 control modes. It gained a number of further settings for tweaking
3604 * The [CAN] section in .network file gained new TimeQuantaNSec=,
3605 PropagationSegment=, PhaseBufferSegment1=, PhaseBufferSegment2=,
3606 SyncJumpWidth=, DataTimeQuantaNSec=, DataPropagationSegment=,
3607 DataPhaseBufferSegment1=, DataPhaseBufferSegment2=, and
3608 DataSyncJumpWidth= settings to control bit-timing processed by the
3611 * DHCPv4 client support in systemd-networkd learnt a new Label= option
3612 for configuring the address label to apply to configure IPv4
3615 * The [IPv6AcceptRA] section of .network files gained support for a new
3616 UseMTU= setting that may be used to control whether to apply the
3617 announced MTU settings to the local interface.
3619 * The [DHCPv4] section in .network file gained a new Use6RD= boolean
3620 setting to control whether the DHCPv4 client request and process the
3623 * The [DHCPv6PrefixDelegation] section in .network file is renamed to
3624 [DHCPPrefixDelegation], as now the prefix delegation is also supported
3625 with DHCPv4 protocol by enabling the Use6RD= setting.
3627 * The [DHCPPrefixDelegation] section in .network file gained a new
3628 setting UplinkInterface= to specify the upstream interface.
3630 * The [DHCPv6] section in .network file gained a new setting
3631 UseDelegatedPrefix= to control whether the delegated prefixes will be
3632 propagated to the downstream interfaces.
3634 * The [IPv6AcceptRA] section of .network files now understands two new
3635 settings UseGateway=/UseRoutePrefix= for explicitly configuring
3636 whether to use the relevant fields from the IPv6 Router Advertisement
3639 * The ForceDHCPv6PDOtherInformation= setting in the [DHCPv6] section
3640 has been removed. Please use the WithoutRA= and UseDelegatedPrefix=
3641 settings in the [DHCPv6] section and the DHCPv6Client= setting in the
3642 [IPv6AcceptRA] section to control when the DHCPv6 client is started
3643 and how the delegated prefixes are handled by the DHCPv6 client.
3645 * The IPv6Token= section in the [Network] section is deprecated, and
3646 the [IPv6AcceptRA] section gained the Token= setting for its
3647 replacement. The [IPv6Prefix] section also gained the Token= setting.
3648 The Token= setting gained 'eui64' mode to explicitly configure an
3649 address with the EUI64 algorithm based on the interface MAC address.
3650 The 'prefixstable' mode can now optionally take a secret key. The
3651 Token= setting in the [DHCPPrefixDelegation] section now supports all
3652 algorithms supported by the same settings in the other sections.
3654 * The [RoutingPolicyRule] section of .network file gained a new
3655 SuppressInterfaceGroup= setting.
3657 * The IgnoreCarrierLoss= setting in the [Network] section of .network
3658 files now allows a duration to be specified, controlling how long to
3659 wait before reacting to carrier loss.
3661 * The [DHCPServer] section of .network file gained a new Router=
3662 setting to specify the router address.
3664 * The [CAKE] section of .network files gained various new settings
3665 AutoRateIngress=, CompensationMode=, FlowIsolationMode=, NAT=,
3666 MPUBytes=, PriorityQueueingPreset=, FirewallMark=, Wash=, SplitGSO=,
3667 and UseRawPacketSize= for configuring CAKE.
3669 * systemd-networkd now ships with new default .network files:
3670 80-container-vb.network which matches host-side network bridge device
3671 created by systemd-nspawn's --network-bridge or --network-zone
3672 switch, and 80-6rd-tunnel.network which matches automatically created
3673 sit tunnel with 6rd prefix when the DHCP 6RD option is received.
3675 * systemd-networkd's handling of Endpoint= resolution for WireGuard
3676 interfaces has been improved.
3678 * systemd-networkd will now automatically configure routes to addresses
3679 specified in AllowedIPs=. This feature can be controlled via
3680 RouteTable= and RouteMetric= settings in [WireGuard] or
3681 [WireGuardPeer] sections.
3683 * systemd-networkd will now once again automatically generate persistent
3684 MAC addresses for batadv and bridge interfaces. Users can disable this
3685 by using MACAddress=none in .netdev files.
3687 * systemd-networkd and systemd-udevd now support IP over InfiniBand
3688 interfaces. The Kind= setting in .netdev file accepts "ipoib". And
3689 systemd.netdev files gained the [IPoIB] section.
3691 * systemd-networkd and systemd-udevd now support net.ifname-policy=
3692 option on the kernel command-line. This is implemented through the
3693 systemd-network-generator service that automatically generates
3694 appropriate .link, .network, and .netdev files.
3696 * The various systemd-udevd "ethtool" buffer settings now understand
3697 the special value "max" to configure the buffers to the maximum the
3700 * systemd-udevd's .link files may now configure a large variety of
3701 NIC coalescing settings, plus more hardware offload settings.
3703 * .link files gained a new WakeOnLanPassword= setting in the [Link]
3704 section that allows to specify a WoL "SecureOn" password on hardware
3707 * systemd-nspawn's --setenv= switch now supports an additional syntax:
3708 if only a variable name is specified (i.e. without being suffixed by
3709 a '=' character and a value) the current value of the environment
3710 variable is propagated to the container. e.g. --setenv=FOO will
3711 lookup the current value of $FOO in the environment, and pass it down
3712 to the container. Similar behavior has been added to homectl's,
3713 machinectl's and systemd-run's --setenv= switch.
3715 * systemd-nspawn gained a new switch --suppress-sync= which may be used
3716 to optionally suppress the effect of the sync()/fsync()/fdatasync()
3717 system calls for the container payload. This is useful for build
3718 system environments where safety against abnormal system shutdown is
3719 not essential as all build artifacts can be regenerated any time, but
3720 the performance win is beneficial.
3722 * systemd-nspawn will now raise the RLIMIT_NOFILE hard limit to the
3723 same value that PID 1 uses for most forked off processes.
3725 * systemd-nspawn's --bind=/--bind-ro= switches now optionally take
3726 uidmap/nouidmap options as last parameter. If "uidmap" is used the
3727 bind mounts are created with UID mapping taking place that ensures
3728 the host's file ownerships are mapped 1:1 to container file
3729 ownerships, even if user namespacing is used. This way
3730 files/directories bound into containers will no longer show up as
3731 owned by the nobody user as they typically did if no special care was
3732 taken to shift them manually.
3734 * When discovering Windows installations sd-boot will now attempt to
3735 show the Windows version.
3737 * The color scheme to use in sd-boot may now be configured at
3740 * sd-boot gained the ability to change screen resolution during
3741 boot-time, by hitting the "r" key. This will cycle through available
3742 resolutions and save the last selection.
3744 * sd-boot learnt a new hotkey "f". When pressed the system will enter
3745 firmware setup. This is useful in environments where it is difficult
3746 to hit the right keys early enough to enter the firmware, and works
3747 on any firmware regardless which key it natively uses.
3749 * sd-boot gained support for automatically booting into the menu item
3750 selected on the last boot (using the "@saved" identifier for menu
3753 * sd-boot gained support for automatically loading all EFI drivers
3754 placed in the /EFI/systemd/drivers/ subdirectory of the EFI System
3755 Partition (ESP). These drivers are loaded before the menu entries are
3756 loaded. This is useful e.g. to load additional file system drivers
3757 for the XBOOTLDR partition.
3759 * systemd-boot will now paint the input cursor on its own instead of
3760 relying on the firmware to do so, increasing compatibility with broken
3761 firmware that doesn't make the cursor reasonably visible.
3763 * sd-boot now embeds a .osrel PE section like we expect from Boot
3764 Loader Specification Type #2 Unified Kernels. This means sd-boot
3765 itself may be used in place of a Type #2 Unified Kernel. This is
3766 useful for debugging purposes as it allows chain-loading one a
3767 (development) sd-boot instance from another.
3769 * sd-boot now supports a new "devicetree" field in Boot Loader
3770 Specification Type #1 entries: if configured the specified device
3771 tree file is installed before the kernel is invoked. This is useful
3772 for installing/applying new devicetree files without updating the
3775 * Similarly, sd-stub now can read devicetree data from a PE section
3776 ".dtb" and apply it before invoking the kernel.
3778 * sd-stub (the EFI stub that can be glued in front of a Linux kernel)
3779 gained the ability to pick up credentials and sysext files, wrap them
3780 in a cpio archive, and pass as an additional initrd to the invoked
3781 Linux kernel, in effect placing those files in the /.extra/ directory
3782 of the initrd environment. This is useful to implement trusted initrd
3783 environments which are fully authenticated but still can be extended
3784 (via sysexts) and parameterized (via encrypted/authenticated
3785 credentials, see above).
3787 Credentials can be located next to the kernel image file (credentials
3788 specific to a single boot entry), or in one of the shared directories
3789 (credentials applicable to multiple boot entries).
3791 * sd-stub now comes with a full man page, that explains its feature set
3792 and how to combine a kernel image, an initrd and the stub to build a
3793 complete EFI unified kernel image, implementing Boot Loader
3794 Specification Type #2.
3796 * sd-stub may now provide the initrd to the executed kernel via the
3797 LINUX_EFI_INITRD_MEDIA_GUID EFI protocol, adding compatibility for
3798 non-x86 architectures.
3800 * bootctl learnt new set-timeout and set-timeout-oneshot commands that
3801 may be used to set the boot menu time-out of the boot loader (for all
3802 or just the subsequent boot).
3804 * bootctl and kernel-install will now read variables
3805 KERNEL_INSTALL_LAYOUT= from /etc/machine-info and layout= from
3806 /etc/kernel/install.conf. When set, it specifies the layout to use
3807 for installation directories on the boot partition, so that tools
3808 don't need to guess it based on the already-existing directories. The
3809 only value that is defined natively is "bls", corresponding to the
3811 https://systemd.io/BOOT_LOADER_SPECIFICATION/. Plugins for
3812 kernel-install that implement a different layout can declare other
3813 values for this variable.
3815 'bootctl install' will now write KERNEL_INSTALL_LAYOUT=bls, on the
3816 assumption that if the user installed sd-boot to the ESP, they intend
3817 to use the entry layout understood by sd-boot. It'll also write
3818 KERNEL_INSTALL_MACHINE_ID= if it creates any directories using the ID
3819 (and it wasn't specified in the config file yet). Similarly,
3820 kernel-install will now write KERNEL_INSTALL_MACHINE_ID= (if it
3821 wasn't specified in the config file yet). Effectively, those changes
3822 mean that the machine-id used for boot loader entry installation is
3823 "frozen" upon first use and becomes independent of the actual
3826 Configuring KERNEL_INSTALL_MACHINE_ID fixes the following problem:
3827 images created for distribution ("golden images") are built with no
3828 machine-id, so that a unique machine-id can be created on the first
3829 boot. But those images may contain boot loader entries with the
3830 machine-id used during build included in paths. Using a "frozen"
3831 value allows unambiguously identifying entries that match the
3832 specific installation, while still permitting parallel installations
3835 Configuring KERNEL_INSTALL_LAYOUT obviates the need for
3836 kernel-install to guess the installation layout. This fixes the
3837 problem where a (possibly empty) directory in the boot partition is
3838 created from a different layout causing kernel-install plugins to
3839 assume the wrong layout. A particular example of how this may happen
3840 is the grub2 package in Fedora which includes directories under /boot
3841 directly in its file list. Various other packages pull in grub2 as a
3842 dependency, so it may be installed even if unused, breaking
3843 installations that use the bls layout.
3845 * bootctl and systemd-bless-boot can now be linked statically.
3847 * systemd-sysext now optionally doesn't insist on extension-release.d/
3848 files being placed in the image under the image's file name. If the
3849 file system xattr user.extension-release.strict is set on the
3850 extension release file, it is accepted regardless of its name. This
3851 relaxes security restrictions a bit, as system extension may be
3852 attached under a wrong name this way.
3854 * udevadm's test-builtin command learnt a new --action= switch for
3855 testing the built-in with the specified action (in place of the
3858 * udevadm info gained new switches --property=/--value for showing only
3859 specific udev properties/values instead of all.
3861 * A new hwdb database has been added that contains matches for various
3862 types of signal analyzers (protocol analyzers, logic analyzers,
3863 oscilloscopes, multimeters, bench power supplies, etc.) that should
3864 be accessible to regular users.
3866 * A new hwdb database entry has been added that carries information
3867 about types of cameras (regular or infrared), and in which direction
3868 they point (front or back).
3870 * A new rule to allow console users access to rfkill by default has been
3873 * Device nodes for the Software Guard eXtension enclaves (sgx_vepc) are
3874 now also owned by the system group "sgx".
3876 * A new build-time meson option "extra-net-naming-schemes=" has been
3877 added to define additional naming schemes for udev's network
3878 interface naming logic. This is useful for enterprise distributions
3879 and similar which want to pin the schemes of certain distribution
3880 releases under a specific name and previously had to patch the
3881 sources to introduce new named schemes.
3883 * The predictable naming logic for network interfaces has been extended
3884 to generate stable names from Xen netfront device information.
3886 * hostnamed's chassis property can now be sourced from chassis-type
3887 field encoded in devicetree (in addition to the existing DMI
3890 * systemd-cgls now optionally displays cgroup IDs and extended
3891 attributes for each cgroup. (Controllable via the new --xattr= +
3892 --cgroup-id= switches.)
3894 * coredumpctl gained a new --all switch for operating on all
3895 Journal files instead of just the local ones.
3897 * systemd-coredump will now use libdw/libelf via dlopen() rather than
3898 directly linking, allowing users to easily opt-out of backtrace/metadata
3899 analysis of core files, and reduce image sizes when this is not needed.
3901 * systemd-coredump will now analyze core files with libdw/libelf in a
3902 forked, sandboxed process.
3904 * systemd-homed will now try to unmount an activate home area in
3905 regular intervals once the user logged out fully. Previously this was
3906 attempted exactly once but if the home directory was busy for some
3907 reason it was not tried again.
3909 * systemd-homed's LUKS2 home area backend will now create a BSD file
3910 system lock on the image file while the home area is active
3911 (i.e. mounted). If a home area is found to be locked, logins are
3912 politely refused. This should improve behavior when using home areas
3913 images that are accessible via the network from multiple clients, and
3914 reduce the chance of accidental file system corruption in that case.
3916 * Optionally, systemd-homed will now drop the kernel buffer cache once
3917 a user has fully logged out, configurable via the new --drop-caches=
3920 * systemd-homed now makes use of UID mapped mounts for the home areas.
3921 If the kernel and used file system support it, files are now
3922 internally owned by the "nobody" user (i.e. the user typically used
3923 for indicating "this ownership is not mapped"), and dynamically
3924 mapped to the UID used locally on the system via the UID mapping
3925 mount logic of recent kernels. This makes migrating home areas
3926 between different systems cheaper because recursively chown()ing file
3927 system trees is no longer necessary.
3929 * systemd-homed's CIFS backend now optionally supports CIFS service
3930 names with a directory suffix, in order to place home directories in
3931 a subdirectory of a CIFS share, instead of the top-level directory.
3933 * systemd-homed's CIFS backend gained support for specifying additional
3934 mount options in the JSON user record (cifsExtraMountOptions field,
3935 and --cifs-extra-mount-options= homectl switch). This is for example
3936 useful for configuring mount options such as "noserverino" that some
3937 SMB3 services require (use that to run a homed home directory from a
3938 FritzBox SMB3 share this way).
3940 * systemd-homed will now default to btrfs' zstd compression for home
3941 areas. This is inspired by Fedora's recent decision to switch to zstd
3944 * Additional mount options to use when mounting the file system of
3945 LUKS2 volumes in systemd-homed has been added. Via the
3946 $SYSTEMD_HOME_MOUNT_OPTIONS_BTRFS, $SYSTEMD_HOME_MOUNT_OPTIONS_EXT4,
3947 $SYSTEMD_HOME_MOUNT_OPTIONS_XFS environment variables to
3948 systemd-homed or via the luksExtraMountOptions user record JSON
3949 property. (Exposed via homectl --luks-extra-mount-options)
3951 * homectl's resize command now takes the special size specifications
3952 "min" and "max" to shrink/grow the home area to the minimum/maximum
3953 size possible, taking disk usage/space constraints and file system
3954 limitations into account. Resizing is now generally graceful: the
3955 logic will try to get as close to the specified size as possible, but
3956 not consider it a failure if the request couldn't be fulfilled
3959 * systemd-homed gained the ability to automatically shrink home areas
3960 on logout to their minimal size and grow them again on next
3961 login. This ensures that while inactive, a home area only takes up
3962 the minimal space necessary, but once activated, it provides
3963 sufficient space for the user's needs. This behavior is only
3964 supported if btrfs is used as file system inside the home area
3965 (because only for btrfs online growing/shrinking is implemented in
3966 the kernel). This behavior is now enabled by default, but may be
3967 controlled via the new --auto-resize-mode= setting of homectl.
3969 * systemd-homed gained support for automatically re-balancing free disk
3970 space among active home areas, in case the LUKS2 backends are used,
3971 and no explicit disk size was requested. This way disk space is
3972 automatically managed and home areas resized in regular intervals and
3973 manual resizing when disk space becomes scarce should not be
3974 necessary anymore. This behavior is only supported if btrfs is used
3975 within the home areas (as only then online shrinking and growing is
3976 supported), and may be configured via the new rebalanceWeight JSON
3977 user record field (as exposed via the new --rebalance-weight= homectl
3978 setting). Re-balancing is mostly automatic, but can also be requested
3979 explicitly via "homectl rebalance", which is synchronous, and thus
3980 may be used to wait until the rebalance run is complete.
3982 * userdbctl gained a --json= switch for configured the JSON formatting
3983 to use when outputting user or group records.
3985 * userdbctl gained a new --multiplexer= switch for explicitly
3986 configuring whether to use the systemd-userdbd server side user
3987 record resolution logic.
3989 * userdbctl's ssh-authorized-keys command learnt a new --chain switch,
3990 for chaining up another command to execute after completing the
3991 look-up. Since the OpenSSH's AuthorizedKeysCommand only allows
3992 configuration of a single command to invoke, this maybe used to
3993 invoke multiple: first userdbctl's own implementation, and then any
3994 other also configured in the command line.
3996 * The sd-event API gained a new function sd_event_add_inotify_fd() that
3997 is similar to sd_event_add_inotify() but accepts a file descriptor
3998 instead of a path in the file system for referencing the inode to
4001 * The sd-event API gained a new function
4002 sd_event_source_set_ratelimit_expire_callback() that may be used to
4003 define a callback function that is called whenever an event source
4004 leaves the rate limiting phase.
4006 * New documentation has been added explaining which steps are necessary
4007 to port systemd to a new architecture:
4009 https://systemd.io/PORTING_TO_NEW_ARCHITECTURES
4011 * The x-systemd.makefs option in /etc/fstab now explicitly supports
4012 ext2, ext3, and f2fs file systems.
4014 * Mount units and units generated from /etc/fstab entries with 'noauto'
4015 are now ordered the same as other units. Effectively, they will be
4016 started earlier (if something actually pulled them in) and stopped
4017 later, similarly to normal mount units that are part of
4018 fs-local.target. This change should be invisible to users, but
4019 should prevent those units from being stopped too early during
4022 * The systemd-getty-generator now honors a new kernel command line
4023 argument systemd.getty_auto= and a new environment variable
4024 $SYSTEMD_GETTY_AUTO that allows turning it off at boot. This is for
4025 example useful to turn off gettys inside of containers or similar
4028 * systemd-resolved now listens on a second DNS stub address: 127.0.0.54
4029 (in addition to 127.0.0.53, as before). If DNS requests are sent to
4030 this address they are propagated in "bypass" mode only, i.e. are
4031 almost not processed locally, but mostly forwarded as-is to the
4032 current upstream DNS servers. This provides a stable DNS server
4033 address that proxies all requests dynamically to the right upstream
4034 DNS servers even if these dynamically change. This stub does not do
4035 mDNS/LLMNR resolution. However, it will translate look-ups to
4036 DNS-over-TLS if necessary. This new stub is particularly useful in
4037 container/VM environments, or for tethering setups: use DNAT to
4038 redirect traffic to any IP address to this stub.
4040 * systemd-importd now honors new environment variables
4041 $SYSTEMD_IMPORT_BTRFS_SUBVOL, $SYSTEMD_IMPORT_BTRFS_QUOTA,
4042 $SYSTEMD_IMPORT_SYNC, which may be used disable btrfs subvolume
4043 generation, btrfs quota setup and disk synchronization.
4045 * systemd-importd and systemd-resolved can now be optionally built with
4046 OpenSSL instead of libgcrypt.
4048 * systemd-repart no longer requires OpenSSL.
4050 * systemd-sysusers will no longer create the redundant 'nobody' group
4051 by default, as the 'nobody' user is already created with an
4052 appropriate primary group.
4054 * If a unit uses RuntimeMaxSec, systemctl show will now display it.
4056 * systemctl show-environment gained support for --output=json.
4058 * pam_systemd will now first try to use the X11 abstract socket, and
4059 fallback to the socket file in /tmp/.X11-unix/ only if that does not
4062 * systemd-journald will no longer go back to volatile storage
4063 regardless of configuration when its unit is restarted.
4065 * Initial support for the LoongArch architecture has been added (system
4066 call lists, GPT partition table UUIDs, etc).
4068 * systemd-journald's own logging messages are now also logged to the
4069 journal itself when systemd-journald logs to /dev/kmsg.
4071 * systemd-journald now re-enables COW for archived journal files on
4072 filesystems that support COW. One benefit of this change is that
4073 archived journal files will now get compressed on btrfs filesystems
4074 that have compression enabled.
4076 * systemd-journald now deduplicates fields in a single log message
4077 before adding it to the journal. In archived journal files, it will
4078 also punch holes for unused parts and truncate the file as
4079 appropriate, leading to reductions in disk usage.
4081 * journalctl --verify was extended with more informative error
4084 * More of sd-journal's functions are now resistant against journal file
4087 * The shutdown command learnt a new option --show, to display the
4090 * A LICENSES/ directory is now included in the git tree. It contains a
4091 README.md file that explains the licenses used by source files in
4092 this repository. It also contains the text of all applicable
4093 licenses as they appear on spdx.org.
4095 Contributions from: Aakash Singh, acsfer, Adolfo Jayme Barrientos,
4096 Adrian Vovk, Albert Brox, Alberto Mardegan, Alexander Kanavin,
4097 alexlzhu, Alfonso Sánchez-Beato, Alvin Šipraga, Alyssa Ross,
4098 Amir Omidi, Anatol Pomozov, Andika Triwidada, Andreas Rammhold,
4099 Andreas Valder, Andrej Lajovic, Andrew Soutar, Andrew Stone, Andy Chi,
4100 Anita Zhang, Anssi Hannula, Antonio Alvarez Feijoo,
4101 Antony Deepak Thomas, Arnaud Ferraris, Arvid E. Picciani,
4102 Bastien Nocera, Benjamin Berg, Benjamin Herrenschmidt, Ben Stockett,
4103 Bogdan Seniuc, Boqun Feng, Carl Lei, chlorophyll-zz, Chris Packham,
4104 Christian Brauner, Christian Göttsche, Christian Wehrli,
4105 Christoph Anton Mitterer, Cristian Rodríguez, Daan De Meyer,
4106 Daniel Maixner, Dann Frazier, Dan Streetman, Davide Cavalca,
4107 David Seifert, David Tardon, dependabot[bot], Dimitri John Ledkov,
4108 Dimitri Papadopoulos, Dimitry Ishenko, Dmitry Khlebnikov,
4109 Dominique Martinet, duament, Egor, Egor Ignatov, Emil Renner Berthing,
4110 Emily Gonyer, Ettore Atalan, Evgeny Vereshchagin, Florian Klink,
4111 Franck Bui, Frantisek Sumsal, Geass-LL, Gibeom Gwon, GnunuX,
4112 Gogo Gogsi, gregzuro, Greg Zuro, Gustavo Costa, Hans de Goede,
4113 Hela Basa, Henri Chain, hikigaya58, Hugo Carvalho,
4114 Hugo Osvaldo Barrera, Iago Lopez Galeiras, Iago López Galeiras,
4115 I-dont-need-name, igo95862, Jack Dähn, James Hilliard, Jan Janssen,
4116 Jan Kuparinen, Jan Macku, Jan Palus, Jarkko Sakkinen, Jayce Fayne,
4117 jiangchuangang, jlempen, John Lindgren, Jonas Dreßler, Jonas Jelten,
4118 Jonas Witschel, Joris Hartog, José Expósito, Julia Kartseva,
4119 Kai-Heng Feng, Kai Wohlfahrt, Kay Siver Bø, KennthStailey,
4120 Kevin Kuehler, Kevin Orr, Khem Raj, Kristian Klausen, Kyle Laker,
4121 lainahai, LaserEyess, Lennart Poettering, Lia Lenckowski, longpanda,
4122 Luca Boccassi, Luca BRUNO, Ludwig Nussel, Lukas Senionis,
4123 Maanya Goenka, Maciek Borzecki, Marcel Menzel, Marco Scardovi,
4124 Marcus Harrison, Mark Boudreau, Matthijs van Duin, Mauricio Vásquez,
4125 Maxime de Roucy, Max Resch, MertsA, Michael Biebl, Michael Catanzaro,
4126 Michal Koutný, Michal Sekletár, Miika Karanki, Mike Gilbert,
4127 Milo Turner, ml, monosans, Nacho Barrientos, nassir90, Nishal Kulkarni,
4128 nl6720, Ondrej Kozina, Paulo Neves, Pavel Březina, pedro martelletto,
4129 Peter Hutterer, Peter Morrow, Piotr Drąg, Rasmus Villemoes, ratijas,
4130 Raul Tambre, rene, Riccardo Schirone, Robert-L-Turner, Robert Scheck,
4131 Ross Jennings, saikat0511, Scott Lamb, Scott Worley,
4132 Sergei Trofimovich, Sho Iizuka, Slava Bacherikov, Slimane Selyan Amiri,
4133 StefanBruens, Steven Siloti, svonohr, Taiki Sugawara, Takashi Sakamoto,
4134 Takuro Onoue, Thomas Blume, Thomas Haller, Thomas Mühlbacher,
4135 Tianlu Shao, Toke Høiland-Jørgensen, Tom Yan, Tony Asleson,
4136 Topi Miettinen, Ulrich Ölmann, Urs Ritzmann, Vincent Bernat,
4137 Vito Caputo, Vladimir Panteleev, WANG Xuerui, Wind/owZ, Wu Xiaotian,
4138 xdavidwu, Xiaotian Wu, xujing, yangmingtai, Yao Wei, Yao Wei (魏銘廷),
4139 Yegor Alexeyev, Yu Watanabe, Zbigniew Jędrzejewski-Szmek,
4140 Дамјан Георгиевски, наб
4142 — Warsaw, 2021-12-23
4146 * When operating on disk images via the --image= switch of various
4147 tools (such as systemd-nspawn or systemd-dissect), or when udev finds
4148 no 'root=' parameter on the kernel command line, and multiple
4149 suitable root or /usr/ partitions exist in the image, then a simple
4150 comparison inspired by strverscmp() is done on the GPT partition
4151 label, and the newest partition is picked. This permits a simple and
4152 generic whole-file-system A/B update logic where new operating system
4153 versions are dropped into partitions whose label is then updated with
4154 a matching version identifier.
4156 * systemd-sysusers now supports querying the passwords to set for the
4157 users it creates via the "credentials" logic introduced in v247: the
4158 passwd.hashed-password.<user> and passwd.plaintext-password.<user>
4159 credentials are consulted for the password to use (either in UNIX
4160 hashed form, or literally). By default these credentials are inherited
4161 down from PID1 (which in turn imports it from a container manager if
4162 there is one). This permits easy configuration of user passwords
4163 during first boot. Example:
4165 # systemd-nspawn -i foo.raw --volatile=yes --set-credential=passwd.plaintext-password.root:foo
4167 Note that systemd-sysusers operates in purely additive mode: it
4168 executes no operation if the declared users already exist, and hence
4169 doesn't set any passwords as effect of the command line above if the
4170 specified root user exists already in the image. (Note that
4171 --volatile=yes ensures it doesn't, though.)
4173 * systemd-firstboot now also supports querying various system
4174 parameters via the credential subsystems. Thus, as above this may be
4175 used to initialize important system parameters on first boot of
4176 previously unprovisioned images (i.e. images with a mostly empty
4179 * PID 1 may now show both the unit name and the unit description
4180 strings in its status output during boot. This may be configured with
4181 StatusUnitFormat=combined in system.conf or
4182 systemd.status-unit-format=combined on the kernel command line.
4184 * The systemd-machine-id-setup tool now supports a --image= switch for
4185 provisioning a machine ID file into an OS disk image, similar to how
4186 --root= operates on an OS file tree. This matches the existing switch
4187 of the same name for systemd-tmpfiles, systemd-firstboot, and
4188 systemd-sysusers tools.
4190 * Similarly, systemd-repart gained support for the --image= switch too.
4191 In combination with the existing --size= option, this makes the tool
4192 particularly useful for easily growing disk images in a single
4193 invocation, following the declarative rules included in the image
4196 * systemd-repart's partition configuration files gained support for a
4197 new switch MakeDirectories= which may be used to create arbitrary
4198 directories inside file systems that are created, before registering
4199 them in the partition table. This is useful in particular for root
4200 partitions to create mount point directories for other partitions
4201 included in the image. For example, a disk image that contains a
4202 root, /home/, and /var/ partitions, may set MakeDirectories=yes to
4203 create /home/ and /var/ as empty directories in the root file system
4204 on its creation, so that the resulting image can be mounted
4205 immediately, even in read-only mode.
4207 * systemd-repart's CopyBlocks= setting gained support for the special
4208 value "auto". If used, a suitable matching partition on the booted OS
4209 is found as source to copy blocks from. This is useful when
4210 implementing replicating installers, that are booted from one medium
4211 and then stream their own root partition onto the target medium.
4213 * systemd-repart's partition configuration files gained support for a
4214 Flags=, a ReadOnly= and a NoAuto= setting, allowing control of these
4215 GPT partition flags for the created partitions: this is useful for
4216 marking newly created partitions as read-only, or as not being
4217 subject for automatic mounting from creation on.
4219 * The /etc/os-release file has been extended with two new (optional)
4220 variables IMAGE_VERSION= and IMAGE_ID=, carrying identity and version
4221 information for OS images that are updated comprehensively and
4222 atomically as one image. Two new specifiers %M, %A now resolve to
4223 these two fields in the various configuration options that resolve
4226 * portablectl gained a new switch --extension= for enabling portable
4227 service images with extensions that follow the extension image
4228 concept introduced with v248, and thus allows layering multiple
4229 images when setting up the root filesystem of the service.
4231 * systemd-coredump will now extract ELF build-id information from
4232 processes dumping core and include it in the coredump report.
4233 Moreover, it will look for ELF .note.package sections with
4234 distribution packaging meta-information about the crashing process.
4235 This is useful to directly embed the rpm or deb (or any other)
4236 package name and version in ELF files, making it easy to match
4237 coredump reports with the specific package for which the software was
4238 compiled. This is particularly useful on environments with ELF files
4239 from multiple vendors, different distributions and versions, as is
4240 common today in our containerized and sand-boxed world. For further
4243 https://systemd.io/COREDUMP_PACKAGE_METADATA
4245 * A new udev hardware database has been added for FireWire devices
4248 * The "net_id" built-in of udev has been updated with three
4249 backwards-incompatible changes:
4251 - PCI hotplug slot names on s390 systems are now parsed as
4252 hexadecimal numbers. They were incorrectly parsed as decimal
4253 previously, or ignored if the name was not a valid decimal
4256 - PCI onboard indices up to 65535 are allowed. Previously, numbers
4257 above 16383 were rejected. This primarily impacts s390 systems,
4258 where values up to 65535 are used.
4260 - Invalid characters in interface names are replaced with "_".
4262 The new version of the net naming scheme is "v249". The previous
4263 scheme can be selected via the "net.naming-scheme=v247" kernel
4264 command line parameter.
4266 * sd-bus' sd_bus_is_ready() and sd_bus_is_open() calls now accept a
4267 NULL bus object, for which they will return false. Or in other words,
4268 an unallocated bus connection is neither ready nor open.
4270 * The sd-device API acquired a new API function
4271 sd_device_get_usec_initialized() that returns the monotonic time when
4272 the udev device first appeared in the database.
4274 * sd-device gained a new APIs sd_device_trigger_with_uuid() and
4275 sd_device_get_trigger_uuid(). The former is similar to
4276 sd_device_trigger() but returns a randomly generated UUID that is
4277 associated with the synthetic uevent generated by the call. This UUID
4278 may be read from the sd_device object a monitor eventually receives,
4279 via the sd_device_get_trigger_uuid(). This interface requires kernel
4280 4.13 or above to work, and allows tracking a synthetic uevent through
4281 the entire device management stack. The "udevadm trigger --settle"
4282 logic has been updated to make use of this concept if available to
4283 wait precisely for the uevents it generates. "udevadm trigger" also
4284 gained a new parameter --uuid that prints the UUID for each generated
4287 * sd-device also gained new APIs sd_device_new_from_ifname() and
4288 sd_device_new_from_ifindex() for allocating an sd-device object for
4289 the specified network interface. The former accepts an interface name
4290 (either a primary or an alternative name), the latter an interface
4293 * The native Journal protocol has been documented. Clients may talk
4294 this as alternative to the classic BSD syslog protocol for locally
4295 delivering log records to the Journal. The protocol has been stable
4296 for a long time and in fact been implemented already in a variety
4297 of alternative client libraries. This documentation makes the support
4300 https://systemd.io/JOURNAL_NATIVE_PROTOCOL
4302 * A new BPFProgram= setting has been added to service files. It may be
4303 set to a path to a loaded kernel BPF program, i.e. a path to a bpffs
4304 file, or a bind mount or symlink to one. This may be used to upload
4305 and manage BPF programs externally and then hook arbitrary systemd
4308 * The "home.arpa" domain that has been officially declared as the
4309 choice for domain for local home networks per RFC 8375 has been added
4310 to the default NTA list of resolved, since DNSSEC is generally not
4311 available on private domains.
4313 * The CPUAffinity= setting of unit files now resolves "%" specifiers.
4315 * A new ManageForeignRoutingPolicyRules= setting has been added to
4316 .network files which may be used to exclude foreign-created routing
4317 policy rules from systemd-networkd management.
4319 * systemd-network-wait-online gained two new switches -4 and -6 that
4320 may be used to tweak whether to wait for only IPv4 or only IPv6
4323 * .network files gained a new RequiredFamilyForOnline= setting to
4324 fine-tune whether to require an IPv4 or IPv6 address in order to
4325 consider an interface "online".
4327 * networkctl will now show an over-all "online" state in the per-link
4330 * In .network files a new OutgoingInterface= setting has been added to
4331 specify the output interface in bridge FDB setups.
4333 * In .network files the Multipath group ID may now be configured for
4334 [NextHop] entries, via the new Group= setting.
4336 * The DHCP server logic configured in .network files gained a new
4337 setting RelayTarget= that turns the server into a DHCP server relay.
4338 The RelayAgentCircuitId= and RelayAgentRemoteId= settings may be used
4339 to further tweak the DHCP relay behaviour.
4341 * The DHCP server logic also gained a new ServerAddress= setting in
4342 .network files that explicitly specifies the server IP address to
4343 use. If not specified, the address is determined automatically, as
4346 * The DHCP server logic in systemd-networkd gained support for static
4347 DHCP leases, configurable via the [DHCPServerStaticLease]
4348 section. This allows explicitly mapping specific MAC addresses to
4349 fixed IP addresses and vice versa.
4351 * The RestrictAddressFamilies= setting in service files now supports a
4352 new special value "none". If specified sockets of all address
4353 families will be made unavailable to services configured that way.
4355 * systemd-fstab-generator and systemd-repart have been updated to
4356 support booting from disks that carry only a /usr/ partition but no
4357 root partition yet, and where systemd-repart can add it in on the
4358 first boot. This is useful for implementing systems that ship with a
4359 single /usr/ file system, and whose root file system shall be set up
4360 and formatted on a LUKS-encrypted volume whose key is generated
4361 locally (and possibly enrolled in the TPM) during the first boot.
4363 * The [Address] section of .network files now accepts a new
4364 RouteMetric= setting that configures the routing metric to use for
4365 the prefix route created as effect of the address configuration.
4366 Similarly, the [DHCPv6PrefixDelegation] and [IPv6Prefix] sections
4367 gained matching settings for their prefix routes. (The option of the
4368 same name in the [DHCPv6] section is moved to [IPv6AcceptRA], since
4369 it conceptually belongs there; the old option is still understood for
4372 * The DHCPv6 IAID and DUID are now explicitly configurable in .network
4375 * A new udev property ID_NET_DHCP_BROADCAST on network interface
4376 devices is now honoured by systemd-networkd, controlling whether to
4377 issue DHCP offers via broadcasting. This is used to ensure that s390
4378 layer 3 network interfaces work out-of-the-box with systemd-networkd.
4380 * nss-myhostname and systemd-resolved will now synthesize address
4381 records for a new special hostname "_outbound". The name will always
4382 resolve to the local IP addresses most likely used for outbound
4383 connections towards the default routes. On multi-homed hosts this is
4384 useful to have a stable handle referring to "the" local IP address
4385 that matters most, to the point where this is defined.
4387 * The Discoverable Partition Specification has been updated with a new
4388 GPT partition flag "grow-file-system" defined for its partition
4389 types. Whenever partitions with this flag set are automatically
4390 mounted (i.e. via systemd-gpt-auto-generator or the --image= switch
4391 of systemd-nspawn or other tools; and as opposed to explicit mounting
4392 via /etc/fstab), the file system within the partition is
4393 automatically grown to the full size of the partition. If the file
4394 system size already matches the partition size this flag has no
4395 effect. Previously, this functionality has been available via the
4396 explicit x-systemd.growfs mount option, and this new flag extends
4397 this to automatically discovered mounts. A new GrowFileSystem=
4398 setting has been added to systemd-repart drop-in files that allows
4399 configuring this partition flag. This new flag defaults to on for
4400 partitions automatically created by systemd-repart, except if they
4401 are marked read-only. See the specification for further details:
4403 https://systemd.io/DISCOVERABLE_PARTITIONS
4405 * .network files gained a new setting RoutesToNTP= in the [DHCPv4]
4406 section. If enabled (which is the default), and an NTP server address
4407 is acquired through a DHCP lease on this interface an explicit route
4408 to this address is created on this interface to ensure that NTP
4409 traffic to the NTP server acquired on an interface is also routed
4410 through that interface. The pre-existing RoutesToDNS= setting that
4411 implements the same for DNS servers is now enabled by default.
4413 * A pair of service settings SocketBindAllow= + SocketBindDeny= have
4414 been added that may be used to restrict the network interfaces
4415 sockets created by the service may be bound to. This is implemented
4418 * A new ConditionFirmware= setting has been added to unit files to
4419 conditionalize on certain firmware features. At the moment it may
4420 check whether running on a UEFI system, a device.tree system, or if
4421 the system is compatible with some specified device-tree feature.
4423 * A new ConditionOSRelease= setting has been added to unit files to
4424 check os-release(5) fields. The "=", "!=", "<", "<=", ">=", ">"
4425 operators may be used to check if some field has some specific value
4426 or do an alphanumerical comparison. Equality comparisons are useful
4427 for fields like ID, but relative comparisons for fields like
4428 VERSION_ID or IMAGE_VERSION.
4430 * hostnamed gained a new Describe() D-Bus method that returns a JSON
4431 serialization of the host data it exposes. This is exposed via
4432 "hostnamectl --json=" to acquire a host identity description in JSON.
4433 It's our intention to add a similar features to most services and
4434 objects systemd manages, in order to simplify integration with
4435 program code that can consume JSON.
4437 * Similarly, networkd gained a Describe() method on its Manager and
4438 Link bus objects. This is exposed via "networkctl --json=".
4440 * hostnamectl's various "get-xyz"/"set-xyz" verb pairs
4441 (e.g. "hostnamectl get-hostname", "hostnamectl "set-hostname") have
4442 been replaced by a single "xyz" verb (e.g. "hostnamectl hostname")
4443 that is used both to get the value (when no argument is given), and
4444 to set the value (when an argument is specified). The old names
4445 continue to be supported for compatibility.
4447 * systemd-detect-virt and ConditionVirtualization= are now able to
4448 correctly identify Amazon EC2 environments.
4450 * The LogLevelMax= setting of unit files now applies not only to log
4451 messages generated *by* the service, but also to log messages
4452 generated *about* the service by PID 1. To suppress logs concerning a
4453 specific service comprehensively, set this option to a high log
4456 * bootctl gained support for a new --make-machine-id-directory= switch
4457 that allows precise control on whether to create the top-level
4458 per-machine directory in the boot partition that typically contains
4459 Type 1 boot loader entries.
4461 * During build SBAT data to include in the systemd-boot EFI PE binaries
4462 may be specified now.
4464 * /etc/crypttab learnt a new option "headless". If specified any
4465 requests to query the user interactively for passwords or PINs will
4466 be skipped. This is useful on systems that are headless, i.e. where
4467 an interactive user is generally not present.
4469 * /etc/crypttab also learnt a new option "password-echo=" that allows
4470 configuring whether the encryption password prompt shall echo the
4471 typed password and if so, do so literally or via asterisks. (The
4472 default is the same behaviour as before: provide echo feedback via
4475 * FIDO2 support in systemd-cryptenroll/systemd-cryptsetup and
4476 systemd-homed has been updated to allow explicit configuration of the
4477 "user presence" and "user verification" checks, as well as whether a
4478 PIN is required for authentication, via the new switches
4479 --fido2-with-user-presence=, --fido2-with-user-verification=,
4480 --fido2-with-client-pin= to systemd-cryptenroll and homectl. Which
4481 features are available, and may be enabled or disabled depends on the
4484 * systemd-nspawn's --private-user= switch now accepts the special value
4485 "identity" which configures a user namespacing environment with an
4486 identity mapping of 65535 UIDs. This means the container UID 0 is
4487 mapped to the host UID 0, and the UID 1 to host UID 1. On first look
4488 this doesn't appear to be useful, however it does reduce the attack
4489 surface a bit, since the resulting container will possess process
4490 capabilities only within its namespace and not on the host.
4492 * systemd-nspawn's --private-user-chown switch has been replaced by a
4493 more generic --private-user-ownership= switch that accepts one of
4494 three values: "chown" is equivalent to the old --private-user-chown,
4495 and "off" is equivalent to the absence of the old switch. The value
4496 "map" uses the new UID mapping mounts of Linux 5.12 to map ownership
4497 of files and directories of the underlying image to the chosen UID
4498 range for the container. "auto" is equivalent to "map" if UID mapping
4499 mount are supported, otherwise it is equivalent to "chown". The short
4500 -U switch systemd-nspawn now implies --private-user-ownership=auto
4501 instead of the old --private-user-chown. Effectively this means: if
4502 the backing file system supports UID mapping mounts the feature is
4503 now used by default if -U is used. Generally, it's a good idea to use
4504 UID mapping mounts instead of recursive chown()ing, since it allows
4505 running containers off immutable images (since no modifications of
4506 the images need to take place), and share images between multiple
4507 instances. Moreover, the recursive chown()ing operation is slow and
4508 can be avoided. Conceptually it's also a good thing if transient UID
4509 range uses do not leak into persistent file ownership anymore. TLDR:
4510 finally, the last major drawback of user namespacing has been
4511 removed, and -U should always be used (unless you use btrfs, where
4512 UID mapped mounts do not exist; or your container actually needs
4513 privileges on the host).
4515 * nss-systemd now synthesizes user and group shadow records in addition
4516 to the main user and group records. Thus, hashed passwords managed by
4517 systemd-homed are now accessible via the shadow database.
4519 * The userdb logic (and thus nss-systemd, and so on) now read
4520 additional user/group definitions in JSON format from the drop-in
4521 directories /etc/userdb/, /run/userdb/, /run/host/userdb/ and
4522 /usr/lib/userdb/. This is a simple and powerful mechanism for making
4523 additional users available to the system, with full integration into
4524 NSS including the shadow databases. Since the full JSON user/group
4525 record format is supported this may also be used to define users with
4526 resource management settings and other runtime settings that
4527 pam_systemd and systemd-logind enforce at login.
4529 * The userdbctl tool gained two new switches --with-dropin= and
4530 --with-varlink= which can be used to fine-tune the sources used for
4531 user database lookups.
4533 * systemd-nspawn gained a new switch --bind-user= for binding a host
4534 user account into the container. This does three things: the user's
4535 home directory is bind mounted from the host into the container,
4536 below the /run/userdb/home/ hierarchy. A free UID is picked in the
4537 container, and a user namespacing UID mapping to the host user's UID
4538 installed. And finally, a minimal JSON user and group record (along
4539 with its hashed password) is dropped into /run/host/userdb/. These
4540 records are picked up automatically by the userdb drop-in logic
4541 describe above, and allow the user to login with the same password as
4542 on the host. Effectively this means: if host and container run new
4543 enough systemd versions making a host user available to the container
4544 is trivially simple.
4546 * systemd-journal-gatewayd now supports the switches --user, --system,
4547 --merge, --file= that are equivalent to the same switches of
4548 journalctl, and permit exposing only the specified subset of the
4551 * The OnFailure= dependency between units is now augmented with a
4552 implicit reverse dependency OnFailureOf= (this new dependency cannot
4553 be configured directly it's only created as effect of an OnFailure=
4554 dependency in the reverse order — it's visible in "systemctl show"
4555 however). Similar, Slice= now has an reverse dependency SliceOf=,
4556 that is also not configurable directly, but useful to determine all
4557 units that are members of a slice.
4559 * A pair of new dependency types between units PropagatesStopTo= +
4560 StopPropagatedFrom= has been added, that allows propagation of unit
4561 stop events between two units. It operates similar to the existing
4562 PropagatesReloadTo= + ReloadPropagatedFrom= dependencies.
4564 * A new dependency type OnSuccess= has been added (plus the reverse
4565 dependency OnSuccessOf=, which cannot be configured directly, but
4566 exists only as effect of the reverse OnSuccess=). It is similar to
4567 OnFailure=, but triggers in the opposite case: when a service exits
4568 cleanly. This allows "chaining up" of services where one or more
4569 services are started once another service has successfully completed.
4571 * A new dependency type Upholds= has been added (plus the reverse
4572 dependency UpheldBy=, which cannot be configured directly, but exists
4573 only as effect of Upholds=). This dependency type is a stronger form
4574 of Wants=: if a unit has an UpHolds= dependency on some other unit
4575 and the former is active then the latter is started whenever it is
4576 found inactive (and no job is queued for it). This is an alternative
4577 to Restart= inside service units, but less configurable, and the
4578 request to uphold a unit is not encoded in the unit itself but in
4579 another unit that intends to uphold it.
4581 * The systemd-ask-password tool now also supports reading passwords
4582 from the credentials subsystem, via the new --credential= switch.
4584 * The systemd-ask-password tool learnt a new switch --emoji= which may
4585 be used to explicit control whether the lock and key emoji (🔐) is
4586 shown in the password prompt on suitable TTYs.
4588 * The --echo switch of systemd-ask-password now optionally takes a
4589 parameter that controls character echo. It may either show asterisks
4590 (default, as before), turn echo off entirely, or echo the typed
4591 characters literally.
4593 * The systemd-ask-password tool also gained a new -n switch for
4594 suppressing output of a trailing newline character when writing the
4595 acquired password to standard output, similar to /bin/echo's -n
4598 * New documentation has been added that describes the organization of
4599 the systemd source code tree:
4601 https://systemd.io/ARCHITECTURE
4603 * Units using ConditionNeedsUpdate= will no longer be activated in
4606 * It is now possible to list a template unit in the WantedBy= or
4607 RequiredBy= settings of the [Install] section of another template
4608 unit, which will be instantiated using the same instance name.
4610 * A new MemoryAvailable property is available for units. If the unit,
4611 or the slices it is part of, have a memory limit set via MemoryMax=/
4612 MemoryHigh=, MemoryAvailable will indicate how much more memory the
4613 unit can claim before hitting the limits.
4615 * systemd-coredump will now try to stay below the cgroup memory limit
4616 placed on itself or one of the slices it runs under, if the storage
4617 area for core files (/var/lib/systemd/coredump/) is placed on a tmpfs,
4618 since files written on such filesystems count toward the cgroup memory
4619 limit. If there is not enough available memory in such cases to store
4620 the core file uncompressed, systemd-coredump will skip to compressed
4621 storage directly (if enabled) and it will avoid analyzing the core file
4622 to print backtrace and metadata in the journal.
4624 * tmpfiles.d/ drop-ins gained a new '=' modifier to check if the type
4625 of a path matches the configured expectations, and remove it if not.
4627 * tmpfiles.d/'s 'Age' now accepts an 'age-by' argument, which allows to
4628 specify which of the several available filesystem timestamps (access
4629 time, birth time, change time, modification time) to look at when
4630 deciding whether a path has aged enough to be cleaned.
4632 * A new IPv6StableSecretAddress= setting has been added to .network
4633 files, which takes an IPv6 address to use as secret for IPv6 address
4636 * The [DHCPServer] logic in .network files gained support for a new
4637 UplinkInterface= setting that permits configuration of the uplink
4638 interface name to propagate DHCP lease information from.
4640 * The WakeOnLan= setting in .link files now accepts a list of flags
4641 instead of a single one, to configure multiple wake-on-LAN policies.
4643 * User-space defined tracepoints (USDT) have been added to udev at
4644 strategic locations. This is useful for tracing udev behaviour and
4645 performance with bpftrace and similar tools.
4647 * systemd-journald-upload gained a new NetworkTimeoutSec= option for
4648 setting a network timeout time.
4650 * If a system service is running in a new mount namespace (RootDirectory=
4651 and friends), all file systems will be mounted with MS_NOSUID by
4652 default, unless the system is running with SELinux enabled.
4654 * When enumerating time zones the timedatectl tool will now consult the
4655 'tzdata.zi' file shipped by the IANA time zone database package, in
4656 addition to 'zone1970.tab', as before. This makes sure time zone
4657 aliases are now correctly supported. Some distributions so far did
4658 not install this additional file, most do however. If you
4659 distribution does not install it yet, it might make sense to change
4662 * Intel HID rfkill event is no longer masked, since it's the only
4663 source of rfkill event on newer HP laptops. To have both backward and
4664 forward compatibility, userspace daemon needs to debounce duplicated
4665 events in a short time window.
4667 Contributions from: Aakash Singh, adrian5, Albert Brox,
4668 Alexander Sverdlin, Alexander Tsoy, Alexey Rubtsov, alexlzhu,
4669 Allen Webb, Alvin Šipraga, Alyssa Ross, Anders Wenhaug,
4670 Andrea Pappacoda, Anita Zhang, asavah, Balint Reczey, Bertrand Jacquin,
4671 borna-blazevic, caoxia2008cxx, Carlo Teubner, Christian Göttsche,
4672 Christian Hesse, Daniel Schaefer, Dan Streetman,
4673 David Santamaría Rogado, David Tardon, Deepak Rawat, dgcampea,
4674 Dimitri John Ledkov, ei-ke, Emilio Herrera, Emil Renner Berthing,
4675 Eric Cook, Flos Lonicerae, Franck Bui, Francois Gervais,
4676 Frantisek Sumsal, Gibeom Gwon, gitm0, Hamish Moffatt, Hans de Goede,
4677 Harsh Barsaiyan, Henri Chain, Hristo Venev, Icenowy Zheng, Igor Zhbanov,
4678 imayoda, Jakub Warczarek, James Buren, Jan Janssen, Jan Macku,
4679 Jan Synacek, Jason Francis, Jayanth Ananthapadmanaban, Jeremy Szu,
4680 Jérôme Carretero, Jesse Stricker, jiangchuangang, Joerg Behrmann,
4681 Jóhann B. Guðmundsson, Jörg Deckert, Jörg Thalheim, Juergen Hoetzel,
4682 Julia Kartseva, Kai-Heng Feng, Khem Raj, KoyamaSohei, laineantti,
4683 Lennart Poettering, LetzteInstanz, Luca Adrian L, Luca Boccassi,
4684 Lucas Magasweran, Mantas Mikulėnas, Marco Antonio Mauro, Mark Wielaard,
4685 Masahiro Matsuya, Matt Johnston, Michael Catanzaro, Michal Koutný,
4686 Michal Sekletár, Mike Crowe, Mike Kazantsev, Milan, milaq,
4687 Miroslav Suchý, Morten Linderud, nerdopolis, nl6720, Noah Meyerhans,
4688 Oleg Popov, Olle Lundberg, Ondrej Kozina, Paweł Marciniak, Perry.Yuan,
4689 Peter Hutterer, Peter Kjellerstedt, Peter Morrow, Phaedrus Leeds,
4690 plattrap, qhill, Raul Tambre, Roman Beranek, Roshan Shariff,
4691 Ryan Hendrickson, Samuel BF, scootergrisen, Sebastian Blunt,
4692 Seong-ho Cho, Sergey Bugaev, Sevan Janiyan, Sibo Dong, simmon,
4693 Simon Watts, Srinidhi Kaushik, Štěpán Němec, Steve Bonds, Susant Sahani,
4694 sverdlin, syyhao1994, Takashi Sakamoto, Topi Miettinen, tramsay,
4695 Trent Piepho, Uwe Kleine-König, Viktor Mihajlovski, Vincent Dechenaux,
4696 Vito Caputo, William A. Kennington III, Yangyang Shen, Yegor Alexeyev,
4697 Yi Gao, Yu Watanabe, Zbigniew Jędrzejewski-Szmek, zsien, наб
4699 — Edinburgh, 2021-07-07
4703 * A concept of system extension images is introduced. Such images may
4704 be used to extend the /usr/ and /opt/ directory hierarchies at
4705 runtime with additional files (even if the file system is read-only).
4706 When a system extension image is activated, its /usr/ and /opt/
4707 hierarchies and os-release information are combined via overlayfs
4708 with the file system hierarchy of the host OS.
4710 A new systemd-sysext tool can be used to merge, unmerge, list, and
4711 refresh system extension hierarchies. See
4712 https://www.freedesktop.org/software/systemd/man/systemd-sysext.html.
4714 The systemd-sysext.service automatically merges installed system
4715 extensions during boot (before basic.target, but not in very early
4716 boot, since various file systems have to be mounted first).
4718 The SYSEXT_LEVEL= field in os-release(5) may be used to specify the
4719 supported system extension level.
4721 * A new ExtensionImages= unit setting can be used to apply the same
4722 system extension image concept from systemd-sysext to the namespaced
4723 file hierarchy of specific services, following the same rules and
4726 * Support for a new special "root=tmpfs" kernel command-line option has
4727 been added. When specified, a tmpfs is mounted on /, and mount.usr=
4728 should be used to point to the operating system implementation.
4730 * A new configuration file /etc/veritytab may be used to configure
4731 dm-verity integrity protection for block devices. Each line is in the
4732 format "volume-name data-device hash-device roothash options",
4733 similar to /etc/crypttab.
4735 * A new kernel command-line option systemd.verity.root_options= may be
4736 used to configure dm-verity behaviour for the root device.
4738 * The key file specified in /etc/crypttab (the third field) may now
4739 refer to an AF_UNIX/SOCK_STREAM socket in the file system. The key is
4740 acquired by connecting to that socket and reading from it. This
4741 allows the implementation of a service to provide key information
4742 dynamically, at the moment when it is needed.
4744 * When the hostname is set explicitly to "localhost", systemd-hostnamed
4745 will respect this. Previously such a setting would be mostly silently
4746 ignored. The goal is to honour configuration as specified by the
4749 * The fallback hostname that will be used by the system manager and
4750 systemd-hostnamed can now be configured in two new ways: by setting
4751 DEFAULT_HOSTNAME= in os-release(5), or by setting
4752 $SYSTEMD_DEFAULT_HOSTNAME in the environment block. As before, it can
4753 also be configured during compilation. The environment variable is
4754 intended for testing and local overrides, the os-release(5) field is
4755 intended to allow customization by different variants of a
4756 distribution that share the same compiled packages.
4758 * The environment block of the manager itself may be configured through
4759 a new ManagerEnvironment= setting in system.conf or user.conf. This
4760 complements existing ways to set the environment block (the kernel
4761 command line for the system manager, the inherited environment and
4762 user@.service unit file settings for the user manager).
4764 * systemd-hostnamed now exports the default hostname and the source of
4765 the configured hostname ("static", "transient", or "default") as
4768 * systemd-hostnamed now exports the "HardwareVendor" and
4769 "HardwareModel" D-Bus properties, which are supposed to contain a
4770 pair of cleaned up, human readable strings describing the system's
4771 vendor and model. It's typically sourced from the firmware's DMI
4772 tables, but may be augmented from a new hwdb database. hostnamectl
4773 shows this in the status output.
4775 * Support has been added to systemd-cryptsetup for extracting the
4776 PKCS#11 token URI and encrypted key from the LUKS2 JSON embedded
4777 metadata header. This allows the information how to open the
4778 encrypted device to be embedded directly in the device and obviates
4779 the need for configuration in an external file.
4781 * systemd-cryptsetup gained support for unlocking LUKS2 volumes using
4782 TPM2 hardware, as well as FIDO2 security tokens (in addition to the
4783 pre-existing support for PKCS#11 security tokens).
4785 * systemd-repart may enroll encrypted partitions using TPM2
4786 hardware. This may be useful for example to create an encrypted /var
4787 partition bound to the machine on first boot.
4789 * A new systemd-cryptenroll tool has been added to enroll TPM2, FIDO2
4790 and PKCS#11 security tokens to LUKS volumes, list and destroy
4793 https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html
4795 It also supports enrolling "recovery keys" and regular passphrases.
4797 * The libfido2 dependency is now based on dlopen(), so that the library
4798 is used at runtime when installed, but is not a hard runtime
4801 * systemd-cryptsetup gained support for two new options in
4802 /etc/crypttab: "no-write-workqueue" and "no-read-workqueue" which
4803 request synchronous processing of encryption/decryption IO.
4805 * The manager may be configured at compile time to use the fexecve()
4806 instead of the execve() system call when spawning processes. Using
4807 fexecve() closes a window between checking the security context of an
4808 executable and spawning it, but unfortunately the kernel displays
4809 stale information in the process' "comm" field, which impacts ps
4812 * The configuration option -Dcompat-gateway-hostname has been dropped.
4813 "_gateway" is now the only supported name.
4815 * The ConditionSecurity=tpm2 unit file setting may be used to check if
4816 the system has at least one TPM2 (tpmrm class) device.
4818 * A new ConditionCPUFeature= has been added that may be used to
4819 conditionalize units based on CPU features. For example,
4820 ConditionCPUFeature=rdrand will condition a unit so that it is only
4821 run when the system CPU supports the RDRAND opcode.
4823 * The existing ConditionControlGroupController= setting has been
4824 extended with two new values "v1" and "v2". "v2" means that the
4825 unified v2 cgroup hierarchy is used, and "v1" means that legacy v1
4826 hierarchy or the hybrid hierarchy are used.
4828 * A new PrivateIPC= setting on a unit file allows executed processes to
4829 be moved into a private IPC namespace, with separate System V IPC
4830 identifiers and POSIX message queues.
4832 A new IPCNamespacePath= allows the unit to be joined to an existing
4835 * The tables of system calls in seccomp filters are now automatically
4836 generated from kernel lists exported on
4837 https://fedora.juszkiewicz.com.pl/syscalls.html.
4839 The following architectures should now have complete lists:
4840 alpha, arc, arm64, arm, i386, ia64, m68k, mips64n32, mips64, mipso32,
4841 powerpc, powerpc64, s390, s390x, tilegx, sparc, x86_64, x32.
4843 * The MountAPIVFS= service file setting now additionally mounts a tmpfs
4844 on /run/ if it is not already a mount point. A writable /run/ has
4845 always been a requirement for a functioning system, but this was not
4846 guaranteed when using a read-only image.
4848 Users can always specify BindPaths= or InaccessiblePaths= as
4849 overrides, and they will take precedence. If the host's root mount
4850 point is used, there is no change in behaviour.
4852 * New bind mounts and file system image mounts may be injected into the
4853 mount namespace of a service (without restarting it). This is exposed
4854 respectively as 'systemctl bind <unit> <path>…' and
4855 'systemctl mount-image <unit> <image>…'.
4857 * The StandardOutput= and StandardError= settings can now specify files
4858 to be truncated for output (as "truncate:<path>").
4860 * The ExecPaths= and NoExecPaths= settings may be used to specify
4861 noexec for parts of the file system.
4863 * sd-bus has a new function sd_bus_open_user_machine() to open a
4864 connection to the session bus of a specific user in a local container
4865 or on the local host. This is exposed in the existing -M switch to
4866 systemctl and similar tools:
4868 systemctl --user -M lennart@foobar start foo
4870 This will connect to the user bus of a user "lennart" in container
4871 "foobar". If no container name is specified, the specified user on
4872 the host itself is connected to
4874 systemctl --user -M lennart@ start quux
4876 * sd-bus also gained a convenience function sd_bus_message_send() to
4877 simplify invocations of sd_bus_send(), taking only a single
4878 parameter: the message to send.
4880 * sd-event allows rate limits to be set on event sources, for dealing
4881 with high-priority event sources that might starve out others. See
4882 the new man page sd_event_source_set_ratelimit(3) for details.
4884 * systemd.link files gained a [Link] Promiscuous= switch, which allows
4885 the device to be raised in promiscuous mode.
4887 New [Link] TransmitQueues= and ReceiveQueues= settings allow the
4888 number of TX and RX queues to be configured.
4890 New [Link] TransmitQueueLength= setting allows the size of the TX
4891 queue to be configured.
4893 New [Link] GenericSegmentOffloadMaxBytes= and
4894 GenericSegmentOffloadMaxSegments= allow capping the packet size and
4895 the number of segments accepted in Generic Segment Offload.
4897 * systemd-networkd gained support for the "B.A.T.M.A.N. advanced"
4898 wireless routing protocol that operates on ISO/OSI Layer 2 only and
4899 uses ethernet frames to route/bridge packets. This encompasses a new
4900 "batadv" netdev Type=, a new [BatmanAdvanced] section with a bunch of
4901 new settings in .netdev files, and a new BatmanAdvanced= setting in
4904 * systemd.network files gained a [Network] RouteTable= configuration
4905 switch to select the routing policy table.
4907 systemd.network files gained a [RoutingPolicyRule] Type=
4908 configuration switch (one of "blackhole, "unreachable", "prohibit").
4910 systemd.network files gained a [IPv6AcceptRA] RouteDenyList= and
4911 RouteAllowList= settings to ignore/accept route advertisements from
4912 routers matching specified prefixes. The DenyList= setting has been
4913 renamed to PrefixDenyList= and a new PrefixAllowList= option has been
4916 systemd.network files gained a [DHCPv6] UseAddress= setting to
4917 optionally ignore the address provided in the lease.
4919 systemd.network files gained a [DHCPv6PrefixDelegation]
4920 ManageTemporaryAddress= switch.
4922 systemd.network files gained a new ActivationPolicy= setting which
4923 allows configuring how the UP state of an interface shall be managed,
4924 i.e. whether the interface is always upped, always downed, or may be
4925 upped/downed by the user using "ip link set dev".
4927 * The default for the Broadcast= setting in .network files has slightly
4928 changed: the broadcast address will not be configured for wireguard
4931 * systemd.netdev files gained a [VLAN] Protocol=, IngressQOSMaps=,
4932 EgressQOSMaps=, and [MACVLAN] BroadcastMulticastQueueLength=
4933 configuration options for VLAN packet handling.
4935 * udev rules may now set log_level= option. This allows debug logs to
4936 be enabled for select events, e.g. just for a specific subsystem or
4937 even a single device.
4939 * udev now exports the VOLUME_ID, LOGICAL_VOLUME_ID, VOLUME_SET_ID, and
4940 DATA_PREPARED_ID properties for block devices with ISO9660 file
4943 * udev now exports decoded DMI information about installed memory slots
4944 as device properties under the /sys/class/dmi/id/ pseudo device.
4946 * /dev/ is not mounted noexec anymore. This didn't provide any
4947 significant security benefits and would conflict with the executable
4948 mappings used with /dev/sgx device nodes. The previous behaviour can
4949 be restored for individual services with NoExecPaths=/dev (or by allow-
4950 listing and excluding /dev from ExecPaths=).
4952 * Permissions for /dev/vsock are now set to 0o666, and /dev/vhost-vsock
4953 and /dev/vhost-net are owned by the kvm group.
4955 * The hardware database has been extended with a list of fingerprint
4956 readers that correctly support USB auto-suspend using data from
4959 * systemd-resolved can now answer DNSSEC questions through the stub
4960 resolver interface in a way that allows local clients to do DNSSEC
4961 validation themselves. For a question with DO+CD set, it'll proxy the
4962 DNS query and respond with a mostly unmodified packet received from
4963 the upstream server.
4965 * systemd-resolved learnt a new boolean option CacheFromLocalhost= in
4966 resolved.conf. If true the service will provide caching even for DNS
4967 lookups made to an upstream DNS server on the 127.0.0.1/::1
4968 addresses. By default (and when the option is false) systemd-resolved
4969 will not cache such lookups, in order to avoid duplicate local
4970 caching, under the assumption the local upstream server caches
4973 * systemd-resolved now implements RFC5001 NSID in its local DNS
4974 stub. This may be used by local clients to determine whether they are
4975 talking to the DNS resolver stub or a different DNS server.
4977 * When resolving host names and other records resolvectl will now
4978 report where the data was acquired from (i.e. the local cache, the
4979 network, locally synthesized, …) and whether the network traffic it
4980 effected was encrypted or not. Moreover the tool acquired a number of
4981 new options --cache=, --synthesize=, --network=, --zone=,
4982 --trust-anchor=, --validate= that take booleans and may be used to
4983 tweak a lookup, i.e. whether it may be answered from cached
4984 information, locally synthesized information, information acquired
4985 through the network, the local mDNS/LLMNR zone, the DNSSEC trust
4986 anchor, and whether DNSSEC validation shall be executed for the
4989 * systemd-nspawn gained a new --ambient-capability= setting
4990 (AmbientCapability= in .nspawn files) to configure ambient
4991 capabilities passed to the container payload.
4993 * systemd-nspawn gained the ability to configure the firewall using the
4994 nftables subsystem (in addition to the existing iptables
4995 support). Similarly, systemd-networkd's IPMasquerade= option now
4996 supports nftables as back-end, too. In both cases NAT on IPv6 is now
4997 supported too, in addition to IPv4 (the iptables back-end still is
5000 "IPMasquerade=yes", which was the same as "IPMasquerade=ipv4" before,
5001 retains its meaning, but has been deprecated. Please switch to either
5002 "ivp4" or "both" (if covering IPv6 is desired).
5004 * systemd-importd will now download .verity and .roothash.p7s files
5005 along with the machine image (as exposed via machinectl pull-raw).
5007 * systemd-oomd now gained a new DefaultMemoryPressureDurationSec=
5008 setting to configure the time a unit's cgroup needs to exceed memory
5009 pressure limits before action will be taken, and a new
5010 ManagedOOMPreference=none|avoid|omit setting to avoid killing certain
5013 systemd-oomd is now considered fully supported (the usual
5014 backwards-compatibility promises apply). Swap is not required for
5015 operation, but it is still recommended.
5017 * systemd-timesyncd gained a new ConnectionRetrySec= setting which
5018 configures the retry delay when trying to contact servers.
5020 * systemd-stdio-bridge gained --system/--user options to connect to the
5021 system bus (previous default) or the user session bus.
5023 * systemd-localed may now call locale-gen to generate missing locales
5024 on-demand (UTF-8-only). This improves integration with Debian-based
5025 distributions (Debian/Ubuntu/PureOS/Tanglu/...) and Arch Linux.
5027 * systemctl --check-inhibitors=true may now be used to obey inhibitors
5028 even when invoked non-interactively. The old --ignore-inhibitors
5029 switch is now deprecated and replaced by --check-inhibitors=false.
5031 * systemctl import-environment will now emit a warning when called
5032 without any arguments (i.e. to import the full environment block of
5033 the called program). This command will usually be invoked from a
5034 shell, which means that it'll inherit a bunch of variables which are
5035 specific to that shell, and usually to the TTY the shell is connected
5036 to, and don't have any meaning in the global context of the system or
5037 user service manager. Instead, only specific variables should be
5038 imported into the manager environment block.
5040 Similarly, programs which update the manager environment block by
5041 directly calling the D-Bus API of the manager, should also push
5042 specific variables, and not the full inherited environment.
5044 * systemctl's status output now shows unit state with a more careful
5045 choice of Unicode characters: units in maintenance show a "○" symbol
5046 instead of the usual "●", failed units show "×", and services being
5049 * coredumpctl gained a --debugger-arguments= switch to pass arguments
5050 to the debugger. It also gained support for showing coredump info in
5051 a simple JSON format.
5053 * systemctl/loginctl/machinectl's --signal= option now accept a special
5054 value "list", which may be used to show a brief table with known
5055 process signals and their numbers.
5057 * networkctl now shows the link activation policy in status.
5059 * Various tools gained --pager/--no-pager/--json= switches to
5060 enable/disable the pager and provide JSON output.
5062 * Various tools now accept two new values for the SYSTEMD_COLORS
5063 environment variable: "16" and "256", to configure how many terminal
5064 colors are used in output.
5066 * less 568 or newer is now required for the auto-paging logic of the
5067 various tools. Hyperlink ANSI sequences in terminal output are now
5068 used even if a pager is used, and older versions of less are not able
5069 to display these sequences correctly. SYSTEMD_URLIFY=0 may be used to
5070 disable this output again.
5072 * Builds with support for separate / and /usr/ hierarchies ("split-usr"
5073 builds, non-merged-usr builds) are now officially deprecated. A
5074 warning is emitted during build. Support is slated to be removed in
5075 about a year (when the Debian Bookworm release development starts).
5077 * Systems with the legacy cgroup v1 hierarchy are now marked as
5078 "tainted", to make it clearer that using the legacy hierarchy is not
5081 * systemd-localed will now refuse to configure a keymap which is not
5082 installed in the file system. This is intended as a bug fix, but
5083 could break cases where systemd-localed was used to configure the
5084 keymap in advanced of it being installed. It is necessary to install
5085 the keymap file first.
5087 * The main git development branch has been renamed to 'main'.
5089 * mmcblk[0-9]boot[0-9] devices will no longer be probed automatically
5090 for partitions, as in the vast majority of cases they contain none
5091 and are used internally by the bootloader (eg: uboot).
5093 * systemd will now set the $SYSTEMD_EXEC_PID environment variable for
5094 spawned processes to the PID of the process itself. This may be used
5095 by programs for detecting whether they were forked off by the service
5096 manager itself or are a process forked off further down the tree.
5098 * The sd-device API gained four new calls: sd_device_get_action() to
5099 determine the uevent add/remove/change/… action the device object has
5100 been seen for, sd_device_get_seqno() to determine the uevent sequence
5101 number, sd_device_new_from_stat_rdev() to allocate a new sd_device
5102 object from stat(2) data of a device node, and sd_device_trigger() to
5103 write to the 'uevent' attribute of a device.
5105 * For most tools the --no-legend= switch has been replaced by
5106 --legend=no and --legend=yes, to force whether tables are shown with
5109 * Units acquired a new property "Markers" that takes a list of zero,
5110 one or two of the following strings: "needs-reload" and
5111 "needs-restart". These markers may be set via "systemctl
5112 set-property". Once a marker is set, "systemctl reload-or-restart
5113 --marked" may be invoked to execute the operation the units are
5114 marked for. This is useful for package managers that want to mark
5115 units for restart/reload while updating, but effect the actual
5116 operations at a later step at once.
5118 * The sd_bus_message_read_strv() API call of sd-bus may now also be
5119 used to parse arrays of D-Bus signatures and D-Bus paths, in addition
5122 * bootctl will now report whether the UEFI firmware used a TPM2 device
5123 and measured the boot process into it.
5125 * systemd-tmpfiles learnt support for a new environment variable
5126 $SYSTEMD_TMPFILES_FORCE_SUBVOL which takes a boolean value. If true
5127 the v/q/Q lines in tmpfiles.d/ snippets will create btrfs subvolumes
5128 even if the root fs of the system is not itself a btrfs volume.
5130 * systemd-detect-virt/ConditionVirtualization= will now explicitly
5131 detect Docker/Podman environments where possible. Moreover, they
5132 should be able to generically detect any container manager as long as
5133 it assigns the container a cgroup.
5135 * portablectl gained a new "reattach" verb for detaching/reattaching a
5136 portable service image, useful for updating images on-the-fly.
5138 * Intel SGX enclave device nodes (which expose a security feature of
5139 newer Intel CPUs) will now be owned by a new system group "sgx".
5141 Contributions from: Adam Nielsen, Adrian Vovk, AJ Jordan, Alan Perry,
5142 Alastair Pharo, Alexander Batischev, Ali Abdallah, Andrew Balmos,
5143 Anita Zhang, Annika Wickert, Ansgar Burchardt, Antonio Terceiro,
5144 Antonius Frie, Ardy, Arian van Putten, Ariel Fermani, Arnaud T,
5145 A S Alam, Bastien Nocera, Benjamin Berg, Benjamin Robin, Björn Daase,
5146 caoxia, Carlo Wood, Charles Lee, ChopperRob, chri2, Christian Ehrhardt,
5147 Christian Hesse, Christopher Obbard, clayton craft, corvusnix, cprn,
5148 Daan De Meyer, Daniele Medri, Daniel Rusek, Dan Sanders, Dan Streetman,
5149 Darren Ng, David Edmundson, David Tardon, Deepak Rawat, Devon Pringle,
5150 Dmitry Borodaenko, dropsignal, Einsler Lee, Endre Szabo,
5151 Evgeny Vereshchagin, Fabian Affolter, Fangrui Song, Felipe Borges,
5152 feliperodriguesfr, Felix Stupp, Florian Hülsmann, Florian Klink,
5153 Florian Westphal, Franck Bui, Frantisek Sumsal, Gablegritule,
5154 Gaël PORTAY, Gaurav, Giedrius Statkevičius, Greg Depoire-Ferrer,
5155 Gustavo Costa, Hans de Goede, Hela Basa, heretoenhance, hide,
5156 Iago López Galeiras, igo95862, Ilya Dmitrichenko, Jameer Pathan,
5157 Jan Tojnar, Jiehong, Jinyuan Si, Joerg Behrmann, John Slade,
5158 Jonathan G. Underwood, Jonathan McDowell, Josh Triplett, Joshua Watt,
5159 Julia Cartwright, Julien Humbert, Kairui Song, Karel Zak,
5160 Kevin Backhouse, Kevin P. Fleming, Khem Raj, Konomi, krissgjeng,
5161 l4gfcm, Lajos Veres, Lennart Poettering, Lincoln Ramsay, Luca Boccassi,
5162 Luca BRUNO, Lucas Werkmeister, Luka Kudra, Luna Jernberg,
5163 Marc-André Lureau, Martin Wilck, Matthias Klumpp, Matt Turner,
5164 Michael Gisbers, Michael Marley, Michael Trapp, Michal Fabik,
5165 Michał Kopeć, Michal Koutný, Michal Sekletár, Michele Guerini Rocco,
5166 Mike Gilbert, milovlad, moson-mo, Nick, nihilix-melix, Oğuz Ersen,
5167 Ondrej Mosnacek, pali, Pavel Hrdina, Pavel Sapezhko, Perry Yuan,
5168 Peter Hutterer, Pierre Dubouilh, Piotr Drąg, Pjotr Vertaalt,
5169 Richard Laager, RussianNeuroMancer, Sam Lunt, Sebastiaan van Stijn,
5170 Sergey Bugaev, shenyangyang4, simmon, Simonas Kazlauskas,
5171 Slimane Selyan Amiri, Stefan Agner, Steve Ramage, Susant Sahani,
5172 Sven Mueller, Tad Fisher, Takashi Iwai, Thomas Haller, Tom Shield,
5173 Topi Miettinen, Torsten Hilbrich, tpgxyz, Tyler Hicks, ulf-f,
5174 Ulrich Ölmann, Vincent Pelletier, Vinnie Magro, Vito Caputo, Vlad,
5175 walbit-de, Whired Planck, wouter bolsterlee, Xℹ Ruoyao, Yangyang Shen,
5176 Yuri Chornoivan, Yu Watanabe, Zach Smith, Zbigniew Jędrzejewski-Szmek,
5177 Zmicer Turok, Дамјан Георгиевски
5179 — Berlin, 2021-03-30
5183 * KERNEL API INCOMPATIBILITY: Linux 4.14 introduced two new uevents
5184 "bind" and "unbind" to the Linux device model. When this kernel
5185 change was made, systemd-udevd was only minimally updated to handle
5186 and propagate these new event types. The introduction of these new
5187 uevents (which are typically generated for USB devices and devices
5188 needing a firmware upload before being functional) resulted in a
5189 number of issues which we so far didn't address. We hoped the kernel
5190 maintainers would themselves address these issues in some form, but
5191 that did not happen. To handle them properly, many (if not most) udev
5192 rules files shipped in various packages need updating, and so do many
5193 programs that monitor or enumerate devices with libudev or sd-device,
5194 or otherwise process uevents. Please note that this incompatibility
5195 is not fault of systemd or udev, but caused by an incompatible kernel
5196 change that happened back in Linux 4.14, but is becoming more and
5197 more visible as the new uevents are generated by more kernel drivers.
5199 To minimize issues resulting from this kernel change (but not avoid
5200 them entirely) starting with systemd-udevd 247 the udev "tags"
5201 concept (which is a concept for marking and filtering devices during
5202 enumeration and monitoring) has been reworked: udev tags are now
5203 "sticky", meaning that once a tag is assigned to a device it will not
5204 be removed from the device again until the device itself is removed
5205 (i.e. unplugged). This makes sure that any application monitoring
5206 devices that match a specific tag is guaranteed to both see uevents
5207 where the device starts being relevant, and those where it stops
5208 being relevant (the latter now regularly happening due to the new
5209 "unbind" uevent type). The udev tags concept is hence now a concept
5210 tied to a *device* instead of a device *event* — unlike for example
5211 udev properties whose lifecycle (as before) is generally tied to a
5212 device event, meaning that the previously determined properties are
5213 forgotten whenever a new uevent is processed.
5215 With the newly redefined udev tags concept, sometimes it's necessary
5216 to determine which tags are the ones applied by the most recent
5217 uevent/database update, in order to discern them from those
5218 originating from earlier uevents/database updates of the same
5219 device. To accommodate for this a new automatic property CURRENT_TAGS
5220 has been added that works similar to the existing TAGS property but
5221 only lists tags set by the most recent uevent/database
5222 update. Similarly, the libudev/sd-device API has been updated with
5223 new functions to enumerate these 'current' tags, in addition to the
5224 existing APIs that now enumerate the 'sticky' ones.
5226 To properly handle "bind"/"unbind" on Linux 4.14 and newer it is
5227 essential that all udev rules files and applications are updated to
5228 handle the new events. Specifically:
5230 • All rule files that currently use a header guard similar to
5231 ACTION!="add|change",GOTO="xyz_end" should be updated to use
5232 ACTION=="remove",GOTO="xyz_end" instead, so that the
5233 properties/tags they add are also applied whenever "bind" (or
5234 "unbind") is seen. (This is most important for all physical device
5235 types — those for which "bind" and "unbind" are currently
5236 generated, for all other device types this change is still
5237 recommended but not as important — but certainly prepares for
5238 future kernel uevent type additions).
5240 • Similarly, all code monitoring devices that contains an 'if' branch
5241 discerning the "add" + "change" uevent actions from all other
5242 uevents actions (i.e. considering devices only relevant after "add"
5243 or "change", and irrelevant on all other events) should be reworked
5244 to instead negatively check for "remove" only (i.e. considering
5245 devices relevant after all event types, except for "remove", which
5246 invalidates the device). Note that this also means that devices
5247 should be considered relevant on "unbind", even though conceptually
5248 this — in some form — invalidates the device. Since the precise
5249 effect of "unbind" is not generically defined, devices should be
5250 considered relevant even after "unbind", however I/O errors
5251 accessing the device should then be handled gracefully.
5253 • Any code that uses device tags for deciding whether a device is
5254 relevant or not most likely needs to be updated to use the new
5255 udev_device_has_current_tag() API (or sd_device_has_current_tag()
5256 in case sd-device is used), to check whether the tag is set at the
5257 moment an uevent is seen (as opposed to the existing
5258 udev_device_has_tag() API which checks if the tag ever existed on
5259 the device, following the API concept redefinition explained
5262 We are very sorry for this breakage and the requirement to update
5263 packages using these interfaces. We'd again like to underline that
5264 this is not caused by systemd/udev changes, but result of a kernel
5267 * UPCOMING INCOMPATIBILITY: So far most downstream distribution
5268 packages have not retriggered devices once the udev package (or any
5269 auxiliary package installing additional udev rules) is updated. We
5270 intend to work with major distributions to change this, so that
5271 "udevadm trigger -c change" is issued on such upgrades, ensuring that
5272 the updated ruleset is applied to the devices already discovered, so
5273 that (asynchronously) after the upgrade completed the udev database
5274 is consistent with the updated rule set. This means udev rules must
5275 be ready to be retriggered with a "change" action any time, and
5276 result in correct and complete udev database entries. While the
5277 majority of udev rule files known to us currently get this right,
5278 some don't. Specifically, there are udev rules files included in
5279 various packages that only set udev properties on the "add" action,
5280 but do not handle the "change" action. If a device matching those
5281 rules is retriggered with the "change" action (as is intended here)
5282 it would suddenly lose the relevant properties. This always has been
5283 problematic, but as soon as all udev devices are triggered on relevant
5284 package upgrades this will become particularly so. It is strongly
5285 recommended to fix offending rules so that they can handle a "change"
5286 action at any time, and acquire all necessary udev properties even
5287 then. Or in other words: the header guard mentioned above
5288 (ACTION=="remove",GOTO="xyz_end") is the correct approach to handle
5289 this, as it makes sure rules are rerun on "change" correctly, and
5290 accumulate the correct and complete set of udev properties. udev rule
5291 definitions that cannot handle "change" events being triggered at
5292 arbitrary times should be considered buggy.
5294 * The MountAPIVFS= service file setting now defaults to on if
5295 RootImage= and RootDirectory= are used, which means that with those
5296 two settings /proc/, /sys/ and /dev/ are automatically properly set
5297 up for services. Previous behaviour may be restored by explicitly
5298 setting MountAPIVFS=off.
5300 * Since PAM 1.2.0 (2015) configuration snippets may be placed in
5301 /usr/lib/pam.d/ in addition to /etc/pam.d/. If a file exists in the
5302 latter it takes precedence over the former, similar to how most of
5303 systemd's own configuration is handled. Given that PAM stack
5304 definitions are primarily put together by OS vendors/distributions
5305 (though possibly overridden by users), this systemd release moves its
5306 own PAM stack configuration for the "systemd-user" PAM service (i.e.
5307 for the PAM session invoked by the per-user user@.service instance)
5308 from /etc/pam.d/ to /usr/lib/pam.d/. We recommend moving all
5309 packages' vendor versions of their PAM stack definitions from
5310 /etc/pam.d/ to /usr/lib/pam.d/, but if such OS-wide migration is not
5311 desired the location to which systemd installs its PAM stack
5312 configuration may be changed via the -Dpamconfdir Meson option.
5314 * The runtime dependencies on libqrencode, libpcre2, libidn/libidn2,
5315 libpwquality and libcryptsetup have been changed to be based on
5316 dlopen(): instead of regular dynamic library dependencies declared in
5317 the binary ELF headers, these libraries are now loaded on demand
5318 only, if they are available. If the libraries cannot be found the
5319 relevant operations will fail gracefully, or a suitable fallback
5320 logic is chosen. This is supposed to be useful for general purpose
5321 distributions, as it allows minimizing the list of dependencies the
5322 systemd packages pull in, permitting building of more minimal OS
5323 images, while still making use of these "weak" dependencies should
5324 they be installed. Since many package managers automatically
5325 synthesize package dependencies from ELF shared library dependencies,
5326 some additional manual packaging work has to be done now to replace
5327 those (slightly downgraded from "required" to "recommended" or
5328 whatever is conceptually suitable for the package manager). Note that
5329 this change does not alter build-time behaviour: as before the
5330 build-time dependencies have to be installed during build, even if
5331 they now are optional during runtime.
5333 * sd-event.h gained a new call sd_event_add_time_relative() for
5334 installing timers relative to the current time. This is mostly a
5335 convenience wrapper around the pre-existing sd_event_add_time() call
5336 which installs absolute timers.
5338 * sd-event event sources may now be placed in a new "exit-on-failure"
5339 mode, which may be controlled via the new
5340 sd_event_source_get_exit_on_failure() and
5341 sd_event_source_set_exit_on_failure() functions. If enabled, any
5342 failure returned by the event source handler functions will result in
5343 exiting the event loop (unlike the default behaviour of just
5344 disabling the event source but continuing with the event loop). This
5345 feature is useful to set for all event sources that define "primary"
5346 program behaviour (where failure should be fatal) in contrast to
5347 "auxiliary" behaviour (where failure should remain local).
5349 * Most event source types sd-event supports now accept a NULL handler
5350 function, in which case the event loop is exited once the event
5351 source is to be dispatched, using the userdata pointer — converted to
5352 a signed integer — as exit code of the event loop. Previously this
5353 was supported for IO and signal event sources already. Exit event
5354 sources still do not support this (simply because it makes little
5355 sense there, as the event loop is already exiting when they are
5358 * A new per-unit setting RootImageOptions= has been added which allows
5359 tweaking the mount options for any file system mounted as effect of
5360 the RootImage= setting.
5362 * Another new per-unit setting MountImages= has been added, that allows
5363 mounting additional disk images into the file system tree accessible
5366 * Timer units gained a new FixedRandomDelay= boolean setting. If
5367 enabled, the random delay configured with RandomizedDelaySec= is
5368 selected in a way that is stable on a given system (though still
5369 different for different units).
5371 * Socket units gained a new setting Timestamping= that takes "us", "ns"
5372 or "off". This controls the SO_TIMESTAMP/SO_TIMESTAMPNS socket
5375 * systemd-repart now generates JSON output when requested with the new
5378 * systemd-machined's OpenMachineShell() bus call will now pass
5379 additional policy metadata data fields to the PolicyKit
5380 authentication request.
5382 * systemd-tmpfiles gained a new -E switch, which is equivalent to
5383 --exclude-prefix=/dev --exclude-prefix=/proc --exclude=/run
5384 --exclude=/sys. It's particularly useful in combination with --root=,
5385 when operating on OS trees that do not have any of these four runtime
5386 directories mounted, as this means no files below these subtrees are
5387 created or modified, since those mount points should probably remain
5390 * systemd-tmpfiles gained a new --image= switch which is like --root=,
5391 but takes a disk image instead of a directory as argument. The
5392 specified disk image is mounted inside a temporary mount namespace
5393 and the tmpfiles.d/ drop-ins stored in the image are executed and
5394 applied to the image. systemd-sysusers similarly gained a new
5395 --image= switch, that allows the sysusers.d/ drop-ins stored in the
5396 image to be applied onto the image.
5398 * Similarly, the journalctl command also gained an --image= switch,
5399 which is a quick one-step solution to look at the log data included
5402 * journalctl's --output=cat option (which outputs the log content
5403 without any metadata, just the pure text messages) will now make use
5404 of terminal colors when run on a suitable terminal, similarly to the
5407 * JSON group records now support a "description" string that may be
5408 used to add a human-readable textual description to such groups. This
5409 is supposed to match the user's GECOS field which traditionally
5410 didn't have a counterpart for group records.
5412 * The "systemd-dissect" tool that may be used to inspect OS disk images
5413 and that was previously installed to /usr/lib/systemd/ has now been
5414 moved to /usr/bin/, reflecting its updated status of an officially
5415 supported tool with a stable interface. It gained support for a new
5416 --mkdir switch which when combined with --mount has the effect of
5417 creating the directory to mount the image to if it is missing
5418 first. It also gained two new commands --copy-from and --copy-to for
5419 copying files and directories in and out of an OS image without the
5420 need to manually mount it. It also acquired support for a new option
5421 --json= to generate JSON output when inspecting an OS image.
5423 * The cgroup2 file system is now mounted with the
5424 "memory_recursiveprot" mount option, supported since kernel 5.7. This
5425 means that the MemoryLow= and MemoryMin= unit file settings now apply
5426 recursively to whole subtrees.
5428 * systemd-homed now defaults to using the btrfs file system — if
5429 available — when creating home directories in LUKS volumes. This may
5430 be changed with the DefaultFileSystemType= setting in homed.conf.
5431 It's now the default file system in various major distributions and
5432 has the major benefit for homed that it can be grown and shrunk while
5433 mounted, unlike the other contenders ext4 and xfs, which can both be
5434 grown online, but not shrunk (in fact xfs is the technically most
5435 limited option here, as it cannot be shrunk at all).
5437 * JSON user records managed by systemd-homed gained support for
5438 "recovery keys". These are basically secondary passphrases that can
5439 unlock user accounts/home directories. They are computer-generated
5440 rather than user-chosen, and typically have greater entropy.
5441 homectl's --recovery-key= option may be used to add a recovery key to
5442 a user account. The generated recovery key is displayed as a QR code,
5443 so that it can be scanned to be kept in a safe place. This feature is
5444 particularly useful in combination with systemd-homed's support for
5445 FIDO2 or PKCS#11 authentication, as a secure fallback in case the
5446 security tokens are lost. Recovery keys may be entered wherever the
5447 system asks for a password.
5449 * systemd-homed now maintains a "dirty" flag for each LUKS encrypted
5450 home directory which indicates that a home directory has not been
5451 deactivated cleanly when offline. This flag is useful to identify
5452 home directories for which the offline discard logic did not run when
5453 offlining, and where it would be a good idea to log in again to catch
5456 * systemctl gained a new parameter --timestamp= which may be used to
5457 change the style in which timestamps are output, i.e. whether to show
5458 them in local timezone or UTC, or whether to show µs granularity.
5460 * Alibaba's "pouch" container manager is now detected by
5461 systemd-detect-virt, ConditionVirtualization= and similar
5462 constructs. Similar, they now also recognize IBM PowerVM machine
5465 * systemd-nspawn has been reworked to use the /run/host/incoming/ as
5466 place to use for propagating external mounts into the
5467 container. Similarly /run/host/notify is now used as the socket path
5468 for container payloads to communicate with the container manager
5469 using sd_notify(). The container manager now uses the
5470 /run/host/inaccessible/ directory to place "inaccessible" file nodes
5471 of all relevant types which may be used by the container payload as
5472 bind mount source to over-mount inodes to make them inaccessible.
5473 /run/host/container-manager will now be initialized with the same
5474 string as the $container environment variable passed to the
5475 container's PID 1. /run/host/container-uuid will be initialized with
5476 the same string as $container_uuid. This means the /run/host/
5477 hierarchy is now the primary way to make host resources available to
5478 the container. The Container Interface documents these new files and
5481 https://systemd.io/CONTAINER_INTERFACE
5483 * Support for the "ConditionNull=" unit file condition has been
5484 deprecated and undocumented for 6 years. systemd started to warn
5485 about its use 1.5 years ago. It has now been removed entirely.
5487 * sd-bus.h gained a new API call sd_bus_error_has_names(), which takes
5488 a sd_bus_error struct and a list of error names, and checks if the
5489 error matches one of these names. It's a convenience wrapper that is
5490 useful in cases where multiple errors shall be handled the same way.
5492 * A new system call filter list "@known" has been added, that contains
5493 all system calls known at the time systemd was built.
5495 * Behaviour of system call filter allow lists has changed slightly:
5496 system calls that are contained in @known will result in EPERM by
5497 default, while those not contained in it result in ENOSYS. This
5498 should improve compatibility because known system calls will thus be
5499 communicated as prohibited, while unknown (and thus newer ones) will
5500 be communicated as not implemented, which hopefully has the greatest
5501 chance of triggering the right fallback code paths in client
5504 * "systemd-analyze syscall-filter" will now show two separate sections
5505 at the bottom of the output: system calls known during systemd build
5506 time but not included in any of the filter groups shown above, and
5507 system calls defined on the local kernel but known during systemd
5510 * If the $SYSTEMD_LOG_SECCOMP=1 environment variable is set for
5511 systemd-nspawn all system call filter violations will be logged by
5512 the kernel (audit). This is useful for tracking down system calls
5513 invoked by container payloads that are prohibited by the container's
5514 system call filter policy.
5516 * If the $SYSTEMD_SECCOMP=0 environment variable is set for
5517 systemd-nspawn (and other programs that use seccomp) all seccomp
5518 filtering is turned off.
5520 * Two new unit file settings ProtectProc= and ProcSubset= have been
5521 added that expose the hidepid= and subset= mount options of procfs.
5522 All processes of the unit will only see processes in /proc that are
5523 are owned by the unit's user. This is an important new sandboxing
5524 option that is recommended to be set on all system services. All
5525 long-running system services that are included in systemd itself set
5526 this option now. This option is only supported on kernel 5.8 and
5527 above, since the hidepid= option supported on older kernels was not a
5528 per-mount option but actually applied to the whole PID namespace.
5530 * Socket units gained a new boolean setting FlushPending=. If enabled
5531 all pending socket data/connections are flushed whenever the socket
5532 unit enters the "listening" state, i.e. after the associated service
5535 * The unit file setting NUMAMask= gained a new "all" value: when used,
5536 all existing NUMA nodes are added to the NUMA mask.
5538 * A new "credentials" logic has been added to system services. This is
5539 a simple mechanism to pass privileged data to services in a safe and
5540 secure way. It's supposed to be used to pass per-service secret data
5541 such as passwords or cryptographic keys but also associated less
5542 private information such as user names, certificates, and similar to
5543 system services. Each credential is identified by a short user-chosen
5544 name and may contain arbitrary binary data. Two new unit file
5545 settings have been added: SetCredential= and LoadCredential=. The
5546 former allows setting a credential to a literal string, the latter
5547 sets a credential to the contents of a file (or data read from a
5548 user-chosen AF_UNIX stream socket). Credentials are passed to the
5549 service via a special credentials directory, one file for each
5550 credential. The path to the credentials directory is passed in a new
5551 $CREDENTIALS_DIRECTORY environment variable. Since the credentials
5552 are passed in the file system they may be easily referenced in
5553 ExecStart= command lines too, thus no explicit support for the
5554 credentials logic in daemons is required (though ideally daemons
5555 would look for the bits they need in $CREDENTIALS_DIRECTORY
5556 themselves automatically, if set). The $CREDENTIALS_DIRECTORY is
5557 backed by unswappable memory if privileges allow it, immutable if
5558 privileges allow it, is accessible only to the service's UID, and is
5559 automatically destroyed when the service stops.
5561 * systemd-nspawn supports the same credentials logic. It can both
5562 consume credentials passed to it via the aforementioned
5563 $CREDENTIALS_DIRECTORY protocol as well as pass these credentials on
5564 to its payload. The service manager/PID 1 has been updated to match
5565 this: it can also accept credentials from the container manager that
5566 invokes it (in fact: any process that invokes it), and passes them on
5567 to its services. Thus, credentials can be propagated recursively down
5568 the tree: from a system's service manager to a systemd-nspawn
5569 service, to the service manager that runs as container payload and to
5570 the service it runs below. Credentials may also be added on the
5571 systemd-nspawn command line, using new --set-credential= and
5572 --load-credential= command line switches that match the
5573 aforementioned service settings.
5575 * systemd-repart gained new settings Format=, Encrypt=, CopyFiles= in
5576 the partition drop-ins which may be used to format/LUKS
5577 encrypt/populate any created partitions. The partitions are
5578 encrypted/formatted/populated before they are registered in the
5579 partition table, so that they appear atomically: either the
5580 partitions do not exist yet or they exist fully encrypted, formatted,
5581 and populated — there is no time window where they are
5582 "half-initialized". Thus the system is robust to abrupt shutdown: if
5583 the tool is terminated half-way during its operations on next boot it
5584 will start from the beginning.
5586 * systemd-repart's --size= operation gained a new "auto" value. If
5587 specified, and operating on a loopback file it is automatically sized
5588 to the minimal size the size constraints permit. This is useful to
5589 use "systemd-repart" as an image builder for minimally sized images.
5591 * systemd-resolved now gained a third IPC interface for requesting name
5592 resolution: besides D-Bus and local DNS to 127.0.0.53 a Varlink
5593 interface is now supported. The nss-resolve NSS module has been
5594 modified to use this new interface instead of D-Bus. Using Varlink
5595 has a major benefit over D-Bus: it works without a broker service,
5596 and thus already during earliest boot, before the dbus daemon has
5597 been started. This means name resolution via systemd-resolved now
5598 works at the same time systemd-networkd operates: from earliest boot
5599 on, including in the initrd.
5601 * systemd-resolved gained support for a new DNSStubListenerExtra=
5602 configuration file setting which may be used to specify additional IP
5603 addresses the built-in DNS stub shall listen on, in addition to the
5604 main one on 127.0.0.53:53.
5606 * Name lookups issued via systemd-resolved's D-Bus and Varlink
5607 interfaces (and thus also via glibc NSS if nss-resolve is used) will
5608 now honour a trailing dot in the hostname: if specified the search
5609 path logic is turned off. Thus "resolvectl query foo." is now
5610 equivalent to "resolvectl query --search=off foo.".
5612 * systemd-resolved gained a new D-Bus property "ResolvConfMode" that
5613 exposes how /etc/resolv.conf is currently managed: by resolved (and
5614 in which mode if so) or another subsystem. "resolvctl" will display
5615 this property in its status output.
5617 * The resolv.conf snippets systemd-resolved provides will now set "."
5618 as the search domain if no other search domain is known. This turns
5619 off the derivation of an implicit search domain by nss-dns for the
5620 hostname, when the hostname is set to an FQDN. This change is done to
5621 make nss-dns using resolv.conf provided by systemd-resolved behave
5622 more similarly to nss-resolve.
5624 * systemd-tmpfiles' file "aging" logic (i.e. the automatic clean-up of
5625 /tmp/ and /var/tmp/ based on file timestamps) now looks at the
5626 "birth" time (btime) of a file in addition to the atime, mtime, and
5629 * systemd-analyze gained a new verb "capability" that lists all known
5630 capabilities by the systemd build and by the kernel.
5632 * If a file /usr/lib/clock-epoch exists, PID 1 will read its mtime and
5633 advance the system clock to it at boot if it is noticed to be before
5634 that time. Previously, PID 1 would only advance the time to an epoch
5635 time that is set during build-time. With this new file OS builders
5636 can change this epoch timestamp on individual OS images without
5637 having to rebuild systemd.
5639 * systemd-logind will now listen to the KEY_RESTART key from the Linux
5640 input layer and reboot the system if it is pressed, similarly to how
5641 it already handles KEY_POWER, KEY_SUSPEND or KEY_SLEEP. KEY_RESTART
5642 was originally defined in the Multimedia context (to restart playback
5643 of a song or film), but is now primarily used in various embedded
5644 devices for "Reboot" buttons. Accordingly, systemd-logind will now
5645 honour it as such. This may configured in more detail via the new
5646 HandleRebootKey= and RebootKeyIgnoreInhibited=.
5648 * systemd-nspawn/systemd-machined will now reconstruct hardlinks when
5649 copying OS trees, for example in "systemd-nspawn --ephemeral",
5650 "systemd-nspawn --template=", "machinectl clone" and similar. This is
5651 useful when operating with OSTree images, which use hardlinks heavily
5652 throughout, and where such copies previously resulting in "exploding"
5655 * systemd-nspawn's --console= setting gained support for a new
5656 "autopipe" value, which is identical to "interactive" when invoked on
5657 a TTY, and "pipe" otherwise.
5659 * systemd-networkd's .network files gained support for explicitly
5660 configuring the multicast membership entries of bridge devices in the
5661 [BridgeMDB] section. It also gained support for the PIE queuing
5662 discipline in the [FlowQueuePIE] sections.
5664 * systemd-networkd's .netdev files may now be used to create "BareUDP"
5665 tunnels, configured in the new [BareUDP] setting.
5667 * systemd-networkd's Gateway= setting in .network files now accepts the
5668 special values "_dhcp4" and "_ipv6ra" to configure additional,
5669 locally defined, explicit routes to the gateway acquired via DHCP or
5670 IPv6 Router Advertisements. The old setting "_dhcp" is deprecated,
5671 but still accepted for backwards compatibility.
5673 * systemd-networkd's [IPv6PrefixDelegation] section and
5674 IPv6PrefixDelegation= options have been renamed as [IPv6SendRA] and
5675 IPv6SendRA= (the old names are still accepted for backwards
5678 * systemd-networkd's .network files gained the DHCPv6PrefixDelegation=
5679 boolean setting in [Network] section. If enabled, the delegated prefix
5680 gained by another link will be configured, and an address within the
5681 prefix will be assigned.
5683 * systemd-networkd's .network files gained the Announce= boolean setting
5684 in [DHCPv6PrefixDelegation] section. When enabled, the delegated
5685 prefix will be announced through IPv6 router advertisement (IPv6 RA).
5686 The setting is enabled by default.
5688 * VXLAN tunnels may now be marked as independent of any underlying
5689 network interface via the new Independent= boolean setting.
5691 * systemctl gained support for two new verbs: "service-log-level" and
5692 "service-log-target" may be used on services that implement the
5693 generic org.freedesktop.LogControl1 D-Bus interface to dynamically
5694 adjust the log level and target. All of systemd's long-running
5695 services support this now, but ideally all system services would
5696 implement this interface to make the system more uniformly
5699 * The SystemCallErrorNumber= unit file setting now accepts the new
5700 "kill" and "log" actions, in addition to arbitrary error number
5701 specifications as before. If "kill" the processes are killed on the
5702 event, if "log" the offending system call is audit logged.
5704 * A new SystemCallLog= unit file setting has been added that accepts a
5705 list of system calls that shall be logged about (audit).
5707 * The OS image dissection logic (as used by RootImage= in unit files or
5708 systemd-nspawn's --image= switch) has gained support for identifying
5709 and mounting explicit /usr/ partitions, which are now defined in the
5710 discoverable partition specification. This should be useful for
5711 environments where the root file system is
5712 generated/formatted/populated dynamically on first boot and combined
5713 with an immutable /usr/ tree that is supplied by the vendor.
5715 * In the final phase of shutdown, within the systemd-shutdown binary
5716 we'll now try to detach MD devices (i.e software RAID) in addition to
5717 loopback block devices and DM devices as before. This is supposed to
5718 be a safety net only, in order to increase robustness if things go
5719 wrong. Storage subsystems are expected to properly detach their
5720 storage volumes during regular shutdown already (or in case of
5721 storage backing the root file system: in the initrd hook we return to
5724 * If the SYSTEMD_LOG_TID environment variable is set all systemd tools
5725 will now log the thread ID in their log output. This is useful when
5726 working with heavily threaded programs.
5728 * If the SYSTEMD_RDRAND environment variable is set to "0", systemd will
5729 not use the RDRAND CPU instruction. This is useful in environments
5730 such as replay debuggers where non-deterministic behaviour is not
5733 * The autopaging logic in systemd's various tools (such as systemctl)
5734 has been updated to turn on "secure" mode in "less"
5735 (i.e. $LESSECURE=1) if execution in a "sudo" environment is
5736 detected. This disables invoking external programs from the pager,
5737 via the pipe logic. This behaviour may be overridden via the new
5738 $SYSTEMD_PAGERSECURE environment variable.
5740 * Units which have resource limits (.service, .mount, .swap, .slice,
5741 .socket, and .slice) gained new configuration settings
5742 ManagedOOMSwap=, ManagedOOMMemoryPressure=, and
5743 ManagedOOMMemoryPressureLimitPercent= that specify resource pressure
5744 limits and optional action taken by systemd-oomd.
5746 * A new service systemd-oomd has been added. It monitors resource
5747 contention for selected parts of the unit hierarchy using the PSI
5748 information reported by the kernel, and kills processes when memory
5749 or swap pressure is above configured limits. This service is only
5750 enabled by default in developer mode (see below) and should be
5751 considered a preview in this release. Behaviour details and option
5752 names are subject to change without the usual backwards-compatibility
5755 * A new helper oomctl has been added to introspect systemd-oomd state.
5756 It is only enabled by default in developer mode and should be
5757 considered a preview without the usual backwards-compatibility
5760 * New meson option -Dcompat-mutable-uid-boundaries= has been added. If
5761 enabled, systemd reads the system UID boundaries from /etc/login.defs
5762 at runtime, instead of using the built-in values selected during
5763 build. This is an option to improve compatibility for upgrades from
5764 old systems. It's strongly recommended not to make use of this
5765 functionality on new systems (or even enable it during build), as it
5766 makes something runtime-configurable that is mostly an implementation
5767 detail of the OS, and permits avoidable differences in deployments
5768 that create all kinds of problems in the long run.
5770 * New meson option '-Dmode=developer|release' has been added. When
5771 'developer', additional checks and features are enabled that are
5772 relevant during upstream development, e.g. verification that
5773 semi-automatically-generated documentation has been properly updated
5774 following API changes. Those checks are considered hints for
5775 developers and are not actionable in downstream builds. In addition,
5776 extra features that are not ready for general consumption may be
5777 enabled in developer mode. It is thus recommended to set
5778 '-Dmode=release' in end-user and distro builds.
5780 * systemd-cryptsetup gained support for processing detached LUKS
5781 headers specified on the kernel command line via the header=
5782 parameter of the luks.options= kernel command line option. The same
5783 device/path syntax as for key files is supported for header files
5786 * The "net_id" built-in of udev has been updated to ignore ACPI _SUN
5787 slot index data for devices that are connected through a PCI bridge
5788 where the _SUN index is associated with the bridge instead of the
5789 network device itself. Previously this would create ambiguous device
5790 naming if multiple network interfaces were connected to the same PCI
5791 bridge. Since this is a naming scheme incompatibility on systems that
5792 possess hardware like this it has been introduced as new naming
5793 scheme "v247". The previous scheme can be selected via the
5794 "net.naming-scheme=v245" kernel command line parameter.
5796 * ConditionFirstBoot= semantics have been modified to be safe towards
5797 abnormal system power-off during first boot. Specifically, the
5798 "systemd-machine-id-commit.service" service now acts as boot
5799 milestone indicating when the first boot process is sufficiently
5800 complete in order to not consider the next following boot also a
5801 first boot. If the system is reset before this unit is reached the
5802 first time, the next boot will still be considered a first boot; once
5803 it has been reached, no further boots will be considered a first
5804 boot. The "first-boot-complete.target" unit now acts as official hook
5805 point to order against this. If a service shall be run on every boot
5806 until the first boot fully succeeds it may thus be ordered before
5807 this target unit (and pull it in) and carry ConditionFirstBoot=
5810 * bootctl's set-default and set-oneshot commands now accept the three
5811 special strings "@default", "@oneshot", "@current" in place of a boot
5812 entry id. These strings are resolved to the current default and
5813 oneshot boot loader entry, as well as the currently booted one. Thus
5814 a command "bootctl set-default @current" may be used to make the
5815 currently boot menu item the new default for all subsequent boots.
5817 * "systemctl edit" has been updated to show the original effective unit
5818 contents in commented form in the text editor.
5820 * Units in user mode are now segregated into three new slices:
5821 session.slice (units that form the core of graphical session),
5822 app.slice ("normal" user applications), and background.slice
5823 (low-priority tasks). Unless otherwise configured, user units are
5824 placed in app.slice. The plan is to add resource limits and
5825 protections for the different slices in the future.
5827 * New GPT partition types for RISCV32/64 for the root and /usr
5828 partitions, and their associated Verity partitions have been defined,
5829 and are now understood by systemd-gpt-auto-generator, and the OS
5830 image dissection logic.
5832 Contributions from: Adolfo Jayme Barrientos, afg, Alec Moskvin, Alyssa
5833 Ross, Amitanand Chikorde, Andrew Hangsleben, Anita Zhang, Ansgar
5834 Burchardt, Arian van Putten, Aurelien Jarno, Axel Rasmussen, bauen1,
5835 Beniamino Galvani, Benjamin Berg, Bjørn Mork, brainrom, Chandradeep
5836 Dey, Charles Lee, Chris Down, Christian Göttsche, Christof Efkemann,
5837 Christoph Ruegge, Clemens Gruber, Daan De Meyer, Daniele Medri, Daniel
5838 Mack, Daniel Rusek, Dan Streetman, David Tardon, Dimitri John Ledkov,
5839 Dmitry Borodaenko, Elias Probst, Elisei Roca, ErrantSpore, Etienne
5840 Doms, Fabrice Fontaine, fangxiuning, Felix Riemann, Florian Klink,
5841 Franck Bui, Frantisek Sumsal, fwSmit, George Rawlinson, germanztz,
5842 Gibeom Gwon, Glen Whitney, Gogo Gogsi, Göran Uddeborg, Grant Mathews,
5843 Hans de Goede, Hans Ulrich Niedermann, Haochen Tong, Harald Seiler,
5844 huangyong, Hubert Kario, igo95862, Ikey Doherty, Insun Pyo, Jan Chren,
5845 Jan Schlüter, Jérémy Nouhaud, Jian-Hong Pan, Joerg Behrmann, Jonathan
5846 Lebon, Jörg Thalheim, Josh Brobst, Juergen Hoetzel, Julien Humbert,
5847 Kai-Chuan Hsieh, Kairui Song, Kamil Dudka, Kir Kolyshkin, Kristijan
5848 Gjoshev, Kyle Huey, Kyle Russell, Lee Whalen, Lennart Poettering,
5849 lichangze, Luca Boccassi, Lucas Werkmeister, Luca Weiss, Marc
5850 Kleine-Budde, Marco Wang, Martin Wilck, Marti Raudsepp, masmullin2000,
5851 Máté Pozsgay, Matt Fenwick, Michael Biebl, Michael Scherer, Michal
5852 Koutný, Michal Sekletár, Michal Suchanek, Mikael Szreder, Milo
5853 Casagrande, mirabilos, Mitsuha_QuQ, mog422, Muhammet Kara, Nazar
5854 Vinnichuk, Nicholas Narsing, Nicolas Fella, Njibhu, nl6720, Oğuz Ersen,
5855 Olivier Le Moal, Ondrej Kozina, onlybugreports, Pass Automated Testing
5856 Suite, Pat Coulthard, Pavel Sapezhko, Pedro Ruiz, perry_yuan, Peter
5857 Hutterer, Phaedrus Leeds, PhoenixDiscord, Piotr Drąg, Plan C,
5858 Purushottam choudhary, Rasmus Villemoes, Renaud Métrich, Robert Marko,
5859 Roman Beranek, Ronan Pigott, Roy Chen (陳彥廷), RussianNeuroMancer,
5860 Samanta Navarro, Samuel BF, scootergrisen, Sorin Ionescu, Steve Dodd,
5861 Susant Sahani, Timo Rothenpieler, Tobias Hunger, Tobias Kaufmann, Topi
5862 Miettinen, vanou, Vito Caputo, Weblate, Wen Yang, Whired Planck,
5863 williamvds, Yu, Li-Yu, Yuri Chornoivan, Yu Watanabe, Zbigniew
5864 Jędrzejewski-Szmek, Zmicer Turok, Дамјан Георгиевски
5866 – Warsaw, 2020-11-26
5870 * The service manager gained basic support for cgroup v2 freezer. Units
5871 can now be suspended or resumed either using new systemctl verbs,
5872 freeze and thaw respectively, or via D-Bus.
5874 * PID 1 may now automatically load pre-compiled AppArmor policies from
5875 /etc/apparmor/earlypolicy during early boot.
5877 * The CPUAffinity= setting in service unit files now supports a new
5878 special value "numa" that causes the CPU affinity masked to be set
5879 based on the NUMA mask.
5881 * systemd will now log about all left-over processes remaining in a
5882 unit when the unit is stopped. It will now warn about services using
5883 KillMode=none, as this is generally an unsafe thing to make use of.
5885 * Two new unit file settings
5886 ConditionPathIsEncrypted=/AssertPathIsEncrypted= have been
5887 added. They may be used to check whether a specific file system path
5888 resides on a block device that is encrypted on the block level
5889 (i.e. using dm-crypt/LUKS).
5891 * Another pair of new settings ConditionEnvironment=/AssertEnvironment=
5892 has been added that may be used for simple environment checks. This
5893 is particularly useful when passing in environment variables from a
5894 container manager (or from PAM in case of the systemd --user
5897 * .service unit files now accept a new setting CoredumpFilter= which
5898 allows configuration of the memory sections coredumps of the
5899 service's processes shall include.
5901 * .mount units gained a new ReadWriteOnly= boolean option. If set
5902 it will not be attempted to mount a file system read-only if mounting
5903 in read-write mode doesn't succeed. An option x-systemd.rw-only is
5904 available in /etc/fstab to control the same.
5906 * .socket units gained a new boolean setting PassPacketInfo=. If
5907 enabled, the kernel will attach additional per-packet metadata to all
5908 packets read from the socket, as an ancillary message. This controls
5909 the IP_PKTINFO, IPV6_RECVPKTINFO, NETLINK_PKTINFO socket options,
5910 depending on socket type.
5912 * .service units gained a new setting RootHash= which may be used to
5913 specify the root hash for verity enabled disk images which are
5914 specified in RootImage=. RootVerity= may be used to specify a path to
5915 the Verity data matching a RootImage= file system. (The latter is
5916 only useful for images that do not contain the Verity data embedded
5917 into the same image that carries a GPT partition table following the
5918 Discoverable Partition Specification). Similarly, systemd-nspawn
5919 gained a new switch --verity-data= that takes a path to a file with
5920 the verity data of the disk image supplied in --image=, if the image
5921 doesn't contain the verity data itself.
5923 * .service units gained a new setting RootHashSignature= which takes
5924 either a base64 encoded PKCS#7 signature of the root hash specified
5925 with RootHash=, or a path to a file to read the signature from. This
5926 allows validation of the root hash against public keys available in
5927 the kernel keyring, and is only supported on recent kernels
5928 (>= 5.4)/libcryptsetup (>= 2.30). A similar switch has been added to
5929 systemd-nspawn and systemd-dissect (--root-hash-sig=). Support for
5930 this mechanism has also been added to systemd-veritysetup.
5932 * .service unit files gained two new options
5933 TimeoutStartFailureMode=/TimeoutStopFailureMode= that may be used to
5934 tune behaviour if a start or stop timeout is hit, i.e. whether to
5935 terminate the service with SIGTERM, SIGABRT or SIGKILL.
5937 * Most options in systemd that accept hexadecimal values prefixed with
5938 0x in additional to the usual decimal notation now also support octal
5939 notation when the 0o prefix is used and binary notation if the 0b
5942 * Various command line parameters and configuration file settings that
5943 configure key or certificate files now optionally take paths to
5944 AF_UNIX sockets in the file system. If configured that way a stream
5945 connection is made to the socket and the required data read from
5946 it. This is a simple and natural extension to the existing regular
5947 file logic, and permits other software to provide keys or
5948 certificates via simple IPC services, for example when unencrypted
5949 storage on disk is not desired. Specifically, systemd-networkd's
5950 Wireguard and MACSEC key file settings as well as
5951 systemd-journal-gatewayd's and systemd-journal-remote's PEM
5952 key/certificate parameters support this now.
5954 * Unit files, tmpfiles.d/ snippets, sysusers.d/ snippets and other
5955 configuration files that support specifier expansion learnt six new
5956 specifiers: %a resolves to the current architecture, %o/%w/%B/%W
5957 resolve to the various ID fields from /etc/os-release, %l resolves to
5958 the "short" hostname of the system, i.e. the hostname configured in
5959 the kernel truncated at the first dot.
5961 * Support for the .include syntax in unit files has been removed. The
5962 concept has been obsolete for 6 years and we started warning about
5963 its pending removal 2 years ago (also see NEWS file below). It's
5966 * StandardError= and StandardOutput= in unit files no longer support
5967 the "syslog" and "syslog-console" switches. They were long removed
5968 from the documentation, but will now result in warnings when used,
5969 and be converted to "journal" and "journal+console" automatically.
5971 * If the service setting User= is set to the "nobody" user, a warning
5972 message is now written to the logs (but the value is nonetheless
5973 accepted). Setting User=nobody is unsafe, since the primary purpose
5974 of the "nobody" user is to own all files whose owner cannot be mapped
5975 locally. It's in particular used by the NFS subsystem and in user
5976 namespacing. By running a service under this user's UID it might get
5977 read and even write access to all these otherwise unmappable files,
5978 which is quite likely a major security problem.
5980 * tmpfs mounts automatically created by systemd (/tmp, /run, /dev/shm,
5981 and others) now have a size and inode limits applied (50% of RAM for
5982 /tmp and /dev/shm, 10% of RAM for other mounts, etc.). Please note
5983 that the implicit kernel default is 50% too, so there is no change
5984 in the size limit for /tmp and /dev/shm.
5986 * nss-mymachines lost support for resolution of users and groups, and
5987 now only does resolution of hostnames. This functionality is now
5988 provided by nss-systemd. Thus, the 'mymachines' entry should be
5989 removed from the 'passwd:' and 'group:' lines in /etc/nsswitch.conf
5990 (and 'systemd' added if it is not already there).
5992 * A new kernel command line option systemd.hostname= has been added
5993 that allows controlling the hostname that is initialized early during
5996 * A kernel command line option "udev.blockdev_read_only" has been
5997 added. If specified all hardware block devices that show up are
5998 immediately marked as read-only by udev. This option is useful for
5999 making sure that a specific boot under no circumstances modifies data
6000 on disk. Use "blockdev --setrw" to undo the effect of this, per
6003 * A new boolean kernel command line option systemd.swap= has been
6004 added, which may be used to turn off automatic activation of swap
6005 devices listed in /etc/fstab.
6007 * New kernel command line options systemd.condition-needs-update= and
6008 systemd.condition-first-boot= have been added, which override the
6009 result of the ConditionNeedsUpdate= and ConditionFirstBoot=
6012 * A new kernel command line option systemd.clock-usec= has been added
6013 that allows setting the system clock to the specified time in µs
6014 since Jan 1st, 1970 early during boot. This is in particular useful
6015 in order to make test cases more reliable.
6017 * The fs.suid_dumpable sysctl is set to 2 / "suidsafe". This allows
6018 systemd-coredump to save core files for suid processes. When saving
6019 the core file, systemd-coredump will use the effective uid and gid of
6020 the process that faulted.
6022 * The /sys/module/kernel/parameters/crash_kexec_post_notifiers file is
6023 now automatically set to "Y" at boot, in order to enable pstore
6024 generation for collection with systemd-pstore.
6026 * We provide a set of udev rules to enable auto-suspend on PCI and USB
6027 devices that were tested to correctly support it. Previously, this
6028 was distributed as a set of udev rules, but has now been replaced by
6029 by a set of hwdb entries (and a much shorter udev rule to take action
6030 if the device modalias matches one of the new hwdb entries).
6032 As before, entries are periodically imported from the database
6033 maintained by the ChromiumOS project. If you have a device that
6034 supports auto-suspend correctly and where it should be enabled by
6035 default, please submit a patch that adds it to the database (see
6036 /usr/lib/udev/hwdb.d/60-autosuspend.hwdb).
6038 * systemd-udevd gained the new configuration option timeout_signal= as well
6039 as a corresponding kernel command line option udev.timeout_signal=.
6040 The option can be used to configure the UNIX signal that the main
6041 daemon sends to the worker processes on timeout. Setting the signal
6042 to SIGABRT is useful for debugging.
6044 * .link files managed by systemd-udevd gained options RxFlowControl=,
6045 TxFlowControl=, AutoNegotiationFlowControl= in the [Link] section, in
6046 order to configure various flow control parameters. They also gained
6047 RxMiniBufferSize= and RxJumboBufferSize= in order to configure jumbo
6048 frame ring buffer sizes.
6050 * networkd.conf gained a new boolean setting ManageForeignRoutes=. If
6051 enabled systemd-networkd manages all routes configured by other tools.
6053 * .network files managed by systemd-networkd gained a new section
6054 [SR-IOV], in order to configure SR-IOV capable network devices.
6056 * systemd-networkd's [IPv6Prefix] section in .network files gained a
6057 new boolean setting Assign=. If enabled an address from the prefix is
6058 automatically assigned to the interface.
6060 * systemd-networkd gained a new section [DHCPv6PrefixDelegation] which
6061 controls delegated prefixes assigned by DHCPv6 client. The section
6062 has three settings: SubnetID=, Assign=, and Token=. The setting
6063 SubnetID= allows explicit configuration of the preferred subnet that
6064 systemd-networkd's Prefix Delegation logic assigns to interfaces. If
6065 Assign= is enabled (which is the default) an address from any acquired
6066 delegated prefix is automatically chosen and assigned to the
6067 interface. The setting Token= specifies an optional address generation
6070 * systemd-networkd's [Network] section gained a new setting
6071 IPv4AcceptLocal=. If enabled the interface accepts packets with local
6074 * systemd-networkd gained support for configuring the HTB queuing
6075 discipline in the [HierarchyTokenBucket] and
6076 [HierarchyTokenBucketClass] sections. Similar the "pfifo" qdisc may
6077 be configured in the [PFIFO] section, "GRED" in
6078 [GenericRandomEarlyDetection], "SFB" in [StochasticFairBlue], "cake"
6079 in [CAKE], "PIE" in [PIE], "DRR" in [DeficitRoundRobinScheduler] and
6080 [DeficitRoundRobinSchedulerClass], "BFIFO" in [BFIFO],
6081 "PFIFOHeadDrop" in [PFIFOHeadDrop], "PFIFOFast" in [PFIFOFast], "HHF"
6082 in [HeavyHitterFilter], "ETS" in [EnhancedTransmissionSelection] and
6083 "QFQ" in [QuickFairQueueing] and [QuickFairQueueingClass].
6085 * systemd-networkd gained support for a new Termination= setting in the
6086 [CAN] section for configuring the termination resistor. It also
6087 gained a new ListenOnly= setting for controlling whether to only
6088 listen on CAN interfaces, without interfering with traffic otherwise
6089 (which is useful for debugging/monitoring CAN network
6090 traffic). DataBitRate=, DataSamplePoint=, FDMode=, FDNonISO= have
6091 been added to configure various CAN-FD aspects.
6093 * systemd-networkd's [DHCPv6] section gained a new option WithoutRA=.
6094 When enabled, DHCPv6 will be attempted right-away without requiring an
6095 Router Advertisement packet suggesting it first (i.e. without the 'M'
6096 or 'O' flags set). The [IPv6AcceptRA] section gained a boolean option
6097 DHCPv6Client= that may be used to turn off the DHCPv6 client even if
6098 the RA packets suggest it.
6100 * systemd-networkd's [DHCPv4] section gained a new setting UseGateway=
6101 which may be used to turn off use of the gateway information provided
6102 by the DHCP lease. A new FallbackLeaseLifetimeSec= setting may be
6103 used to configure how to process leases that lack a lifetime option.
6105 * systemd-networkd's [DHCPv4] and [DHCPServer] sections gained a new
6106 setting SendVendorOption= allowing configuration of additional vendor
6107 options to send in the DHCP requests/responses. The [DHCPv6] section
6108 gained a new SendOption= setting for sending arbitrary DHCP
6109 options. RequestOptions= has been added to request arbitrary options
6110 from the server. UserClass= has been added to set the DHCP user class
6113 * systemd-networkd's [DHCPServer] section gained a new set of options
6114 EmitPOP3=/POP3=, EmitSMTP=/SMTP=, EmitLPR=/LPR= for including server
6115 information about these three protocols in the DHCP lease. It also
6116 gained support for including "MUD" URLs ("Manufacturer Usage
6117 Description"). Support for "MUD" URLs was also added to the LLDP
6118 stack, configurable in the [LLDP] section in .network files.
6120 * The Mode= settings in [MACVLAN] and [MACVTAP] now support 'source'
6121 mode. Also, the sections now support a new setting SourceMACAddress=.
6123 * systemd-networkd's .netdev files now support a new setting
6124 VLANProtocol= in the [Bridge] section that allows configuration of
6125 the VLAN protocol to use.
6127 * systemd-networkd supports a new Group= setting in the [Link] section
6128 of the .network files, to control the link group.
6130 * systemd-networkd's [Network] section gained a new
6131 IPv6LinkLocalAddressGenerationMode= setting, which specifies how IPv6
6132 link local address is generated.
6134 * A new default .network file is now shipped that matches TUN/TAP
6135 devices that begin with "vt-" in their name. Such interfaces will
6136 have IP routing onto the host links set up automatically. This is
6137 supposed to be used by VM managers to trivially acquire a network
6138 interface which is fully set up for host communication, simply by
6139 carefully picking an interface name to use.
6141 * systemd-networkd's [DHCPv6] section gained a new setting RouteMetric=
6142 which sets the route priority for routes specified by the DHCP server.
6144 * systemd-networkd's [DHCPv6] section gained a new setting VendorClass=
6145 which configures the vendor class information sent to DHCP server.
6147 * The BlackList= settings in .network files' [DHCPv4] and
6148 [IPv6AcceptRA] sections have been renamed DenyList=. The old names
6149 are still understood to provide compatibility.
6151 * networkctl gained the new "forcerenew" command for forcing all DHCP
6152 server clients to renew their lease. The interface "status" output
6153 will now show numerous additional fields of information about an
6154 interface. There are new "up" and "down" commands to bring specific
6155 interfaces up or down.
6157 * systemd-resolved's DNS= configuration option now optionally accepts a
6158 port number (after ":") and a host name (after "#"). When the host
6159 name is specified, the DNS-over-TLS certificate is validated to match
6160 the specified hostname. Additionally, in case of IPv6 addresses, an
6161 interface may be specified (after "%").
6163 * systemd-resolved may be configured to forward single-label DNS names.
6164 This is not standard-conformant, but may make sense in setups where
6165 public DNS servers are not used.
6167 * systemd-resolved's DNS-over-TLS support gained SNI validation.
6169 * systemd-nspawn's --resolv-conf= switch gained a number of new
6170 supported values. Specifically, options starting with "replace-" are
6171 like those prefixed "copy-" but replace any existing resolv.conf
6172 file. And options ending in "-uplink" and "-stub" can now be used to
6173 propagate other flavours of resolv.conf into the container (as
6174 defined by systemd-resolved).
6176 * The various programs included in systemd can now optionally output
6177 their log messages on stderr prefixed with a timestamp, controlled by
6178 the $SYSTEMD_LOG_TIME environment variable.
6180 * systemctl gained a new "-P" switch that is a shortcut for "--value
6183 * "systemctl list-units" and "systemctl list-machines" no longer hide
6184 their first output column with --no-legend. To hide the first column,
6187 * "systemctl reboot" takes the option "--reboot-argument=".
6188 The optional positional argument to "systemctl reboot" is now
6189 being deprecated in favor of this option.
6191 * systemd-run gained a new switch --slice-inherit. If specified the
6192 unit it generates is placed in the same slice as the systemd-run
6195 * systemd-journald gained support for zstd compression of large fields
6196 in journal files. The hash tables in journal files have been hardened
6197 against hash collisions. This is an incompatible change and means
6198 that journal files created with new systemd versions are not readable
6199 with old versions. If the $SYSTEMD_JOURNAL_KEYED_HASH boolean
6200 environment variable for systemd-journald.service is set to 0 this
6201 new hardening functionality may be turned off, so that generated
6202 journal files remain compatible with older journalctl
6205 * journalctl will now include a clickable link in the default output for
6206 each log message for which a URL with further documentation is
6207 known. This is only supported on terminal emulators that support
6208 clickable hyperlinks, and is turned off if a pager is used (since
6209 "less" still doesn't support hyperlinks,
6210 unfortunately). Documentation URLs may be included in log messages
6211 either by including a DOCUMENTATION= journal field in it, or by
6212 associating a journal message catalog entry with the log message's
6213 MESSAGE_ID, which then carries a "Documentation:" tag.
6215 * journald.conf gained a new boolean setting Audit= that may be used to
6216 control whether systemd-journald will enable audit during
6219 * when systemd-journald's log stream is broken up into multiple lines
6220 because the PID of the sender changed this is indicated in the
6221 generated log records via the _LINE_BREAK=pid-change field.
6223 * journalctl's "-o cat" output mode will now show one or more journal
6224 fields specified with --output-fields= instead of unconditionally
6225 MESSAGE=. This is useful to retrieve a very specific set of fields
6226 without any decoration.
6228 * The sd-journal.h API gained two new functions:
6229 sd_journal_enumerate_available_unique() and
6230 sd_journal_enumerate_available_data() that operate like their
6231 counterparts that lack the _available_ in the name, but skip items
6232 that cannot be read and processed by the local implementation
6233 (i.e. are compressed in an unsupported format or such),
6235 * coredumpctl gained a new --file= switch, matching the same one in
6236 journalctl: a specific journal file may be specified to read the
6239 * coredumps collected by systemd-coredump may now be compressed using
6242 * systemd-binfmt gained a new switch --unregister for unregistering all
6243 registered entries at once. This is now invoked automatically at
6244 shutdown, so that binary formats registered with the "F" flag will
6245 not block clean file system unmounting.
6247 * systemd-notify's --pid= switch gained new values: "parent", "self",
6248 "auto" for controlling which PID to send to the service manager: the
6249 systemd-notify process' PID, or the one of the process invoking it.
6251 * systemd-logind's Session bus object learnt a new method call
6252 SetType() for temporarily updating the session type of an already
6253 allocated session. This is useful for upgrading tty sessions to
6254 graphical ones once a compositor is invoked.
6256 * systemd-socket-proxy gained a new switch --exit-idle-time= for
6257 configuring an exit-on-idle time.
6259 * systemd-repart's --empty= setting gained a new value "create". If
6260 specified a new empty regular disk image file is created under the
6261 specified name. Its size may be specified with the new --size=
6262 option. The latter is also supported without the "create" mode, in
6263 order to grow existing disk image files to the specified size. These
6264 two new options are useful when creating or manipulating disk images
6265 instead of operating on actual block devices.
6267 * systemd-repart drop-ins now support a new UUID= setting to control
6268 the UUID to assign to a newly created partition.
6270 * systemd-repart's SizeMin= per-partition parameter now defaults to 10M
6273 * systemd-repart's Label= setting now support the usual, simple
6274 specifier expansion.
6276 * systemd-homed's LUKS backend gained the ability to discard empty file
6277 system blocks automatically when the user logs out. This is enabled
6278 by default to ensure that home directories take minimal space when
6279 logged out but get full size guarantees when logged in. This may be
6280 controlled with the new --luks-offline-discard= switch to homectl.
6282 * If systemd-homed detects that /home/ is encrypted as a whole it will
6283 now default to the directory or subvolume backends instead of the
6284 LUKS backend, in order to avoid double encryption. The default
6285 storage and file system may now be configured explicitly, too, via
6286 the new /etc/systemd/homed.conf configuration file.
6288 * systemd-homed now supports unlocking home directories with FIDO2
6289 security tokens that support the 'hmac-secret' extension, in addition
6290 to the existing support for PKCS#11 security token unlocking
6291 support. Note that many recent hardware security tokens support both
6292 interfaces. The FIDO2 support is accessible via homectl's
6293 --fido2-device= option.
6295 * homectl's --pkcs11-uri= setting now accepts two special parameters:
6296 if "auto" is specified and only one suitable PKCS#11 security token
6297 is plugged in, its URL is automatically determined and enrolled for
6298 unlocking the home directory. If "list" is specified a brief table of
6299 suitable PKCS#11 security tokens is shown. Similar, the new
6300 --fido2-device= option also supports these two special values, for
6301 automatically selecting and listing suitable FIDO2 devices.
6303 * The /etc/crypttab tmp option now optionally takes an argument
6304 selecting the file system to use. Moreover, the default is now
6305 changed from ext2 to ext4.
6307 * There's a new /etc/crypttab option "keyfile-erase". If specified the
6308 key file listed in the same line is removed after use, regardless if
6309 volume activation was successful or not. This is useful if the key
6310 file is only acquired transiently at runtime and shall be erased
6311 before the system continues to boot.
6313 * There's also a new /etc/crypttab option "try-empty-password". If
6314 specified, before asking the user for a password it is attempted to
6315 unlock the volume with an empty password. This is useful for
6316 installing encrypted images whose password shall be set on first boot
6317 instead of at installation time.
6319 * systemd-cryptsetup will now attempt to load the keys to unlock
6320 volumes with automatically from files in
6321 /etc/cryptsetup-keys.d/<volume>.key and
6322 /run/cryptsetup-keys.d/<volume>.key, if any of these files exist.
6324 * systemd-cryptsetup may now activate Microsoft BitLocker volumes via
6325 /etc/crypttab, during boot.
6327 * logind.conf gained a new RuntimeDirectoryInodesMax= setting to
6328 control the inode limit for the per-user $XDG_RUNTIME_DIR tmpfs
6331 * A new generator systemd-xdg-autostart-generator has been added. It
6332 generates systemd unit files from XDG autostart .desktop files, and
6333 may be used to let the systemd user instance manage services that are
6334 started automatically as part of the desktop session.
6336 * "bootctl" gained a new verb "reboot-to-firmware" that may be used
6337 to query and change the firmware's 'Reboot Into Firmware Interface'
6340 * systemd-firstboot gained a new switch --kernel-command-line= that may
6341 be used to initialize the /etc/kernel/cmdline file of the image. It
6342 also gained a new switch --root-password-hashed= which is like
6343 --root-password= but accepts a pre-hashed UNIX password as
6344 argument. The new option --delete-root-password may be used to unset
6345 any password for the root user (dangerous!). The --root-shell= switch
6346 may be used to control the shell to use for the root account. A new
6347 --force option may be used to override any already set settings with
6348 the parameters specified on the command line (by default, the tool
6349 will not override what has already been set before, i.e. is purely
6352 * systemd-firstboot gained support for a new --image= switch, which is
6353 similar to --root= but accepts the path to a disk image file, on
6354 which it then operates.
6356 * A new sd-path.h API has been added to libsystemd. It provides a
6357 simple API for retrieving various search paths and primary
6358 directories for various resources.
6360 * A new call sd_notify_barrier() has been added to the sd-daemon.h
6361 API. The call will block until all previously sent sd_notify()
6362 messages have been processed by the service manager. This is useful
6363 to remove races caused by a process already having disappeared at the
6364 time a notification message is processed by the service manager,
6365 making correct attribution impossible. The systemd-notify tool will
6366 now make use of this call implicitly, but this can be turned off again
6367 via the new --no-block switch.
6369 * When sending a file descriptor (fd) to the service manager to keep
6370 track of, using the sd_notify() mechanism, a new parameter FDPOLL=0
6371 may be specified. If passed the service manager will refrain from
6372 poll()ing on the file descriptor. Traditionally (and when the
6373 parameter is not specified), the service manager will poll it for
6374 POLLHUP or POLLERR events, and immediately close the fds in that
6377 * The service manager (PID1) gained a new D-Bus method call
6378 SetShowStatus() which may be used to control whether it shall show
6379 boot-time status output on the console. This method has a similar
6380 effect to sending SIGRTMIN+20/SIGRTMIN+21 to PID 1.
6382 * The sd-bus API gained a number of convenience functions that take
6383 va_list arguments rather than "...". For example, there's now
6384 sd_bus_call_methodv() to match sd_bus_call_method(). Those calls make
6385 it easier to build wrappers that accept variadic arguments and want
6386 to pass a ready va_list structure to sd-bus.
6388 * sd-bus vtable entries can have a new SD_BUS_VTABLE_ABSOLUTE_OFFSET
6389 flag which alters how the userdata pointer to pass to the callbacks
6390 is determined. When the flag is set, the offset field is converted
6391 as-is into a pointer, without adding it to the object pointer the
6392 vtable is associated with.
6394 * sd-bus now exposes four new functions:
6395 sd_bus_interface_name_is_valid() + sd_bus_service_name_is_valid() +
6396 sd_bus_member_name_is_valid() + sd_bus_object_path_is_valid() will
6397 validate strings to check if they qualify as various D-Bus concepts.
6399 * The sd-bus API gained the SD_BUS_METHOD_WITH_ARGS(),
6400 SD_BUS_METHOD_WITH_ARGS_OFFSET() and SD_BUS_SIGNAL_WITH_ARGS() macros
6401 that simplify adding argument names to D-Bus methods and signals.
6403 * The man pages for the sd-bus and sd-hwdb APIs have been completed.
6405 * Various D-Bus APIs of systemd daemons now have man pages that
6406 document the methods, signals and properties.
6408 * The expectations on user/group name syntax are now documented in
6409 detail; documentation on how classic home directories may be
6410 converted into home directories managed by homed has been added;
6411 documentation regarding integration of homed/userdb functionality in
6412 desktops has been added:
6414 https://systemd.io/USER_NAMES
6415 https://systemd.io/CONVERTING_TO_HOMED
6416 https://systemd.io/USERDB_AND_DESKTOPS
6418 * Documentation for the on-disk Journal file format has been updated
6419 and has now moved to:
6421 https://systemd.io/JOURNAL_FILE_FORMAT
6423 * The interface for containers (https://systemd.io/CONTAINER_INTERFACE)
6424 has been extended by a set of environment variables that expose
6425 select fields from the host's os-release file to the container
6426 payload. Similarly, host's os-release files can be mounted into the
6427 container underneath /run/host. Together, those mechanisms provide a
6428 standardized way to expose information about the host to the
6429 container payload. Both interfaces are implemented in systemd-nspawn.
6431 * All D-Bus services shipped in systemd now implement the generic
6432 LogControl1 D-Bus API which allows clients to change log level +
6433 target of the service during runtime.
6435 * Only relevant for developers: the mkosi.default symlink has been
6436 dropped from version control. Please create a symlink to one of the
6437 distribution-specific defaults in .mkosi/ based on your preference.
6439 Contributions from: 24bisquitz, Adam Nielsen, Alan Perry, Alexander
6440 Malafeev, Amitanand.Chikorde, Alin Popa, Alvin Šipraga, Amos Bird,
6441 Andreas Rammhold, AndreRH, Andrew Doran, Anita Zhang, Ankit Jain,
6442 antznin, Arnaud Ferraris, Arthur Moraes do Lago, Arusekk, Balaji
6443 Punnuru, Balint Reczey, Bastien Nocera, bemarek, Benjamin Berg,
6444 Benjamin Dahlhoff, Benjamin Robin, Chris Down, Chris Kerr, Christian
6445 Göttsche, Christian Hesse, Christian Oder, Ciprian Hacman, Clinton Roy,
6446 codicodi, Corey Hinshaw, Daan De Meyer, Dana Olson, Dan Callaghan,
6447 Daniel Fullmer, Daniel Rusek, Dan Streetman, Dave Reisner, David
6448 Edmundson, David Wood, Denis Pronin, Diego Escalante Urrelo, Dimitri
6449 John Ledkov, dolphrundgren, duguxy, Einsler Lee, Elisei Roca, Emmanuel
6450 Garette, Eric Anderson, Eric DeVolder, Evgeny Vereshchagin,
6451 ExtinctFire, fangxiuning, Ferran Pallarès Roca, Filipe Brandenburger,
6452 Filippo Falezza, Finn, Florian Klink, Florian Mayer, Franck Bui,
6453 Frantisek Sumsal, gaurav, Georg Müller, Gergely Polonkai, Giedrius
6454 Statkevičius, Gigadoc2, gogogogi, Gaurav Singh, gzjsgdsb, Hans de
6455 Goede, Haochen Tong, ianhi, ignapk, Jakov Smolic, James T. Lee, Jan
6456 Janssen, Jan Klötzke, Jan Palus, Jay Burger, Jeremy Cline, Jérémy
6457 Rosen, Jian-Hong Pan, Jiri Slaby, Joel Shapiro, Joerg Behrmann, Jörg
6458 Thalheim, Jouke Witteveen, Kai-Heng Feng, Kenny Levinsen, Kevin
6459 Kuehler, Kumar Kartikeya Dwivedi, layderv, laydervus, Lénaïc Huard,
6460 Lennart Poettering, Lidong Zhong, Luca Boccassi, Luca BRUNO, Lucas
6461 Werkmeister, Lukas Klingsbo, Lukáš Nykrýn, Łukasz Stelmach, Maciej
6462 S. Szmigiero, MadMcCrow, Marc-André Lureau, Marcel Holtmann, Marc
6463 Kleine-Budde, Martin Hundebøll, Matthew Leeds, Matt Ranostay, Maxim
6464 Fomin, MaxVerevkin, Michael Biebl, Michael Chapman, Michael Gubbels,
6465 Michael Marley, Michał Bartoszkiewicz, Michal Koutný, Michal Sekletár,
6466 Mike Gilbert, Mike Kazantsev, Mikhail Novosyolov, ml, Motiejus Jakštys,
6467 nabijaczleweli, nerdopolis, Niccolò Maggioni, Niklas Hambüchen, Norbert
6468 Lange, Paul Cercueil, pelzvieh, Peter Hutterer, Piero La Terza, Pieter
6469 Lexis, Piotr Drąg, Rafael Fontenelle, Richard Petri, Ronan Pigott, Ross
6470 Lagerwall, Rubens Figueiredo, satmandu, Sean-StarLabs, Sebastian
6471 Jennen, sterlinghughes, Surhud More, Susant Sahani, szb512, Thomas
6472 Haller, Tobias Hunger, Tom, Tomáš Pospíšek, Tomer Shechner, Tom Hughes,
6473 Topi Miettinen, Tudor Roman, Uwe Kleine-König, Valery0xff, Vito Caputo,
6474 Vladimir Panteleev, Vladyslav Tronko, Wen Yang, Yegor Vialov, Yigal
6475 Korman, Yi Gao, YmrDtnJu, Yuri Chornoivan, Yu Watanabe, Zbigniew
6476 Jędrzejewski-Szmek, Zhu Li, Дамјан Георгиевски, наб
6478 – Warsaw, 2020-07-30
6482 * A new tool "systemd-repart" has been added, that operates as an
6483 idempotent declarative repartitioner for GPT partition tables.
6484 Specifically, a set of partitions that must or may exist can be
6485 configured via drop-in files, and during every boot the partition
6486 table on disk is compared with these files, creating missing
6487 partitions or growing existing ones based on configurable relative
6488 and absolute size constraints. The tool is strictly incremental,
6489 i.e. does not delete, shrink or move partitions, but only adds and
6490 grows them. The primary use-case is OS images that ship in minimized
6491 form, that on first boot are grown to the size of the underlying
6492 block device or augmented with additional partitions. For example,
6493 the root partition could be extended to cover the whole disk, or a
6494 swap or /home partitions could be added on first boot. It can also be
6495 used for systems that use an A/B update scheme but ship images with
6496 just the A partition, with B added on first boot. The tool is
6497 primarily intended to be run in the initrd, shortly before
6498 transitioning into the host OS, but can also be run after the
6499 transition took place. It automatically discovers the disk backing
6500 the root file system, and should hence not require any additional
6501 configuration besides the partition definition drop-ins. If no
6502 configuration drop-ins are present, no action is taken.
6504 * A new component "userdb" has been added, along with a small daemon
6505 "systemd-userdbd.service" and a client tool "userdbctl". The framework
6506 allows defining rich user and group records in a JSON format,
6507 extending on the classic "struct passwd" and "struct group"
6508 structures. Various components in systemd have been updated to
6509 process records in this format, including systemd-logind and
6510 pam-systemd. The user records are intended to be extensible, and
6511 allow setting various resource management, security and runtime
6512 parameters that shall be applied to processes and sessions of the
6513 user as they log in. This facility is intended to allow associating
6514 such metadata directly with user/group records so that they can be
6515 produced, extended and consumed in unified form. We hope that
6516 eventually frameworks such as sssd will generate records this way, so
6517 that for the first time resource management and various other
6518 per-user settings can be configured in LDAP directories and then
6519 provided to systemd (specifically to systemd-logind and pam-system)
6520 to apply on login. For further details see:
6522 https://systemd.io/USER_RECORD
6523 https://systemd.io/GROUP_RECORD
6524 https://systemd.io/USER_GROUP_API
6526 * A small new service systemd-homed.service has been added, that may be
6527 used to securely manage home directories with built-in encryption.
6528 The complete user record data is unified with the home directory,
6529 thus making home directories naturally migratable. Its primary
6530 back-end is based on LUKS volumes, but fscrypt, plain directories,
6531 and other storage schemes are also supported. This solves a couple of
6532 problems we saw with traditional ways to manage home directories, in
6533 particular when it comes to encryption. For further discussion of
6534 this, see the video of Lennart's talk at AllSystemsGo! 2019:
6536 https://media.ccc.de/v/ASG2019-164-reinventing-home-directories
6538 For further details about the format and expectations on home
6539 directories this new daemon makes, see:
6541 https://systemd.io/HOME_DIRECTORY
6543 * systemd-journald is now multi-instantiable. In addition to the main
6544 instance systemd-journald.service there's now a template unit
6545 systemd-journald@.service, with each instance defining a new named
6546 log 'namespace' (whose name is specified via the instance part of the
6547 unit name). A new unit file setting LogNamespace= has been added,
6548 taking such a namespace name, that assigns services to the specified
6549 log namespaces. As each log namespace is serviced by its own
6550 independent journal daemon, this functionality may be used to improve
6551 performance and increase isolation of applications, at the price of
6552 losing global message ordering. Each instance of journald has a
6553 separate set of configuration files, with possibly different disk
6554 usage limitations and other settings.
6556 journalctl now takes a new option --namespace= to show logs from a
6557 specific log namespace. The sd-journal.h API gained
6558 sd_journal_open_namespace() for opening the log stream of a specific
6559 log namespace. systemd-journald also gained the ability to exit on
6560 idle, which is useful in the context of log namespaces, as this means
6561 log daemons for log namespaces can be activated automatically on
6562 demand and will stop automatically when no longer used, minimizing
6565 * When systemd-tmpfiles copies a file tree using the 'C' line type it
6566 will now label every copied file according to the SELinux database.
6568 * When systemd/PID 1 detects it is used in the initrd it will now boot
6569 into initrd.target rather than default.target by default. This should
6570 make it simpler to build initrds with systemd as for many cases the
6571 only difference between a host OS image and an initrd image now is
6572 the presence of the /etc/initrd-release file.
6574 * A new kernel command line option systemd.cpu_affinity= is now
6575 understood. It's equivalent to the CPUAffinity= option in
6576 /etc/systemd/system.conf and allows setting the CPU mask for PID 1
6577 itself and the default for all other processes.
6579 * When systemd/PID 1 is reloaded (with systemctl daemon-reload or
6580 equivalent), the SELinux database is now reloaded, ensuring that
6581 sockets and other file system objects are generated taking the new
6582 database into account.
6584 * systemd/PID 1 accepts a new "systemd.show-status=error" setting, and
6585 "quiet" has been changed to imply that instead of
6586 "systemd.show-status=auto". In this mode, only messages about errors
6587 and significant delays in boot are shown on the console.
6589 * The sd-event.h API gained native support for the new Linux "pidfd"
6590 concept. This permits watching processes using file descriptors
6591 instead of PID numbers, which fixes a number of races and makes
6592 process supervision more robust and efficient. All of systemd's
6593 components will now use pidfds if the kernel supports it for process
6594 watching, with the exception of PID 1 itself, unfortunately. We hope
6595 to move PID 1 to exclusively using pidfds too eventually, but this
6596 requires some more kernel work first. (Background: PID 1 watches
6597 processes using waitid() with the P_ALL flag, and that does not play
6598 together nicely with pidfds yet.)
6600 * Closely related to this, the sd-event.h API gained two new calls
6601 sd_event_source_send_child_signal() (for sending a signal to a
6602 watched process) and sd_event_source_get_child_process_own() (for
6603 marking a process so that it is killed automatically whenever the
6604 event source watching it is freed).
6606 * systemd-networkd gained support for configuring Token Bucket Filter
6607 (TBF) parameters in its qdisc configuration support. Similarly,
6608 support for Stochastic Fairness Queuing (SFQ), Controlled-Delay
6609 Active Queue Management (CoDel), and Fair Queue (FQ) has been added.
6611 * systemd-networkd gained support for Intermediate Functional Block
6612 (IFB) network devices.
6614 * systemd-networkd gained support for configuring multi-path IP routes,
6615 using the new MultiPathRoute= setting in the [Route] section.
6617 * systemd-networkd's DHCPv4 client has been updated to support a new
6618 SendDecline= option. If enabled, duplicate address detection is done
6619 after a DHCP offer is received from the server. If a conflict is
6620 detected, the address is declined. The DHCPv4 client also gained
6621 support for a new RouteMTUBytes= setting that allows to configure the
6622 MTU size to be used for routes generated from DHCPv4 leases.
6624 * The PrefixRoute= setting in systemd-networkd's [Address] section of
6625 .network files has been deprecated, and replaced by AddPrefixRoute=,
6626 with its sense inverted.
6628 * The Gateway= setting of [Route] sections of .network files gained
6629 support for a special new value "_dhcp". If set, the configured
6630 static route uses the gateway host configured via DHCP.
6632 * New User= and SuppressPrefixLength= settings have been implemented
6633 for the [RoutingPolicyRule] section of .network files to configure
6634 source routing based on UID ranges and prefix length, respectively.
6636 * The Type= match property of .link files has been generalized to
6637 always match the device type shown by 'networkctl status', even for
6638 devices where udev does not set DEVTYPE=. This allows e.g. Type=ether
6641 * sd-bus gained a new API call sd_bus_message_sensitive() that marks a
6642 D-Bus message object as "sensitive". Those objects are erased from
6643 memory when they are freed. This concept is intended to be used for
6644 messages that contain security sensitive data. A new flag
6645 SD_BUS_VTABLE_SENSITIVE has been introduced as well to mark methods
6646 in sd-bus vtables, causing any incoming and outgoing messages of
6647 those methods to be implicitly marked as "sensitive".
6649 * sd-bus gained a new API call sd_bus_message_dump() for dumping the
6650 contents of a message (or parts thereof) to standard output for
6653 * systemd-sysusers gained support for creating users with the primary
6654 group named differently than the user.
6656 * systemd-growfs (i.e. the x-systemd.growfs mount option in /etc/fstab)
6657 gained support for growing XFS partitions. Previously it supported
6658 only ext4 and btrfs partitions.
6660 * The support for /etc/crypttab gained a new x-initrd.attach option. If
6661 set, the specified encrypted volume is unlocked already in the
6662 initrd. This concept corresponds to the x-initrd.mount option in
6665 * systemd-cryptsetup gained native support for unlocking encrypted
6666 volumes utilizing PKCS#11 smartcards, i.e. for example to bind
6667 encryption of volumes to YubiKeys. This is exposed in the new
6668 pkcs11-uri= option in /etc/crypttab.
6670 * The /etc/fstab support in systemd now supports two new mount options
6671 x-systemd.{required,wanted}-by=, for explicitly configuring the units
6672 that the specified mount shall be pulled in by, in place of
6673 the usual local-fs.target/remote-fs.target.
6675 * The https://systemd.io/ web site has been relaunched, directly
6676 populated with most of the documentation included in the systemd
6677 repository. systemd also acquired a new logo, thanks to Tobias
6680 * systemd-udevd gained support for managing "alternative" network
6681 interface names, as supported by new Linux kernels. For the first
6682 time this permits assigning multiple (and longer!) names to a network
6683 interface. systemd-udevd will now by default assign the names
6684 generated via all supported naming schemes to each interface. This
6685 may be further tweaked with .link files and the AlternativeName= and
6686 AlternativeNamesPolicy= settings. Other components of systemd have
6687 been updated to support the new alternative names wherever
6688 appropriate. For example, systemd-nspawn will now generate
6689 alternative interface names for the host-facing side of container
6690 veth links based on the full container name without truncation.
6692 * systemd-nspawn interface naming logic has been updated in another way
6693 too: if the main interface name (i.e. as opposed to new-style
6694 "alternative" names) based on the container name is truncated, a
6695 simple hashing scheme is used to give different interface names to
6696 multiple containers whose names all begin with the same prefix. Since
6697 this changes the primary interface names pointing to containers if
6698 truncation happens, the old scheme may still be requested by
6699 selecting an older naming scheme, via the net.naming-scheme= kernel
6700 command line option.
6702 * PrivateUsers= in service files now works in services run by the
6703 systemd --user per-user instance of the service manager.
6705 * A new per-service sandboxing option ProtectClock= has been added that
6706 locks down write access to the system clock. It takes away device
6707 node access to /dev/rtc as well as the system calls that set the
6708 system clock and the CAP_SYS_TIME and CAP_WAKE_ALARM capabilities.
6709 Note that this option does not affect access to auxiliary services
6710 that allow changing the clock, for example access to
6713 * The systemd-id128 tool gained a new "show" verb for listing or
6714 resolving a number of well-known UUIDs/128-bit IDs, currently mostly
6715 GPT partition table types.
6717 * The Discoverable Partitions Specification has been updated to support
6718 /var and /var/tmp partition discovery. Support for this has been
6719 added to systemd-gpt-auto-generator. For details see:
6721 https://systemd.io/DISCOVERABLE_PARTITIONS
6723 * "systemctl list-unit-files" has been updated to show a new column
6724 with the suggested enablement state based on the vendor preset files
6725 for the respective units.
6727 * "systemctl" gained a new option "--with-dependencies". If specified
6728 commands such as "systemctl status" or "systemctl cat" will now show
6729 all specified units along with all units they depend on.
6731 * networkctl gained support for showing per-interface logs in its
6734 * systemd-networkd-wait-online gained support for specifying the maximum
6735 operational state to wait for, and to wait for interfaces to
6738 * The [Match] section of .link and .network files now supports a new
6739 option PermanentMACAddress= which may be used to check against the
6740 permanent MAC address of a network device even if a randomized MAC
6743 * The [TrafficControlQueueingDiscipline] section in .network files has
6744 been renamed to [NetworkEmulator] with the "NetworkEmulator" prefix
6745 dropped from the individual setting names.
6747 * Any .link and .network files that have an empty [Match] section (this
6748 also includes empty and commented-out files) will now be
6749 rejected. systemd-udev and systemd-networkd started warning about
6750 such files in version 243.
6752 * systemd-logind will now validate access to the operation of changing
6753 the virtual terminal via a polkit action. By default, only users
6754 with at least one session on a local VT are granted permission.
6756 * When systemd sets up PAM sessions that invoked service processes
6757 shall run in, the pam_setcred() API is now invoked, thus permitting
6758 PAM modules to set additional credentials for the processes.
6760 * portablectl attach/detach verbs now accept --now and --enable options
6761 to combine attachment with enablement and invocation, or detachment
6762 with stopping and disablement.
6764 * UPGRADE ISSUE: a bug where some jobs were trimmed as redundant was
6765 fixed, which in turn exposed bugs in unit configuration of services
6766 which have Type=oneshot and should only run once, but do not have
6767 RemainAfterExit=yes set. Without RemainAfterExit=yes, a one-shot
6768 service may be started again after exiting successfully, for example
6769 as a dependency in another transaction. Affected services included
6770 some internal systemd services (most notably
6771 systemd-vconsole-setup.service, which was updated to have
6772 RemainAfterExit=yes), and plymouth-start.service. Please ensure that
6773 plymouth has been suitably updated or patched before upgrading to
6774 this systemd release. See
6775 https://bugzilla.redhat.com/show_bug.cgi?id=1807771 for some
6776 additional discussion.
6778 Contributions from: AJ Bagwell, Alin Popa, Andreas Rammhold, Anita
6779 Zhang, Ansgar Burchardt, Antonio Russo, Arian van Putten, Ashley Davis,
6780 Balint Reczey, Bart Willems, Bastien Nocera, Benjamin Dahlhoff, Charles
6781 (Chas) Williams, cheese1, Chris Down, Chris Murphy, Christian Ehrhardt,
6782 Christian Göttsche, cvoinf, Daan De Meyer, Daniele Medri, Daniel Rusek,
6783 Daniel Shahaf, Dann Frazier, Dan Streetman, Dariusz Gadomski, David
6784 Michael, Dimitri John Ledkov, Emmanuel Bourg, Evgeny Vereshchagin,
6785 ezst036, Felipe Sateler, Filipe Brandenburger, Florian Klink, Franck
6786 Bui, Fran Dieguez, Frantisek Sumsal, Greg "GothAck" Miell, Guilhem
6787 Lettron, Guillaume Douézan-Grard, Hans de Goede, HATAYAMA Daisuke, Iain
6788 Lane, James Buren, Jan Alexander Steffens (heftig), Jérémy Rosen, Jin
6789 Park, Jun'ichi Nomura, Kai Krakow, Kevin Kuehler, Kevin P. Fleming,
6790 Lennart Poettering, Leonid Bloch, Leonid Evdokimov, lothrond, Luca
6791 Boccassi, Lukas K, Lynn Kirby, Mario Limonciello, Mark Deneen, Matthew
6792 Leeds, Michael Biebl, Michal Koutný, Michal Sekletár, Mike Auty, Mike
6793 Gilbert, mtron, nabijaczleweli, Naïm Favier, Nate Jones, Norbert Lange,
6794 Oliver Giles, Paul Davey, Paul Menzel, Peter Hutterer, Piotr Drąg, Rafa
6795 Couto, Raphael, rhn, Robert Scheck, Rocka, Romain Naour, Ryan Attard,
6796 Sascha Dewald, Shengjing Zhu, Slava Kardakov, Spencer Michaels, Sylvain
6797 Plantefeve, Stanislav Angelovič, Susant Sahani, Thomas Haller, Thomas
6798 Schmitt, Timo Schlüßler, Timo Wilken, Tobias Bernard, Tobias Klauser,
6799 Tobias Stoeckmann, Topi Miettinen, tsia, WataruMatsuoka, Wieland
6800 Hoffmann, Wilhelm Schuster, Will Fleming, xduugu, Yong Cong Sin, Yuri
6801 Chornoivan, Yu Watanabe, Zach Smith, Zbigniew Jędrzejewski-Szmek, Zeyu
6804 – Warsaw, 2020-03-06
6808 * Support for the cpuset cgroups v2 controller has been added.
6809 Processes may be restricted to specific CPUs using the new
6810 AllowedCPUs= setting, and to specific memory NUMA nodes using the new
6811 AllowedMemoryNodes= setting.
6813 * The signal used in restart jobs (as opposed to e.g. stop jobs) may
6814 now be configured using a new RestartKillSignal= setting. This
6815 allows units which signals to request termination to implement
6816 different behaviour when stopping in preparation for a restart.
6818 * "systemctl clean" may now be used also for socket, mount, and swap
6821 * systemd will also read configuration options from the EFI variable
6822 SystemdOptions. This may be used to configure systemd behaviour when
6823 modifying the kernel command line is inconvenient, but configuration
6824 on disk is read too late, for example for the options related to
6825 cgroup hierarchy setup. 'bootctl systemd-efi-options' may be used to
6826 set the EFI variable.
6828 * systemd will now disable printk ratelimits in early boot. This should
6829 allow us to capture more logs from the early boot phase where normal
6830 storage is not available and the kernel ring buffer is used for
6831 logging. Configuration on the kernel command line has higher priority
6832 and overrides the systemd setting.
6834 systemd programs which log to /dev/kmsg directly use internal
6835 ratelimits to prevent runaway logging. (Normally this is only used
6836 during early boot, so in practice this change has very little
6839 * Unit files now support top level dropin directories of the form
6840 <unit_type>.d/ (e.g. service.d/) that may be used to add configuration
6841 that affects all corresponding unit files.
6843 * systemctl gained support for 'stop --job-mode=triggering' which will
6844 stop the specified unit and any units which could trigger it.
6846 * Unit status display now includes units triggering and triggered by
6847 the unit being shown.
6849 * The RuntimeMaxSec= setting is now supported by scopes, not just
6850 .service units. This is particularly useful for PAM sessions which
6851 create a scope unit for the user login. systemd.runtime_max_sec=
6852 setting may used with the pam_systemd module to limit the duration
6853 of the PAM session, for example for time-limited logins.
6855 * A new @pkey system call group is now defined to make it easier to
6856 allow-list memory protection syscalls for containers and services
6857 which need to use them.
6859 * systemd-udevd: removed the 30s timeout for killing stale workers on
6860 exit. systemd-udevd now waits for workers to finish. The hard-coded
6861 exit timeout of 30s was too short for some large installations, where
6862 driver initialization could be prematurely interrupted during initrd
6863 processing if the root file system had been mounted and init was
6864 preparing to switch root. If udevd is run without systemd and workers
6865 are hanging while udevd receives an exit signal, udevd will now exit
6866 when udev.event_timeout is reached for the last hanging worker. With
6867 systemd, the exit timeout can additionally be configured using
6868 TimeoutStopSec= in systemd-udevd.service.
6870 * udev now provides a program (fido_id) that identifies FIDO CTAP1
6871 ("U2F")/CTAP2 security tokens based on the usage declared in their
6872 report and descriptor and outputs suitable environment variables.
6873 This replaces the externally maintained allow lists of all known
6874 security tokens that were used previously.
6876 * Automatically generated autosuspend udev rules for allow-listed
6877 devices have been imported from the Chromium OS project. This should
6878 improve power saving with many more devices.
6880 * udev gained a new "CONST{key}=value" setting that allows matching
6881 against system-wide constants without forking a helper binary.
6882 Currently "arch" and "virt" keys are supported.
6884 * udev now opens CDROMs in non-exclusive mode when querying their
6885 capabilities. This should fix issues where other programs trying to
6886 use the CDROM cannot gain access to it, but carries a risk of
6887 interfering with programs writing to the disk, if they did not open
6888 the device in exclusive mode as they should.
6890 * systemd-networkd does not create a default route for IPv4 link local
6891 addressing anymore. The creation of the route was unexpected and was
6892 breaking routing in various cases, but people who rely on it being
6893 created implicitly will need to adjust. Such a route may be requested
6894 with DefaultRouteOnDevice=yes.
6896 Similarly, systemd-networkd will not assign a link-local IPv6 address
6897 when IPv6 link-local routing is not enabled.
6899 * Receive and transmit buffers may now be configured on links with
6900 the new RxBufferSize= and TxBufferSize= settings.
6902 * systemd-networkd may now advertise additional IPv6 routes. A new
6903 [IPv6RoutePrefix] section with Route= and LifetimeSec= options is
6906 * systemd-networkd may now configure "next hop" routes using the
6907 [NextHop] section and Gateway= and Id= settings.
6909 * systemd-networkd will now retain DHCP config on restarts by default
6910 (but this may be overridden using the KeepConfiguration= setting).
6911 The default for SendRelease= has been changed to true.
6913 * The DHCPv4 client now uses the OPTION_INFORMATION_REFRESH_TIME option
6914 received from the server.
6916 The client will use the received SIP server list if UseSIP=yes is
6919 The client may be configured to request specific options from the
6920 server using a new RequestOptions= setting.
6922 The client may be configured to send arbitrary options to the server
6923 using a new SendOption= setting.
6925 A new IPServiceType= setting has been added to configure the "IP
6926 service type" value used by the client.
6928 * The DHCPv6 client learnt a new PrefixDelegationHint= option to
6929 request prefix hints in the DHCPv6 solicitation.
6931 * The DHCPv4 server may be configured to send arbitrary options using
6932 a new SendOption= setting.
6934 * The DHCPv4 server may now be configured to emit SIP server list using
6935 the new EmitSIP= and SIP= settings.
6937 * systemd-networkd and networkctl may now renew DHCP leases on demand.
6938 networkctl has a new 'networkctl renew' verb.
6940 * systemd-networkd may now reconfigure links on demand. networkctl
6941 gained two new verbs: "reload" will reload the configuration, and
6942 "reconfigure DEVICE…" will reconfigure one or more devices.
6944 * .network files may now match on SSID and BSSID of a wireless network,
6945 i.e. the access point name and hardware address using the new SSID=
6946 and BSSID= options. networkctl will display the current SSID and
6947 BSSID for wireless links.
6949 .network files may also match on the wireless network type using the
6950 new WLANInterfaceType= option.
6952 * systemd-networkd now includes default configuration that enables
6953 link-local addressing when connected to an ad-hoc wireless network.
6955 * systemd-networkd may configure the Traffic Control queueing
6956 disciplines in the kernel using the new
6957 [TrafficControlQueueingDiscipline] section and Parent=,
6958 NetworkEmulatorDelaySec=, NetworkEmulatorDelayJitterSec=,
6959 NetworkEmulatorPacketLimit=, NetworkEmulatorLossRate=,
6960 NetworkEmulatorDuplicateRate= settings.
6962 * systemd-tmpfiles gained a new w+ setting to append to files.
6964 * systemd-analyze dump will now report when the memory configuration in
6965 the kernel does not match what systemd has configured (usually,
6966 because some external program has modified the kernel configuration
6969 * systemd-analyze gained a new --base-time= switch instructs the
6970 'calendar' verb to resolve times relative to that timestamp instead
6971 of the present time.
6973 * journalctl --update-catalog now produces deterministic output (making
6974 reproducible image builds easier).
6976 * A new devicetree-overlay setting is now documented in the Boot Loader
6979 * The default value of the WatchdogSec= setting used in systemd
6980 services (the ones bundled with the project itself) may be set at
6981 configuration time using the -Dservice-watchdog= setting. If set to
6982 empty, the watchdogs will be disabled.
6984 * systemd-resolved validates IP addresses in certificates now when GnuTLS
6987 * libcryptsetup >= 2.0.1 is now required.
6989 * A configuration option -Duser-path= may be used to override the $PATH
6990 used by the user service manager. The default is again to use the same
6991 path as the system manager.
6993 * The systemd-id128 tool gained a new switch "-u" (or "--uuid") for
6994 outputting the 128-bit IDs in UUID format (i.e. in the "canonical
6997 * Service units gained a new sandboxing option ProtectKernelLogs= which
6998 makes sure the program cannot get direct access to the kernel log
6999 buffer anymore, i.e. the syslog() system call (not to be confused
7000 with the API of the same name in libc, which is not affected), the
7001 /proc/kmsg and /dev/kmsg nodes and the CAP_SYSLOG capability are made
7002 inaccessible to the service. It's recommended to enable this setting
7003 for all services that should not be able to read from or write to the
7004 kernel log buffer, which are probably almost all.
7006 Contributions from: Aaron Plattner, Alcaro, Anita Zhang, Balint Reczey,
7007 Bastien Nocera, Baybal Ni, Benjamin Bouvier, Benjamin Gilbert, Carlo
7008 Teubner, cbzxt, Chen Qi, Chris Down, Christian Rebischke, Claudio
7009 Zumbo, ClydeByrdIII, crashfistfight, Cyprien Laplace, Daniel Edgecumbe,
7010 Daniel Gorbea, Daniel Rusek, Daniel Stuart, Dan Streetman, David
7011 Pedersen, David Tardon, Dimitri John Ledkov, Dominique Martinet, Donald
7012 A. Cupp Jr, Evgeny Vereshchagin, Fabian Henneke, Filipe Brandenburger,
7013 Franck Bui, Frantisek Sumsal, Georg Müller, Hans de Goede, Haochen
7014 Tong, HATAYAMA Daisuke, Iwan Timmer, Jan Janssen, Jan Kundrát, Jan
7015 Synacek, Jan Tojnar, Jay Strict, Jérémy Rosen, Jóhann B. Guðmundsson,
7016 Jonas Jelten, Jonas Thelemann, Justin Trudell, J. Xing, Kai-Heng Feng,
7017 Kenneth D'souza, Kevin Becker, Kevin Kuehler, Lennart Poettering,
7018 Léonard Gérard, Lorenz Bauer, Luca Boccassi, Maciej Stanczew, Mario
7019 Limonciello, Marko Myllynen, Mark Stosberg, Martin Wilck, matthiasroos,
7020 Michael Biebl, Michael Olbrich, Michael Tretter, Michal Sekletar,
7021 Michal Sekletár, Michal Suchanek, Mike Gilbert, Mike Kazantsev, Nicolas
7022 Douma, nikolas, Norbert Lange, pan93412, Pascal de Bruijn, Paul Menzel,
7023 Pavel Hrdina, Peter Wu, Philip Withnall, Piotr Drąg, Rafael Fontenelle,
7024 Renaud Métrich, Riccardo Schirone, RoadrunnerWMC, Ronan Pigott, Ryan
7025 Attard, Sebastian Wick, Serge, Siddharth Chandrasekara, Steve Ramage,
7026 Steve Traylen, Susant Sahani, Thibault Nélis, Tim Teichmann, Tom
7027 Fitzhenry, Tommy J, Torsten Hilbrich, Vito Caputo, ypf791, Yu Watanabe,
7028 Zach Smith, Zbigniew Jędrzejewski-Szmek
7030 – Warsaw, 2019-11-29
7034 * This release enables unprivileged programs (i.e. requiring neither
7035 setuid nor file capabilities) to send ICMP Echo (i.e. ping) requests
7036 by turning on the "net.ipv4.ping_group_range" sysctl of the Linux
7037 kernel for the whole UNIX group range, i.e. all processes. This
7038 change should be reasonably safe, as the kernel support for it was
7039 specifically implemented to allow safe access to ICMP Echo for
7040 processes lacking any privileges. If this is not desirable, it can be
7041 disabled again by setting the parameter to "1 0".
7043 * Previously, filters defined with SystemCallFilter= would have the
7044 effect that any calling of an offending system call would terminate
7045 the calling thread. This behaviour never made much sense, since
7046 killing individual threads of unsuspecting processes is likely to
7047 create more problems than it solves. With this release the default
7048 action changed from killing the thread to killing the whole
7049 process. For this to work correctly both a kernel version (>= 4.14)
7050 and a libseccomp version (>= 2.4.0) supporting this new seccomp
7051 action is required. If an older kernel or libseccomp is used the old
7052 behaviour continues to be used. This change does not affect any
7053 services that have no system call filters defined, or that use
7054 SystemCallErrorNumber= (and thus see EPERM or another error instead
7055 of being killed when calling an offending system call). Note that
7056 systemd documentation always claimed that the whole process is
7057 killed. With this change behaviour is thus adjusted to match the
7060 * On 64 bit systems, the "kernel.pid_max" sysctl is now bumped to
7061 4194304 by default, i.e. the full 22bit range the kernel allows, up
7062 from the old 16-bit range. This should improve security and
7063 robustness, as PID collisions are made less likely (though certainly
7064 still possible). There are rumours this might create compatibility
7065 problems, though at this moment no practical ones are known to
7066 us. Downstream distributions are hence advised to undo this change in
7067 their builds if they are concerned about maximum compatibility, but
7068 for everybody else we recommend leaving the value bumped. Besides
7069 improving security and robustness this should also simplify things as
7070 the maximum number of allowed concurrent tasks was previously bounded
7071 by both "kernel.pid_max" and "kernel.threads-max" and now effectively
7072 only a single knob is left ("kernel.threads-max"). There have been
7073 concerns that usability is affected by this change because larger PID
7074 numbers are harder to type, but we believe the change from 5 digits
7075 to 7 digits doesn't hamper usability.
7077 * MemoryLow= and MemoryMin= gained hierarchy-aware counterparts,
7078 DefaultMemoryLow= and DefaultMemoryMin=, which can be used to
7079 hierarchically set default memory protection values for a particular
7080 subtree of the unit hierarchy.
7082 * Memory protection directives can now take a value of zero, allowing
7083 explicit opting out of a default value propagated by an ancestor.
7085 * systemd now defaults to the "unified" cgroup hierarchy setup during
7086 build-time, i.e. -Ddefault-hierarchy=unified is now the build-time
7087 default. Previously, -Ddefault-hierarchy=hybrid was the default. This
7088 change reflects the fact that cgroupsv2 support has matured
7089 substantially in both systemd and in the kernel, and is clearly the
7090 way forward. Downstream production distributions might want to
7091 continue to use -Ddefault-hierarchy=hybrid (or even =legacy) for
7092 their builds as unfortunately the popular container managers have not
7093 caught up with the kernel API changes.
7095 * Man pages are not built by default anymore (html pages were already
7096 disabled by default), to make development builds quicker. When
7097 building systemd for a full installation with documentation, meson
7098 should be called with -Dman=true and/or -Dhtml=true as appropriate.
7099 The default was changed based on the assumption that quick one-off or
7100 repeated development builds are much more common than full optimized
7101 builds for installation, and people need to pass various other
7102 options to when doing "proper" builds anyway, so the gain from making
7103 development builds quicker is bigger than the one time disruption for
7106 Two scripts are created in the *build* directory to generate and
7107 preview man and html pages on demand, e.g.:
7109 build/man/man systemctl
7110 build/man/html systemd.index
7112 * libidn2 is used by default if both libidn2 and libidn are installed.
7113 Please use -Dlibidn=true if libidn is preferred.
7115 * The D-Bus "wire format" of the CPUAffinity= attribute is changed on
7116 big-endian machines. Before, bytes were written and read in native
7117 machine order as exposed by the native libc __cpu_mask interface.
7118 Now, little-endian order is always used (CPUs 0–7 are described by
7119 bits 0–7 in byte 0, CPUs 8–15 are described by byte 1, and so on).
7120 This change fixes D-Bus calls that cross endianness boundary.
7122 The presentation format used for CPUAffinity= by "systemctl show" and
7123 "systemd-analyze dump" is changed to present CPU indices instead of
7124 the raw __cpu_mask bitmask. For example, CPUAffinity=0-1 would be
7125 shown as CPUAffinity=03000000000000000000000000000… (on
7126 little-endian) or CPUAffinity=00000000000000300000000000000… (on
7127 64-bit big-endian), and is now shown as CPUAffinity=0-1, matching the
7128 input format. The maximum integer that will be printed in the new
7129 format is 8191 (four digits), while the old format always used a very
7130 long number (with the length varying by architecture), so they can be
7131 unambiguously distinguished.
7133 * /usr/sbin/halt.local is no longer supported. Implementation in
7134 distributions was inconsistent and it seems this functionality was
7137 To replace this functionality, users should:
7138 - either define a new unit and make it a dependency of final.target
7139 (systemctl add-wants final.target my-halt-local.service)
7140 - or move the shutdown script to /usr/lib/systemd/system-shutdown/
7141 and ensure that it accepts "halt", "poweroff", "reboot", and
7142 "kexec" as an argument, see the description in systemd-shutdown(8).
7144 * When a [Match] section in .link or .network file is empty (contains
7145 no match patterns), a warning will be emitted. Please add any "match
7146 all" pattern instead, e.g. OriginalName=* or Name=* in case all
7147 interfaces should really be matched.
7149 * A new setting NUMAPolicy= may be used to set process memory
7150 allocation policy. This setting can be specified in
7151 /etc/systemd/system.conf and hence will set the default policy for
7152 PID1. The default policy can be overridden on a per-service
7153 basis. The related setting NUMAMask= is used to specify NUMA node
7154 mask that should be associated with the selected policy.
7156 * PID 1 will now listen to Out-Of-Memory (OOM) events the kernel
7157 generates when processes it manages are reaching their memory limits,
7158 and will place their units in a special state, and optionally kill or
7159 stop the whole unit.
7161 * The service manager will now expose bus properties for the IO
7162 resources used by units. This information is also shown in "systemctl
7163 status" now (for services that have IOAccounting=yes set). Moreover,
7164 the IO accounting data is included in the resource log message
7165 generated whenever a unit stops.
7167 * Units may now configure an explicit timeout to wait for when killed
7168 with SIGABRT, for example when a service watchdog is hit. Previously,
7169 the regular TimeoutStopSec= timeout was applied in this case too —
7170 now a separate timeout may be set using TimeoutAbortSec=.
7172 * Services may now send a special WATCHDOG=trigger message with
7173 sd_notify() to trigger an immediate "watchdog missed" event, and thus
7174 trigger service termination. This is useful both for testing watchdog
7175 handling, but also for defining error paths in services, that shall
7176 be handled the same way as watchdog events.
7178 * There are two new per-unit settings IPIngressFilterPath= and
7179 IPEgressFilterPath= which allow configuration of a BPF program
7180 (usually by specifying a path to a program uploaded to /sys/fs/bpf/)
7181 to apply to the IP packet ingress/egress path of all processes of a
7182 unit. This is useful to allow running systemd services with BPF
7183 programs set up externally.
7185 * systemctl gained a new "clean" verb for removing the state, cache,
7186 runtime or logs directories of a service while it is terminated. The
7187 new verb may also be used to remove the state maintained on disk for
7188 timer units that have Persistent= configured.
7190 * During the last phase of shutdown systemd will now automatically
7191 increase the log level configured in the "kernel.printk" sysctl so
7192 that any relevant loggable events happening during late shutdown are
7193 made visible. Previously, loggable events happening so late during
7194 shutdown were generally lost if the "kernel.printk" sysctl was set to
7195 high thresholds, as regular logging daemons are terminated at that
7196 time and thus nothing is written to disk.
7198 * If processes terminated during the last phase of shutdown do not exit
7199 quickly systemd will now show their names after a short time, to make
7200 debugging easier. After a longer timeout they are forcibly killed,
7203 * journalctl (and the other tools that display logs) will now highlight
7204 warnings in yellow (previously, both LOG_NOTICE and LOG_WARNING where
7205 shown in bright bold, now only LOG_NOTICE is). Moreover, audit logs
7206 are now shown in blue color, to separate them visually from regular
7207 logs. References to configuration files are now turned into clickable
7208 links on terminals that support that.
7210 * systemd-journald will now stop logging to /var/log/journal during
7211 shutdown when /var/ is on a separate mount, so that it can be
7212 unmounted safely during shutdown.
7214 * systemd-resolved gained support for a new 'strict' DNS-over-TLS mode.
7216 * systemd-resolved "Cache=" configuration option in resolved.conf has
7217 been extended to also accept the 'no-negative' value. Previously,
7218 only a boolean option was allowed (yes/no), having yes as the
7219 default. If this option is set to 'no-negative', negative answers are
7220 not cached while the old cache heuristics are used positive answers.
7221 The default remains unchanged.
7223 * The predictable naming scheme for network devices now supports
7224 generating predictable names for "netdevsim" devices.
7226 Moreover, the "en" prefix was dropped from the ID_NET_NAME_ONBOARD
7229 Those two changes form a new net.naming-policy-scheme= entry.
7230 Distributions which want to preserve naming stability may want to set
7231 the -Ddefault-net-naming-scheme= configuration option.
7233 * systemd-networkd now supports MACsec, nlmon, IPVTAP and Xfrm
7234 interfaces natively.
7236 * systemd-networkd's bridge FDB support now allows configuration of a
7237 destination address for each entry (Destination=), as well as the
7238 VXLAN VNI (VNI=), as well as an option to declare what an entry is
7239 associated with (AssociatedWith=).
7241 * systemd-networkd's DHCPv4 support now understands a new MaxAttempts=
7242 option for configuring the maximum number of DHCP lease requests. It
7243 also learnt a new BlackList= option for deny-listing DHCP servers (a
7244 similar setting has also been added to the IPv6 RA client), as well
7245 as a SendRelease= option for configuring whether to send a DHCP
7246 RELEASE message when terminating.
7248 * systemd-networkd's DHCPv4 and DHCPv6 stacks can now be configured
7249 separately in the [DHCPv4] and [DHCPv6] sections.
7251 * systemd-networkd's DHCP support will now optionally create an
7252 implicit host route to the DNS server specified in the DHCP lease, in
7253 addition to the routes listed explicitly in the lease. This should
7254 ensure that in multi-homed systems DNS traffic leaves the systems on
7255 the interface that acquired the DNS server information even if other
7256 routes such as default routes exist. This behaviour may be turned on
7257 with the new RoutesToDNS= option.
7259 * systemd-networkd's VXLAN support gained a new option
7260 GenericProtocolExtension= for enabling VXLAN Generic Protocol
7261 Extension support, as well as IPDoNotFragment= for setting the IP
7262 "Don't fragment" bit on outgoing packets. A similar option has been
7263 added to the GENEVE support.
7265 * In systemd-networkd's [Route] section you may now configure
7266 FastOpenNoCookie= for configuring per-route TCP fast-open support, as
7267 well as TTLPropagate= for configuring Label Switched Path (LSP) TTL
7268 propagation. The Type= setting now supports local, broadcast,
7269 anycast, multicast, any, xresolve routes, too.
7271 * systemd-networkd's [Network] section learnt a new option
7272 DefaultRouteOnDevice= for automatically configuring a default route
7273 onto the network device.
7275 * systemd-networkd's bridging support gained two new options ProxyARP=
7276 and ProxyARPWifi= for configuring proxy ARP behaviour as well as
7277 MulticastRouter= for configuring multicast routing behaviour. A new
7278 option MulticastIGMPVersion= may be used to change bridge's multicast
7279 Internet Group Management Protocol (IGMP) version.
7281 * systemd-networkd's FooOverUDP support gained the ability to configure
7282 local and peer IP addresses via Local= and Peer=. A new option
7283 PeerPort= may be used to configure the peer's IP port.
7285 * systemd-networkd's TUN support gained a new setting VnetHeader= for
7286 tweaking Generic Segment Offload support.
7288 * The address family for policy rules may be specified using the new
7289 Family= option in the [RoutingPolicyRule] section.
7291 * networkctl gained a new "delete" command for removing virtual network
7292 devices, as well as a new "--stats" switch for showing device
7295 * networkd.conf gained a new setting SpeedMeter= and
7296 SpeedMeterIntervalSec=, to measure bitrate of network interfaces. The
7297 measured speed may be shown by 'networkctl status'.
7299 * "networkctl status" now displays MTU and queue lengths, and more
7300 detailed information about VXLAN and bridge devices.
7302 * systemd-networkd's .network and .link files gained a new Property=
7303 setting in the [Match] section, to match against devices with
7304 specific udev properties.
7306 * systemd-networkd's tunnel support gained a new option
7307 AssignToLoopback= for selecting whether to use the loopback device
7308 "lo" as underlying device.
7310 * systemd-networkd's MACAddress= setting in the [Neighbor] section has
7311 been renamed to LinkLayerAddress=, and it now allows configuration of
7314 * systemd-networkd's handling of the kernel's disable_ipv6 sysctl is
7315 simplified: systemd-networkd will disable the sysctl (enable IPv6) if
7316 IPv6 configuration (static or DHCPv6) was found for a given
7317 interface. It will not touch the sysctl otherwise.
7319 * The order of entries is $PATH used by the user manager instance was
7320 changed to put bin/ entries before the corresponding sbin/ entries.
7321 It is recommended to not rely on this order, and only ever have one
7322 binary with a given name in the system paths under /usr.
7324 * A new tool systemd-network-generator has been added that may generate
7325 .network, .netdev and .link files from IP configuration specified on
7326 the kernel command line in the format used by Dracut.
7328 * The CriticalConnection= setting in .network files is now deprecated,
7329 and replaced by a new KeepConfiguration= setting which allows more
7330 detailed configuration of the IP configuration to keep in place.
7332 * systemd-analyze gained a few new verbs:
7334 - "systemd-analyze timestamp" parses and converts timestamps. This is
7335 similar to the existing "systemd-analyze calendar" command which
7336 does the same for recurring calendar events.
7338 - "systemd-analyze timespan" parses and converts timespans (i.e.
7339 durations as opposed to points in time).
7341 - "systemd-analyze condition" will parse and test ConditionXYZ=
7344 - "systemd-analyze exit-status" will parse and convert exit status
7345 codes to their names and back.
7347 - "systemd-analyze unit-files" will print a list of all unit
7348 file paths and unit aliases.
7350 * SuccessExitStatus=, RestartPreventExitStatus=, and
7351 RestartForceExitStatus= now accept exit status names (e.g. "DATAERR"
7352 is equivalent to "65"). Those exit status name mappings may be
7353 displayed with the systemd-analyze exit-status verb describe above.
7355 * systemd-logind now exposes a per-session SetBrightness() bus call,
7356 which may be used to securely change the brightness of a kernel
7357 brightness device, if it belongs to the session's seat. By using this
7358 call unprivileged clients can make changes to "backlight" and "leds"
7359 devices securely with strict requirements on session membership.
7360 Desktop environments may use this to generically make brightness
7361 changes to such devices without shipping private SUID binaries or
7362 udev rules for that purpose.
7364 * "udevadm info" gained a --wait-for-initialization switch to wait for
7365 a device to be initialized.
7367 * systemd-hibernate-resume-generator will now look for resumeflags= on
7368 the kernel command line, which is similar to rootflags= and may be
7369 used to configure device timeout for the hibernation device.
7371 * sd-event learnt a new API call sd_event_source_disable_unref() for
7372 disabling and unref'ing an event source in a single function. A
7373 related call sd_event_source_disable_unrefp() has been added for use
7374 with gcc's cleanup extension.
7376 * The sd-id128.h public API gained a new definition
7377 SD_ID128_UUID_FORMAT_STR for formatting a 128-bit ID in UUID format
7380 * "busctl introspect" gained a new switch --xml-interface for dumping
7381 XML introspection data unmodified.
7383 * PID 1 may now show the unit name instead of the unit description
7384 string in its status output during boot. This may be configured in
7385 the StatusUnitFormat= setting in /etc/systemd/system.conf or the
7386 kernel command line option systemd.status_unit_format=.
7388 * PID 1 now understands a new option KExecWatchdogSec= in
7389 /etc/systemd/system.conf to set a watchdog timeout for kexec reboots.
7390 Previously watchdog functionality was only available for regular
7391 reboots. The new setting defaults to off, because we don't know in
7392 the general case if the watchdog will be reset after kexec (some
7393 drivers do reset it, but not all), and the new userspace might not be
7394 configured to handle the watchdog.
7396 Moreover, the old ShutdownWatchdogSec= setting has been renamed to
7397 RebootWatchdogSec= to more clearly communicate what it is about. The
7398 old name is still accepted for compatibility.
7400 * The systemd.debug_shell kernel command line option now optionally
7401 takes a tty name to spawn the debug shell on, which allows a
7402 different tty to be selected than the built-in default.
7404 * Service units gained a new ExecCondition= setting which will run
7405 before ExecStartPre= and either continue execution of the unit (for
7406 clean exit codes), stop execution without marking the unit failed
7407 (for exit codes 1 through 254), or stop execution and fail the unit
7408 (for exit code 255 or abnormal termination).
7410 * A new service systemd-pstore.service has been added that pulls data
7411 from /sys/fs/pstore/ and saves it to /var/lib/pstore for later
7414 * timedatectl gained new verbs for configuring per-interface NTP
7415 service configuration for systemd-timesyncd.
7417 * "localectl list-locales" won't list non-UTF-8 locales anymore. It's
7418 2019. (You can set non-UTF-8 locales though, if you know their name.)
7420 * If variable assignments in sysctl.d/ files are prefixed with "-" any
7421 failures to apply them are now ignored.
7423 * systemd-random-seed.service now optionally credits entropy when
7424 applying the seed to the system. Set $SYSTEMD_RANDOM_SEED_CREDIT to
7425 true for the service to enable this behaviour, but please consult the
7426 documentation first, since this comes with a couple of caveats.
7428 * systemd-random-seed.service is now a synchronization point for full
7429 initialization of the kernel's entropy pool. Services that require
7430 /dev/urandom to be correctly initialized should be ordered after this
7433 * The systemd-boot boot loader has been updated to optionally maintain
7434 a random seed file in the EFI System Partition (ESP). During the boot
7435 phase, this random seed is read and updated with a new seed
7436 cryptographically derived from it. Another derived seed is passed to
7437 the OS. The latter seed is then credited to the kernel's entropy pool
7438 very early during userspace initialization (from PID 1). This allows
7439 systems to boot up with a fully initialized kernel entropy pool from
7440 earliest boot on, and thus entirely removes all entropy pool
7441 initialization delays from systems using systemd-boot. Special care
7442 is taken to ensure different seeds are derived on system images
7443 replicated to multiple systems. "bootctl status" will show whether
7444 a seed was received from the boot loader.
7446 * bootctl gained two new verbs:
7448 - "bootctl random-seed" will generate the file in ESP and an EFI
7449 variable to allow a random seed to be passed to the OS as described
7452 - "bootctl is-installed" checks whether systemd-boot is currently
7455 * bootctl will warn if it detects that boot entries are misconfigured
7456 (for example if the kernel image was removed without purging the
7459 * A new document has been added describing systemd's use and support
7460 for the kernel's entropy pool subsystem:
7462 https://systemd.io/RANDOM_SEEDS
7464 * When the system is hibernated the swap device to write the
7465 hibernation image to is now automatically picked from all available
7466 swap devices, preferring the swap device with the highest configured
7467 priority over all others, and picking the device with the most free
7468 space if there are multiple devices with the highest priority.
7470 * /etc/crypttab support has learnt a new keyfile-timeout= per-device
7471 option that permits selecting the timeout how long to wait for a
7472 device with an encryption key before asking for the password.
7474 * IOWeight= has learnt to properly set the IO weight when using the
7475 BFQ scheduler officially found in kernels 5.0+.
7477 * A new mailing list has been created for reporting of security issues:
7478 systemd-security@redhat.com. For mode details, see
7479 https://systemd.io/CONTRIBUTING#security-vulnerability-reports.
7481 Contributions from: Aaron Barany, Adrian Bunk, Alan Jenkins, Albrecht
7482 Lohofener, Andrej Valek, Anita Zhang, Arian van Putten, Balint Reczey,
7483 Bastien Nocera, Ben Boeckel, Benjamin Robin, camoz, Chen Qi, Chris
7484 Chiu, Chris Down, Christian Göttsche, Christian Kellner, Clinton Roy,
7485 Connor Reeder, Daniel Black, Daniel Lublin, Daniele Medri, Dan
7486 Streetman, Dave Reisner, Dave Ross, David Art, David Tardon, Debarshi
7487 Ray, Dimitri John Ledkov, Dominick Grift, Donald Buczek, Douglas
7488 Christman, Eric DeVolder, EtherGraf, Evgeny Vereshchagin, Feldwor,
7489 Felix Riemann, Florian Dollinger, Francesco Pennica, Franck Bui,
7490 Frantisek Sumsal, Franz Pletz, frederik, Hans de Goede, Iago López
7491 Galeiras, Insun Pyo, Ivan Shapovalov, Iwan Timmer, Jack, Jakob
7492 Unterwurzacher, Jan Chren, Jan Klötzke, Jan Losinski, Jan Pokorný, Jan
7493 Synacek, Jan-Michael Brummer, Jeka Pats, Jeremy Soller, Jérémy Rosen,
7494 Jiri Pirko, Joe Lin, Joerg Behrmann, Joe Richey, Jóhann B. Guðmundsson,
7495 Johannes Christ, Johannes Schmitz, Jonathan Rouleau, Jorge Niedbalski,
7496 Jörg Thalheim, Kai Krakow, Kai Lüke, Karel Zak, Kashyap Chamarthy,
7497 Krayushkin Konstantin, Lennart Poettering, Lubomir Rintel, Luca
7498 Boccassi, Luís Ferreira, Marc-André Lureau, Markus Felten, Martin Pitt,
7499 Matthew Leeds, Mattias Jernberg, Michael Biebl, Michael Olbrich,
7500 Michael Prokop, Michael Stapelberg, Michael Zhivich, Michal Koutný,
7501 Michal Sekletar, Mike Gilbert, Milan Broz, Miroslav Lichvar, mpe85,
7502 Mr-Foo, Network Silence, Oliver Harley, pan93412, Paul Menzel, pEJipE,
7503 Peter A. Bigot, Philip Withnall, Piotr Drąg, Rafael Fontenelle, Robert
7504 Scheck, Roberto Santalla, Ronan Pigott, root, RussianNeuroMancer,
7505 Sebastian Jennen, shinygold, Shreyas Behera, Simon Schricker, Susant
7506 Sahani, Thadeu Lima de Souza Cascardo, Theo Ouzhinski, Thiebaud
7507 Weksteen, Thomas Haller, Thomas Weißschuh, Tomas Mraz, Tommi Rantala,
7508 Topi Miettinen, VD-Lycos, ven, Vladimir Yerilov, Wieland Hoffmann,
7509 William A. Kennington III, William Wold, Xi Ruoyao, Yuri Chornoivan,
7510 Yu Watanabe, Zach Smith, Zbigniew Jędrzejewski-Szmek, Zhang Xianwei
7512 – Camerino, 2019-09-03
7516 * In .link files, MACAddressPolicy=persistent (the default) is changed
7517 to cover more devices. For devices like bridges, tun, tap, bond, and
7518 similar interfaces that do not have other identifying information,
7519 the interface name is used as the basis for persistent seed for MAC
7520 and IPv4LL addresses. The way that devices that were handled
7521 previously is not changed, and this change is about covering more
7522 devices then previously by the "persistent" policy.
7524 MACAddressPolicy=random may be used to force randomized MACs and
7525 IPv4LL addresses for a device if desired.
7527 Hint: the log output from udev (at debug level) was enhanced to
7528 clarify what policy is followed and which attributes are used.
7529 `SYSTEMD_LOG_LEVEL=debug udevadm test-builtin net_setup_link /sys/class/net/<name>`
7530 may be used to view this.
7532 Hint: if a bridge interface is created without any slaves, and gains
7533 a slave later, then now the bridge does not inherit slave's MAC.
7534 To inherit slave's MAC, for example, create the following file:
7536 # /etc/systemd/network/98-bridge-inherit-mac.link
7541 MACAddressPolicy=none
7544 * The .device units generated by systemd-fstab-generator and other
7545 generators do not automatically pull in the corresponding .mount unit
7546 as a Wants= dependency. This means that simply plugging in the device
7547 will not cause the mount unit to be started automatically. But please
7548 note that the mount unit may be started for other reasons, in
7549 particular if it is part of local-fs.target, and any unit which
7550 (transitively) depends on local-fs.target is started.
7552 * networkctl list/status/lldp now accept globbing wildcards for network
7553 interface names to match against all existing interfaces.
7555 * The $PIDFILE environment variable is set to point the absolute path
7556 configured with PIDFile= for processes of that service.
7558 * The fallback DNS server list was augmented with Cloudflare public DNS
7559 servers. Use `-Ddns-servers=` to set a different fallback.
7561 * A new special target usb-gadget.target will be started automatically
7562 when a USB Device Controller is detected (which means that the system
7563 is a USB peripheral).
7565 * A new unit setting CPUQuotaPeriodSec= assigns the time period
7566 relatively to which the CPU time quota specified by CPUQuota= is
7569 * A new unit setting ProtectHostname= may be used to prevent services
7570 from modifying hostname information (even if they otherwise would
7571 have privileges to do so).
7573 * A new unit setting NetworkNamespacePath= may be used to specify a
7574 namespace for service or socket units through a path referring to a
7575 Linux network namespace pseudo-file.
7577 * The PrivateNetwork= setting and JoinsNamespaceOf= dependencies now
7578 have an effect on .socket units: when used the listening socket is
7579 created within the configured network namespace instead of the host
7582 * ExecStart= command lines in unit files may now be prefixed with ':'
7583 in which case environment variable substitution is
7584 disabled. (Supported for the other ExecXYZ= settings, too.)
7586 * .timer units gained two new boolean settings OnClockChange= and
7587 OnTimezoneChange= which may be used to also trigger a unit when the
7588 system clock is changed or the local timezone is
7589 modified. systemd-run has been updated to make these options easily
7590 accessible from the command line for transient timers.
7592 * Two new conditions for units have been added: ConditionMemory= may be
7593 used to conditionalize a unit based on installed system
7594 RAM. ConditionCPUs= may be used to conditionalize a unit based on
7595 installed CPU cores.
7597 * The @default system call filter group understood by SystemCallFilter=
7598 has been updated to include the new rseq() system call introduced in
7601 * A new time-set.target has been added that indicates that the system
7602 time has been set from a local source (possibly imprecise). The
7603 existing time-sync.target is stronger and indicates that the time has
7604 been synchronized with a precise external source. Services where
7605 approximate time is sufficient should use the new target.
7607 * "systemctl start" (and related commands) learnt a new
7608 --show-transaction option. If specified brief information about all
7609 jobs queued because of the requested operation is shown.
7611 * systemd-networkd recognizes a new operation state 'enslaved', used
7612 (instead of 'degraded' or 'carrier') for interfaces which form a
7613 bridge, bond, or similar, and an new 'degraded-carrier' operational
7614 state used for the bond or bridge master interface when one of the
7615 enslaved devices is not operational.
7617 * .network files learnt the new IgnoreCarrierLoss= option for leaving
7618 networks configured even if the carrier is lost.
7620 * The RequiredForOnline= setting in .network files may now specify a
7621 minimum operational state required for the interface to be considered
7622 "online" by systemd-networkd-wait-online. Related to this
7623 systemd-networkd-wait-online gained a new option --operational-state=
7624 to configure the same, and its --interface= option was updated to
7625 optionally also take an operational state specific for an interface.
7627 * systemd-networkd-wait-online gained a new setting --any for waiting
7628 for only one of the requested interfaces instead of all of them.
7630 * systemd-networkd now implements L2TP tunnels.
7632 * Two new .network settings UseAutonomousPrefix= and UseOnLinkPrefix=
7633 may be used to cause autonomous and onlink prefixes received in IPv6
7634 Router Advertisements to be ignored.
7636 * New MulticastFlood=, NeighborSuppression=, and Learning= .network
7637 file settings may be used to tweak bridge behaviour.
7639 * The new TripleSampling= option in .network files may be used to
7640 configure CAN triple sampling.
7642 * A new .netdev settings PrivateKeyFile= and PresharedKeyFile= may be
7643 used to point to private or preshared key for a WireGuard interface.
7645 * /etc/crypttab now supports the same-cpu-crypt and
7646 submit-from-crypt-cpus options to tweak encryption work scheduling
7649 * systemd-tmpfiles will now take a BSD file lock before operating on a
7650 contents of directory. This may be used to temporarily exclude
7651 directories from aging by taking the same lock (useful for example
7652 when extracting a tarball into /tmp or /var/tmp as a privileged user,
7653 which might create files with really old timestamps, which
7654 nevertheless should not be deleted). For further details, see:
7656 https://systemd.io/TEMPORARY_DIRECTORIES
7658 * systemd-tmpfiles' h line type gained support for the
7659 FS_PROJINHERIT_FL ('P') file attribute (introduced in kernel 4.5),
7660 controlling project quota inheritance.
7662 * sd-boot and bootctl now implement support for an Extended Boot Loader
7663 (XBOOTLDR) partition, that is intended to be mounted to /boot, in
7664 addition to the ESP partition mounted to /efi or /boot/efi.
7665 Configuration file fragments, kernels, initrds and other EFI images
7666 to boot will be loaded from both the ESP and XBOOTLDR partitions.
7667 The XBOOTLDR partition was previously described by the Boot Loader
7668 Specification, but implementation was missing in sd-boot. Support for
7669 this concept allows using the sd-boot boot loader in more
7670 conservative scenarios where the boot loader itself is placed in the
7671 ESP but the kernels to boot (and their metadata) in a separate
7674 * A system may now be booted with systemd.volatile=overlay on the
7675 kernel command line, which causes the root file system to be set up
7676 an overlayfs mount combining the root-only root directory with a
7677 writable tmpfs. In this setup, the underlying root device is not
7678 modified, and any changes are lost at reboot.
7680 * Similar, systemd-nspawn can now boot containers with a volatile
7681 overlayfs root with the new --volatile=overlay switch.
7683 * systemd-nspawn can now consume OCI runtime bundles using a new
7684 --oci-bundle= option. This implementation is fully usable, with most
7685 features in the specification implemented, but since this a lot of
7686 new code and functionality, this feature should most likely not
7687 be used in production yet.
7689 * systemd-nspawn now supports various options described by the OCI
7690 runtime specification on the command-line and in .nspawn files:
7691 --inaccessible=/Inaccessible= may be used to mask parts of the file
7692 system tree, --console=/--pipe may be used to configure how standard
7693 input, output, and error are set up.
7695 * busctl learned the `emit` verb to generate D-Bus signals.
7697 * systemd-analyze cat-config may be used to gather and display
7698 configuration spread over multiple files, for example system and user
7699 presets, tmpfiles.d, sysusers.d, udev rules, etc.
7701 * systemd-analyze calendar now takes an optional new parameter
7702 --iterations= which may be used to show a maximum number of iterations
7703 the specified expression will elapse next.
7705 * The sd-bus C API gained support for naming method parameters in the
7708 * systemd-logind gained D-Bus APIs to specify the "reboot parameter"
7709 the reboot() system call expects.
7711 * journalctl learnt a new --cursor-file= option that points to a file
7712 from which a cursor should be loaded in the beginning and to which
7713 the updated cursor should be stored at the end.
7715 * ACRN hypervisor and Windows Subsystem for Linux (WSL) are now
7716 detected by systemd-detect-virt (and may also be used in
7717 ConditionVirtualization=).
7719 * The behaviour of systemd-logind may now be modified with environment
7720 variables $SYSTEMD_REBOOT_TO_FIRMWARE_SETUP,
7721 $SYSTEMD_REBOOT_TO_BOOT_LOADER_MENU, and
7722 $SYSTEMD_REBOOT_TO_BOOT_LOADER_ENTRY. They cause logind to either
7723 skip the relevant operation completely (when set to false), or to
7724 create a flag file in /run/systemd (when set to true), instead of
7725 actually commencing the real operation when requested. The presence
7726 of /run/systemd/reboot-to-firmware-setup,
7727 /run/systemd/reboot-to-boot-loader-menu, and
7728 /run/systemd/reboot-to-boot-loader-entry, may be used by alternative
7729 boot loader implementations to replace some steps logind performs
7730 during reboot with their own operations.
7732 * systemctl can be used to request a reboot into the boot loader menu
7733 or a specific boot loader entry with the new --boot-load-menu= and
7734 --boot-loader-entry= options to a reboot command. (This requires a
7735 boot loader that supports this, for example sd-boot.)
7737 * kernel-install will no longer unconditionally create the output
7738 directory (e.g. /efi/<machine-id>/<kernel-version>) for boot loader
7739 snippets, but will do only if the machine-specific parent directory
7740 (i.e. /efi/<machine-id>/) already exists. bootctl has been modified
7741 to create this parent directory during sd-boot installation.
7743 This makes it easier to use kernel-install with plugins which support
7744 a different layout of the bootloader partitions (for example grub2).
7746 * During package installation (with `ninja install`), we would create
7747 symlinks for getty@tty1.service, systemd-networkd.service,
7748 systemd-networkd.socket, systemd-resolved.service,
7749 remote-cryptsetup.target, remote-fs.target,
7750 systemd-networkd-wait-online.service, and systemd-timesyncd.service
7751 in /etc, as if `systemctl enable` was called for those units, to make
7752 the system usable immediately after installation. Now this is not
7753 done anymore, and instead calling `systemctl preset-all` is
7754 recommended after the first installation of systemd.
7756 * A new boolean sandboxing option RestrictSUIDSGID= has been added that
7757 is built on seccomp. When turned on creation of SUID/SGID files is
7760 * The NoNewPrivileges= and the new RestrictSUIDSGID= options are now
7761 implied if DynamicUser= is turned on for a service. This hardens
7762 these services, so that they neither can benefit from nor create
7763 SUID/SGID executables. This is a minor compatibility breakage, given
7764 that when DynamicUser= was first introduced SUID/SGID behaviour was
7765 unaffected. However, the security benefit of these two options is
7766 substantial, and the setting is still relatively new, hence we opted
7767 to make it mandatory for services with dynamic users.
7769 Contributions from: Adam Jackson, Alexander Tsoy, Andrey Yashkin,
7770 Andrzej Pietrasiewicz, Anita Zhang, Balint Reczey, Beniamino Galvani,
7771 Ben Iofel, Benjamin Berg, Benjamin Dahlhoff, Chris, Chris Morin,
7772 Christopher Wong, Claudius Ellsel, Clemens Gruber, dana, Daniel Black,
7773 Davide Cavalca, David Michael, David Rheinsberg, emersion, Evgeny
7774 Vereshchagin, Filipe Brandenburger, Franck Bui, Frantisek Sumsal,
7775 Giacinto Cifelli, Hans de Goede, Hugo Kindel, Ignat Korchagin, Insun
7776 Pyo, Jan Engelhardt, Jonas Dorel, Jonathan Lebon, Jonathon Kowalski,
7777 Jörg Sommer, Jörg Thalheim, Jussi Pakkanen, Kai-Heng Feng, Lennart
7778 Poettering, Lubomir Rintel, Luís Ferreira, Martin Pitt, Matthias
7779 Klumpp, Michael Biebl, Michael Niewöhner, Michael Olbrich, Michal
7780 Sekletar, Mike Lothian, Paul Menzel, Piotr Drąg, Riccardo Schirone,
7781 Robin Elvedi, Roman Kulikov, Ronald Tschalär, Ross Burton, Ryan
7782 Gonzalez, Sebastian Krzyszkowiak, Stephane Chazelas, StKob, Susant
7783 Sahani, Sylvain Plantefève, Szabolcs Fruhwald, Taro Yamada, Theo
7784 Ouzhinski, Thomas Haller, Tobias Jungel, Tom Yan, Tony Asleson, Topi
7785 Miettinen, unixsysadmin, Van Laser, Vesa Jääskeläinen, Yu, Li-Yu,
7786 Yu Watanabe, Zbigniew Jędrzejewski-Szmek
7788 — Warsaw, 2019-04-11
7792 * The default locale can now be configured at compile time. Otherwise,
7793 a suitable default will be selected automatically (one of C.UTF-8,
7794 en_US.UTF-8, and C).
7796 * The version string shown by systemd and other tools now includes the
7797 git commit hash when built from git. An override may be specified
7798 during compilation, which is intended to be used by distributions to
7799 include the package release information.
7801 * systemd-cat can now filter standard input and standard error streams
7802 for different syslog priorities using the new --stderr-priority=
7805 * systemd-journald and systemd-journal-remote reject entries which
7806 contain too many fields (CVE-2018-16865) and set limits on the
7807 process' command line length (CVE-2018-16864).
7809 * $DBUS_SESSION_BUS_ADDRESS environment variable is set by pam_systemd
7812 * A new network device NamePolicy "keep" is implemented for link files,
7813 and used by default in 99-default.link (the fallback configuration
7814 provided by systemd). With this policy, if the network device name
7815 was already set by userspace, the device will not be renamed again.
7816 This matches the naming scheme that was implemented before
7817 systemd-240. If naming-scheme < 240 is specified, the "keep" policy
7818 is also enabled by default, even if not specified. Effectively, this
7819 means that if naming-scheme >= 240 is specified, network devices will
7820 be renamed according to the configuration, even if they have been
7821 renamed already, if "keep" is not specified as the naming policy in
7822 the .link file. The 99-default.link file provided by systemd includes
7823 "keep" for backwards compatibility, but it is recommended for user
7824 installed .link files to *not* include it.
7826 The "kernel" policy, which keeps kernel names declared to be
7827 "persistent", now works again as documented.
7829 * kernel-install script now optionally takes the paths to one or more
7830 initrd files, and passes them to all plugins.
7832 * The mincore() system call has been dropped from the @system-service
7833 system call filter group, as it is pretty exotic and may potentially
7834 used for side-channel attacks.
7836 * -fPIE is dropped from compiler and linker options. Please specify
7837 -Db_pie=true option to meson to build position-independent
7838 executables. Note that the meson option is supported since meson-0.49.
7840 * The fs.protected_regular and fs.protected_fifos sysctls, which were
7841 added in Linux 4.19 to make some data spoofing attacks harder, are
7842 now enabled by default. While this will hopefully improve the
7843 security of most installations, it is technically a backwards
7844 incompatible change; to disable these sysctls again, place the
7845 following lines in /etc/sysctl.d/60-protected.conf or a similar file:
7847 fs.protected_regular = 0
7848 fs.protected_fifos = 0
7850 Note that the similar hardlink and symlink protection has been
7851 enabled since v199, and may be disabled likewise.
7853 * The files read from the EnvironmentFile= setting in unit files now
7854 parse backslashes inside quotes literally, matching the behaviour of
7857 * udevadm trigger, udevadm control, udevadm settle and udevadm monitor
7858 now automatically become NOPs when run in a chroot() environment.
7860 * The tmpfiles.d/ "C" line type will now copy directory trees not only
7861 when the destination is so far missing, but also if it already exists
7862 as a directory and is empty. This is useful to cater for systems
7863 where directory trees are put together from multiple separate mount
7864 points but otherwise empty.
7866 * A new function sd_bus_close_unref() (and the associated
7867 sd_bus_close_unrefp()) has been added to libsystemd, that combines
7868 sd_bus_close() and sd_bus_unref() in one.
7870 * udevadm control learnt a new option for --ping for testing whether a
7871 systemd-udevd instance is running and reacting.
7873 * udevadm trigger learnt a new option for --wait-daemon for waiting
7874 systemd-udevd daemon to be initialized.
7876 Contributions from: Aaron Plattner, Alberts Muktupāvels, Alex Mayer,
7877 Ayman Bagabas, Beniamino Galvani, Burt P, Chris Down, Chris Lamb, Chris
7878 Morin, Christian Hesse, Claudius Ellsel, dana, Daniel Axtens, Daniele
7879 Medri, Dave Reisner, David Santamaría Rogado, Diego Canuhe, Dimitri
7880 John Ledkov, Evgeny Vereshchagin, Fabrice Fontaine, Filipe
7881 Brandenburger, Franck Bui, Frantisek Sumsal, govwin, Hans de Goede,
7882 James Hilliard, Jan Engelhardt, Jani Uusitalo, Jan Janssen, Jan
7883 Synacek, Jonathan McDowell, Jonathan Roemer, Jonathon Kowalski, Joost
7884 Heitbrink, Jörg Thalheim, Lance, Lennart Poettering, Louis Taylor,
7885 Lucas Werkmeister, Mantas Mikulėnas, Marc-Antoine Perennou,
7886 marvelousblack, Michael Biebl, Michael Sloan, Michal Sekletar, Mike
7887 Auty, Mike Gilbert, Mikhail Kasimov, Neil Brown, Niklas Hambüchen,
7888 Patrick Williams, Paul Seyfert, Peter Hutterer, Philip Withnall, Roger
7889 James, Ronnie P. Thomas, Ryan Gonzalez, Sam Morris, Stephan Edel,
7890 Stephan Gerhold, Susant Sahani, Taro Yamada, Thomas Haller, Topi
7891 Miettinen, YiFei Zhu, YmrDtnJu, YunQiang Su, Yu Watanabe, Zbigniew
7892 Jędrzejewski-Szmek, zsergeant77, Дамјан Георгиевски
7894 — Berlin, 2019-02-14
7898 * NoNewPrivileges=yes has been set for all long-running services
7899 implemented by systemd. Previously, this was problematic due to
7900 SELinux (as this would also prohibit the transition from PID1's label
7901 to the service's label). This restriction has since been lifted, but
7902 an SELinux policy update is required.
7903 (See e.g. https://github.com/fedora-selinux/selinux-policy/pull/234.)
7905 * DynamicUser=yes is dropped from systemd-networkd.service,
7906 systemd-resolved.service and systemd-timesyncd.service, which was
7907 enabled in v239 for systemd-networkd.service and systemd-resolved.service,
7908 and since v236 for systemd-timesyncd.service. The users and groups
7909 systemd-network, systemd-resolve and systemd-timesync are created
7910 by systemd-sysusers again. Distributors or system administrators
7911 may need to create these users and groups if they not exist (or need
7912 to re-enable DynamicUser= for those units) while upgrading systemd.
7913 Also, the clock file for systemd-timesyncd may need to move from
7914 /var/lib/private/systemd/timesync/clock to /var/lib/systemd/timesync/clock.
7916 * When unit files are loaded from disk, previously systemd would
7917 sometimes (depending on the unit loading order) load units from the
7918 target path of symlinks in .wants/ or .requires/ directories of other
7919 units. This meant that unit could be loaded from different paths
7920 depending on whether the unit was requested explicitly or as a
7921 dependency of another unit, not honouring the priority of directories
7922 in search path. It also meant that it was possible to successfully
7923 load and start units which are not found in the unit search path, as
7924 long as they were requested as a dependency and linked to from
7925 .wants/ or .requires/. The target paths of those symlinks are not
7926 used for loading units anymore and the unit file must be found in
7929 * A new service type has been added: Type=exec. It's very similar to
7930 Type=simple but ensures the service manager will wait for both fork()
7931 and execve() of the main service binary to complete before proceeding
7932 with follow-up units. This is primarily useful so that the manager
7933 propagates any errors in the preparation phase of service execution
7934 back to the job that requested the unit to be started. For example,
7935 consider a service that has ExecStart= set to a file system binary
7936 that doesn't exist. With Type=simple starting the unit would be
7937 considered instantly successful, as only fork() has to complete
7938 successfully and the manager does not wait for execve(), and hence
7939 its failure is seen "too late". With the new Type=exec service type
7940 starting the unit will fail, as the manager will wait for the
7941 execve() and notice its failure, which is then propagated back to the
7944 NOTE: with the next release 241 of systemd we intend to change the
7945 systemd-run tool to default to Type=exec for transient services
7946 started by it. This should be mostly safe, but in specific corner
7947 cases might result in problems, as the systemd-run tool will then
7948 block on NSS calls (such as user name look-ups due to User=) done
7949 between the fork() and execve(), which under specific circumstances
7950 might cause problems. It is recommended to specify "-p Type=simple"
7951 explicitly in the few cases where this applies. For regular,
7952 non-transient services (i.e. those defined with unit files on disk)
7953 we will continue to default to Type=simple.
7955 * The Linux kernel's current default RLIMIT_NOFILE resource limit for
7956 userspace processes is set to 1024 (soft) and 4096
7957 (hard). Previously, systemd passed this on unmodified to all
7958 processes it forked off. With this systemd release the hard limit
7959 systemd passes on is increased to 512K, overriding the kernel's
7960 defaults and substantially increasing the number of simultaneous file
7961 descriptors unprivileged userspace processes can allocate. Note that
7962 the soft limit remains at 1024 for compatibility reasons: the
7963 traditional UNIX select() call cannot deal with file descriptors >=
7964 1024 and increasing the soft limit globally might thus result in
7965 programs unexpectedly allocating a high file descriptor and thus
7966 failing abnormally when attempting to use it with select() (of
7967 course, programs shouldn't use select() anymore, and prefer
7968 poll()/epoll, but the call unfortunately remains undeservedly popular
7969 at this time). This change reflects the fact that file descriptor
7970 handling in the Linux kernel has been optimized in more recent
7971 kernels and allocating large numbers of them should be much cheaper
7972 both in memory and in performance than it used to be. Programs that
7973 want to take benefit of the increased limit have to "opt-in" into
7974 high file descriptors explicitly by raising their soft limit. Of
7975 course, when they do that they must acknowledge that they cannot use
7976 select() anymore (and neither can any shared library they use — or
7977 any shared library used by any shared library they use and so on).
7978 Which default hard limit is most appropriate is of course hard to
7979 decide. However, given reports that ~300K file descriptors are used
7980 in real-life applications we believe 512K is sufficiently high as new
7981 default for now. Note that there are also reports that using very
7982 high hard limits (e.g. 1G) is problematic: some software allocates
7983 large arrays with one element for each potential file descriptor
7984 (Java, …) — a high hard limit thus triggers excessively large memory
7985 allocations in these applications. Hopefully, the new default of 512K
7986 is a good middle ground: higher than what real-life applications
7987 currently need, and low enough for avoid triggering excessively large
7988 allocations in problematic software. (And yes, somebody should fix
7991 * The fs.nr_open and fs.file-max sysctls are now automatically bumped
7992 to the highest possible values, as separate accounting of file
7993 descriptors is no longer necessary, as memcg tracks them correctly as
7994 part of the memory accounting anyway. Thus, from the four limits on
7995 file descriptors currently enforced (fs.file-max, fs.nr_open,
7996 RLIMIT_NOFILE hard, RLIMIT_NOFILE soft) we turn off the first two,
7997 and keep only the latter two. A set of build-time options
7998 (-Dbump-proc-sys-fs-file-max=false and -Dbump-proc-sys-fs-nr-open=false)
7999 has been added to revert this change in behaviour, which might be
8000 an option for systems that turn off memcg in the kernel.
8002 * When no /etc/locale.conf file exists (and hence no locale settings
8003 are in place), systemd will now use the "C.UTF-8" locale by default,
8004 and set LANG= to it. This locale is supported by various
8005 distributions including Fedora, with clear indications that upstream
8006 glibc is going to make it available too. This locale enables UTF-8
8007 mode by default, which appears appropriate for 2018.
8009 * The "net.ipv4.conf.all.rp_filter" sysctl will now be set to 2 by
8010 default. This effectively switches the RFC3704 Reverse Path filtering
8011 from Strict mode to Loose mode. This is more appropriate for hosts
8012 that have multiple links with routes to the same networks (e.g.
8013 a client with a Wi-Fi and Ethernet both connected to the internet).
8015 Consult the kernel documentation for details on this sysctl:
8016 https://docs.kernel.org/networking/ip-sysctl.html
8018 * The v239 change to turn on "net.ipv4.tcp_ecn" by default has been
8021 * CPUAccounting=yes no longer enables the CPU controller when using
8022 kernel 4.15+ and the unified cgroup hierarchy, as required accounting
8023 statistics are now provided independently from the CPU controller.
8025 * Support for disabling a particular cgroup controller within a sub-tree
8026 has been added through the DisableControllers= directive.
8028 * cgroup_no_v1=all on the kernel command line now also implies
8029 using the unified cgroup hierarchy, unless one explicitly passes
8030 systemd.unified_cgroup_hierarchy=0 on the kernel command line.
8032 * The new "MemoryMin=" unit file property may now be used to set the
8033 memory usage protection limit of processes invoked by the unit. This
8034 controls the cgroup v2 memory.min attribute. Similarly, the new
8035 "IODeviceLatencyTargetSec=" property has been added, wrapping the new
8036 cgroup v2 io.latency cgroup property for configuring per-service I/O
8039 * systemd now supports the cgroup v2 devices BPF logic, as counterpart
8040 to the cgroup v1 "devices" cgroup controller.
8042 * systemd-escape now is able to combine --unescape with --template. It
8043 also learnt a new option --instance for extracting and unescaping the
8044 instance part of a unit name.
8046 * sd-bus now provides the sd_bus_message_readv() which is similar to
8047 sd_bus_message_read() but takes a va_list object. The pair
8048 sd_bus_set_method_call_timeout() and sd_bus_get_method_call_timeout()
8049 has been added for configuring the default method call timeout to
8050 use. sd_bus_error_move() may be used to efficiently move the contents
8051 from one sd_bus_error structure to another, invalidating the
8052 source. sd_bus_set_close_on_exit() and sd_bus_get_close_on_exit() may
8053 be used to control whether a bus connection object is automatically
8054 flushed when an sd-event loop is exited.
8056 * When processing classic BSD syslog log messages, journald will now
8057 save the original time-stamp string supplied in the new
8058 SYSLOG_TIMESTAMP= journal field. This permits consumers to
8059 reconstruct the original BSD syslog message more correctly.
8061 * StandardOutput=/StandardError= in service files gained support for
8062 new "append:…" parameters, for connecting STDOUT/STDERR of a service
8063 to a file, and appending to it.
8065 * The signal to use as last step of killing of unit processes is now
8066 configurable. Previously it was hard-coded to SIGKILL, which may now
8067 be overridden with the new KillSignal= setting. Note that this is the
8068 signal used when regular termination (i.e. SIGTERM) does not suffice.
8069 Similarly, the signal used when aborting a program in case of a
8070 watchdog timeout may now be configured too (WatchdogSignal=).
8072 * The XDG_SESSION_DESKTOP environment variable may now be configured in
8073 the pam_systemd argument line, using the new desktop= switch. This is
8074 useful to initialize it properly from a display manager without
8075 having to touch C code.
8077 * Most configuration options that previously accepted percentage values
8078 now also accept permille values with the '‰' suffix (instead of '%').
8080 * systemd-resolved may now optionally use OpenSSL instead of GnuTLS for
8083 * systemd-resolved's configuration file resolved.conf gained a new
8084 option ReadEtcHosts= which may be used to turn off processing and
8085 honoring /etc/hosts entries.
8087 * The "--wait" switch may now be passed to "systemctl
8088 is-system-running", in which case the tool will synchronously wait
8089 until the system finished start-up.
8091 * hostnamed gained a new bus call to determine the DMI product UUID.
8093 * On x86-64 systemd will now prefer using the RDRAND processor
8094 instruction over /dev/urandom whenever it requires randomness that
8095 neither has to be crypto-grade nor should be reproducible. This
8096 should substantially reduce the amount of entropy systemd requests
8097 from the kernel during initialization on such systems, though not
8098 reduce it to zero. (Why not zero? systemd still needs to allocate
8099 UUIDs and such uniquely, which require high-quality randomness.)
8101 * networkd gained support for Foo-Over-UDP, ERSPAN and ISATAP
8102 tunnels. It also gained a new option ForceDHCPv6PDOtherInformation=
8103 for forcing the "Other Information" bit in IPv6 RA messages. The
8104 bonding logic gained four new options AdActorSystemPriority=,
8105 AdUserPortKey=, AdActorSystem= for configuring various 802.3ad
8106 aspects, and DynamicTransmitLoadBalancing= for enabling dynamic
8107 shuffling of flows. The tunnel logic gained a new
8108 IPv6RapidDeploymentPrefix= option for configuring IPv6 Rapid
8109 Deployment. The policy rule logic gained four new options IPProtocol=,
8110 SourcePort= and DestinationPort=, InvertRule=. The bridge logic gained
8111 support for the MulticastToUnicast= option. networkd also gained
8112 support for configuring static IPv4 ARP or IPv6 neighbor entries.
8114 * .preset files (as read by 'systemctl preset') may now be used to
8115 instantiate services.
8117 * /etc/crypttab now understands the sector-size= option to configure
8118 the sector size for an encrypted partition.
8120 * Key material for encrypted disks may now be placed on a formatted
8121 medium, and referenced from /etc/crypttab by the UUID of the file
8122 system, followed by "=" suffixed by the path to the key file.
8124 * The "collect" udev component has been removed without replacement, as
8125 it is neither used nor maintained.
8127 * When the RuntimeDirectory=, StateDirectory=, CacheDirectory=,
8128 LogsDirectory=, ConfigurationDirectory= settings are used in a
8129 service the executed processes will now receive a set of environment
8130 variables containing the full paths of these directories.
8131 Specifically, RUNTIME_DIRECTORY=, STATE_DIRECTORY, CACHE_DIRECTORY,
8132 LOGS_DIRECTORY, CONFIGURATION_DIRECTORY are now set if these options
8133 are used. Note that these options may be used multiple times per
8134 service in which case the resulting paths will be concatenated and
8135 separated by colons.
8137 * Predictable interface naming has been extended to cover InfiniBand
8138 NICs. They will be exposed with an "ib" prefix.
8140 * tmpfiles.d/ line types may now be suffixed with a '-' character, in
8141 which case the respective line failing is ignored.
8143 * .link files may now be used to configure the equivalent to the
8144 "ethtool advertise" commands.
8146 * The sd-device.h and sd-hwdb.h APIs are now exported, as an
8147 alternative to libudev.h. Previously, the latter was just an internal
8148 wrapper around the former, but now these two APIs are exposed
8151 * sd-id128.h gained a new function sd_id128_get_boot_app_specific()
8152 which calculates an app-specific boot ID similar to how
8153 sd_id128_get_machine_app_specific() generates an app-specific machine
8156 * A new tool systemd-id128 has been added that can be used to determine
8157 and generate various 128-bit IDs.
8159 * /etc/os-release gained two new standardized fields DOCUMENTATION_URL=
8162 * systemd-hibernate-resume-generator will now honor the "noresume"
8163 kernel command line option, in which case it will bypass resuming
8164 from any hibernated image.
8166 * The systemd-sleep.conf configuration file gained new options
8167 AllowSuspend=, AllowHibernation=, AllowSuspendThenHibernate=,
8168 AllowHybridSleep= for prohibiting specific sleep modes even if the
8169 kernel exports them.
8171 * portablectl is now officially supported and has thus moved to
8174 * bootctl learnt the two new commands "set-default" and "set-oneshot"
8175 for setting the default boot loader item to boot to (either
8176 persistently or only for the next boot). This is currently only
8177 compatible with sd-boot, but may be implemented on other boot loaders
8178 too, that follow the boot loader interface. The updated interface is
8179 now documented here:
8181 https://systemd.io/BOOT_LOADER_INTERFACE
8183 * A new kernel command line option systemd.early_core_pattern= is now
8184 understood which may be used to influence the core_pattern PID 1
8185 installs during early boot.
8187 * busctl learnt two new options -j and --json= for outputting method
8188 call replies, properties and monitoring output in JSON.
8190 * journalctl's JSON output now supports simple ANSI coloring as well as
8191 a new "json-seq" mode for generating RFC7464 output.
8193 * Unit files now support the %g/%G specifiers that resolve to the UNIX
8194 group/GID of the service manager runs as, similar to the existing
8195 %u/%U specifiers that resolve to the UNIX user/UID.
8197 * systemd-logind learnt a new global configuration option
8198 UserStopDelaySec= that may be set in logind.conf. It specifies how
8199 long the systemd --user instance shall remain started after a user
8200 logs out. This is useful to speed up repetitive re-connections of the
8201 same user, as it means the user's service manager doesn't have to be
8202 stopped/restarted on each iteration, but can be reused between
8203 subsequent options. This setting defaults to 10s. systemd-logind also
8204 exports two new properties on its Manager D-Bus objects indicating
8205 whether the system's lid is currently closed, and whether the system
8208 * systemd gained support for a generic boot counting logic, which
8209 generically permits automatic reverting to older boot loader entries
8210 if newer updated ones don't work. The boot loader side is implemented
8211 in sd-boot, but is kept open for other boot loaders too. For details
8214 https://systemd.io/AUTOMATIC_BOOT_ASSESSMENT
8216 * The SuccessAction=/FailureAction= unit file settings now learnt two
8217 new parameters: "exit" and "exit-force", which result in immediate
8218 exiting of the service manager, and are only useful in systemd --user
8219 and container environments.
8221 * Unit files gained support for a pair of options
8222 FailureActionExitStatus=/SuccessActionExitStatus= for configuring the
8223 exit status to use as service manager exit status when
8224 SuccessAction=/FailureAction= is set to exit or exit-force.
8226 * A pair of LogRateLimitIntervalSec=/LogRateLimitBurst= per-service
8227 options may now be used to configure the log rate limiting applied by
8228 journald per-service.
8230 * systemd-analyze gained a new verb "timespan" for parsing and
8231 normalizing time span values (i.e. strings like "5min 7s 8us").
8233 * systemd-analyze also gained a new verb "security" for analyzing the
8234 security and sand-boxing settings of services in order to determine an
8235 "exposure level" for them, indicating whether a service would benefit
8236 from more sand-boxing options turned on for them.
8238 * "systemd-analyze syscall-filter" will now also show system calls
8239 supported by the local kernel but not included in any of the defined
8242 * .nspawn files now understand the Ephemeral= setting, matching the
8243 --ephemeral command line switch.
8245 * sd-event gained the new APIs sd_event_source_get_floating() and
8246 sd_event_source_set_floating() for controlling whether a specific
8247 event source is "floating", i.e. destroyed along with the even loop
8250 * Unit objects on D-Bus gained a new "Refs" property that lists all
8251 clients that currently have a reference on the unit (to ensure it is
8254 * The JoinControllers= option in system.conf is no longer supported, as
8255 it didn't work correctly, is hard to support properly, is legacy (as
8256 the concept only exists on cgroup v1) and apparently wasn't used.
8258 * Journal messages that are generated whenever a unit enters the failed
8259 state are now tagged with a unique MESSAGE_ID. Similarly, messages
8260 generated whenever a service process exits are now made recognizable,
8261 too. A tagged message is also emitted whenever a unit enters the
8262 "dead" state on success.
8264 * systemd-run gained a new switch --working-directory= for configuring
8265 the working directory of the service to start. A shortcut -d is
8266 equivalent, setting the working directory of the service to the
8267 current working directory of the invoking program. The new --shell
8268 (or just -S) option has been added for invoking the $SHELL of the
8269 caller as a service, and implies --pty --same-dir --wait --collect
8270 --service-type=exec. Or in other words, "systemd-run -S" is now the
8271 quickest way to quickly get an interactive in a fully clean and
8272 well-defined system service context.
8274 * machinectl gained a new verb "import-fs" for importing an OS tree
8275 from a directory. Moreover, when a directory or tarball is imported
8276 and single top-level directory found with the OS itself below the OS
8277 tree is automatically mangled and moved one level up.
8279 * systemd-importd will no longer set up an implicit btrfs loop-back
8280 file system on /var/lib/machines. If one is already set up, it will
8281 continue to be used.
8283 * A new generator "systemd-run-generator" has been added. It will
8284 synthesize a unit from one or more program command lines included in
8285 the kernel command line. This is very useful in container managers
8288 # systemd-nspawn -i someimage.raw -b systemd.run='"some command line"'
8290 This will run "systemd-nspawn" on an image, invoke the specified
8291 command line and immediately shut down the container again, returning
8292 the command line's exit code.
8294 * The block device locking logic is now documented:
8296 https://systemd.io/BLOCK_DEVICE_LOCKING
8298 * loginctl and machinectl now optionally output the various tables in
8299 JSON using the --output= switch. It is our intention to add similar
8300 support to systemctl and all other commands.
8302 * udevadm's query and trigger verb now optionally take a .device unit
8305 * systemd-udevd's network naming logic now understands a new
8306 net.naming-scheme= kernel command line switch, which may be used to
8307 pick a specific version of the naming scheme. This helps stabilizing
8308 interface names even as systemd/udev are updated and the naming logic
8311 * sd-id128.h learnt two new auxiliary helpers: sd_id128_is_allf() and
8312 SD_ID128_ALLF to test if a 128-bit ID is set to all 0xFF bytes, and to
8313 initialize one to all 0xFF.
8315 * After loading the SELinux policy systemd will now recursively relabel
8316 all files and directories listed in
8317 /run/systemd/relabel-extra.d/*.relabel (which should be simple
8318 newline separated lists of paths) in addition to the ones it already
8319 implicitly relabels in /run, /dev and /sys. After the relabelling is
8320 completed the *.relabel files (and /run/systemd/relabel-extra.d/) are
8321 removed. This is useful to permit initrds (i.e. code running before
8322 the SELinux policy is in effect) to generate files in the host
8323 filesystem safely and ensure that the correct label is applied during
8324 the transition to the host OS.
8326 * KERNEL API BREAKAGE: Linux kernel 4.18 changed behaviour regarding
8327 mknod() handling in user namespaces. Previously mknod() would always
8328 fail with EPERM in user namespaces. Since 4.18 mknod() will succeed
8329 but device nodes generated that way cannot be opened, and attempts to
8330 open them result in EPERM. This breaks the "graceful fallback" logic
8331 in systemd's PrivateDevices= sand-boxing option. This option is
8332 implemented defensively, so that when systemd detects it runs in a
8333 restricted environment (such as a user namespace, or an environment
8334 where mknod() is blocked through seccomp or absence of CAP_SYS_MKNOD)
8335 where device nodes cannot be created the effect of PrivateDevices= is
8336 bypassed (following the logic that 2nd-level sand-boxing is not
8337 essential if the system systemd runs in is itself already sand-boxed
8338 as a whole). This logic breaks with 4.18 in container managers where
8339 user namespacing is used: suddenly PrivateDevices= succeeds setting
8340 up a private /dev/ file system containing devices nodes — but when
8341 these are opened they don't work.
8343 At this point it is recommended that container managers utilizing
8344 user namespaces that intend to run systemd in the payload explicitly
8345 block mknod() with seccomp or similar, so that the graceful fallback
8348 We are very sorry for the breakage and the requirement to change
8349 container configurations for newer kernels. It's purely caused by an
8350 incompatible kernel change. The relevant kernel developers have been
8351 notified about this userspace breakage quickly, but they chose to
8354 * PermissionsStartOnly= setting is deprecated (but is still supported
8355 for backwards compatibility). The same functionality is provided by
8356 the more flexible "+", "!", and "!!" prefixes to ExecStart= and other
8359 * $DBUS_SESSION_BUS_ADDRESS environment variable is not set by
8360 pam_systemd anymore.
8362 * The naming scheme for network devices was changed to always rename
8363 devices, even if they were already renamed by userspace. The "kernel"
8364 policy was changed to only apply as a fallback, if no other naming
8367 * The requirements to build systemd is bumped to meson-0.46 and
8370 Contributions from: afg, Alan Jenkins, Aleksei Timofeyev, Alexander
8371 Filippov, Alexander Kurtz, Alexey Bogdanenko, Andreas Henriksson,
8372 Andrew Jorgensen, Anita Zhang, apnix-uk, Arkan49, Arseny Maslennikov,
8373 asavah, Asbjørn Apeland, aszlig, Bastien Nocera, Ben Boeckel, Benedikt
8374 Morbach, Benjamin Berg, Bruce Zhang, Carlo Caione, Cedric Viou, Chen
8375 Qi, Chris Chiu, Chris Down, Chris Morin, Christian Rebischke, Claudius
8376 Ellsel, Colin Guthrie, dana, Daniel, Daniele Medri, Daniel Kahn
8377 Gillmor, Daniel Rusek, Daniel van Vugt, Dariusz Gadomski, Dave Reisner,
8378 David Anderson, Davide Cavalca, David Leeds, David Malcolm, David
8379 Strauss, David Tardon, Dimitri John Ledkov, Dmitry Torokhov, dj-kaktus,
8380 Dongsu Park, Elias Probst, Emil Soleyman, Erik Kooistra, Ervin Peters,
8381 Evgeni Golov, Evgeny Vereshchagin, Fabrice Fontaine, Faheel Ahmad,
8382 Faizal Luthfi, Felix Yan, Filipe Brandenburger, Franck Bui, Frank
8383 Schaefer, Frantisek Sumsal, Gautier Husson, Gianluca Boiano, Giuseppe
8384 Scrivano, glitsj16, Hans de Goede, Harald Hoyer, Harry Mallon, Harshit
8385 Jain, Helmut Grohne, Henry Tung, Hui Yiqun, imayoda, Insun Pyo, Iwan
8386 Timmer, Jan Janssen, Jan Pokorný, Jan Synacek, Jason A. Donenfeld,
8387 javitoom, Jérémy Nouhaud, Jeremy Su, Jiuyang Liu, João Paulo Rechi
8388 Vita, Joe Hershberger, Joe Rayhawk, Joerg Behrmann, Joerg Steffens,
8389 Jonas Dorel, Jon Ringle, Josh Soref, Julian Andres Klode, Jun Bo Bi,
8390 Jürg Billeter, Keith Busch, Khem Raj, Kirill Marinushkin, Larry
8391 Bernstone, Lennart Poettering, Lion Yang, Li Song, Lorenz
8392 Hübschle-Schneider, Lubomir Rintel, Lucas Werkmeister, Ludwin Janvier,
8393 Lukáš Nykrýn, Luke Shumaker, mal, Marc-Antoine Perennou, Marcin
8394 Skarbek, Marco Trevisan (Treviño), Marian Cepok, Mario Hros, Marko
8395 Myllynen, Markus Grimm, Martin Pitt, Martin Sobotka, Martin Wilck,
8396 Mathieu Trudel-Lapierre, Matthew Leeds, Michael Biebl, Michael Olbrich,
8397 Michael 'pbone' Pobega, Michael Scherer, Michal Koutný, Michal
8398 Sekletar, Michal Soltys, Mike Gilbert, Mike Palmer, Muhammet Kara, Neal
8399 Gompa, Neil Brown, Network Silence, Niklas Tibbling, Nikolas Nyby,
8400 Nogisaka Sadata, Oliver Smith, Patrik Flykt, Pavel Hrdina, Paweł
8401 Szewczyk, Peter Hutterer, Piotr Drąg, Ray Strode, Reinhold Mueller,
8402 Renaud Métrich, Roman Gushchin, Ronny Chevalier, Rubén Suárez Alvarez,
8403 Ruixin Bao, RussianNeuroMancer, Ryutaroh Matsumoto, Saleem Rashid, Sam
8404 Morris, Samuel Morris, Sandy Carter, scootergrisen, Sébastien Bacher,
8405 Sergey Ptashnick, Shawn Landden, Shengyao Xue, Shih-Yuan Lee
8406 (FourDollars), Silvio Knizek, Sjoerd Simons, Stasiek Michalski, Stephen
8407 Gallagher, Steven Allen, Steve Ramage, Susant Sahani, Sven Joachim,
8408 Sylvain Plantefève, Tanu Kaskinen, Tejun Heo, Thiago Macieira, Thomas
8409 Blume, Thomas Haller, Thomas H. P. Andersen, Tim Ruffing, TJ, Tobias
8410 Jungel, Todd Walton, Tommi Rantala, Tomsod M, Tony Novak, Tore
8411 Anderson, Trevonn, Victor Laskurain, Victor Tapia, Violet Halo, Vojtech
8412 Trefny, welaq, William A. Kennington III, William Douglas, Wyatt Ward,
8413 Xiang Fan, Xi Ruoyao, Xuanwo, Yann E. Morin, YmrDtnJu, Yu Watanabe,
8414 Zbigniew Jędrzejewski-Szmek, Zhang Xianwei, Zsolt Dollenstein
8416 — Warsaw, 2018-12-21
8420 * NETWORK INTERFACE DEVICE NAMING CHANGES: systemd-udevd's "net_id"
8421 builtin will name network interfaces differently than in previous
8422 versions for virtual network interfaces created with SR-IOV and NPAR
8423 and for devices where the PCI network controller device does not have
8424 a slot number associated.
8426 SR-IOV virtual devices are now named based on the name of the parent
8427 interface, with a suffix of "v<N>", where <N> is the virtual device
8428 number. Previously those virtual devices were named as if completely
8431 The ninth and later NPAR virtual devices will be named following the
8432 scheme used for the first eight NPAR partitions. Previously those
8433 devices were not renamed and the kernel default (eth<n>) was used.
8435 "net_id" will also generate names for PCI devices where the PCI
8436 network controller device does not have an associated slot number
8437 itself, but one of its parents does. Previously those devices were
8438 not renamed and the kernel default (eth<n>) was used.
8440 * AF_INET and AF_INET6 are dropped from RestrictAddressFamilies= in
8441 systemd-logind.service. Since v235, IPAddressDeny=any has been set to
8442 the unit. So, it is expected that the default behavior of
8443 systemd-logind is not changed. However, if distribution packagers or
8444 administrators disabled or modified IPAddressDeny= setting by a
8445 drop-in config file, then it may be necessary to update the file to
8446 re-enable AF_INET and AF_INET6 to support network user name services,
8449 * When the RestrictNamespaces= unit property is specified multiple
8450 times, then the specified types are merged now. Previously, only the
8451 last assignment was used. So, if distribution packagers or
8452 administrators modified the setting by a drop-in config file, then it
8453 may be necessary to update the file.
8455 * When OnFailure= is used in combination with Restart= on a service
8456 unit, then the specified units will no longer be triggered on
8457 failures that result in restarting. Previously, the specified units
8458 would be activated each time the unit failed, even when the unit was
8459 going to be restarted automatically. This behaviour contradicted the
8460 documentation. With this release the code is adjusted to match the
8463 * systemd-tmpfiles will now print a notice whenever it encounters
8464 tmpfiles.d/ lines referencing the /var/run/ directory. It will
8465 recommend reworking them to use the /run/ directory instead (for
8466 which /var/run/ is simply a symlinked compatibility alias). This way
8467 systemd-tmpfiles can properly detect line conflicts and merge lines
8468 referencing the same file by two paths, without having to access
8471 * systemctl disable/unmask/preset/preset-all cannot be used with
8472 --runtime. Previously this was allowed, but resulted in unintuitive
8473 behaviour that wasn't useful. systemctl disable/unmask will now undo
8474 both runtime and persistent enablement/masking, i.e. it will remove
8475 any relevant symlinks both in /run and /etc.
8477 * Note that all long-running system services shipped with systemd will
8478 now default to a system call allow list (rather than a deny list, as
8479 before). In particular, systemd-udevd will now enforce one too. For
8480 most cases this should be safe, however downstream distributions
8481 which disabled sandboxing of systemd-udevd (specifically the
8482 MountFlags= setting), might want to disable this security feature
8483 too, as the default allow-listing will prohibit all mount, swap,
8484 reboot and clock changing operations from udev rules.
8486 * sd-boot acquired new loader configuration settings to optionally turn
8487 off Windows and MacOS boot partition discovery as well as
8488 reboot-into-firmware menu items. It is also able to pick a better
8489 screen resolution for HiDPI systems, and now provides loader
8490 configuration settings to change the resolution explicitly.
8492 * systemd-resolved now supports DNS-over-TLS. It's still
8493 turned off by default, use DNSOverTLS=opportunistic to turn it on in
8494 resolved.conf. We intend to make this the default as soon as couple
8495 of additional techniques for optimizing the initial latency caused by
8496 establishing a TLS/TCP connection are implemented.
8498 * systemd-resolved.service and systemd-networkd.service now set
8499 DynamicUser=yes. The users systemd-resolve and systemd-network are
8500 not created by systemd-sysusers anymore.
8502 NOTE: This has a chance of breaking nss-ldap and similar NSS modules
8503 that embed a network facing module into any process using getpwuid()
8504 or related call: the dynamic allocation of the user ID for
8505 systemd-resolved.service means the service manager has to check NSS
8506 if the user name is already taken when forking off the service. Since
8507 the user in the common case won't be defined in /etc/passwd the
8508 lookup is likely to trigger nss-ldap which in turn might use NSS to
8509 ask systemd-resolved for hostname lookups. This will hence result in
8510 a deadlock: a user name lookup in order to start
8511 systemd-resolved.service will result in a hostname lookup for which
8512 systemd-resolved.service needs to be started already. There are
8513 multiple ways to work around this problem: pre-allocate the
8514 "systemd-resolve" user on such systems, so that nss-ldap won't be
8515 triggered; or use a different NSS package that doesn't do networking
8516 in-process but provides a local asynchronous name cache; or configure
8517 the NSS package to avoid lookups for UIDs in the range `pkg-config
8518 systemd --variable=dynamicuidmin` … `pkg-config systemd
8519 --variable=dynamicuidmax`, so that it does not consider itself
8520 authoritative for the same UID range systemd allocates dynamic users
8523 * The systemd-resolve tool has been renamed to resolvectl (it also
8524 remains available under the old name, for compatibility), and its
8525 interface is now verb-based, similar in style to the other <xyz>ctl
8526 tools, such as systemctl or loginctl.
8528 * The resolvectl/systemd-resolve tool also provides 'resolvconf'
8529 compatibility. It may be symlinked under the 'resolvconf' name, in
8530 which case it will take arguments and input compatible with the
8531 Debian and FreeBSD resolvconf tool.
8533 * Support for suspend-then-hibernate has been added, i.e. a sleep mode
8534 where the system initially suspends, and after a timeout resumes and
8537 * networkd's ClientIdentifier= now accepts a new option "duid-only". If
8538 set the client will only send a DUID as client identifier. (EDIT: the
8539 option was broken, and was dropped in v255.)
8541 * The nss-systemd glibc NSS module will now enumerate dynamic users and
8542 groups in effect. Previously, it could resolve UIDs/GIDs to user
8543 names/groups and vice versa, but did not support enumeration.
8545 * journald's Compress= configuration setting now optionally accepts a
8546 byte threshold value. All journal objects larger than this threshold
8547 will be compressed, smaller ones will not. Previously this threshold
8548 was not configurable and set to 512.
8550 * A new system.conf setting NoNewPrivileges= is now available which may
8551 be used to turn off acquisition of new privileges system-wide
8552 (i.e. set Linux' PR_SET_NO_NEW_PRIVS for PID 1 itself, and thus also
8553 for all its children). Note that turning this option on means setuid
8554 binaries and file system capabilities lose their special powers.
8555 While turning on this option is a big step towards a more secure
8556 system, doing so is likely to break numerous pre-existing UNIX tools,
8557 in particular su and sudo.
8559 * A new service systemd-time-sync-wait.service has been added. If
8560 enabled it will delay the time-sync.target unit at boot until time
8561 synchronization has been received from the network. This
8562 functionality is useful on systems lacking a local RTC or where it is
8563 acceptable that the boot process shall be delayed by external network
8566 * When hibernating, systemd will now inform the kernel of the image
8567 write offset, on kernels new enough to support this. This means swap
8568 files should work for hibernation now.
8570 * When loading unit files, systemd will now look for drop-in unit files
8571 extensions in additional places. Previously, for a unit file name
8572 "foo-bar-baz.service" it would look for dropin files in
8573 "foo-bar-baz.service.d/*.conf". Now, it will also look in
8574 "foo-bar-.service.d/*.conf" and "foo-.service.d/", i.e. at the
8575 service name truncated after all inner dashes. This scheme allows
8576 writing drop-ins easily that apply to a whole set of unit files at
8577 once. It's particularly useful for mount and slice units (as their
8578 naming is prefix based), but is also useful for service and other
8579 units, for packages that install multiple unit files at once,
8580 following a strict naming regime of beginning the unit file name with
8581 the package's name. Two new specifiers are now supported in unit
8582 files to match this: %j and %J are replaced by the part of the unit
8583 name following the last dash.
8585 * Unit files and other configuration files that support specifier
8586 expansion now understand another three new specifiers: %T and %V will
8587 resolve to /tmp and /var/tmp respectively, or whatever temporary
8588 directory has been set for the calling user. %E will expand to either
8589 /etc (for system units) or $XDG_CONFIG_HOME (for user units).
8591 * The ExecStart= lines of unit files are no longer required to
8592 reference absolute paths. If non-absolute paths are specified the
8593 specified binary name is searched within the service manager's
8594 built-in $PATH, which may be queried with 'systemd-path
8595 search-binaries-default'. It's generally recommended to continue to
8596 use absolute paths for all binaries specified in unit files.
8598 * Units gained a new load state "bad-setting", which is used when a
8599 unit file was loaded, but contained fatal errors which prevent it
8600 from being started (for example, a service unit has been defined
8601 lacking both ExecStart= and ExecStop= lines).
8603 * coredumpctl's "gdb" verb has been renamed to "debug", in order to
8604 support alternative debuggers, for example lldb. The old name
8605 continues to be available however, for compatibility reasons. Use the
8606 new --debugger= switch or the $SYSTEMD_DEBUGGER environment variable
8607 to pick an alternative debugger instead of the default gdb.
8609 * systemctl and the other tools will now output escape sequences that
8610 generate proper clickable hyperlinks in various terminal emulators
8611 where useful (for example, in the "systemctl status" output you can
8612 now click on the unit file name to quickly open it in the
8613 editor/viewer of your choice). Note that not all terminal emulators
8614 support this functionality yet, but many do. Unfortunately, the
8615 "less" pager doesn't support this yet, hence this functionality is
8616 currently automatically turned off when a pager is started (which
8617 happens quite often due to auto-paging). We hope to remove this
8618 limitation as soon as "less" learns these escape sequences. This new
8619 behaviour may also be turned off explicitly with the $SYSTEMD_URLIFY
8620 environment variable. For details on these escape sequences see:
8621 https://gist.github.com/egmontkob/eb114294efbcd5adb1944c9f3cb5feda
8623 * networkd's .network files now support a new IPv6MTUBytes= option for
8624 setting the MTU used by IPv6 explicitly as well as a new MTUBytes=
8625 option in the [Route] section to configure the MTU to use for
8626 specific routes. It also gained support for configuration of the DHCP
8627 "UserClass" option through the new UserClass= setting. It gained
8628 three new options in the new [CAN] section for configuring CAN
8629 networks. The MULTICAST and ALLMULTI interface flags may now be
8630 controlled explicitly with the new Multicast= and AllMulticast=
8633 * networkd will now automatically make use of the kernel's route
8634 expiration feature, if it is available.
8636 * udevd's .link files now support setting the number of receive and
8637 transmit channels, using the RxChannels=, TxChannels=,
8638 OtherChannels=, CombinedChannels= settings.
8640 * Support for UDPSegmentationOffload= has been removed, given its
8641 limited support in hardware, and waning software support.
8643 * networkd's .netdev files now support creating "netdevsim" interfaces.
8645 * PID 1 learnt a new bus call GetUnitByControlGroup() which may be used
8646 to query the unit belonging to a specific kernel control group.
8648 * systemd-analyze gained a new verb "cat-config", which may be used to
8649 dump the contents of any configuration file, with all its matching
8650 drop-in files added in, and honouring the usual search and masking
8651 logic applied to systemd configuration files. For example use
8652 "systemd-analyze cat-config systemd/system.conf" to get the complete
8653 system configuration file of systemd how it would be loaded by PID 1
8654 itself. Similar to this, various tools such as systemd-tmpfiles or
8655 systemd-sysusers, gained a new option "--cat-config", which does the
8656 corresponding operation for their own configuration settings. For
8657 example, "systemd-tmpfiles --cat-config" will now output the full
8658 list of tmpfiles.d/ lines in place.
8660 * timedatectl gained three new verbs: "show" shows bus properties of
8661 systemd-timedated, "timesync-status" shows the current NTP
8662 synchronization state of systemd-timesyncd, and "show-timesync"
8663 shows bus properties of systemd-timesyncd.
8665 * systemd-timesyncd gained a bus interface on which it exposes details
8668 * A new environment variable $SYSTEMD_TIMEDATED_NTP_SERVICES is now
8669 understood by systemd-timedated. It takes a colon-separated list of
8670 unit names of NTP client services. The list is used by
8671 "timedatectl set-ntp".
8673 * systemd-nspawn gained a new --rlimit= switch for setting initial
8674 resource limits for the container payload. There's a new switch
8675 --hostname= to explicitly override the container's hostname. A new
8676 --no-new-privileges= switch may be used to control the
8677 PR_SET_NO_NEW_PRIVS flag for the container payload. A new
8678 --oom-score-adjust= switch controls the OOM scoring adjustment value
8679 for the payload. The new --cpu-affinity= switch controls the CPU
8680 affinity of the container payload. The new --resolv-conf= switch
8681 allows more detailed control of /etc/resolv.conf handling of the
8682 container. Similarly, the new --timezone= switch allows more detailed
8683 control of /etc/localtime handling of the container.
8685 * systemd-detect-virt gained a new --list switch, which will print a
8686 list of all currently known VM and container environments.
8688 * Support for "Portable Services" has been added, see
8689 doc/PORTABLE_SERVICES.md for details. Currently, the support is still
8690 experimental, but this is expected to change soon. Reflecting this
8691 experimental state, the "portablectl" binary is not installed into
8692 /usr/bin yet. The binary has to be called with the full path
8693 /usr/lib/systemd/portablectl instead.
8695 * journalctl's and systemctl's -o switch now knows a new log output
8696 mode "with-unit". The output it generates is very similar to the
8697 regular "short" mode, but displays the unit name instead of the
8698 syslog tag for each log line. Also, the date is shown with timezone
8699 information. This mode is probably more useful than the classic
8700 "short" output mode for most purposes, except where pixel-perfect
8701 compatibility with classic /var/log/messages formatting is required.
8703 * A new --dump-bus-properties switch has been added to the systemd
8704 binary, which may be used to dump all supported D-Bus properties.
8705 (Options which are still supported, but are deprecated, are *not*
8708 * sd-bus gained a set of new calls:
8709 sd_bus_slot_set_floating()/sd_bus_slot_get_floating() may be used to
8710 enable/disable the "floating" state of a bus slot object,
8711 i.e. whether the slot object pins the bus it is allocated for into
8712 memory or if the bus slot object gets disconnected when the bus goes
8713 away. sd_bus_open_with_description(),
8714 sd_bus_open_user_with_description(),
8715 sd_bus_open_system_with_description() may be used to allocate bus
8716 objects and set their description string already during allocation.
8718 * sd-event gained support for watching inotify events from the event
8719 loop, in an efficient way, sharing inotify handles between multiple
8720 users. For this a new function sd_event_add_inotify() has been added.
8722 * sd-event and sd-bus gained support for calling special user-supplied
8723 destructor functions for userdata pointers associated with
8724 sd_event_source, sd_bus_slot, and sd_bus_track objects. For this new
8725 functions sd_bus_slot_set_destroy_callback,
8726 sd_bus_slot_get_destroy_callback, sd_bus_track_set_destroy_callback,
8727 sd_bus_track_get_destroy_callback,
8728 sd_event_source_set_destroy_callback,
8729 sd_event_source_get_destroy_callback have been added.
8731 * The "net.ipv4.tcp_ecn" sysctl will now be turned on by default.
8733 * PID 1 will now automatically reschedule .timer units whenever the
8734 local timezone changes. (They previously got rescheduled
8735 automatically when the system clock changed.)
8737 * New documentation has been added to document cgroups delegation,
8738 portable services and the various code quality tools we have set up:
8740 https://github.com/systemd/systemd/blob/master/docs/CGROUP_DELEGATION.md
8741 https://github.com/systemd/systemd/blob/master/docs/PORTABLE_SERVICES.md
8742 https://github.com/systemd/systemd/blob/master/docs/CODE_QUALITY.md
8744 * The Boot Loader Specification has been added to the source tree.
8746 https://github.com/systemd/systemd/blob/master/docs/BOOT_LOADER_SPECIFICATION.md
8748 While moving it into our source tree we have updated it and further
8749 changes are now accepted through the usual github PR workflow.
8751 * pam_systemd will now look for PAM userdata fields systemd.memory_max,
8752 systemd.tasks_max, systemd.cpu_weight, systemd.io_weight set by
8753 earlier PAM modules. The data in these fields is used to initialize
8754 the session scope's resource properties. Thus external PAM modules
8755 may now configure per-session limits, for example sourced from
8756 external user databases.
8758 * socket units with Accept=yes will now maintain a "refused" counter in
8759 addition to the existing "accepted" counter, counting connections
8760 refused due to the enforced limits.
8762 * The "systemd-path search-binaries-default" command may now be use to
8763 query the default, built-in $PATH PID 1 will pass to the services it
8766 * A new unit file setting PrivateMounts= has been added. It's a boolean
8767 option. If enabled the unit's processes are invoked in their own file
8768 system namespace. Note that this behaviour is also implied if any
8769 other file system namespacing options (such as PrivateTmp=,
8770 PrivateDevices=, ProtectSystem=, …) are used. This option is hence
8771 primarily useful for services that do not use any of the other file
8772 system namespacing options. One such service is systemd-udevd.service
8773 where this is now used by default.
8775 * ConditionSecurity= gained a new value "uefi-secureboot" that is true
8776 when the system is booted in UEFI "secure mode".
8778 * A new unit "system-update-pre.target" is added, which defines an
8779 optional synchronization point for offline system updates, as
8780 implemented by the pre-existing "system-update.target" unit. It
8781 allows ordering services before the service that executes the actual
8782 update process in a generic way.
8784 * Systemd now emits warnings whenever .include syntax is used.
8786 Contributions from: Adam Duskett, Alan Jenkins, Alessandro Casale,
8787 Alexander Kurtz, Alex Gartrell, Anssi Hannula, Arnaud Rebillout, Brian
8788 J. Murrell, Bruno Vernay, Chris Lamb, Chris Lesiak, Christian Brauner,
8789 Christian Hesse, Christian Rebischke, Colin Guthrie, Daniel Dao, Daniel
8790 Lin, Danylo Korostil, Davide Cavalca, David Tardon, Dimitri John
8791 Ledkov, Dmitriy Geels, Douglas Christman, Elia Geretto, emelenas, Emil
8792 Velikov, Evgeny Vereshchagin, Felipe Sateler, Feng Sun, Filipe
8793 Brandenburger, Franck Bui, futpib, Giuseppe Scrivano, Guillem Jover,
8794 guixxx, Hannes Reinecke, Hans de Goede, Harald Hoyer, Henrique Dante de
8795 Almeida, Hiram van Paassen, Ian Miell, Igor Gnatenko, Ivan Shapovalov,
8796 Iwan Timmer, James Cowgill, Jan Janssen, Jan Synacek, Jared Kazimir,
8797 Jérémy Rosen, João Paulo Rechi Vita, Joost Heitbrink, Jui-Chi Ricky
8798 Liang, Jürg Billeter, Kai-Heng Feng, Karol Augustin, Kay Sievers,
8799 Krzysztof Nowicki, Lauri Tirkkonen, Lennart Poettering, Leonard König,
8800 Long Li, Luca Boccassi, Lucas Werkmeister, Marcel Hoppe, Marc
8801 Kleine-Budde, Mario Limonciello, Martin Jansa, Martin Wilck, Mathieu
8802 Malaterre, Matteo F. Vescovi, Matthew McGinn, Matthias-Christian Ott,
8803 Michael Biebl, Michael Olbrich, Michael Prokop, Michal Koutný, Michal
8804 Sekletar, Mike Gilbert, Mikhail Kasimov, Milan Broz, Milan Pässler,
8805 Mladen Pejaković, Muhammet Kara, Nicolas Boichat, Omer Katz, Paride
8806 Legovini, Paul Menzel, Paul Milliken, Pavel Hrdina, Peter A. Bigot,
8807 Peter D'Hoye, Peter Hutterer, Peter Jones, Philip Sequeira, Philip
8808 Withnall, Piotr Drąg, Radostin Stoyanov, Ricardo Salveti de Araujo,
8809 Ronny Chevalier, Rosen Penev, Rubén Suárez Alvarez, Ryan Gonzalez,
8810 Salvo Tomaselli, Sebastian Reichel, Sergey Ptashnick, Sergio Lindo
8811 Mansilla, Stefan Schweter, Stephen Hemminger, Stuart Hayes, Susant
8812 Sahani, Sylvain Plantefève, Thomas H. P. Andersen, Tobias Jungel,
8813 Tomasz Torcz, Vito Caputo, Will Dietz, Will Thompson, Wim van Mourik,
8814 Yu Watanabe, Zbigniew Jędrzejewski-Szmek
8816 — Berlin, 2018-06-22
8820 * The MemoryAccounting= unit property now defaults to on. After
8821 discussions with the upstream control group maintainers we learnt
8822 that the negative impact of cgroup memory accounting on current
8823 kernels is finally relatively minimal, so that it should be safe to
8824 enable this by default without affecting system performance. Besides
8825 memory accounting only task accounting is turned on by default, all
8826 other forms of resource accounting (CPU, IO, IP) remain off for now,
8827 because it's not clear yet that their impact is small enough to move
8828 from opt-in to opt-out. We recommend downstreams to leave memory
8829 accounting on by default if kernel 4.14 or higher is primarily
8830 used. On very resource constrained systems or when support for old
8831 kernels is a necessity, -Dmemory-accounting-default=false can be used
8832 to revert this change.
8834 * rpm scriptlets to update the udev hwdb and rules (%udev_hwdb_update,
8835 %udev_rules_update) and the journal catalog (%journal_catalog_update)
8836 from the upgrade scriptlets of individual packages now do nothing.
8837 Transfiletriggers have been added which will perform those updates
8838 once at the end of the transaction.
8840 Similar transfiletriggers have been added to execute any sysctl.d
8841 and binfmt.d rules. Thus, it should be unnecessary to provide any
8842 scriptlets to execute this configuration from package installation
8845 * systemd-sysusers gained a mode where the configuration to execute is
8846 specified on the command line, but this configuration is not executed
8847 directly, but instead it is merged with the configuration on disk,
8848 and the result is executed. This is useful for package installation
8849 scripts which want to create the user before installing any files on
8850 disk (in case some of those files are owned by that user), while
8851 still allowing local admin overrides.
8853 This functionality is exposed to rpm scriptlets through a new
8854 %sysusers_create_package macro. Old %sysusers_create and
8855 %sysusers_create_inline macros are deprecated.
8857 A transfiletrigger for sysusers.d configuration is now installed,
8858 which means that it should be unnecessary to call systemd-sysusers from
8859 package installation scripts, unless the package installs any files
8860 owned by those newly-created users, in which case
8861 %sysusers_create_package should be used.
8863 * Analogous change has been done for systemd-tmpfiles: it gained a mode
8864 where the command-line configuration is merged with the configuration
8865 on disk. This is exposed as the new %tmpfiles_create_package macro,
8866 and %tmpfiles_create is deprecated. A transfiletrigger is installed
8867 for tmpfiles.d, hence it should be unnecessary to call systemd-tmpfiles
8868 from package installation scripts.
8870 * sysusers.d configuration for a user may now also specify the group
8871 number, in addition to the user number ("u username 123:456"), or
8872 without the user number ("u username -:456").
8874 * Configution items for systemd-sysusers can now be specified as
8875 positional arguments when the new --inline switch is used.
8877 * The login shell of users created through sysusers.d may now be
8878 specified (previously, it was always /bin/sh for root and
8879 /sbin/nologin for other users).
8881 * systemd-analyze gained a new --global switch to look at global user
8882 configuration. It also gained a unit-paths verb to list the unit load
8883 paths that are compiled into systemd (which can be used with
8884 --systemd, --user, or --global).
8886 * udevadm trigger gained a new --settle/-w option to wait for any
8887 triggered events to finish (but just those, and not any other events
8888 which are triggered meanwhile).
8890 * The action that systemd-logind takes when the lid is closed and the
8891 machine is connected to external power can now be configured using
8892 HandleLidSwitchExternalPower= in logind.conf. Previously, this action
8893 was determined by HandleLidSwitch=, and, for backwards compatibility,
8894 is still is, if HandleLidSwitchExternalPower= is not explicitly set.
8896 * journalctl will periodically call sd_journal_process() to make it
8897 resilient against inotify queue overruns when journal files are
8898 rotated very quickly.
8900 * Two new functions in libsystemd — sd_bus_get_n_queued_read and
8901 sd_bus_get_n_queued_write — may be used to check the number of
8902 pending bus messages.
8904 * systemd gained a new
8905 org.freedesktop.systemd1.Manager.AttachProcessesToUnit dbus call
8906 which can be used to migrate foreign processes to scope and service
8907 units. The primary user for this new API is systemd itself: the
8908 systemd --user instance uses this call of the systemd --system
8909 instance to migrate processes if it itself gets the request to
8910 migrate processes and the kernel refuses this due to access
8911 restrictions. Thanks to this "systemd-run --scope --user …" works
8912 again in pure cgroup v2 environments when invoked from the user
8915 * A new TemporaryFileSystem= setting can be used to mask out part of
8916 the real file system tree with tmpfs mounts. This may be combined
8917 with BindPaths= and BindReadOnlyPaths= to hide files or directories
8918 not relevant to the unit, while still allowing some paths lower in
8919 the tree to be accessed.
8921 ProtectHome=tmpfs may now be used to hide user home and runtime
8922 directories from units, in a way that is mostly equivalent to
8923 "TemporaryFileSystem=/home /run/user /root".
8925 * Non-service units are now started with KeyringMode=shared by default.
8926 This means that mount and swapon and other mount tools have access
8927 to keys in the main keyring.
8929 * /sys/fs/bpf is now mounted automatically.
8931 * QNX virtualization is now detected by systemd-detect-virt and may
8932 be used in ConditionVirtualization=.
8934 * IPAccounting= may now be enabled also for slice units.
8936 * A new -Dsplit-bin= build configuration switch may be used to specify
8937 whether bin and sbin directories are merged, or if they should be
8938 included separately in $PATH and various listings of executable
8939 directories. The build configuration scripts will try to autodetect
8940 the proper values of -Dsplit-usr= and -Dsplit-bin= based on build
8941 system, but distributions are encouraged to configure this
8944 * A new -Dok-color= build configuration switch may be used to change
8945 the colour of "OK" status messages.
8947 * UPGRADE ISSUE: serialization of units using JoinsNamespaceOf= with
8948 PrivateNetwork=yes was buggy in previous versions of systemd. This
8949 means that after the upgrade and daemon-reexec, any such units must
8952 * INCOMPATIBILITY: as announced in the NEWS for 237, systemd-tmpfiles
8953 will not exclude read-only files owned by root from cleanup.
8955 Contributions from: Alan Jenkins, Alexander F Rødseth, Alexis Jeandet,
8956 Andika Triwidada, Andrei Gherzan, Ansgar Burchardt, antizealot1337,
8957 Batuhan Osman Taşkaya, Beniamino Galvani, Bill Yodlowsky, Caio Marcelo
8958 de Oliveira Filho, CuBiC, Daniele Medri, Daniel Mouritzen, Daniel
8959 Rusek, Davide Cavalca, Dimitri John Ledkov, Douglas Christman, Evgeny
8960 Vereshchagin, Faalagorn, Filipe Brandenburger, Franck Bui, futpib,
8961 Giacomo Longo, Gunnar Hjalmarsson, Hans de Goede, Hermann Gausterer,
8962 Iago López Galeiras, Jakub Filak, Jan Synacek, Jason A. Donenfeld,
8963 Javier Martinez Canillas, Jérémy Rosen, Lennart Poettering, Lucas
8964 Werkmeister, Mao Huang, Marco Gulino, Michael Biebl, Michael Vogt,
8965 MilhouseVH, Neal Gompa (ニール・ゴンパ), Oleander Reis, Olof Mogren,
8966 Patrick Uiterwijk, Peter Hutterer, Peter Portante, Piotr Drąg, Robert
8967 Antoni Buj Gelonch, Sergey Ptashnick, Shawn Landden, Shuang Liu, Simon
8968 Fowler, SjonHortensius, snorreflorre, Susant Sahani, Sylvain
8969 Plantefève, Thomas Blume, Thomas Haller, Vito Caputo, Yu Watanabe,
8970 Zbigniew Jędrzejewski-Szmek, Марко М. Костић (Marko M. Kostić)
8972 — Warsaw, 2018-03-05
8976 * Some keyboards come with a zoom see-saw or rocker which until now got
8977 mapped to the Linux "zoomin/out" keys in hwdb. However, these
8978 keycodes are not recognized by any major desktop. They now produce
8979 Up/Down key events so that they can be used for scrolling.
8981 * INCOMPATIBILITY: systemd-tmpfiles' "f" lines changed behaviour
8982 slightly: previously, if an argument was specified for lines of this
8983 type (i.e. the right-most column was set) this string was appended to
8984 existing files each time systemd-tmpfiles was run. This behaviour was
8985 different from what the documentation said, and not particularly
8986 useful, as repeated systemd-tmpfiles invocations would not be
8987 idempotent and grow such files without bounds. With this release
8988 behaviour has been altered to match what the documentation says:
8989 lines of this type only have an effect if the indicated files don't
8990 exist yet, and only then the argument string is written to the file.
8992 * FUTURE INCOMPATIBILITY: In systemd v238 we intend to slightly change
8993 systemd-tmpfiles behaviour: previously, read-only files owned by root
8994 were always excluded from the file "aging" algorithm (i.e. the
8995 automatic clean-up of directories like /tmp based on
8996 atime/mtime/ctime). We intend to drop this restriction, and age files
8997 by default even when owned by root and read-only. This behaviour was
8998 inherited from older tools, but there have been requests to remove
8999 it, and it's not obvious why this restriction was made in the first
9000 place. Please speak up now, if you are aware of software that requires
9001 this behaviour, otherwise we'll remove the restriction in v238.
9003 * A new environment variable $SYSTEMD_OFFLINE is now understood by
9004 systemctl. It takes a boolean argument. If on, systemctl assumes it
9005 operates on an "offline" OS tree, and will not attempt to talk to the
9006 service manager. Previously, this mode was implicitly enabled if a
9007 chroot() environment was detected, and this new environment variable
9008 now provides explicit control.
9010 * .path and .socket units may now be created transiently, too.
9011 Previously only service, mount, automount and timer units were
9012 supported as transient units. The systemd-run tool has been updated
9013 to expose this new functionality, you may hence use it now to bind
9014 arbitrary commands to path or socket activation on-the-fly from the
9015 command line. Moreover, almost all properties are now exposed for the
9016 unit types that already supported transient operation.
9018 * The systemd-mount command gained support for a new --owner= parameter
9019 which takes a user name, which is then resolved and included in uid=
9020 and gid= mount options string of the file system to mount.
9022 * A new unit condition ConditionControlGroupController= has been added
9023 that checks whether a specific cgroup controller is available.
9025 * Unit files, udev's .link files, and systemd-networkd's .netdev and
9026 .network files all gained support for a new condition
9027 ConditionKernelVersion= for checking against specific kernel
9030 * In systemd-networkd, the [IPVLAN] section in .netdev files gained
9031 support for configuring device flags in the Flags= setting. In the
9032 same files, the [Tunnel] section gained support for configuring
9033 AllowLocalRemote=. The [Route] section in .network files gained
9034 support for configuring InitialCongestionWindow=,
9035 InitialAdvertisedReceiveWindow= and QuickAck=. The [DHCP] section now
9036 understands RapidCommit=.
9038 * systemd-networkd's DHCPv6 support gained support for Prefix
9041 * sd-bus gained support for a new "watch-bind" feature. When this
9042 feature is enabled, an sd_bus connection may be set up to connect to
9043 an AF_UNIX socket in the file system as soon as it is created. This
9044 functionality is useful for writing early-boot services that
9045 automatically connect to the system bus as soon as it is started,
9046 without ugly time-based polling. systemd-networkd and
9047 systemd-resolved have been updated to make use of this
9048 functionality. busctl exposes this functionality in a new
9049 --watch-bind= command line switch.
9051 * sd-bus will now optionally synthesize a local "Connected" signal as
9052 soon as a D-Bus connection is set up fully. This message mirrors the
9053 already existing "Disconnected" signal which is synthesized when the
9054 connection is terminated. This signal is generally useful but
9055 particularly handy in combination with the "watch-bind" feature
9056 described above. Synthesizing of this message has to be requested
9057 explicitly through the new API call sd_bus_set_connected_signal(). In
9058 addition a new call sd_bus_is_ready() has been added that checks
9059 whether a connection is fully set up (i.e. between the "Connected" and
9060 "Disconnected" signals).
9062 * sd-bus gained two new calls sd_bus_request_name_async() and
9063 sd_bus_release_name_async() for asynchronously registering bus
9064 names. Similar, there is now sd_bus_add_match_async() for installing
9065 a signal match asynchronously. All of systemd's own services have
9066 been updated to make use of these calls. Doing these operations
9067 asynchronously has two benefits: it reduces the risk of deadlocks in
9068 case of cyclic dependencies between bus services, and it speeds up
9069 service initialization since synchronization points for bus
9070 round-trips are removed.
9072 * sd-bus gained two new calls sd_bus_match_signal() and
9073 sd_bus_match_signal_async(), which are similar to sd_bus_add_match()
9074 and sd_bus_add_match_async() but instead of taking a D-Bus match
9075 string take match fields as normal function parameters.
9077 * sd-bus gained two new calls sd_bus_set_sender() and
9078 sd_bus_message_set_sender() for setting the sender name of outgoing
9079 messages (either for all outgoing messages or for just one specific
9080 one). These calls are only useful in direct connections as on
9081 brokered connections the broker fills in the sender anyway,
9082 overwriting whatever the client filled in.
9084 * sd-event gained a new pseudo-handle that may be specified on all API
9085 calls where an "sd_event*" object is expected: SD_EVENT_DEFAULT. When
9086 used this refers to the default event loop object of the calling
9087 thread. Note however that this does not implicitly allocate one —
9088 which has to be done prior by using sd_event_default(). Similarly
9089 sd-bus gained three new pseudo-handles SD_BUS_DEFAULT,
9090 SD_BUS_DEFAULT_USER, SD_BUS_DEFAULT_SYSTEM that may be used to refer
9091 to the default bus of the specified type of the calling thread. Here
9092 too this does not implicitly allocate bus connection objects, this
9093 has to be done prior with sd_bus_default() and friends.
9095 * sd-event gained a new call pair
9096 sd_event_source_{get|set}_io_fd_own(). This may be used to request
9097 automatic closure of the file descriptor an IO event source watches
9098 when the event source is destroyed.
9100 * systemd-networkd gained support for natively configuring WireGuard
9103 * In previous versions systemd synthesized user records both for the
9104 "nobody" (UID 65534) and "root" (UID 0) users in nss-systemd and
9105 internally. In order to simplify distribution-wide renames of the
9106 "nobody" user (like it is planned in Fedora: nfsnobody → nobody), a
9107 new transitional flag file has been added: if
9108 /etc/systemd/dont-synthesize-nobody exists synthesizing of the 65534
9109 user and group record within the systemd codebase is disabled.
9111 * systemd-notify gained a new --uid= option for selecting the source
9112 user/UID to use for notification messages sent to the service
9115 * journalctl gained a new --grep= option to list only entries in which
9116 the message matches a certain pattern. By default matching is case
9117 insensitive if the pattern is lowercase, and case sensitive
9118 otherwise. Option --case-sensitive=yes|no can be used to override
9119 this an specify case sensitivity or case insensitivity.
9121 * There's now a "systemd-analyze service-watchdogs" command for printing
9122 the current state of the service runtime watchdog, and optionally
9123 enabling or disabling the per-service watchdogs system-wide if given a
9124 boolean argument (i.e. the concept you configure in WatchdogSec=), for
9125 debugging purposes. There's also a kernel command line option
9126 systemd.service_watchdogs= for controlling the same.
9128 * Two new "log-level" and "log-target" options for systemd-analyze were
9129 added that merge the now deprecated get-log-level, set-log-level and
9130 get-log-target, set-log-target pairs. The deprecated options are still
9131 understood for backwards compatibility. The two new options print the
9132 current value when no arguments are given, and set them when a
9133 level/target is given as an argument.
9135 * sysusers.d's "u" lines now optionally accept both a UID and a GID
9136 specification, separated by a ":" character, in order to create users
9137 where UID and GID do not match.
9139 Contributions from: Adam Duskett, Alan Jenkins, Alexander Kuleshov,
9140 Alexis Deruelle, Andrew Jeddeloh, Armin Widegreen, Batuhan Osman
9141 Taşkaya, Björn Esser, bleep_blop, Bruce A. Johnson, Chris Down, Clinton
9142 Roy, Colin Walters, Daniel Rusek, Dimitri John Ledkov, Dmitry Rozhkov,
9143 Evgeny Vereshchagin, Ewout van Mansom, Felipe Sateler, Franck Bui,
9144 Frantisek Sumsal, George Gaydarov, Gianluca Boiano, Hans-Christian
9145 Noren Egtvedt, Hans de Goede, Henrik Grindal Bakken, Jan Alexander
9146 Steffens, Jan Klötzke, Jason A. Donenfeld, jdkbx, Jérémy Rosen,
9147 Jerónimo Borque, John Lin, John Paul Herold, Jonathan Rudenberg, Jörg
9148 Thalheim, Ken (Bitsko) MacLeod, Larry Bernstone, Lennart Poettering,
9149 Lucas Werkmeister, Maciej S. Szmigiero, Marek Čermák, Martin Pitt,
9150 Mathieu Malaterre, Matthew Thode, Matthias-Christian Ott, Max Harmathy,
9151 Michael Biebl, Michael Vogt, Michal Koutný, Michal Sekletar, Michał
9152 Szczepański, Mike Gilbert, Nathaniel McCallum, Nicolas Chauvet, Olaf
9153 Hering, Olivier Schwander, Patrik Flykt, Paul Cercueil, Peter Hutterer,
9154 Piotr Drąg, Raphael Vogelgsang, Reverend Homer, Robert Kolchmeyer,
9155 Samuel Dionne-Riel, Sergey Ptashnick, Shawn Landden, Susant Sahani,
9156 Sylvain Plantefève, Thomas H. P. Andersen, Thomas Huth, Tomasz
9157 Bachorski, Vladislav Vishnyakov, Wieland Hoffmann, Yu Watanabe, Zachary
9158 Winnerman, Zbigniew Jędrzejewski-Szmek, Дамјан Георгиевски, Дилян
9165 * The modprobe.d/ drop-in for the bonding.ko kernel module introduced
9166 in v235 has been extended to also set the dummy.ko module option
9167 numdummies=0, preventing the kernel from automatically creating
9168 dummy0. All dummy interfaces must now be explicitly created.
9170 * Unknown '%' specifiers in configuration files are now rejected. This
9171 applies to units and tmpfiles.d configuration. Any percent characters
9172 that are followed by a letter or digit that are not supposed to be
9173 interpreted as the beginning of a specifier should be escaped by
9174 doubling ("%%"). (So "size=5%" is still accepted, as well as
9175 "size=5%,foo=bar", but not "LABEL=x%y%z" since %y and %z are not
9176 valid specifiers today.)
9178 * systemd-resolved now maintains a new dynamic
9179 /run/systemd/resolve/stub-resolv.conf compatibility file. It is
9180 recommended to make /etc/resolv.conf a symlink to it. This file
9181 points at the systemd-resolved stub DNS 127.0.0.53 resolver and
9182 includes dynamically acquired search domains, achieving more correct
9183 DNS resolution by software that bypasses local DNS APIs such as NSS.
9185 * The "uaccess" udev tag has been dropped from /dev/kvm and
9186 /dev/dri/renderD*. These devices now have the 0666 permissions by
9187 default (but this may be changed at build-time). /dev/dri/renderD*
9188 will now be owned by the "render" group along with /dev/kfd.
9190 * "DynamicUser=yes" has been enabled for systemd-timesyncd.service,
9191 systemd-journal-gatewayd.service and
9192 systemd-journal-upload.service. This means "nss-systemd" must be
9193 enabled in /etc/nsswitch.conf to ensure the UIDs assigned to these
9194 services are resolved properly.
9196 * In /etc/fstab two new mount options are now understood:
9197 x-systemd.makefs and x-systemd.growfs. The former has the effect that
9198 the configured file system is formatted before it is mounted, the
9199 latter that the file system is resized to the full block device size
9200 after it is mounted (i.e. if the file system is smaller than the
9201 partition it resides on, it's grown). This is similar to the fsck
9202 logic in /etc/fstab, and pulls in systemd-makefs@.service and
9203 systemd-growfs@.service as necessary, similar to
9204 systemd-fsck@.service. Resizing is currently only supported on ext4
9207 * In systemd-networkd, the IPv6 RA logic now optionally may announce
9208 DNS server and domain information.
9210 * Support for the LUKS2 on-disk format for encrypted partitions has
9211 been added. This requires libcryptsetup2 during compilation and
9214 * The systemd --user instance will now signal "readiness" when its
9215 basic.target unit has been reached, instead of when the run queue ran
9216 empty for the first time.
9218 * Tmpfiles.d with user configuration are now also supported.
9219 systemd-tmpfiles gained a new --user switch, and snippets placed in
9220 ~/.config/user-tmpfiles.d/ and corresponding directories will be
9221 executed by systemd-tmpfiles --user running in the new
9222 systemd-tmpfiles-setup.service and systemd-tmpfiles-clean.service
9223 running in the user session.
9225 * Unit files and tmpfiles.d snippets learnt three new % specifiers:
9226 %S resolves to the top-level state directory (/var/lib for the system
9227 instance, $XDG_CONFIG_HOME for the user instance), %C resolves to the
9228 top-level cache directory (/var/cache for the system instance,
9229 $XDG_CACHE_HOME for the user instance), %L resolves to the top-level
9230 logs directory (/var/log for the system instance,
9231 $XDG_CONFIG_HOME/log/ for the user instance). This matches the
9232 existing %t specifier, that resolves to the top-level runtime
9233 directory (/run for the system instance, and $XDG_RUNTIME_DIR for the
9236 * journalctl learnt a new parameter --output-fields= for limiting the
9237 set of journal fields to output in verbose and JSON output modes.
9239 * systemd-timesyncd's configuration file gained a new option
9240 RootDistanceMaxSec= for setting the maximum root distance of servers
9241 it'll use, as well as the new options PollIntervalMinSec= and
9242 PollIntervalMaxSec= to tweak the minimum and maximum poll interval.
9244 * bootctl gained a new command "list" for listing all available boot
9245 menu items on systems that follow the boot loader specification.
9247 * systemctl gained a new --dry-run switch that shows what would be done
9248 instead of doing it, and is currently supported by the shutdown and
9251 * ConditionSecurity= can now detect the TOMOYO security module.
9253 * Unit file [Install] sections are now also respected in unit drop-in
9254 files. This is intended to be used by drop-ins under /usr/lib/.
9256 * systemd-firstboot may now also set the initial keyboard mapping.
9258 * Udev "changed" events for devices which are exposed as systemd
9259 .device units are now propagated to units specified in
9260 ReloadPropagatedFrom= as reload requests.
9262 * If a udev device has a SYSTEMD_WANTS= property containing a systemd
9263 unit template name (i.e. a name in the form of 'foobar@.service',
9264 without the instance component between the '@' and - the '.'), then
9265 the escaped sysfs path of the device is automatically used as the
9268 * SystemCallFilter= in unit files has been extended so that an "errno"
9269 can be specified individually for each system call. Example:
9270 SystemCallFilter=~uname:EILSEQ.
9272 * The cgroup delegation logic has been substantially updated. Delegate=
9273 now optionally takes a list of controllers (instead of a boolean, as
9274 before), which lists the controllers to delegate at least.
9276 * The networkd DHCPv6 client now implements the FQDN option (RFC 4704).
9278 * A new LogLevelMax= setting configures the maximum log level any
9279 process of the service may log at (i.e. anything with a lesser
9280 priority than what is specified is automatically dropped). A new
9281 LogExtraFields= setting allows configuration of additional journal
9282 fields to attach to all log records generated by any of the unit's
9285 * New StandardInputData= and StandardInputText= settings along with the
9286 new option StandardInput=data may be used to configure textual or
9287 binary data that shall be passed to the executed service process via
9288 standard input, encoded in-line in the unit file.
9290 * StandardInput=, StandardOutput= and StandardError= may now be used to
9291 connect stdin/stdout/stderr of executed processes directly with a
9292 file or AF_UNIX socket in the file system, using the new "file:" option.
9294 * A new unit file option CollectMode= has been added, that allows
9295 tweaking the garbage collection logic for units. It may be used to
9296 tell systemd to garbage collect units that have failed automatically
9297 (normally it only GCs units that exited successfully). systemd-run
9298 and systemd-mount expose this new functionality with a new -G option.
9300 * "machinectl bind" may now be used to bind mount non-directories
9301 (i.e. regularfiles, devices, fifos, sockets).
9303 * systemd-analyze gained a new verb "calendar" for validating and
9304 testing calendar time specifications to use for OnCalendar= in timer
9305 units. Besides validating the expression it will calculate the next
9306 time the specified expression would elapse.
9308 * In addition to the pre-existing FailureAction= unit file setting
9309 there's now SuccessAction=, for configuring a shutdown action to
9310 execute when a unit completes successfully. This is useful in
9311 particular inside containers that shall terminate after some workload
9312 has been completed. Also, both options are now supported for all unit
9313 types, not just services.
9315 * networkds's IP rule support gained two new options
9316 IncomingInterface= and OutgoingInterface= for configuring the incoming
9317 and outgoing interfaces of configured rules. systemd-networkd also
9318 gained support for "vxcan" network devices.
9320 * networkd gained a new setting RequiredForOnline=, taking a
9321 boolean. If set, systemd-wait-online will take it into consideration
9322 when determining that the system is up, otherwise it will ignore the
9323 interface for this purpose.
9325 * The sd_notify() protocol gained support for a new operation: with
9326 FDSTOREREMOVE=1 file descriptors may be removed from the per-service
9327 store again, ahead of POLLHUP or POLLERR when they are removed
9330 * A new document doc/UIDS-GIDS.md has been added to the source tree,
9331 that documents the UID/GID range and assignment assumptions and
9332 requirements of systemd.
9334 * The watchdog device PID 1 will ping may now be configured through the
9335 WatchdogDevice= configuration file setting, or by setting the
9336 systemd.watchdog_service= kernel command line option.
9338 * systemd-resolved's gained support for registering DNS-SD services on
9339 the local network using MulticastDNS. Services may either be
9340 registered by dropping in a .dnssd file in /etc/systemd/dnssd/ (or
9341 the same dir below /run, /usr/lib), or through its D-Bus API.
9343 * The sd_notify() protocol can now with EXTEND_TIMEOUT_USEC=microsecond
9344 extend the effective start, runtime, and stop time. The service must
9345 continue to send EXTEND_TIMEOUT_USEC within the period specified to
9346 prevent the service manager from making the service as timedout.
9348 * systemd-resolved's DNSSEC support gained support for RFC 8080
9349 (Ed25519 keys and signatures).
9351 * The systemd-resolve command line tool gained a new set of options
9352 --set-dns=, --set-domain=, --set-llmnr=, --set-mdns=, --set-dnssec=,
9353 --set-nta= and --revert to configure per-interface DNS configuration
9354 dynamically during runtime. It's useful for pushing DNS information
9355 into systemd-resolved from DNS hook scripts that various interface
9356 managing software supports (such as pppd).
9358 * systemd-nspawn gained a new --network-namespace-path= command line
9359 option, which may be used to make a container join an existing
9360 network namespace, by specifying a path to a "netns" file.
9362 Contributions from: Alan Jenkins, Alan Robertson, Alessandro Ghedini,
9363 Andrew Jeddeloh, Antonio Rojas, Ari, asavah, bleep_blop, Carsten
9364 Strotmann, Christian Brauner, Christian Hesse, Clinton Roy, Collin
9365 Eggert, Cong Wang, Daniel Black, Daniel Lockyer, Daniel Rusek, Dimitri
9366 John Ledkov, Dmitry Rozhkov, Dongsu Park, Edward A. James, Evgeny
9367 Vereshchagin, Florian Klink, Franck Bui, Gwendal Grignou, Hans de
9368 Goede, Harald Hoyer, Hristo Venev, Iago López Galeiras, Ikey Doherty,
9369 Jakub Wilk, Jérémy Rosen, Jiahui Xie, John Lin, José Bollo, Josef
9370 Andersson, juga0, Krzysztof Nowicki, Kyle Walker, Lars Karlitski, Lars
9371 Kellogg-Stedman, Lauri Tirkkonen, Lennart Poettering, Lubomir Rintel,
9372 Luca Bruno, Lucas Werkmeister, Lukáš Nykrýn, Lukáš Říha, Lukasz
9373 Rubaszewski, Maciej S. Szmigiero, Mantas Mikulėnas, Marcus Folkesson,
9374 Martin Steuer, Mathieu Trudel-Lapierre, Matija Skala,
9375 Matthias-Christian Ott, Max Resch, Michael Biebl, Michael Vogt, Michal
9376 Koutný, Michal Sekletar, Mike Gilbert, Muhammet Kara, Neil Brown, Olaf
9377 Hering, Ondrej Kozina, Patrik Flykt, Patryk Kocielnik, Peter Hutterer,
9378 Piotr Drąg, Razvan Cojocaru, Robin McCorkell, Roland Hieber, Saran
9379 Tunyasuvunakool, Sergey Ptashnick, Shawn Landden, Shuang Liu, Simon
9380 Arlott, Simon Peeters, Stanislav Angelovič, Stefan Agner, Susant
9381 Sahani, Sylvain Plantefève, Thomas Blume, Thomas Haller, Tiago Salem
9382 Herrmann, Tinu Weber, Tom Stellard, Topi Miettinen, Torsten Hilbrich,
9383 Vito Caputo, Vladislav Vishnyakov, WaLyong Cho, Yu Watanabe, Zbigniew
9384 Jędrzejewski-Szmek, Zeal Jagannatha
9386 — Berlin, 2017-12-14
9390 * INCOMPATIBILITY: systemd-logind.service and other long-running
9391 services now run inside an IPv4/IPv6 sandbox, prohibiting them any IP
9392 communication with the outside. This generally improves security of
9393 the system, and is in almost all cases a safe and good choice, as
9394 these services do not and should not provide any network-facing
9395 functionality. However, systemd-logind uses the glibc NSS API to
9396 query the user database. This creates problems on systems where NSS
9397 is set up to directly consult network services for user database
9398 lookups. In particular, this creates incompatibilities with the
9399 "nss-nis" module, which attempts to directly contact the NIS/YP
9400 network servers it is configured for, and will now consistently
9401 fail. In such cases, it is possible to turn off IP sandboxing for
9402 systemd-logind.service (set IPAddressDeny= in its [Service] section
9403 to the empty string, via a .d/ unit file drop-in). Downstream
9404 distributions might want to update their nss-nis packaging to include
9405 such a drop-in snippet, accordingly, to hide this incompatibility
9406 from the user. Another option is to make use of glibc's nscd service
9407 to proxy such network requests through a privilege-separated, minimal
9408 local caching daemon, or to switch to more modern technologies such
9409 sssd, whose NSS hook-ups generally do not involve direct network
9410 access. In general, we think it's definitely time to question the
9411 implementation choices of nss-nis, i.e. whether it's a good idea
9412 today to embed a network-facing loadable module into all local
9413 processes that need to query the user database, including the most
9414 trivial and benign ones, such as "ls". For more details about
9415 IPAddressDeny= see below.
9417 * A new modprobe.d drop-in is now shipped by default that sets the
9418 bonding module option max_bonds=0. This overrides the kernel default,
9419 to avoid conflicts and ambiguity as to whether or not bond0 should be
9420 managed by systemd-networkd or not. This resolves multiple issues
9421 with bond0 properties not being applied, when bond0 is configured
9422 with systemd-networkd. Distributors may choose to not package this,
9423 however in that case users will be prevented from correctly managing
9424 bond0 interface using systemd-networkd.
9426 * systemd-analyze gained new verbs "get-log-level" and "get-log-target"
9427 which print the logging level and target of the system manager. They
9428 complement the existing "set-log-level" and "set-log-target" verbs
9429 used to change those values.
9431 * journald.conf gained a new boolean setting ReadKMsg= which defaults
9432 to on. If turned off kernel log messages will not be read by
9433 systemd-journald or included in the logs. It also gained a new
9434 setting LineMax= for configuring the maximum line length in
9435 STDOUT/STDERR log streams. The new default for this value is 48K, up
9436 from the previous hardcoded 2048.
9438 * A new unit setting RuntimeDirectoryPreserve= has been added, which
9439 allows more detailed control of what to do with a runtime directory
9440 configured with RuntimeDirectory= (i.e. a directory below /run or
9441 $XDG_RUNTIME_DIR) after a unit is stopped.
9443 * The RuntimeDirectory= setting for units gained support for creating
9444 deeper subdirectories below /run or $XDG_RUNTIME_DIR, instead of just
9445 one top-level directory.
9447 * Units gained new options StateDirectory=, CacheDirectory=,
9448 LogsDirectory= and ConfigurationDirectory= which are closely related
9449 to RuntimeDirectory= but manage per-service directories below
9450 /var/lib, /var/cache, /var/log and /etc. By making use of them it is
9451 possible to write unit files which when activated automatically gain
9452 properly owned service specific directories in these locations, thus
9453 making unit files self-contained and increasing compatibility with
9454 stateless systems and factory reset where /etc or /var are
9455 unpopulated at boot. Matching these new settings there's also
9456 StateDirectoryMode=, CacheDirectoryMode=, LogsDirectoryMode=,
9457 ConfigurationDirectoryMode= for configuring the access mode of these
9458 directories. These settings are particularly useful in combination
9459 with DynamicUser=yes as they provide secure, properly-owned,
9460 writable, and stateful locations for storage, excluded from the
9461 sandbox that such services live in otherwise.
9463 * Automake support has been removed from this release. systemd is now
9466 * systemd-journald will now aggressively cache client metadata during
9467 runtime, speeding up log write performance under pressure. This comes
9468 at a small price though: as much of the metadata is read
9469 asynchronously from /proc/ (and isn't implicitly attached to log
9470 datagrams by the kernel, like UID/GID/PID/SELinux are) this means the
9471 metadata stored alongside a log entry might be slightly
9472 out-of-date. Previously it could only be slightly newer than the log
9473 message. The time window is small however, and given that the kernel
9474 is unlikely to be improved anytime soon in this regard, this appears
9477 * nss-myhostname/systemd-resolved will now by default synthesize an
9478 A/AAAA resource record for the "_gateway" hostname, pointing to the
9479 current default IP gateway. Previously it did that for the "gateway"
9480 name, hampering adoption, as some distributions wanted to leave that
9481 hostname open for local use. The old behaviour may still be
9482 requested at build time.
9484 * systemd-networkd's [Address] section in .network files gained a new
9485 Scope= setting for configuring the IP address scope. The [Network]
9486 section gained a new boolean setting ConfigureWithoutCarrier= that
9487 tells systemd-networkd to ignore link sensing when configuring the
9488 device. The [DHCP] section gained a new Anonymize= boolean option for
9489 turning on a number of options suggested in RFC 7844. A new
9490 [RoutingPolicyRule] section has been added for configuring the IP
9491 routing policy. The [Route] section has gained support for a new
9492 Type= setting which permits configuring
9493 blackhole/unreachable/prohibit routes.
9495 * The [VRF] section in .netdev files gained a new Table= setting for
9496 configuring the routing table to use. The [Tunnel] section gained a
9497 new Independent= boolean field for configuring tunnels independent of
9498 an underlying network interface. The [Bridge] section gained a new
9499 GroupForwardMask= option for configuration of propagation of link
9500 local frames between bridge ports.
9502 * The WakeOnLan= setting in .link files gained support for a number of
9503 new modes. A new TCP6SegmentationOffload= setting has been added for
9504 configuring TCP/IPv6 hardware segmentation offload.
9506 * The IPv6 RA sender implementation may now optionally send out RDNSS
9507 and RDNSSL records to supply DNS configuration to peers.
9509 * systemd-nspawn gained support for a new --system-call-filter= command
9510 line option for adding and removing entries in the default system
9511 call filter it applies. Moreover systemd-nspawn has been changed to
9512 implement a system call allow list instead of a deny list.
9514 * systemd-run gained support for a new --pipe command line option. If
9515 used the STDIN/STDOUT/STDERR file descriptors passed to systemd-run
9516 are directly passed on to the activated transient service
9517 executable. This allows invoking arbitrary processes as systemd
9518 services (for example to take benefit of dependency management,
9519 accounting management, resource management or log management that is
9520 done automatically for services) — while still allowing them to be
9521 integrated in a classic UNIX shell pipeline.
9523 * When a service sends RELOAD=1 via sd_notify() and reload propagation
9524 using ReloadPropagationTo= is configured, a reload is now propagated
9525 to configured units. (Previously this was only done on explicitly
9526 requested reloads, using "systemctl reload" or an equivalent
9529 * For each service unit a restart counter is now kept: it is increased
9530 each time the service is restarted due to Restart=, and may be
9531 queried using "systemctl show -p NRestarts …".
9533 * New system call filter groups @aio, @sync, @chown, @setuid, @memlock,
9534 @signal and @timer have been added, for usage with SystemCallFilter=
9535 in unit files and the new --system-call-filter= command line option
9536 of systemd-nspawn (see above).
9538 * ExecStart= lines in unit files gained two new modifiers: when a
9539 command line is prefixed with "!" the command will be executed as
9540 configured, except for the credentials applied by
9541 setuid()/setgid()/setgroups(). It is very similar to the pre-existing
9542 "+", but does still apply namespacing options unlike "+". There's
9543 also "!!" now, which is mostly identical, but becomes a NOP on
9544 systems that support ambient capabilities. This is useful to write
9545 unit files that work with ambient capabilities where possible but
9546 automatically fall back to traditional privilege dropping mechanisms
9547 on systems where this is not supported.
9549 * ListenNetlink= settings in socket units now support RDMA netlink
9552 * A new unit file setting LockPersonality= has been added which permits
9553 locking down the chosen execution domain ("personality") of a service
9556 * A new special target "getty-pre.target" has been added, which is
9557 ordered before all text logins, and may be used to order services
9558 before textual logins acquire access to the console.
9560 * systemd will now attempt to load the virtio-rng.ko kernel module very
9561 early on if a VM environment supporting this is detected. This should
9562 improve entropy during early boot in virtualized environments.
9564 * A _netdev option is now supported in /etc/crypttab that operates in a
9565 similar way as the same option in /etc/fstab: it permits configuring
9566 encrypted devices that need to be ordered after the network is up.
9567 Following this logic, two new special targets
9568 remote-cryptsetup-pre.target and remote-cryptsetup.target have been
9569 added that are to cryptsetup.target what remote-fs.target and
9570 remote-fs-pre.target are to local-fs.target.
9572 * Service units gained a new UnsetEnvironment= setting which permits
9573 unsetting specific environment variables for services that are
9574 normally passed to it (for example in order to mask out locale
9575 settings for specific services that can't deal with it).
9577 * Units acquired a new boolean option IPAccounting=. When turned on, IP
9578 traffic accounting (packet count as well as byte count) is done for
9579 the service, and shown as part of "systemctl status" or "systemd-run
9582 * Service units acquired two new options IPAddressAllow= and
9583 IPAddressDeny=, taking a list of IPv4 or IPv6 addresses and masks,
9584 for configuring a simple IP access control list for all sockets of
9585 the unit. These options are available also on .slice and .socket
9586 units, permitting flexible access list configuration for individual
9587 services as well as groups of services (as defined by a slice unit),
9588 including system-wide. Note that IP ACLs configured this way are
9589 enforced on every single IPv4 and IPv6 socket created by any process
9590 of the service unit, and apply to ingress as well as egress traffic.
9592 * If CPUAccounting= or IPAccounting= is turned on for a unit a new
9593 structured log message is generated each time the unit is stopped,
9594 containing information about the consumed resources of this
9597 * A new setting KeyringMode= has been added to unit files, which may be
9598 used to control how the kernel keyring is set up for executed
9601 * "systemctl poweroff", "systemctl reboot", "systemctl halt",
9602 "systemctl kexec" and "systemctl exit" are now always asynchronous in
9603 behaviour (that is: these commands return immediately after the
9604 operation was enqueued instead of waiting for the operation to
9605 complete). Previously, "systemctl poweroff" and "systemctl reboot"
9606 were asynchronous on systems using systemd-logind (i.e. almost
9607 always, and like they were on sysvinit), and the other three commands
9608 were unconditionally synchronous. With this release this is cleaned
9609 up, and callers will see the same asynchronous behaviour on all
9610 systems for all five operations.
9612 * systemd-logind gained new Halt() and CanHalt() bus calls for halting
9615 * .timer units now accept calendar specifications in other timezones
9616 than UTC or the local timezone.
9618 * The tmpfiles snippet var.conf has been changed to create
9619 /var/log/btmp with access mode 0660 instead of 0600. It was owned by
9620 the "utmp" group already, and it appears to be generally understood
9621 that members of "utmp" can modify/flush the utmp/wtmp/lastlog/btmp
9622 databases. Previously this was implemented correctly for all these
9623 databases excepts btmp, which has been opened up like this now
9624 too. Note that while the other databases are world-readable
9625 (i.e. 0644), btmp is not and remains more restrictive.
9627 * The systemd-resolve tool gained a new --reset-server-features
9628 switch. When invoked like this systemd-resolved will forget
9629 everything it learnt about the features supported by the configured
9630 upstream DNS servers, and restarts the feature probing logic on the
9631 next resolver look-up for them at the highest feature level
9634 * The status dump systemd-resolved sends to the logs upon receiving
9635 SIGUSR1 now also includes information about all DNS servers it is
9636 configured to use, and the features levels it probed for them.
9638 Contributions from: Abdó Roig-Maranges, Alan Jenkins, Alexander
9639 Kuleshov, Andreas Rammhold, Andrew Jeddeloh, Andrew Soutar, Ansgar
9640 Burchardt, Beniamino Galvani, Benjamin Berg, Benjamin Robin, Charles
9641 Huber, Christian Hesse, Daniel Berrange, Daniel Kahn Gillmor, Daniel
9642 Mack, Daniel Rusek, Daniel Șerbănescu, Davide Cavalca, Dimitri John
9643 Ledkov, Diogo Pereira, Djalal Harouni, Dmitriy Geels, Dmitry Torokhov,
9644 ettavolt, Evgeny Vereshchagin, Fabio Kung, Felipe Sateler, Franck Bui,
9645 Hans de Goede, Harald Hoyer, Insun Pyo, Ivan Kurnosov, Ivan Shapovalov,
9646 Jakub Wilk, Jan Synacek, Jason Gunthorpe, Jeremy Bicha, Jérémy Rosen,
9647 John Lin, jonasBoss, Jonathan Lebon, Jonathan Teh, Jon Ringle, Jörg
9648 Thalheim, Jouke Witteveen, juga0, Justin Capella, Justin Michaud,
9649 Kai-Heng Feng, Lennart Poettering, Lion Yang, Luca Bruno, Lucas
9650 Werkmeister, Lukáš Nykrýn, Marcel Hollerbach, Marcus Lundblad, Martin
9651 Pitt, Michael Biebl, Michael Grzeschik, Michal Sekletar, Mike Gilbert,
9652 Neil Brown, Nicolas Iooss, Patrik Flykt, pEJipE, Piotr Drąg, Russell
9653 Stuart, S. Fan, Shengyao Xue, Stefan Pietsch, Susant Sahani, Tejun Heo,
9654 Thomas Miller, Thomas Sailer, Tobias Hunger, Tomasz Pala, Tom
9655 Gundersen, Tommi Rantala, Topi Miettinen, Torstein Husebø, userwithuid,
9656 Vasilis Liaskovitis, Vito Caputo, WaLyong Cho, William Douglas, Xiang
9657 Fan, Yu Watanabe, Zbigniew Jędrzejewski-Szmek
9659 — Berlin, 2017-10-06
9663 * Meson is now supported as build system in addition to Automake. It is
9664 our plan to remove Automake in one of our next releases, so that
9665 Meson becomes our exclusive build system. Hence, please start using
9666 the Meson build system in your downstream packaging. There's plenty
9667 of documentation around how to use Meson, the extremely brief
9670 ./autogen.sh && ./configure && make && sudo make install
9674 meson build && ninja -C build && sudo ninja -C build install
9676 * Unit files gained support for a new JobRunningTimeoutUSec= setting,
9677 which permits configuring a timeout on the time a job is
9678 running. This is particularly useful for setting timeouts on jobs for
9681 * Unit files gained two new options ConditionUser= and ConditionGroup=
9682 for conditionalizing units based on the identity of the user/group
9683 running a systemd user instance.
9685 * systemd-networkd now understands a new FlowLabel= setting in the
9686 [VXLAN] section of .network files, as well as a Priority= in
9687 [Bridge], GVRP= + MVRP= + LooseBinding= + ReorderHeader= in [VLAN]
9688 and GatewayOnlink= + IPv6Preference= + Protocol= in [Route]. It also
9689 gained support for configuration of GENEVE links, and IPv6 address
9690 labels. The [Network] section gained the new IPv6ProxyNDP= setting.
9692 * .link files now understand a new Port= setting.
9694 * systemd-networkd's DHCP support gained support for DHCP option 119
9695 (domain search list).
9697 * systemd-networkd gained support for serving IPv6 address ranges using
9698 the Router Advertisement protocol. The new .network configuration
9699 section [IPv6Prefix] may be used to configure the ranges to
9700 serve. This is implemented based on a new, minimal, native server
9701 implementation of RA.
9703 * journalctl's --output= switch gained support for a new parameter
9704 "short-iso-precise" for a mode where timestamps are shown as precise
9707 * systemd-udevd's "net_id" builtin may now generate stable network
9708 interface names from IBM PowerVM VIO devices as well as ACPI platform
9711 * MulticastDNS support in systemd-resolved may now be explicitly
9712 enabled/disabled using the new MulticastDNS= configuration file
9715 * systemd-resolved may now optionally use libidn2 instead of the libidn
9716 for processing internationalized domain names. Support for libidn2
9717 should be considered experimental and should not be enabled by
9720 * "machinectl pull-tar" and related call may now do verification of
9721 downloaded images using SUSE-style .sha256 checksum files in addition
9722 to the already existing support for validating using Ubuntu-style
9725 * sd-bus gained support for a new sd_bus_message_appendv() call which
9726 is va_list equivalent of sd_bus_message_append().
9728 * sd-boot gained support for validating images using SHIM/MOK.
9730 * The SMACK code learnt support for "onlycap".
9732 * systemd-mount --umount is now much smarter in figuring out how to
9733 properly unmount a device given its mount or device path.
9735 * The code to call libnss_dns as a fallback from libnss_resolve when
9736 the communication with systemd-resolved fails was removed. This
9737 fallback was redundant and interfered with the [!UNAVAIL=return]
9738 suffix. See nss-resolve(8) for the recommended configuration.
9740 * systemd-logind may now be restarted without losing state. It stores
9741 the file descriptors for devices it manages in the system manager
9742 using the FDSTORE= mechanism. Please note that further changes in
9743 other components may be required to make use of this (for example
9744 Xorg has code to listen for stops of systemd-logind and terminate
9745 itself when logind is stopped or restarted, in order to avoid using
9746 stale file descriptors for graphical devices, which is now
9747 counterproductive and must be reverted in order for restarts of
9748 systemd-logind to be safe. See
9749 https://cgit.freedesktop.org/xorg/xserver/commit/?id=dc48bd653c7e101.)
9751 * All kernel-install plugins are called with the environment variable
9752 KERNEL_INSTALL_MACHINE_ID which is set to the machine ID given by
9753 /etc/machine-id. If the machine ID could not be determined,
9754 $KERNEL_INSTALL_MACHINE_ID will be empty. Plugins should not put
9755 anything in the entry directory (passed as the second argument) if
9756 $KERNEL_INSTALL_MACHINE_ID is empty. For backwards compatibility, a
9757 temporary directory is passed as the entry directory and removed
9758 after all the plugins exit.
9760 * If KERNEL_INSTALL_MACHINE_ID is set in /etc/machine-info, kernel-install
9761 will now use its value as the machine ID instead of the machine ID
9762 from /etc/machine-id. If KERNEL_INSTALL_MACHINE_ID isn't set in
9763 /etc/machine-info and no machine ID is set in /etc/machine-id,
9764 kernel-install will try to store the current machine ID there as
9765 KERNEL_INSTALL_MACHINE_ID. If there is no machine ID, kernel-install
9766 will generate a new UUID, store it in /etc/machine-info as
9767 KERNEL_INSTALL_MACHINE_ID and use it as the machine ID.
9769 Contributions from: Adrian Heine né Lang, Aggelos Avgerinos, Alexander
9770 Kurtz, Alexandros Frantzis, Alexey Brodkin, Alex Lu, Amir Pakdel, Amir
9771 Yalon, Anchor Cat, Anthony Parsons, Bastien Nocera, Benjamin Gilbert,
9772 Benjamin Robin, Boucman, Charles Plessy, Chris Chiu, Chris Lamb,
9773 Christian Brauner, Christian Hesse, Colin Walters, Daniel Drake,
9774 Danielle Church, Daniel Molkentin, Daniel Rusek, Daniel Wang, Davide
9775 Cavalca, David Herrmann, David Michael, Dax Kelson, Dimitri John
9776 Ledkov, Djalal Harouni, Dušan Kazik, Elias Probst, Evgeny Vereshchagin,
9777 Federico Di Pierro, Felipe Sateler, Felix Zhang, Franck Bui, Gary
9778 Tierney, George McCollister, Giedrius Statkevičius, Hans de Goede,
9779 hecke, Hendrik Westerberg, Hristo Venev, Ian Wienand, Insun Pyo, Ivan
9780 Shapovalov, James Cowgill, James Hemsing, Janne Heß, Jan Synacek, Jason
9781 Reeder, João Paulo Rechi Vita, John Paul Adrian Glaubitz, Jörg
9782 Thalheim, Josef Andersson, Josef Gajdusek, Julian Mehne, Kai Krakow,
9783 Krzysztof Jackiewicz, Lars Karlitski, Lennart Poettering, Lluís Gili,
9784 Lucas Werkmeister, Lukáš Nykrýn, Łukasz Stelmach, Mantas Mikulėnas,
9785 Marcin Bachry, Marcus Cooper, Mark Stosberg, Martin Pitt, Matija Skala,
9786 Matt Clarkson, Matthew Garrett, Matthias Greiner, Matthijs van Duin,
9787 Max Resch, Michael Biebl, Michal Koutný, Michal Sekletar, Michal
9788 Soltys, Michal Suchanek, Mike Gilbert, Nate Clark, Nathaniel R. Lewis,
9789 Neil Brown, Nikolai Kondrashov, Pascal S. de Kloe, Pat Riehecky, Patrik
9790 Flykt, Paul Kocialkowski, Peter Hutterer, Philip Withnall, Piotr
9791 Szydełko, Rafael Fontenelle, Ray Strode, Richard Maw, Roelf Wichertjes,
9792 Ronny Chevalier, Sarang S. Dalal, Sjoerd Simons, slodki, Stefan
9793 Schweter, Susant Sahani, Ted Wood, Thomas Blume, Thomas Haller, Thomas
9794 H. P. Andersen, Timothée Ravier, Tobias Jungel, Tobias Stoeckmann, Tom
9795 Gundersen, Tom Yan, Torstein Husebø, Umut Tezduyar Lindskog,
9796 userwithuid, Vito Caputo, Waldemar Brodkorb, WaLyong Cho, Yu, Li-Yu,
9797 Yusuke Nojima, Yu Watanabe, Zbigniew Jędrzejewski-Szmek, Дамјан
9800 — Berlin, 2017-07-12
9804 * The "hybrid" control group mode has been modified to improve
9805 compatibility with "legacy" cgroups-v1 setups. Specifically, the
9806 "hybrid" setup of /sys/fs/cgroup is now pretty much identical to
9807 "legacy" (including /sys/fs/cgroup/systemd as "name=systemd" named
9808 cgroups-v1 hierarchy), the only externally visible change being that
9809 the cgroups-v2 hierarchy is also mounted, to
9810 /sys/fs/cgroup/unified. This should provide a large degree of
9811 compatibility with "legacy" cgroups-v1, while taking benefit of the
9812 better management capabilities of cgroups-v2.
9814 * The default control group setup mode may be selected both a boot-time
9815 via a set of kernel command line parameters (specifically:
9816 systemd.unified_cgroup_hierarchy= and
9817 systemd.legacy_systemd_cgroup_controller=), as well as a compile-time
9818 default selected on the configure command line
9819 (--with-default-hierarchy=). The upstream default is "hybrid"
9820 (i.e. the cgroups-v1 + cgroups-v2 mixture discussed above) now, but
9821 this will change in a future systemd version to be "unified" (pure
9822 cgroups-v2 mode). The third option for the compile time option is
9823 "legacy", to enter pure cgroups-v1 mode. We recommend downstream
9824 distributions to default to "hybrid" mode for release distributions,
9825 starting with v233. We recommend "unified" for development
9826 distributions (specifically: distributions such as Fedora's rawhide)
9827 as that's where things are headed in the long run. Use "legacy" for
9828 greatest stability and compatibility only.
9830 * Note one current limitation of "unified" and "hybrid" control group
9831 setup modes: the kernel currently does not permit the systemd --user
9832 instance (i.e. unprivileged code) to migrate processes between two
9833 disconnected cgroup subtrees, even if both are managed and owned by
9834 the user. This effectively means "systemd-run --user --scope" doesn't
9835 work when invoked from outside of any "systemd --user" service or
9836 scope. Specifically, it is not supported from session scopes. We are
9837 working on fixing this in a future systemd version. (See #3388 for
9838 further details about this.)
9840 * DBus policy files are now installed into /usr rather than /etc. Make
9841 sure your system has dbus >= 1.9.18 running before upgrading to this
9842 version, or override the install path with --with-dbuspolicydir= .
9844 * All python scripts shipped with systemd (specifically: the various
9845 tests written in Python) now require Python 3.
9847 * systemd unit tests can now run standalone (without the source or
9848 build directories), and can be installed into /usr/lib/systemd/tests/
9849 with 'make install-tests'.
9851 * Note that from this version on, CONFIG_CRYPTO_USER_API_HASH,
9852 CONFIG_CRYPTO_HMAC and CONFIG_CRYPTO_SHA256 need to be enabled in the
9855 * Support for the %c, %r, %R specifiers in unit files has been
9856 removed. Specifiers are not supposed to be dependent on configuration
9857 in the unit file itself (so that they resolve the same regardless
9858 where used in the unit files), but these specifiers were influenced
9859 by the Slice= option.
9861 * The shell invoked by debug-shell.service now defaults to /bin/sh in
9862 all cases. If distributions want to use a different shell for this
9863 purpose (for example Fedora's /sbin/sushell) they need to specify
9864 this explicitly at configure time using --with-debug-shell=.
9866 * The confirmation spawn prompt has been reworked to offer the
9869 (c)ontinue, proceed without asking anymore
9870 (D)ump, show the state of the unit
9871 (f)ail, don't execute the command and pretend it failed
9873 (i)nfo, show a short summary of the unit
9874 (j)obs, show jobs that are in progress
9875 (s)kip, don't execute the command and pretend it succeeded
9876 (y)es, execute the command
9878 The 'n' choice for the confirmation spawn prompt has been removed,
9879 because its meaning was confusing.
9881 The prompt may now also be redirected to an alternative console by
9882 specifying the console as parameter to systemd.confirm_spawn=.
9884 * Services of Type=notify require a READY=1 notification to be sent
9885 during startup. If no such message is sent, the service now fails,
9886 even if the main process exited with a successful exit code.
9888 * Services that fail to start up correctly now always have their
9889 ExecStopPost= commands executed. Previously, they'd enter "failed"
9890 state directly, without executing these commands.
9892 * The option MulticastDNS= of network configuration files has acquired
9893 an actual implementation. With MulticastDNS=yes a host can resolve
9894 names of remote hosts and reply to mDNS A and AAAA requests.
9896 * When units are about to be started an additional check is now done to
9897 ensure that all dependencies of type BindsTo= (when used in
9898 combination with After=) have been started.
9900 * systemd-analyze gained a new verb "syscall-filter" which shows which
9901 system call groups are defined for the SystemCallFilter= unit file
9902 setting, and which system calls they contain.
9904 * A new system call filter group "@filesystem" has been added,
9905 consisting of various file system related system calls. Group
9906 "@reboot" has been added, covering reboot, kexec and shutdown related
9907 calls. Finally, group "@swap" has been added covering swap
9908 configuration related calls.
9910 * A new unit file option RestrictNamespaces= has been added that may be
9911 used to restrict access to the various process namespace types the
9912 Linux kernel provides. Specifically, it may be used to take away the
9913 right for a service unit to create additional file system, network,
9914 user, and other namespaces. This sandboxing option is particularly
9915 relevant due to the high amount of recently discovered namespacing
9916 related vulnerabilities in the kernel.
9918 * systemd-udev's .link files gained support for a new AutoNegotiation=
9919 setting for configuring Ethernet auto-negotiation.
9921 * systemd-networkd's .network files gained support for a new
9922 ListenPort= setting in the [DHCP] section to explicitly configure the
9923 UDP client port the DHCP client shall listen on.
9925 * .network files gained a new Unmanaged= boolean setting for explicitly
9926 excluding one or more interfaces from management by systemd-networkd.
9928 * The systemd-networkd ProxyARP= option has been renamed to
9929 IPV4ProxyARP=. Similarly, VXLAN-specific option ARPProxy= has been
9930 renamed to ReduceARPProxy=. The old names continue to be available
9933 * systemd-networkd gained support for configuring IPv6 Proxy NDP
9934 addresses via the new IPv6ProxyNDPAddress= .network file setting.
9936 * systemd-networkd's bonding device support gained support for two new
9937 configuration options ActiveSlave= and PrimarySlave=.
9939 * The various options in the [Match] section of .network files gained
9940 support for negative matching.
9942 * New systemd-specific mount options are now understood in /etc/fstab:
9944 x-systemd.mount-timeout= may be used to configure the maximum
9945 permitted runtime of the mount command.
9947 x-systemd.device-bound may be set to bind a mount point to its
9948 backing device unit, in order to automatically remove a mount point
9949 if its backing device is unplugged. This option may also be
9950 configured through the new SYSTEMD_MOUNT_DEVICE_BOUND udev property
9951 on the block device, which is now automatically set for all CDROM
9952 drives, so that mounted CDs are automatically unmounted when they are
9953 removed from the drive.
9955 x-systemd.after= and x-systemd.before= may be used to explicitly
9956 order a mount after or before another unit or mount point.
9958 * Enqueued start jobs for device units are now automatically garbage
9959 collected if there are no jobs waiting for them anymore.
9961 * systemctl list-jobs gained two new switches: with --after, for every
9962 queued job the jobs it's waiting for are shown; with --before the
9963 jobs which it's blocking are shown.
9965 * systemd-nspawn gained support for ephemeral boots from disk images
9966 (or in other words: --ephemeral and --image= may now be
9967 combined). Moreover, ephemeral boots are now supported for normal
9968 directories, even if the backing file system is not btrfs. Of course,
9969 if the file system does not support file system snapshots or
9970 reflinks, the initial copy operation will be relatively expensive, but
9971 this should still be suitable for many use cases.
9973 * Calendar time specifications in .timer units now support
9974 specifications relative to the end of a month by using "~" instead of
9975 "-" as separator between month and day. For example, "*-02~03" means
9976 "the third last day in February". In addition a new syntax for
9977 repeated events has been added using the "/" character. For example,
9978 "9..17/2:00" means "every two hours from 9am to 5pm".
9980 * systemd-socket-proxyd gained a new parameter --connections-max= for
9981 configuring the maximum number of concurrent connections.
9983 * sd-id128 gained a new API for generating unique IDs for the host in a
9984 way that does not leak the machine ID. Specifically,
9985 sd_id128_get_machine_app_specific() derives an ID based on the
9986 machine ID in a well-defined, non-reversible, stable way. This is
9987 useful whenever an identifier for the host is needed but where the
9988 identifier shall not be useful to identify the system beyond the
9989 scope of the application itself. (Internally this uses HMAC-SHA256 as
9990 keyed hash function using the machine ID as input.)
9992 * NotifyAccess= gained a new supported value "exec". When set
9993 notifications are accepted from all processes systemd itself invoked,
9994 including all control processes.
9996 * .nspawn files gained support for defining overlay mounts using the
9997 Overlay= and OverlayReadOnly= options. Previously this functionality
9998 was only available on the systemd-nspawn command line.
10000 * systemd-nspawn's --bind= and --overlay= options gained support for
10001 bind/overlay mounts whose source lies within the container tree by
10002 prefixing the source path with "+".
10004 * systemd-nspawn's --bind= and --overlay= options gained support for
10005 automatically allocating a temporary source directory in /var/tmp
10006 that is removed when the container dies. Specifically, if the source
10007 directory is specified as empty string this mechanism is selected. An
10008 example usage is --overlay=+/var::/var, which creates an overlay
10009 mount based on the original /var contained in the image, overlaid
10010 with a temporary directory in the host's /var/tmp. This way changes
10011 to /var are automatically flushed when the container shuts down.
10013 * systemd-nspawn --image= option does now permit raw file system block
10014 devices (in addition to images containing partition tables, as
10017 * The disk image dissection logic in systemd-nspawn gained support for
10018 automatically setting up LUKS encrypted as well as Verity protected
10019 partitions. When a container is booted from an encrypted image the
10020 passphrase is queried at start-up time. When a container with Verity
10021 data is started, the root hash is search in a ".roothash" file
10022 accompanying the disk image (alternatively, pass the root hash via
10023 the new --root-hash= command line option).
10025 * A new tool /usr/lib/systemd/systemd-dissect has been added that may
10026 be used to dissect disk images the same way as systemd-nspawn does
10027 it, following the Bootable Partition Specification. It may even be
10028 used to mount disk images with complex partition setups (including
10029 LUKS and Verity partitions) to a local host directory, in order to
10030 inspect them. This tool is not considered public API (yet), and is
10031 thus not installed into /usr/bin. Please do not rely on its
10032 existence, since it might go away or be changed in later systemd
10035 * A new generator "systemd-verity-generator" has been added, similar in
10036 style to "systemd-cryptsetup-generator", permitting automatic setup of
10037 Verity root partitions when systemd boots up. In order to make use of
10038 this your partition setup should follow the Discoverable Partitions
10039 Specification, and the GPT partition ID of the root file system
10040 partition should be identical to the upper 128-bit of the Verity root
10041 hash. The GPT partition ID of the Verity partition protecting it
10042 should be the lower 128-bit of the Verity root hash. If the partition
10043 image follows this model it is sufficient to specify a single
10044 "roothash=" kernel command line argument to both configure which root
10045 image and verity partition to use as well as the root hash for
10046 it. Note that systemd-nspawn's Verity support follows the same
10047 semantics, meaning that disk images with proper Verity data in place
10048 may be booted in containers with systemd-nspawn as well as on
10049 physical systems via the verity generator. Also note that the "mkosi"
10050 tool available at https://github.com/systemd/mkosi has been updated
10051 to generate Verity protected disk images following this scheme. In
10052 fact, it has been updated to generate disk images that optionally
10053 implement a complete UEFI SecureBoot trust chain, involving a signed
10054 kernel and initrd image that incorporates such a root hash as well as
10055 a Verity-enabled root partition.
10057 * The hardware database (hwdb) udev supports has been updated to carry
10058 accelerometer quirks.
10060 * All system services are now run with a fresh kernel keyring set up
10061 for them. The invocation ID is stored by default in it, thus
10062 providing a safe, non-overridable way to determine the invocation
10063 ID of each service.
10065 * Service unit files gained new BindPaths= and BindReadOnlyPaths=
10066 options for bind mounting arbitrary paths in a service-specific
10067 way. When these options are used, arbitrary host or service files and
10068 directories may be mounted to arbitrary locations in the service's
10071 * Documentation has been added that lists all of systemd's low-level
10072 environment variables:
10074 https://github.com/systemd/systemd/blob/master/docs/ENVIRONMENT.md
10076 * sd-daemon gained a new API sd_is_socket_sockaddr() for determining
10077 whether a specific socket file descriptor matches a specified socket
10080 * systemd-firstboot has been updated to check for the
10081 systemd.firstboot= kernel command line option. It accepts a boolean
10082 and when set to false the first boot questions are skipped.
10084 * systemd-fstab-generator has been updated to check for the
10085 systemd.volatile= kernel command line option, which either takes an
10086 optional boolean parameter or the special value "state". If used the
10087 system may be booted in a "volatile" boot mode. Specifically,
10088 "systemd.volatile" is used, the root directory will be mounted as
10089 tmpfs, and only /usr is mounted from the actual root file system. If
10090 "systemd.volatile=state" is used, the root directory will be mounted
10091 as usual, but /var is mounted as tmpfs. This concept provides similar
10092 functionality as systemd-nspawn's --volatile= option, but provides it
10093 on physical boots. Use this option for implementing stateless
10094 systems, or testing systems with all state and/or configuration reset
10095 to the defaults. (Note though that many distributions are not
10096 prepared to boot up without a populated /etc or /var, though.)
10098 * systemd-gpt-auto-generator gained support for LUKS encrypted root
10099 partitions. Previously it only supported LUKS encrypted partitions
10100 for all other uses, except for the root partition itself.
10102 * Socket units gained support for listening on AF_VSOCK sockets for
10103 communication in virtualized QEMU environments.
10105 * The "configure" script gained a new option --with-fallback-hostname=
10106 for specifying the fallback hostname to use if none is configured in
10107 /etc/hostname. For example, by specifying
10108 --with-fallback-hostname=fedora it is possible to default to a
10109 hostname of "fedora" on pristine installations.
10111 * systemd-cgls gained support for a new --unit= switch for listing only
10112 the control groups of a specific unit. Similar --user-unit= has been
10113 added for listing only the control groups of a specific user unit.
10115 * systemd-mount gained a new --umount switch for unmounting a mount or
10116 automount point (and all mount/automount points below it).
10118 * systemd will now refuse full configuration reloads (via systemctl
10119 daemon-reload and related calls) unless at least 16MiB of free space
10120 are available in /run. This is a safety precaution in order to ensure
10121 that generators can safely operate after the reload completed.
10123 * A new unit file option RootImage= has been added, which has a similar
10124 effect as RootDirectory= but mounts the service's root directory from
10125 a disk image instead of plain directory. This logic reuses the same
10126 image dissection and mount logic that systemd-nspawn already uses,
10127 and hence supports any disk images systemd-nspawn supports, including
10128 those following the Discoverable Partition Specification, as well as
10129 Verity enabled images. This option enables systemd to run system
10130 services directly off disk images acting as resource bundles,
10131 possibly even including full integrity data.
10133 * A new MountAPIVFS= unit file option has been added, taking a boolean
10134 argument. If enabled /proc, /sys and /dev (collectively called the
10135 "API VFS") will be mounted for the service. This is only relevant if
10136 RootDirectory= or RootImage= is used for the service, as these mounts
10137 are of course in place in the host mount namespace anyway.
10139 * systemd-nspawn gained support for a new --pivot-root= switch. If
10140 specified the root directory within the container image is pivoted to
10141 the specified mount point, while the original root disk is moved to a
10142 different place. This option enables booting of ostree images
10143 directly with systemd-nspawn.
10145 * The systemd build scripts will no longer complain if the NTP server
10146 addresses are not changed from the defaults. Google now supports
10147 these NTP servers officially. We still recommend downstreams to
10148 properly register an NTP pool with the NTP pool project though.
10150 * coredumpctl gained a new "--reverse" option for printing the list
10151 of coredumps in reverse order.
10153 * coredumpctl will now show additional information about truncated and
10154 inaccessible coredumps, as well as coredumps that are still being
10155 processed. It also gained a new --quiet switch for suppressing
10156 additional informational message in its output.
10158 * coredumpctl gained support for only showing coredumps newer and/or
10159 older than specific timestamps, using the new --since= and --until=
10160 options, reminiscent of journalctl's options by the same name.
10162 * The systemd-coredump logic has been improved so that it may be reused
10163 to collect backtraces in non-compiled languages, for example in
10164 scripting languages such as Python.
10166 * machinectl will now show the UID shift of local containers, if user
10167 namespacing is enabled for them.
10169 * systemd will now optionally run "environment generator" binaries at
10170 configuration load time. They may be used to add environment
10171 variables to the environment block passed to services invoked. One
10172 user environment generator is shipped by default that sets up
10173 environment variables based on files dropped into /etc/environment.d
10174 and ~/.config/environment.d/.
10176 * systemd-resolved now includes the new, recently published 2017 DNSSEC
10179 * hostnamed has been updated to report a new chassis type of
10180 "convertible" to cover "foldable" laptops that can both act as a
10181 tablet and as a laptop, such as various Lenovo Yoga devices.
10183 Contributions from: Adrián López, Alexander Galanin, Alexander
10184 Kochetkov, Alexandros Frantzis, Andrey Ulanov, Antoine Eiche, Baruch
10185 Siach, Bastien Nocera, Benjamin Robin, Björn, Brandon Philips, Cédric
10186 Schieli, Charles (Chas) Williams, Christian Hesse, Daniele Medri,
10187 Daniel Drake, Daniel Rusek, Daniel Wagner, Dan Streetman, Dave Reisner,
10188 David Glasser, David Herrmann, David Michael, Djalal Harouni, Dmitry
10189 Khlebnikov, Dmitry Rozhkov, Dongsu Park, Douglas Christman, Earnestly,
10190 Emil Soleyman, Eric Cook, Evgeny Vereshchagin, Felipe Sateler, Fionn
10191 Cleary, Florian Klink, Francesco Brozzu, Franck Bui, Gabriel Rauter,
10192 Gianluca Boiano, Giedrius Statkevičius, Graeme Lawes, Hans de Goede,
10193 Harald Hoyer, Ian Kelling, Ivan Shapovalov, Jakub Wilk, Janne Heß, Jan
10194 Synacek, Jason Reeder, Jonathan Boulle, Jörg Thalheim, Jouke Witteveen,
10195 Karl Kraus, Kees Cook, Keith Busch, Kieran Colford, kilian-k, Lennart
10196 Poettering, Lubomir Rintel, Lucas Werkmeister, Lukas Rusak, Maarten de
10197 Vries, Maks Naumov, Mantas Mikulėnas, Marc-Andre Lureau, Marcin Bachry,
10198 Mark Stosberg, Martin Ejdestig, Martin Pitt, Mauricio Faria de
10199 Oliveira, micah, Michael Biebl, Michael Shields, Michal Schmidt, Michal
10200 Sekletar, Michel Kraus, Mike Gilbert, Mikko Ylinen, Mirza Krak,
10201 Namhyung Kim, nikolaof, peoronoob, Peter Hutterer, Peter Körner, Philip
10202 Withnall, Piotr Drąg, Ray Strode, Reverend Homer, Rike-Benjamin
10203 Schuppner, Robert Kreuzer, Ronny Chevalier, Ruslan Bilovol, sammynx,
10204 Sergey Ptashnick, Sergiusz Urbaniak, Stefan Berger, Stefan Hajnoczi,
10205 Stefan Schweter, Stuart McLaren, Susant Sahani, Sylvain Plantefève,
10206 Taylor Smock, Tejun Heo, Thomas Blume, Thomas H. P. Andersen, Tibor
10207 Nagy, Tobias Stoeckmann, Tom Gundersen, Torstein Husebø, Viktar
10208 Vaŭčkievič, Viktor Mihajlovski, Vitaly Sulimov, Waldemar Brodkorb,
10209 Walter Garcia-Fontes, Wim de With, Yassine Imounachen, Yi EungJun,
10210 YunQiang Su, Yu Watanabe, Zbigniew Jędrzejewski-Szmek, Александр
10213 — Berlin, 2017-03-01
10217 * udev now runs with MemoryDenyWriteExecute=, RestrictRealtime= and
10218 RestrictAddressFamilies= enabled. These sandboxing options should
10219 generally be compatible with the various external udev call-out
10220 binaries we are aware of, however there may be exceptions, in
10221 particular when exotic languages for these call-outs are used. In
10222 this case, consider turning off these settings locally.
10224 * The new RemoveIPC= option can be used to remove IPC objects owned by
10225 the user or group of a service when that service exits.
10227 * The new ProtectKernelModules= option can be used to disable explicit
10228 load and unload operations of kernel modules by a service. In
10229 addition access to /usr/lib/modules is removed if this option is set.
10231 * ProtectSystem= option gained a new value "strict", which causes the
10232 whole file system tree with the exception of /dev, /proc, and /sys,
10233 to be remounted read-only for a service.
10235 * The new ProtectKernelTunables= option can be used to disable
10236 modification of configuration files in /sys and /proc by a service.
10237 Various directories and files are remounted read-only, so access is
10238 restricted even if the file permissions would allow it.
10240 * The new ProtectControlGroups= option can be used to disable write
10241 access by a service to /sys/fs/cgroup.
10243 * Various systemd services have been hardened with
10244 ProtectKernelTunables=yes, ProtectControlGroups=yes,
10245 RestrictAddressFamilies=.
10247 * Support for dynamically creating users for the lifetime of a service
10248 has been added. If DynamicUser=yes is specified, user and group IDs
10249 will be allocated from the range 61184…65519 for the lifetime of the
10250 service. They can be resolved using the new nss-systemd.so NSS
10251 module. The module must be enabled in /etc/nsswitch.conf. Services
10252 started in this way have PrivateTmp= and RemoveIPC= enabled, so that
10253 any resources allocated by the service will be cleaned up when the
10254 service exits. They also have ProtectHome=read-only and
10255 ProtectSystem=strict enabled, so they are not able to make any
10256 permanent modifications to the system.
10258 * The nss-systemd module also always resolves root and nobody, making
10259 it possible to have no /etc/passwd or /etc/group files in minimal
10260 container or chroot environments.
10262 * Services may be started with their own user namespace using the new
10263 boolean PrivateUsers= option. Only root, nobody, and the uid/gid
10264 under which the service is running are mapped. All other users are
10267 * Support for the cgroup namespace has been added to systemd-nspawn. If
10268 supported by kernel, the container system started by systemd-nspawn
10269 will have its own view of the cgroup hierarchy. This new behaviour
10270 can be disabled using $SYSTEMD_NSPAWN_USE_CGNS environment variable.
10272 * The new MemorySwapMax= option can be used to limit the maximum swap
10273 usage under the unified cgroup hierarchy.
10275 * Support for the CPU controller in the unified cgroup hierarchy has
10276 been added, via the CPUWeight=, CPUStartupWeight=, CPUAccounting=
10277 options. This controller requires out-of-tree patches for the kernel
10278 and the support is provisional.
10280 * Mount and automount units may now be created transiently
10281 (i.e. dynamically at runtime via the bus API, instead of requiring
10282 unit files in the file system).
10284 * systemd-mount is a new tool which may mount file systems – much like
10285 mount(8), optionally pulling in additional dependencies through
10286 transient .mount and .automount units. For example, this tool
10287 automatically runs fsck on a backing block device before mounting,
10288 and allows the automount logic to be used dynamically from the
10289 command line for establishing mount points. This tool is particularly
10290 useful when dealing with removable media, as it will ensure fsck is
10291 run – if necessary – before the first access and that the file system
10292 is quickly unmounted after each access by utilizing the automount
10293 logic. This maximizes the chance that the file system on the
10294 removable media stays in a clean state, and if it isn't in a clean
10295 state is fixed automatically.
10297 * LazyUnmount=yes option for mount units has been added to expose the
10298 umount --lazy option. Similarly, ForceUnmount=yes exposes the --force
10301 * /efi will be used as the mount point of the EFI boot partition, if
10302 the directory is present, and the mount point was not configured
10303 through other means (e.g. fstab). If /efi directory does not exist,
10304 /boot will be used as before. This makes it easier to automatically
10305 mount the EFI partition on systems where /boot is used for something
10308 * When operating on GPT disk images for containers, systemd-nspawn will
10309 now mount the ESP to /boot or /efi according to the same rules as PID
10310 1 running on a host. This allows tools like "bootctl" to operate
10311 correctly within such containers, in order to make container images
10312 bootable on physical systems.
10314 * disk/by-id and disk/by-path symlinks are now created for NVMe drives.
10316 * Two new user session targets have been added to support running
10317 graphical sessions under the systemd --user instance:
10318 graphical-session.target and graphical-session-pre.target. See
10319 systemd.special(7) for a description of how those targets should be
10322 * The vconsole initialization code has been significantly reworked to
10323 use KD_FONT_OP_GET/SET ioctls instead of KD_FONT_OP_COPY and better
10324 support unicode keymaps. Font and keymap configuration will now be
10325 copied to all allocated virtual consoles.
10327 * FreeBSD's bhyve virtualization is now detected.
10329 * Information recorded in the journal for core dumps now includes the
10330 contents of /proc/mountinfo and the command line of the process at
10331 the top of the process hierarchy (which is usually the init process
10334 * systemd-journal-gatewayd learned the --directory= option to serve
10335 files from the specified location.
10337 * journalctl --root=… can be used to peruse the journal in the
10338 /var/log/ directories inside of a container tree. This is similar to
10339 the existing --machine= option, but does not require the container to
10342 * The hardware database has been extended to support
10343 ID_INPUT_TRACKBALL, used in addition to ID_INPUT_MOUSE to identify
10346 MOUSE_WHEEL_CLICK_ANGLE_HORIZONTAL hwdb property has been added to
10347 specify the click rate for mice which include a horizontal wheel with
10348 a click rate that is different than the one for the vertical wheel.
10350 * systemd-run gained a new --wait option that makes service execution
10351 synchronous. (Specifically, the command will not return until the
10352 specified service binary exited.)
10354 * systemctl gained a new --wait option that causes the start command to
10355 wait until the units being started have terminated again.
10357 * A new journal output mode "short-full" has been added which displays
10358 timestamps with abbreviated English day names and adds a timezone
10359 suffix. Those timestamps include more information than the default
10360 "short" output mode, and can be passed directly to journalctl's
10361 --since= and --until= options.
10363 * /etc/resolv.conf will be bind-mounted into containers started by
10364 systemd-nspawn, if possible, so any changes to resolv.conf contents
10365 are automatically propagated to the container.
10367 * The number of instances for socket-activated services originating
10368 from a single IP address can be limited with
10369 MaxConnectionsPerSource=, extending the existing setting of
10372 * systemd-networkd gained support for vcan ("Virtual CAN") interface
10375 * .netdev and .network configuration can now be extended through
10378 * UDP Segmentation Offload, TCP Segmentation Offload, Generic
10379 Segmentation Offload, Generic Receive Offload, Large Receive Offload
10380 can be enabled and disabled using the new UDPSegmentationOffload=,
10381 TCPSegmentationOffload=, GenericSegmentationOffload=,
10382 GenericReceiveOffload=, LargeReceiveOffload= options in the
10383 [Link] section of .link files.
10385 * The Spanning Tree Protocol, Priority, Aging Time, and the Default
10386 Port VLAN ID can be configured for bridge devices using the new STP=,
10387 Priority=, AgeingTimeSec=, and DefaultPVID= settings in the [Bridge]
10388 section of .netdev files.
10390 * The route table to which routes received over DHCP or RA should be
10391 added can be configured with the new RouteTable= option in the [DHCP]
10392 and [IPv6AcceptRA] sections of .network files.
10394 * The Address Resolution Protocol can be disabled on links managed by
10395 systemd-networkd using the ARP=no setting in the [Link] section of
10398 * New environment variables $SERVICE_RESULT, $EXIT_CODE and
10399 $EXIT_STATUS are set for ExecStop= and ExecStopPost= commands, and
10400 encode information about the result and exit codes of the current
10401 service runtime cycle.
10403 * systemd-sysctl will now configure kernel parameters in the order
10404 they occur in the configuration files. This matches what sysctl
10405 has been traditionally doing.
10407 * kernel-install "plugins" that are executed to perform various
10408 tasks after a new kernel is added and before an old one is removed
10409 can now return a special value to terminate the procedure and
10410 prevent any later plugins from running.
10412 * Journald's SplitMode=login setting has been deprecated. It has been
10413 removed from documentation, and its use is discouraged. In a future
10414 release it will be completely removed, and made equivalent to current
10415 default of SplitMode=uid.
10417 * Storage=both option setting in /etc/systemd/coredump.conf has been
10418 removed. With fast LZ4 compression storing the core dump twice is not
10421 * The --share-system systemd-nspawn option has been replaced with an
10422 (undocumented) variable $SYSTEMD_NSPAWN_SHARE_SYSTEM, but the use of
10423 this functionality is discouraged. In addition the variables
10424 $SYSTEMD_NSPAWN_SHARE_NS_IPC, $SYSTEMD_NSPAWN_SHARE_NS_PID,
10425 $SYSTEMD_NSPAWN_SHARE_NS_UTS may be used to control the unsharing of
10426 individual namespaces.
10428 * "machinectl list" now shows the IP address of running containers in
10429 the output, as well as OS release information.
10431 * "loginctl list" now shows the TTY of each session in the output.
10433 * sd-bus gained new API calls sd_bus_track_set_recursive(),
10434 sd_bus_track_get_recursive(), sd_bus_track_count_name(),
10435 sd_bus_track_count_sender(). They permit usage of sd_bus_track peer
10436 tracking objects in a "recursive" mode, where a single client can be
10437 counted multiple times, if it takes multiple references.
10439 * sd-bus gained new API calls sd_bus_set_exit_on_disconnect() and
10440 sd_bus_get_exit_on_disconnect(). They may be used to make a
10441 process using sd-bus automatically exit if the bus connection is
10444 * Bus clients of the service manager may now "pin" loaded units into
10445 memory, by taking an explicit reference on them. This is useful to
10446 ensure the client can retrieve runtime data about the service even
10447 after the service completed execution. Taking such a reference is
10448 available only for privileged clients and should be helpful to watch
10449 running services in a race-free manner, and in particular collect
10450 information about exit statuses and results.
10452 * The nss-resolve module has been changed to strictly return UNAVAIL
10453 when communication via D-Bus with resolved failed, and NOTFOUND when
10454 a lookup completed but was negative. This means it is now possible to
10455 neatly configure fallbacks using nsswitch.conf result checking
10456 expressions. Taking benefit of this, the new recommended
10457 configuration line for the "hosts" entry in /etc/nsswitch.conf is:
10459 hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
10461 * A new setting CtrlAltDelBurstAction= has been added to
10462 /etc/systemd/system.conf which may be used to configure the precise
10463 behaviour if the user on the console presses Ctrl-Alt-Del more often
10464 than 7 times in 2s. Previously this would unconditionally result in
10465 an expedited, immediate reboot. With this new setting the precise
10466 operation may be configured in more detail, and also turned off
10469 * In .netdev files two new settings RemoteChecksumTx= and
10470 RemoteChecksumRx= are now understood that permit configuring the
10471 remote checksumming logic for VXLAN networks.
10473 * The service manager learnt a new "invocation ID" concept for invoked
10474 services. Each runtime cycle of a service will get a new invocation
10475 ID (a 128-bit random UUID) assigned that identifies the current
10476 run of the service uniquely and globally. A new invocation ID
10477 is generated each time a service starts up. The journal will store
10478 the invocation ID of a service along with any logged messages, thus
10479 making the invocation ID useful for matching the online runtime of a
10480 service with the offline log data it generated in a safe way without
10481 relying on synchronized timestamps. In many ways this new service
10482 invocation ID concept is similar to the kernel's boot ID concept that
10483 uniquely and globally identifies the runtime of each boot. The
10484 invocation ID of a service is passed to the service itself via an
10485 environment variable ($INVOCATION_ID). A new bus call
10486 GetUnitByInvocationID() has been added that is similar to GetUnit()
10487 but instead of retrieving the bus path for a unit by its name
10488 retrieves it by its invocation ID. The returned path is valid only as
10489 long as the passed invocation ID is current.
10491 * systemd-resolved gained a new "DNSStubListener" setting in
10492 resolved.conf. It either takes a boolean value or the special values
10493 "udp" and "tcp", and configures whether to enable the stub DNS
10494 listener on 127.0.0.53:53.
10496 * IP addresses configured via networkd may now carry additional
10497 configuration settings supported by the kernel. New options include:
10498 HomeAddress=, DuplicateAddressDetection=, ManageTemporaryAddress=,
10499 PrefixRoute=, AutoJoin=.
10501 * The PAM configuration fragment file for "user@.service" shipped with
10502 systemd (i.e. the --user instance of systemd) has been stripped to
10503 the minimum necessary to make the system boot. Previously, it
10504 contained Fedora-specific stanzas that did not apply to other
10505 distributions. It is expected that downstream distributions add
10506 additional configuration lines, matching their needs to this file,
10507 using it only as rough template of what systemd itself needs. Note
10508 that this reduced fragment does not even include an invocation of
10509 pam_limits which most distributions probably want to add, even though
10510 systemd itself does not need it. (There's also the new build time
10511 option --with-pamconfdir=no to disable installation of the PAM
10512 fragment entirely.)
10514 * If PrivateDevices=yes is set for a service the CAP_SYS_RAWIO
10515 capability is now also dropped from its set (in addition to
10516 CAP_SYS_MKNOD as before).
10518 * In service unit files it is now possible to connect a specific named
10519 file descriptor with stdin/stdout/stdout of an executed service. The
10520 name may be specified in matching .socket units using the
10521 FileDescriptorName= setting.
10523 * A number of journal settings may now be configured on the kernel
10524 command line. Specifically, the following options are now understood:
10525 systemd.journald.max_level_console=,
10526 systemd.journald.max_level_store=,
10527 systemd.journald.max_level_syslog=, systemd.journald.max_level_kmsg=,
10528 systemd.journald.max_level_wall=.
10530 * "systemctl is-enabled --full" will now show by which symlinks a unit
10531 file is enabled in the unit dependency tree.
10533 * Support for VeraCrypt encrypted partitions has been added to the
10534 "cryptsetup" logic and /etc/crypttab.
10536 * systemd-detect-virt gained support for a new --private-users switch
10537 that checks whether the invoking processes are running inside a user
10538 namespace. Similar, a new special value "private-users" for the
10539 existing ConditionVirtualization= setting has been added, permitting
10540 skipping of specific units in user namespace environments.
10542 Contributions from: Alban Crequy, Alexander Kuleshov, Alfie John,
10543 Andreas Henriksson, Andrew Jeddeloh, Balázs Úr, Bart Rulon, Benjamin
10544 Richter, Ben Gamari, Ben Harris, Brian J. Murrell, Christian Brauner,
10545 Christian Rebischke, Clinton Roy, Colin Walters, Cristian Rodríguez,
10546 Daniel Hahler, Daniel Mack, Daniel Maixner, Daniel Rusek, Dan Dedrick,
10547 Davide Cavalca, David Herrmann, David Michael, Dennis Wassenberg,
10548 Djalal Harouni, Dongsu Park, Douglas Christman, Elias Probst, Eric
10549 Cook, Erik Karlsson, Evgeny Vereshchagin, Felipe Sateler, Felix Zhang,
10550 Franck Bui, George Hilliard, Giuseppe Scrivano, HATAYAMA Daisuke,
10551 Heikki Kemppainen, Hendrik Brueckner, hi117, Ismo Puustinen, Ivan
10552 Shapovalov, Jakub Filak, Jakub Wilk, Jan Synacek, Jason Kölker,
10553 Jean-Sébastien Bour, Jiří Pírko, Jonathan Boulle, Jorge Niedbalski,
10554 Keith Busch, kristbaum, Kyle Russell, Lans Zhang, Lennart Poettering,
10555 Leonardo Brondani Schenkel, Lucas Werkmeister, Luca Bruno, Lukáš
10556 Nykrýn, Maciek Borzecki, Mantas Mikulėnas, Marc-Antoine Perennou,
10557 Marcel Holtmann, Marcos Mello, Martin Ejdestig, Martin Pitt, Matej
10558 Habrnal, Maxime de Roucy, Michael Biebl, Michael Chapman, Michael Hoy,
10559 Michael Olbrich, Michael Pope, Michal Sekletar, Michal Soltys, Mike
10560 Gilbert, Nick Owens, Patrik Flykt, Paweł Szewczyk, Peter Hutterer,
10561 Piotr Drąg, Reid Price, Richard W.M. Jones, Roman Stingler, Ronny
10562 Chevalier, Seraphime Kirkovski, Stefan Schweter, Steve Muir, Susant
10563 Sahani, Tejun Heo, Thomas Blume, Thomas H. P. Andersen, Tiago Levit,
10564 Tobias Jungel, Tomáš Janoušek, Topi Miettinen, Torstein Husebø, Umut
10565 Tezduyar Lindskog, Vito Caputo, WaLyong Cho, Wilhelm Schuster, Yann
10566 E. MORIN, Yi EungJun, Yuki Inoguchi, Yu Watanabe, Zbigniew
10567 Jędrzejewski-Szmek, Zeal Jagannatha
10569 — Santa Fe, 2016-11-03
10573 * In service units the various ExecXYZ= settings have been extended
10574 with an additional special character as first argument of the
10575 assigned value: if the character '+' is used the specified command
10576 line it will be run with full privileges, regardless of User=,
10577 Group=, CapabilityBoundingSet= and similar options. The effect is
10578 similar to the existing PermissionsStartOnly= option, but allows
10579 configuration of this concept for each executed command line
10582 * Services may now alter the service watchdog timeout at runtime by
10583 sending a WATCHDOG_USEC= message via sd_notify().
10585 * MemoryLimit= and related unit settings now optionally take percentage
10586 specifications. The percentage is taken relative to the amount of
10587 physical memory in the system (or in case of containers, the assigned
10588 amount of memory). This allows scaling service resources neatly with
10589 the amount of RAM available on the system. Similarly, systemd-logind's
10590 RuntimeDirectorySize= option now also optionally takes percentage
10593 * In similar fashion TasksMax= takes percentage values now, too. The
10594 value is taken relative to the configured maximum number of processes
10595 on the system. The per-service task maximum has been changed to 15%
10596 using this functionality. (Effectively this is an increase of 512 →
10597 4915 for service units, given the kernel's default pid_max setting.)
10599 * Calendar time specifications in .timer units now understand a ".."
10600 syntax for time ranges. Example: "4..7:10" may now be used for
10601 defining a timer that is triggered at 4:10am, 5:10am, 6:10am and
10604 * The InaccessableDirectories=, ReadOnlyDirectories= and
10605 ReadWriteDirectories= unit file settings have been renamed to
10606 InaccessablePaths=, ReadOnlyPaths= and ReadWritePaths= and may now be
10607 applied to all kinds of file nodes, and not just directories, with
10608 the exception of symlinks. Specifically these settings may now be
10609 used on block and character device nodes, UNIX sockets and FIFOS as
10610 well as regular files. The old names of these settings remain
10611 available for compatibility.
10613 * systemd will now log about all service processes it kills forcibly
10614 (using SIGKILL) because they remained after the clean shutdown phase
10615 of the service completed. This should help identifying services that
10616 shut down uncleanly. Moreover if KillUserProcesses= is enabled in
10617 systemd-logind's configuration a similar log message is generated for
10618 processes killed at the end of each session due to this setting.
10620 * systemd will now set the $JOURNAL_STREAM environment variable for all
10621 services whose stdout/stderr are connected to the Journal (which
10622 effectively means by default: all services). The variable contains
10623 the device and inode number of the file descriptor used for
10624 stdout/stderr. This may be used by invoked programs to detect whether
10625 their stdout/stderr is connected to the Journal, in which case they
10626 can switch over to direct Journal communication, thus being able to
10627 pass extended, structured metadata along with their log messages. As
10628 one example, this is now used by glib's logging primitives.
10630 * When using systemd's default tmp.mount unit for /tmp, the mount point
10631 will now be established with the "nosuid" and "nodev" options. This
10632 avoids privilege escalation attacks that put traps and exploits into
10633 /tmp. However, this might cause problems if you e.g. put container
10634 images or overlays into /tmp; if you need this, override tmp.mount's
10635 "Options=" with a drop-in, or mount /tmp from /etc/fstab with your
10638 * systemd now supports the "memory" cgroup controller also on
10641 * The systemd-cgtop tool now optionally takes a control group path as
10642 command line argument. If specified, the control group list shown is
10643 limited to subgroups of that group.
10645 * The SystemCallFilter= unit file setting gained support for
10646 pre-defined, named system call filter sets. For example
10647 SystemCallFilter=@clock is now an effective way to make all clock
10648 changing-related system calls unavailable to a service. A number of
10649 similar pre-defined groups are defined. Writing system call filters
10650 for system services is simplified substantially with this new
10651 concept. Accordingly, all of systemd's own, long-running services now
10652 enable system call filtering based on this, by default.
10654 * A new service setting MemoryDenyWriteExecute= has been added, taking
10655 a boolean value. If turned on, a service may no longer create memory
10656 mappings that are writable and executable at the same time. This
10657 enhances security for services where this is enabled as it becomes
10658 harder to dynamically write and then execute memory in exploited
10659 service processes. This option has been enabled for all of systemd's
10660 own long-running services.
10662 * A new RestrictRealtime= service setting has been added, taking a
10663 boolean argument. If set the service's processes may no longer
10664 acquire realtime scheduling. This improves security as realtime
10665 scheduling may otherwise be used to easily freeze the system.
10667 * systemd-nspawn gained a new switch --notify-ready= taking a boolean
10668 value. This may be used for requesting that the system manager inside
10669 of the container reports start-up completion to nspawn which then
10670 propagates this notification further to the service manager
10671 supervising nspawn itself. A related option NotifyReady= in .nspawn
10672 files has been added too. This functionality allows ordering of the
10673 start-up of multiple containers using the usual systemd ordering
10676 * machinectl gained a new command "stop" that is an alias for
10679 * systemd-resolved gained support for contacting DNS servers on
10680 link-local IPv6 addresses.
10682 * If systemd-resolved receives the SIGUSR2 signal it will now flush all
10683 its caches. A method call for requesting the same operation has been
10684 added to the bus API too, and is made available via "systemd-resolve
10687 * systemd-resolve gained a new --status switch. If passed a brief
10688 summary of the used DNS configuration with per-interface information
10691 * resolved.conf gained a new Cache= boolean option, defaulting to
10692 on. If turned off local DNS caching is disabled. This comes with a
10693 performance penalty in particular when DNSSEC is enabled. Note that
10694 resolved disables its internal caching implicitly anyway, when the
10695 configured DNS server is on a host-local IP address such as ::1 or
10696 127.0.0.1, thus automatically avoiding double local caching.
10698 * systemd-resolved now listens on the local IP address 127.0.0.53:53
10699 for DNS requests. This improves compatibility with local programs
10700 that do not use the libc NSS or systemd-resolved's bus APIs for name
10701 resolution. This minimal DNS service is only available to local
10702 programs and does not implement the full DNS protocol, but enough to
10703 cover local DNS clients. A new, static resolv.conf file, listing just
10704 this DNS server is now shipped in /usr/lib/systemd/resolv.conf. It is
10705 now recommended to make /etc/resolv.conf a symlink to this file in
10706 order to route all DNS lookups to systemd-resolved, regardless if
10707 done via NSS, the bus API or raw DNS packets. Note that this local
10708 DNS service is not as fully featured as the libc NSS or
10709 systemd-resolved's bus APIs. For example, as unicast DNS cannot be
10710 used to deliver link-local address information (as this implies
10711 sending a local interface index along), LLMNR/mDNS support via this
10712 interface is severely restricted. It is thus strongly recommended for
10713 all applications to use the libc NSS API or native systemd-resolved
10716 * systemd-networkd's bridge support learned a new setting
10717 VLANFiltering= for controlling VLAN filtering. Moreover a new section
10718 in .network files has been added for configuring VLAN bridging in
10719 more detail: VLAN=, EgressUntagged=, PVID= in [BridgeVLAN].
10721 * systemd-networkd's IPv6 Router Advertisement code now makes use of
10722 the DNSSL and RDNSS options. This means IPv6 DNS configuration may
10723 now be acquired without relying on DHCPv6. Two new options
10724 UseDomains= and UseDNS= have been added to configure this behaviour.
10726 * systemd-networkd's IPv6AcceptRouterAdvertisements= option has been
10727 renamed IPv6AcceptRA=, without altering its behaviour. The old
10728 setting name remains available for compatibility reasons.
10730 * The systemd-networkd VTI/VTI6 tunneling support gained new options
10731 Key=, InputKey= and OutputKey=.
10733 * systemd-networkd gained support for VRF ("Virtual Routing Function")
10734 interface configuration.
10736 * "systemctl edit" may now be used to create new unit files by
10737 specifying the --force switch.
10739 * sd-event gained a new function sd_event_get_iteration() for
10740 requesting the current iteration counter of the event loop. It starts
10741 at zero and is increased by one with each event loop iteration.
10743 * A new rpm macro %systemd_ordering is provided by the macros.systemd
10744 file. It can be used in lieu of %systemd_requires in packages which
10745 don't use any systemd functionality and are intended to be installed
10746 in minimal containers without systemd present. This macro provides
10747 ordering dependencies to ensure that if the package is installed in
10748 the same rpm transaction as systemd, systemd will be installed before
10749 the scriptlets for the package are executed, allowing unit presets
10752 New macros %_systemdgeneratordir and %_systemdusergeneratordir have
10753 been added to simplify packaging of generators.
10755 * The os-release file gained VERSION_CODENAME field for the
10756 distribution nickname (e.g. VERSION_CODENAME=woody).
10758 * New udev property UDEV_DISABLE_PERSISTENT_STORAGE_RULES_FLAG=1
10759 can be set to disable parsing of metadata and the creation
10760 of persistent symlinks for that device.
10762 * The v230 change to tag framebuffer devices (/dev/fb*) with "uaccess"
10763 to make them available to logged-in users has been reverted.
10765 * Much of the common code of the various systemd components is now
10766 built into an internal shared library libsystemd-shared-231.so
10767 (incorporating the systemd version number in the name, to be updated
10768 with future releases) that the components link to. This should
10769 decrease systemd footprint both in memory during runtime and on
10770 disk. Note that the shared library is not for public use, and is
10771 neither API nor ABI stable, but is likely to change with every new
10772 released update. Packagers need to make sure that binaries
10773 linking to libsystemd-shared.so are updated in step with the
10776 * Configuration for "mkosi" is now part of the systemd
10777 repository. mkosi is a tool to easily build legacy-free OS images,
10778 and is available on github: https://github.com/systemd/mkosi. If
10779 "mkosi" is invoked in the build tree a new raw OS image is generated
10780 incorporating the systemd sources currently being worked on and a
10781 clean, fresh distribution installation. The generated OS image may be
10782 booted up with "systemd-nspawn -b -i", qemu-kvm or on any physical
10783 UEFI PC. This functionality is particularly useful to easily test
10784 local changes made to systemd in a pristine, defined environment. See
10785 doc/HACKING for details.
10787 * configure learned the --with-support-url= option to specify the
10788 distribution's bugtracker.
10790 Contributions from: Alban Crequy, Alessandro Puccetti, Alessio Igor
10791 Bogani, Alexander Kuleshov, Alexander Kurtz, Alex Gaynor, Andika
10792 Triwidada, Andreas Pokorny, Andreas Rammhold, Andrew Jeddeloh, Ansgar
10793 Burchardt, Atrotors, Benjamin Drung, Brian Boylston, Christian Hesse,
10794 Christian Rebischke, Daniele Medri, Daniel Mack, Dave Reisner, David
10795 Herrmann, David Michael, Djalal Harouni, Douglas Christman, Elias
10796 Probst, Evgeny Vereshchagin, Federico Mena Quintero, Felipe Sateler,
10797 Franck Bui, Harald Hoyer, Ian Lee, Ivan Shapovalov, Jakub Wilk, Jan
10798 Janssen, Jean-Sébastien Bour, John Paul Adrian Glaubitz, Jouke
10799 Witteveen, Kai Ruhnau, kpengboy, Kyle Walker, Lénaïc Huard, Lennart
10800 Poettering, Luca Bruno, Lukas Lösche, Lukáš Nykrýn, mahkoh, Marcel
10801 Holtmann, Martin Pitt, Marty Plummer, Matthieu Codron, Max Prokhorov,
10802 Michael Biebl, Michael Karcher, Michael Olbrich, Michał Bartoszkiewicz,
10803 Michal Sekletar, Michal Soltys, Minkyung, Muhammet Kara, mulkieran,
10804 Otto Wallenius, Pablo Lezaeta Reyes, Peter Hutterer, Ronny Chevalier,
10805 Rusty Bird, Stef Walter, Susant Sahani, Tejun Heo, Thomas Blume, Thomas
10806 Haller, Thomas H. P. Andersen, Tobias Jungel, Tom Gundersen, Tom Yan,
10807 Topi Miettinen, Torstein Husebø, Valentin Vidić, Viktar Vaŭčkievič,
10808 WaLyong Cho, Weng Xuetian, Werner Fink, Zbigniew Jędrzejewski-Szmek
10810 — Berlin, 2016-07-25
10814 * DNSSEC is now turned on by default in systemd-resolved (in
10815 "allow-downgrade" mode), but may be turned off during compile time by
10816 passing "--with-default-dnssec=no" to "configure" (and of course,
10817 during runtime with DNSSEC= in resolved.conf). We recommend
10818 downstreams to leave this on at least during development cycles and
10819 report any issues with the DNSSEC logic upstream. We are very
10820 interested in collecting feedback about the DNSSEC validator and its
10821 limitations in the wild. Note however, that DNSSEC support is
10822 probably nothing downstreams should turn on in stable distros just
10823 yet, as it might create incompatibilities with a few DNS servers and
10824 networks. We tried hard to make sure we downgrade to non-DNSSEC mode
10825 automatically whenever we detect such incompatible setups, but there
10826 might be systems we do not cover yet. Hence: please help us testing
10827 the DNSSEC code, leave this on where you can, report back, but then
10828 again don't consider turning this on in your stable, LTS or
10829 production release just yet. (Note that you have to enable
10830 nss-resolve in /etc/nsswitch.conf, to actually use systemd-resolved
10831 and its DNSSEC mode for hostname resolution from local
10834 * systemd-resolve conveniently resolves DANE records with the --tlsa
10835 option and OPENPGPKEY records with the --openpgp option. It also
10836 supports dumping raw DNS record data via the new --raw= switch.
10838 * systemd-logind will now by default terminate user processes that are
10839 part of the user session scope unit (session-XX.scope) when the user
10840 logs out. This behavior is controlled by the KillUserProcesses=
10841 setting in logind.conf, and the previous default of "no" is now
10842 changed to "yes". This means that user sessions will be properly
10843 cleaned up after, but additional steps are necessary to allow
10844 intentionally long-running processes to survive logout.
10846 While the user is logged in at least once, user@.service is running,
10847 and any service that should survive the end of any individual login
10848 session can be started at a user service or scope using systemd-run.
10849 systemd-run(1) man page has been extended with an example which shows
10850 how to run screen in a scope unit underneath user@.service. The same
10851 command works for tmux.
10853 After the user logs out of all sessions, user@.service will be
10854 terminated too, by default, unless the user has "lingering" enabled.
10855 To effectively allow users to run long-term tasks even if they are
10856 logged out, lingering must be enabled for them. See loginctl(1) for
10857 details. The default polkit policy was modified to allow users to
10858 set lingering for themselves without authentication.
10860 Previous defaults can be restored at compile time by the
10861 --without-kill-user-processes option to "configure".
10863 * systemd-logind gained new configuration settings SessionsMax= and
10864 InhibitorsMax=, both with a default of 8192. It will not register new
10865 user sessions or inhibitors above this limit.
10867 * systemd-logind will now reload configuration on SIGHUP.
10869 * The unified cgroup hierarchy added in Linux 4.5 is now supported.
10870 Use systemd.unified_cgroup_hierarchy=1 on the kernel command line to
10871 enable. Also, support for the "io" cgroup controller in the unified
10872 hierarchy has been added, so that the "memory", "pids" and "io" are
10873 now the controllers that are supported on the unified hierarchy.
10875 WARNING: it is not possible to use previous systemd versions with
10876 systemd.unified_cgroup_hierarchy=1 and the new kernel. Therefore it
10877 is necessary to also update systemd in the initramfs if using the
10878 unified hierarchy. An updated SELinux policy is also required.
10880 * LLDP support has been extended, and both passive (receive-only) and
10881 active (sender) modes are supported. Passive mode ("routers-only") is
10882 enabled by default in systemd-networkd. Active LLDP mode is enabled
10883 by default for containers on the internal network. The "networkctl
10884 lldp" command may be used to list information gathered. "networkctl
10885 status" will also show basic LLDP information on connected peers now.
10887 * The IAID and DUID unique identifier sent in DHCP requests may now be
10888 configured for the system and each .network file managed by
10889 systemd-networkd using the DUIDType=, DUIDRawData=, IAID= options.
10891 * systemd-networkd gained support for configuring proxy ARP support for
10892 each interface, via the ProxyArp= setting in .network files. It also
10893 gained support for configuring the multicast querier feature of
10894 bridge devices, via the new MulticastQuerier= setting in .netdev
10895 files. Similarly, snooping on the IGMP traffic can be controlled
10896 via the new setting MulticastSnooping=.
10898 A new setting PreferredLifetime= has been added for addresses
10899 configured in .network file to configure the lifetime intended for an
10902 The systemd-networkd DHCP server gained the option EmitRouter=, which
10903 defaults to yes, to configure whether the DHCP Option 3 (Router)
10906 * The testing tool /usr/lib/systemd/systemd-activate is renamed to
10907 systemd-socket-activate and installed into /usr/bin. It is now fully
10910 * systemd-journald now uses separate threads to flush changes to disk
10911 when closing journal files, thus reducing impact of slow disk I/O on
10912 logging performance.
10914 * The sd-journal API gained two new calls
10915 sd_journal_open_directory_fd() and sd_journal_open_files_fd() which
10916 can be used to open journal files using file descriptors instead of
10917 file or directory paths. sd_journal_open_container() has been
10918 deprecated, sd_journal_open_directory_fd() should be used instead
10919 with the flag SD_JOURNAL_OS_ROOT.
10921 * journalctl learned a new output mode "-o short-unix" that outputs log
10922 lines prefixed by their UNIX time (i.e. seconds since Jan 1st, 1970
10923 UTC). It also gained support for a new --no-hostname setting to
10924 suppress the hostname column in the family of "short" output modes.
10926 * systemd-ask-password now optionally skips printing of the password to
10927 stdout with --no-output which can be useful in scripts.
10929 * Framebuffer devices (/dev/fb*) and 3D printers and scanners
10930 (devices tagged with ID_MAKER_TOOL) are now tagged with
10931 "uaccess" and are available to logged in users.
10933 * The DeviceAllow= unit setting now supports specifiers (with "%").
10935 * "systemctl show" gained a new --value switch, which allows print a
10936 only the contents of a specific unit property, without also printing
10937 the property's name. Similar support was added to "show*" verbs
10938 of loginctl and machinectl that output "key=value" lists.
10940 * A new unit type "generated" was added for files dynamically generated
10941 by generator tools. Similarly, a new unit type "transient" is used
10942 for unit files created using the runtime API. "systemctl enable" will
10943 refuse to operate on such files.
10945 * A new command "systemctl revert" has been added that may be used to
10946 revert to the vendor version of a unit file, in case local changes
10947 have been made by adding drop-ins or overriding the unit file.
10949 * "machinectl clean" gained a new verb to automatically remove all or
10950 just hidden container images.
10952 * systemd-tmpfiles gained support for a new line type "e" for emptying
10953 directories, if they exist, without creating them if they don't.
10955 * systemd-nspawn gained support for automatically patching the UID/GIDs
10956 of the owners and the ACLs of all files and directories in a
10957 container tree to match the UID/GID user namespacing range selected
10958 for the container invocation. This mode is enabled via the new
10959 --private-users-chown switch. It also gained support for
10960 automatically choosing a free, previously unused UID/GID range when
10961 starting a container, via the new --private-users=pick setting (which
10962 implies --private-users-chown). Together, these options for the first
10963 time make user namespacing for nspawn containers fully automatic and
10964 thus deployable. The systemd-nspawn@.service template unit file has
10965 been changed to use this functionality by default.
10967 * systemd-nspawn gained a new --network-zone= switch, that allows
10968 creating ad-hoc virtual Ethernet links between multiple containers,
10969 that only exist as long as at least one container referencing them is
10970 running. This allows easy connecting of multiple containers with a
10971 common link that implements an Ethernet broadcast domain. Each of
10972 these network "zones" may be named relatively freely by the user, and
10973 may be referenced by any number of containers, but each container may
10974 only reference one of these "zones". On the lower level, this is
10975 implemented by an automatically managed bridge network interface for
10976 each zone, that is created when the first container referencing its
10977 zone is created and removed when the last one referencing its zone
10980 * The default start timeout may now be configured on the kernel command
10981 line via systemd.default_timeout_start_sec=. It was already
10982 configurable via the DefaultTimeoutStartSec= option in
10983 /etc/systemd/system.conf.
10985 * Socket units gained a new TriggerLimitIntervalSec= and
10986 TriggerLimitBurst= setting to configure a limit on the activation
10987 rate of the socket unit.
10989 * The LimitNICE= setting now optionally takes normal UNIX nice values
10990 in addition to the raw integer limit value. If the specified
10991 parameter is prefixed with "+" or "-" and is in the range -20…19 the
10992 value is understood as UNIX nice value. If not prefixed like this it
10993 is understood as raw RLIMIT_NICE limit.
10995 * Note that the effect of the PrivateDevices= unit file setting changed
10996 slightly with this release: the per-device /dev file system will be
10997 mounted read-only from this version on, and will have "noexec"
10998 set. This (minor) change of behavior might cause some (exceptional)
10999 legacy software to break, when PrivateDevices=yes is set for its
11000 service. Please leave PrivateDevices= off if you run into problems
11003 * systemd-bootchart has been split out to a separate repository:
11004 https://github.com/systemd/systemd-bootchart
11006 * systemd-bus-proxyd has been removed, as kdbus is unlikely to still be
11007 merged into the kernel in its current form.
11009 * The compatibility libraries libsystemd-daemon.so,
11010 libsystemd-journal.so, libsystemd-id128.so, and libsystemd-login.so
11011 which have been deprecated since systemd-209 have been removed along
11012 with the corresponding pkg-config files. All symbols provided by
11013 those libraries are provided by libsystemd.so.
11015 * The Capabilities= unit file setting has been removed (it is ignored
11016 for backwards compatibility). AmbientCapabilities= and
11017 CapabilityBoundingSet= should be used instead.
11019 * A new special target has been added, initrd-root-device.target,
11020 which creates a synchronization point for dependencies of the root
11021 device in early userspace. Initramfs builders must ensure that this
11022 target is now included in early userspace.
11024 Contributions from: Alban Crequy, Alexander Kuleshov, Alexander Shopov,
11025 Alex Crawford, Andre Klärner, Andrew Eikum, Beniamino Galvani, Benjamin
11026 Robin, Biao Lu, Bjørnar Ness, Calvin Owens, Christian Hesse, Clemens
11027 Gruber, Colin Guthrie, Daniel Drake, Daniele Medri, Daniel J Walsh,
11028 Daniel Mack, Dan Nicholson, daurnimator, David Herrmann, David
11029 R. Hedges, Elias Probst, Emmanuel Gil Peyrot, EMOziko, Evgeny
11030 Vereshchagin, Federico, Felipe Sateler, Filipe Brandenburger, Franck
11031 Bui, frankheckenbach, gdamjan, Georgia Brikis, Harald Hoyer, Hendrik
11032 Brueckner, Hristo Venev, Iago López Galeiras, Ian Kelling, Ismo
11033 Puustinen, Jakub Wilk, Jaroslav Škarvada, Jeff Huang, Joel Holdsworth,
11034 John Paul Adrian Glaubitz, Jonathan Boulle, kayrus, Klearchos
11035 Chaloulos, Kyle Russell, Lars Uebernickel, Lennart Poettering, Lubomir
11036 Rintel, Lukáš Nykrýn, Mantas Mikulėnas, Marcel Holtmann, Martin Pitt,
11037 Michael Biebl, michaelolbrich, Michał Bartoszkiewicz, Michal Koutný,
11038 Michal Sekletar, Mike Frysinger, Mike Gilbert, Mingcong Bai, Ming Lin,
11039 mulkieran, muzena, Nalin Dahyabhai, Naohiro Aota, Nathan McSween,
11040 Nicolas Braud-Santoni, Patrik Flykt, Peter Hutterer, Peter Mattern,
11041 Petr Lautrbach, Petros Angelatos, Piotr Drąg, Rabin Vincent, Robert
11042 Węcławski, Ronny Chevalier, Samuel Tardieu, Stefan Saraev, Stefan
11043 Schallenberg aka nafets227, Steven Siloti, Susant Sahani, Sylvain
11044 Plantefève, Taylor Smock, Tejun Heo, Thomas Blume, Thomas Haller,
11045 Thomas H. P. Andersen, Tobias Klauser, Tom Gundersen, topimiettinen,
11046 Torstein Husebø, Umut Tezduyar Lindskog, Uwe Kleine-König, Victor Toso,
11047 Vinay Kulkarni, Vito Caputo, Vittorio G (VittGam), Vladimir Panteleev,
11048 Wieland Hoffmann, Wouter Verhelst, Yu Watanabe, Zbigniew
11051 — Fairfax, 2016-05-21
11055 * The systemd-resolved DNS resolver service has gained a substantial
11056 set of new features, most prominently it may now act as a DNSSEC
11057 validating stub resolver. DNSSEC mode is currently turned off by
11058 default, but is expected to be turned on by default in one of the
11059 next releases. For now, we invite everybody to test the DNSSEC logic
11060 by setting DNSSEC=allow-downgrade in /etc/systemd/resolved.conf. The
11061 service also gained a full set of D-Bus interfaces, including calls
11062 to configure DNS and DNSSEC settings per link (for use by external
11063 network management software). systemd-resolved and systemd-networkd
11064 now distinguish between "search" and "routing" domains. The former
11065 are used to qualify single-label names, the latter are used purely
11066 for routing lookups within certain domains to specific links.
11067 resolved now also synthesizes RRs for all entries from /etc/hosts.
11069 * The systemd-resolve tool (which is a client utility for
11070 systemd-resolved) has been improved considerably and is now fully
11071 supported and documented. Hence it has moved from /usr/lib/systemd to
11074 * /dev/disk/by-path/ symlink support has been (re-)added for virtio
11077 * The coredump collection logic has been reworked: when a coredump is
11078 collected it is now written to disk, compressed and processed
11079 (including stacktrace extraction) from a new instantiated service
11080 systemd-coredump@.service, instead of directly from the
11081 /proc/sys/kernel/core_pattern hook we provide. This is beneficial as
11082 processing large coredumps can take up a substantial amount of
11083 resources and time, and this previously happened entirely outside of
11084 systemd's service supervision. With the new logic the core_pattern
11085 hook only does minimal metadata collection before passing off control
11086 to the new instantiated service, which is configured with a time
11087 limit, a nice level and other settings to minimize negative impact on
11088 the rest of the system. Also note that the new logic will honour the
11089 RLIMIT_CORE setting of the crashed process, which now allows users
11090 and processes to turn off coredumping for their processes by setting
11093 * The RLIMIT_CORE resource limit now defaults to "unlimited" for PID 1
11094 and all forked processes by default. Previously, PID 1 would leave
11095 the setting at "0" for all processes, as set by the kernel. Note that
11096 the resource limit traditionally has no effect on the generated
11097 coredumps on the system if the /proc/sys/kernel/core_pattern hook
11098 logic is used. Since the limit is now honoured (see above) its
11099 default has been changed so that the coredumping logic is enabled by
11100 default for all processes, while allowing specific opt-out.
11102 * When the stacktrace is extracted from processes of system users, this
11103 is now done as "systemd-coredump" user, in order to sandbox this
11104 potentially security sensitive parsing operation. (Note that when
11105 processing coredumps of normal users this is done under the user ID
11106 of process that crashed, as before.) Packagers should take notice
11107 that it is now necessary to create the "systemd-coredump" system user
11108 and group at package installation time.
11110 * The systemd-activate socket activation testing tool gained support
11111 for SOCK_DGRAM and SOCK_SEQPACKET sockets using the new --datagram
11112 and --seqpacket switches. It also has been extended to support both
11113 new-style and inetd-style file descriptor passing. Use the new
11114 --inetd switch to request inetd-style file descriptor passing.
11116 * Most systemd tools now honor a new $SYSTEMD_COLORS environment
11117 variable, which takes a boolean value. If set to false, ANSI color
11118 output is disabled in the tools even when run on a terminal that
11121 * The VXLAN support in networkd now supports two new settings
11122 DestinationPort= and PortRange=.
11124 * A new systemd.machine_id= kernel command line switch has been added,
11125 that may be used to set the machine ID in /etc/machine-id if it is
11126 not initialized yet. This command line option has no effect if the
11127 file is already initialized.
11129 * systemd-nspawn gained a new --as-pid2 switch that invokes any
11130 specified command line as PID 2 rather than PID 1 in the
11131 container. In this mode PID 1 is a minimal stub init process that
11132 implements the special POSIX and Linux semantics of PID 1 regarding
11133 signal and child process management. Note that this stub init process
11134 is implemented in nspawn itself and requires no support from the
11135 container image. This new logic is useful to support running
11136 arbitrary commands in the container, as normal processes are
11137 generally not prepared to run as PID 1.
11139 * systemd-nspawn gained a new --chdir= switch for setting the current
11140 working directory for the process started in the container.
11142 * "journalctl /dev/sda" will now output all kernel log messages for
11143 specified device from the current boot, in addition to all devices
11144 that are parents of it. This should make log output about devices
11145 pretty useful, as long as kernel drivers attach enough metadata to
11146 the log messages. (The usual SATA drivers do.)
11148 * The sd-journal API gained two new calls
11149 sd_journal_has_runtime_files() and sd_journal_has_persistent_files()
11150 that report whether log data from /run or /var has been found.
11152 * journalctl gained a new switch "--fields" that prints all journal
11153 record field names currently in use in the journal. This is backed
11154 by two new sd-journal API calls sd_journal_enumerate_fields() and
11155 sd_journal_restart_fields().
11157 * Most configurable timeouts in systemd now expect an argument of
11158 "infinity" to turn them off, instead of "0" as before. The semantics
11159 from now on is that a timeout of "0" means "now", and "infinity"
11160 means "never". To maintain backwards compatibility, "0" continues to
11161 turn off previously existing timeout settings.
11163 * "systemctl reload-or-try-restart" has been renamed to "systemctl
11164 try-reload-or-restart" to clarify what it actually does: the "try"
11165 logic applies to both reloading and restarting, not just restarting.
11166 The old name continues to be accepted for compatibility.
11168 * On boot-up, when PID 1 detects that the system clock is behind the
11169 release date of the systemd version in use, the clock is now set
11170 to the latter. Previously, this was already done in timesyncd, in order
11171 to avoid running with clocks set to the various clock epochs such as
11172 1902, 1938 or 1970. With this change the logic is now done in PID 1
11173 in addition to timesyncd during early boot-up, so that it is enforced
11174 before the first process is spawned by systemd. Note that the logic
11175 in timesyncd remains, as it is more comprehensive and ensures
11176 clock monotonicity by maintaining a persistent timestamp file in
11177 /var. Since /var is generally not available in earliest boot or the
11178 initrd, this part of the logic remains in timesyncd, and is not done
11181 * Support for tweaking details in net_cls.class_id through the
11182 NetClass= configuration directive has been removed, as the kernel
11183 people have decided to deprecate that controller in cgroup v2.
11184 Userspace tools such as nftables are moving over to setting rules
11185 that are specific to the full cgroup path of a task, which obsoletes
11186 these controllers anyway. The NetClass= directive is kept around for
11187 legacy compatibility reasons. For a more in-depth description of the
11188 kernel change, please refer to the respective upstream commit:
11190 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bd1060a1d671
11192 * A new service setting RuntimeMaxSec= has been added that may be used
11193 to specify a maximum runtime for a service. If the timeout is hit, the
11194 service is terminated and put into a failure state.
11196 * A new service setting AmbientCapabilities= has been added. It allows
11197 configuration of additional Linux process capabilities that are
11198 passed to the activated processes. This is only available on very
11201 * The process resource limit settings in service units may now be used
11202 to configure hard and soft limits individually.
11204 * The various libsystemd APIs such as sd-bus or sd-event now publicly
11205 expose support for gcc's __attribute__((cleanup())) C extension.
11206 Specifically, for many object destructor functions alternative
11207 versions have been added that have names suffixed with "p" and take a
11208 pointer to a pointer to the object to destroy, instead of just a
11209 pointer to the object itself. This is useful because these destructor
11210 functions may be used directly as parameters to the cleanup
11211 construct. Internally, systemd has been a heavy user of this GCC
11212 extension for a long time, and with this change similar support is
11213 now available to consumers of the library outside of systemd. Note
11214 that by using this extension in your sources compatibility with old
11215 and strictly ANSI compatible C compilers is lost. However, all gcc or
11216 LLVM versions of recent years support this extension.
11218 * Timer units gained support for a new setting RandomizedDelaySec= that
11219 allows configuring some additional randomized delay to the configured
11220 time. This is useful to spread out timer events to avoid load peaks in
11221 clusters or larger setups.
11223 * Calendar time specifications now support sub-second accuracy.
11225 * Socket units now support listening on SCTP and UDP-lite protocol
11228 * The sd-event API now comes with a full set of man pages.
11230 * Older versions of systemd contained experimental support for
11231 compressing journal files and coredumps with the LZ4 compressor that
11232 was not compatible with the lz4 binary (due to API limitations of the
11233 lz4 library). This support has been removed; only support for files
11234 compatible with the lz4 binary remains. This LZ4 logic is now
11235 officially supported and no longer considered experimental.
11237 * The dkr image import logic has been removed again from importd. dkr's
11238 micro-services focus doesn't fit into the machine image focus of
11239 importd, and quickly got out of date with the upstream dkr API.
11241 * Creation of the /run/lock/lockdev/ directory was dropped from
11242 tmpfiles.d/legacy.conf. Better locking mechanisms like flock() have
11243 been available for many years. If you still need this, you need to
11244 create your own tmpfiles.d config file with:
11246 d /run/lock/lockdev 0775 root lock -
11248 * The settings StartLimitBurst=, StartLimitInterval=, StartLimitAction=
11249 and RebootArgument= have been moved from the [Service] section of
11250 unit files to [Unit], and they are now supported on all unit types,
11251 not just service units. Of course, systemd will continue to
11252 understand these settings also at the old location, in order to
11253 maintain compatibility.
11255 Contributions from: Abdo Roig-Maranges, Alban Crequy, Aleksander
11256 Adamowski, Alexander Kuleshov, Andreas Pokorny, Andrei Borzenkov,
11257 Andrew Wilcox, Arthur Clement, Beniamino Galvani, Casey Schaufler,
11258 Chris Atkinson, Chris Mayo, Christian Hesse, Damjan Georgievski, Dan
11259 Dedrick, Daniele Medri, Daniel J Walsh, Daniel Korostil, Daniel Mack,
11260 David Herrmann, Dimitri John Ledkov, Dominik Hannen, Douglas Christman,
11261 Evgeny Vereshchagin, Filipe Brandenburger, Franck Bui, Gabor Kelemen,
11262 Harald Hoyer, Hayden Walles, Helmut Grohne, Henrik Kaare Poulsen,
11263 Hristo Venev, Hui Wang, Indrajit Raychaudhuri, Ismo Puustinen, Jakub
11264 Wilk, Jan Alexander Steffens (heftig), Jan Engelhardt, Jan Synacek,
11265 Joost Bremmer, Jorgen Schaefer, Karel Zak, Klearchos Chaloulos,
11266 lc85446, Lennart Poettering, Lukas Nykryn, Mantas Mikulėnas, Marcel
11267 Holtmann, Martin Pitt, Michael Biebl, Michael Olbrich, Michael Scherer,
11268 Michał Górny, Michal Sekletar, Nicolas Cornu, Nicolas Iooss, Nils
11269 Carlson, nmartensen, nnz1024, Patrick Ohly, Peter Hutterer, Phillip Sz,
11270 Ronny Chevalier, Samu Kallio, Shawn Landden, Stef Walter, Susant
11271 Sahani, Sylvain Plantefève, Tadej Janež, Thomas Hindoe Paaboel
11272 Andersen, Tom Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Vito
11273 Caputo, WaLyong Cho, Yu Watanabe, Zbigniew Jędrzejewski-Szmek
11275 — Berlin, 2016-02-11
11279 * A number of properties previously only settable in unit
11280 files are now also available as properties to set when
11281 creating transient units programmatically via the bus, as it
11282 is exposed with systemd-run's --property=
11283 setting. Specifically, these are: SyslogIdentifier=,
11284 SyslogLevelPrefix=, TimerSlackNSec=, OOMScoreAdjust=,
11285 EnvironmentFile=, ReadWriteDirectories=,
11286 ReadOnlyDirectories=, InaccessibleDirectories=,
11287 ProtectSystem=, ProtectHome=, RuntimeDirectory=.
11289 * When creating transient services via the bus API it is now
11290 possible to pass in a set of file descriptors to use as
11291 STDIN/STDOUT/STDERR for the invoked process.
11293 * Slice units may now be created transiently via the bus APIs,
11294 similar to the way service and scope units may already be
11295 created transiently.
11297 * Wherever systemd expects a calendar timestamp specification
11298 (like in journalctl's --since= and --until= switches) UTC
11299 timestamps are now supported. Timestamps suffixed with "UTC"
11300 are now considered to be in Universal Time Coordinated
11301 instead of the local timezone. Also, timestamps may now
11302 optionally be specified with sub-second accuracy. Both of
11303 these additions also apply to recurring calendar event
11304 specification, such as OnCalendar= in timer units.
11306 * journalctl gained a new "--sync" switch that asks the
11307 journal daemon to write all so far unwritten log messages to
11308 disk and sync the files, before returning.
11310 * systemd-tmpfiles learned two new line types "q" and "Q" that
11311 operate like "v", but also set up a basic btrfs quota
11312 hierarchy when used on a btrfs file system with quota
11315 * tmpfiles' "v", "q" and "Q" will now create a plain directory
11316 instead of a subvolume (even on a btrfs file system) if the
11317 root directory is a plain directory, and not a
11318 subvolume. This should simplify things with certain chroot()
11319 environments which are not aware of the concept of btrfs
11322 * systemd-detect-virt gained a new --chroot switch to detect
11323 whether execution takes place in a chroot() environment.
11325 * CPUAffinity= now takes CPU index ranges in addition to
11326 individual indexes.
11328 * The various memory-related resource limit settings (such as
11329 LimitAS=) now understand the usual K, M, G, … suffixes to
11330 the base of 1024 (IEC). Similar, the time-related resource
11331 limit settings understand the usual min, h, day, … suffixes
11334 * There's a new system.conf setting DefaultTasksMax= to
11335 control the default TasksMax= setting for services and
11336 scopes running on the system. (TasksMax= is the primary
11337 setting that exposes the "pids" cgroup controller on systemd
11338 and was introduced in the previous systemd release.) The
11339 setting now defaults to 512, which means services that are
11340 not explicitly configured otherwise will only be able to
11341 create 512 processes or threads at maximum, from this
11342 version on. Note that this means that thread- or
11343 process-heavy services might need to be reconfigured to set
11344 TasksMax= to a higher value. It is sufficient to set
11345 TasksMax= in these specific unit files to a higher value, or
11346 even "infinity". Similar, there's now a logind.conf setting
11347 UserTasksMax= that defaults to 4096 and limits the total
11348 number of processes or tasks each user may own
11349 concurrently. nspawn containers also have the TasksMax=
11350 value set by default now, to 8192. Note that all of this
11351 only has an effect if the "pids" cgroup controller is
11352 enabled in the kernel. The general benefit of these changes
11353 should be a more robust and safer system, that provides a
11354 certain amount of per-service fork() bomb protection.
11356 * systemd-nspawn gained the new --network-veth-extra= switch
11357 to define additional and arbitrarily-named virtual Ethernet
11358 links between the host and the container.
11360 * A new service execution setting PassEnvironment= has been
11361 added that allows importing select environment variables
11362 from PID1's environment block into the environment block of
11365 * Timer units gained support for a new RemainAfterElapse=
11366 setting which takes a boolean argument. It defaults to on,
11367 exposing behaviour unchanged to previous releases. If set to
11368 off, timer units are unloaded after they elapsed if they
11369 cannot elapse again. This is particularly useful for
11370 transient timer units, which shall not stay around longer
11371 than until they first elapse.
11373 * systemd will now bump the net.unix.max_dgram_qlen to 512 by
11374 default now (the kernel default is 16). This is beneficial
11375 for avoiding blocking on AF_UNIX/SOCK_DGRAM sockets since it
11376 allows substantially larger numbers of queued
11377 datagrams. This should increase the capability of systemd to
11378 parallelize boot-up, as logging and sd_notify() are unlikely
11379 to stall execution anymore. If you need to change the value
11380 from the new defaults, use the usual sysctl.d/ snippets.
11382 * The compression framing format used by the journal or
11383 coredump processing has changed to be in line with what the
11384 official LZ4 tools generate. LZ4 compression support in
11385 systemd was considered unsupported previously, as the format
11386 was not compatible with the normal tools. With this release
11387 this has changed now, and it is hence safe for downstream
11388 distributions to turn it on. While not compressing as well
11389 as the XZ, LZ4 is substantially faster, which makes
11390 it a good default choice for the compression logic in the
11391 journal and in coredump handling.
11393 * Any reference to /etc/mtab has been dropped from
11394 systemd. The file has been obsolete since a while, but
11395 systemd refused to work on systems where it was incorrectly
11396 set up (it should be a symlink or non-existent). Please make
11397 sure to update to util-linux 2.27.1 or newer in conjunction
11398 with this systemd release, which also drops any reference to
11399 /etc/mtab. If you maintain a distribution make sure that no
11400 software you package still references it, as this is a
11401 likely source of bugs. There's also a glibc bug pending,
11402 asking for removal of any reference to this obsolete file:
11404 https://sourceware.org/bugzilla/show_bug.cgi?id=19108
11406 Note that only util-linux versions built with
11407 --enable-libmount-force-mountinfo are supported.
11409 * Support for the ".snapshot" unit type has been removed. This
11410 feature turned out to be little useful and little used, and
11411 has now been removed from the core and from systemctl.
11413 * The dependency types RequiresOverridable= and
11414 RequisiteOverridable= have been removed from systemd. They
11415 have been used only very sparingly to our knowledge and
11416 other options that provide a similar effect (such as
11417 systemctl --mode=ignore-dependencies) are much more useful
11418 and commonly used. Moreover, they were only half-way
11419 implemented as the option to control behaviour regarding
11420 these dependencies was never added to systemctl. By removing
11421 these dependency types the execution engine becomes a bit
11422 simpler. Unit files that use these dependencies should be
11423 changed to use the non-Overridable dependency types
11424 instead. In fact, when parsing unit files with these
11425 options, that's what systemd will automatically convert them
11426 too, but it will also warn, asking users to fix the unit
11427 files accordingly. Removal of these dependency types should
11428 only affect a negligible number of unit files in the wild.
11430 * Behaviour of networkd's IPForward= option changed
11431 (again). It will no longer maintain a per-interface setting,
11432 but propagate one way from interfaces where this is enabled
11433 to the global kernel setting. The global setting will be
11434 enabled when requested by a network that is set up, but
11435 never be disabled again. This change was made to make sure
11436 IPv4 and IPv6 behaviour regarding packet forwarding is
11437 similar (as the Linux IPv6 stack does not support
11438 per-interface control of this setting) and to minimize
11441 * In unit files the behaviour of %u, %U, %h, %s has
11442 changed. These specifiers will now unconditionally resolve
11443 to the various user database fields of the user that the
11444 systemd instance is running as, instead of the user
11445 configured in the specific unit via User=. Note that this
11446 effectively doesn't change much, as resolving of these
11447 specifiers was already turned off in the --system instance
11448 of systemd, as we cannot do NSS lookups from PID 1. In the
11449 --user instance of systemd these specifiers where correctly
11450 resolved, but hardly made any sense, since the user instance
11451 lacks privileges to do user switches anyway, and User= is
11452 hence useless. Moreover, even in the --user instance of
11453 systemd behaviour was awkward as it would only take settings
11454 from User= assignment placed before the specifier into
11455 account. In order to unify and simplify the logic around
11456 this the specifiers will now always resolve to the
11457 credentials of the user invoking the manager (which in case
11458 of PID 1 is the root user).
11460 Contributions from: Andrew Jones, Beniamino Galvani, Boyuan
11461 Yang, Daniel Machon, Daniel Mack, David Herrmann, David
11462 Reynolds, David Strauss, Dongsu Park, Evgeny Vereshchagin,
11463 Felipe Sateler, Filipe Brandenburger, Franck Bui, Hristo
11464 Venev, Iago López Galeiras, Jan Engelhardt, Jan Janssen, Jan
11465 Synacek, Jesus Ornelas Aguayo, Karel Zak, kayrus, Kay Sievers,
11466 Lennart Poettering, Liu Yuan Yuan, Mantas Mikulėnas, Marcel
11467 Holtmann, Marcin Bachry, Marcos Alano, Marcos Mello, Mark
11468 Theunissen, Martin Pitt, Michael Marineau, Michael Olbrich,
11469 Michal Schmidt, Michal Sekletar, Mirco Tischler, Nick Owens,
11470 Nicolas Cornu, Patrik Flykt, Peter Hutterer, reverendhomer,
11471 Ronny Chevalier, Sangjung Woo, Seong-ho Cho, Shawn Landden,
11472 Susant Sahani, Thomas Haller, Thomas Hindoe Paaboel Andersen,
11473 Tom Gundersen, Torstein Husebø, Vito Caputo, Zbigniew
11476 — Berlin, 2015-11-18
11480 * systemd now depends on util-linux v2.27. More specifically,
11481 the newly added mount monitor feature in libmount now
11482 replaces systemd's former own implementation.
11484 * libmount mandates /etc/mtab not to be regular file, and
11485 systemd now enforces this condition at early boot.
11486 /etc/mtab has been deprecated and warned about for a very
11487 long time, so systems running systemd should already have
11488 stopped having this file around as anything else than a
11489 symlink to /proc/self/mounts.
11491 * Support for the "pids" cgroup controller has been added. It
11492 allows accounting the number of tasks in a cgroup and
11493 enforcing limits on it. This adds two new setting
11494 TasksAccounting= and TasksMax= to each unit, as well as a
11495 global option DefaultTasksAccounting=.
11497 * Support for the "net_cls" cgroup controller has been added.
11498 It allows assigning a net class ID to each task in the
11499 cgroup, which can then be used in firewall rules and traffic
11500 shaping configurations. Note that the kernel netfilter net
11501 class code does not currently work reliably for ingress
11502 packets on unestablished sockets.
11504 This adds a new config directive called NetClass= to CGroup
11505 enabled units. Allowed values are positive numbers for fixed
11506 assignments and "auto" for picking a free value
11509 * 'systemctl is-system-running' now returns 'offline' if the
11510 system is not booted with systemd. This command can now be
11511 used as a substitute for 'systemd-notify --booted'.
11513 * Watchdog timeouts have been increased to 3 minutes for all
11514 in-tree service files. Apparently, disk IO issues are more
11515 frequent than we hoped, and user reported >1 minute waiting
11518 * 'machine-id-commit' functionality has been merged into
11519 'machine-id-setup --commit'. The separate binary has been
11522 * The WorkingDirectory= directive in unit files may now be set
11523 to the special value '~'. In this case, the working
11524 directory is set to the home directory of the user
11525 configured in User=.
11527 * "machinectl shell" will now open the shell in the home
11528 directory of the selected user by default.
11530 * The CrashChVT= configuration file setting is renamed to
11531 CrashChangeVT=, following our usual logic of not
11532 abbreviating unnecessarily. The old directive is still
11533 supported for compat reasons. Also, this directive now takes
11534 an integer value between 1 and 63, or a boolean value. The
11535 formerly supported '-1' value for disabling stays around for
11538 * The PrivateTmp=, PrivateDevices=, PrivateNetwork=,
11539 NoNewPrivileges=, TTYPath=, WorkingDirectory= and
11540 RootDirectory= properties can now be set for transient
11543 * The systemd-analyze tool gained a new "set-log-target" verb
11544 to change the logging target the system manager logs to
11545 dynamically during runtime. This is similar to how
11546 "systemd-analyze set-log-level" already changes the log
11549 * In nspawn /sys is now mounted as tmpfs, with only a selected
11550 set of subdirectories mounted in from the real sysfs. This
11551 enhances security slightly, and is useful for ensuring user
11552 namespaces work correctly.
11554 * Support for USB FunctionFS activation has been added. This
11555 allows implementation of USB gadget services that are
11556 activated as soon as they are requested, so that they don't
11557 have to run continuously, similar to classic socket
11560 * The "systemctl exit" command now optionally takes an
11561 additional parameter that sets the exit code to return from
11562 the systemd manager when exiting. This is only relevant when
11563 running the systemd user instance, or when running the
11564 system instance in a container.
11566 * sd-bus gained the new API calls sd_bus_path_encode_many()
11567 and sd_bus_path_decode_many() that allow easy encoding and
11568 decoding of multiple identifier strings inside a D-Bus
11569 object path. Another new call sd_bus_default_flush_close()
11570 has been added to flush and close per-thread default
11573 * systemd-cgtop gained support for a -M/--machine= switch to
11574 show the control groups within a certain container only.
11576 * "systemctl kill" gained support for an optional --fail
11577 switch. If specified the requested operation will fail of no
11578 processes have been killed, because the unit had no
11579 processes attached, or similar.
11581 * A new systemd.crash_reboot=1 kernel command line option has
11582 been added that triggers a reboot after crashing. This can
11583 also be set through CrashReboot= in systemd.conf.
11585 * The RuntimeDirectory= setting now understands unit
11586 specifiers like %i or %f.
11588 * A new (still internal) library API sd-ipv4acd has been added,
11589 that implements address conflict detection for IPv4. It's
11590 based on code from sd-ipv4ll, and will be useful for
11591 detecting DHCP address conflicts.
11593 * File descriptors passed during socket activation may now be
11594 named. A new API sd_listen_fds_with_names() is added to
11595 access the names. The default names may be overridden,
11596 either in the .socket file using the FileDescriptorName=
11597 parameter, or by passing FDNAME= when storing the file
11598 descriptors using sd_notify().
11600 * systemd-networkd gained support for:
11602 - Setting the IPv6 Router Advertisement settings via
11603 IPv6AcceptRouterAdvertisements= in .network files.
11605 - Configuring the HelloTimeSec=, MaxAgeSec= and
11606 ForwardDelaySec= bridge parameters in .netdev files.
11608 - Configuring PreferredSource= for static routes in
11611 * The "ask-password" framework used to query for LUKS harddisk
11612 passwords or SSL passwords during boot gained support for
11613 caching passwords in the kernel keyring, if it is
11614 available. This makes sure that the user only has to type in
11615 a passphrase once if there are multiple objects to unlock
11616 with the same one. Previously, such password caching was
11617 available only when Plymouth was used; this moves the
11618 caching logic into the systemd codebase itself. The
11619 "systemd-ask-password" utility gained a new --keyname=
11620 switch to control which kernel keyring key to use for
11621 caching a password in. This functionality is also useful for
11622 enabling display managers such as gdm to automatically
11623 unlock the user's GNOME keyring if its passphrase, the
11624 user's password and the harddisk password are the same, if
11625 gdm-autologin is used.
11627 * When downloading tar or raw images using "machinectl
11628 pull-tar" or "machinectl pull-raw", a matching ".nspawn"
11629 file is now also downloaded, if it is available and stored
11630 next to the image file.
11632 * Units of type ".socket" gained a new boolean setting
11633 Writable= which is only useful in conjunction with
11634 ListenSpecial=. If true, enables opening the specified
11635 special file in O_RDWR mode rather than O_RDONLY mode.
11637 * systemd-rfkill has been reworked to become a singleton
11638 service that is activated through /dev/rfkill on each rfkill
11639 state change and saves the settings to disk. This way,
11640 systemd-rfkill is now compatible with devices that exist
11641 only intermittendly, and even restores state if the previous
11642 system shutdown was abrupt rather than clean.
11644 * The journal daemon gained support for vacuuming old journal
11645 files controlled by the number of files that shall remain,
11646 in addition to the already existing control by size and by
11647 date. This is useful as journal interleaving performance
11648 degrades with too many separate journal files, and allows
11649 putting an effective limit on them. The new setting defaults
11650 to 100, but this may be changed by setting SystemMaxFiles=
11651 and RuntimeMaxFiles= in journald.conf. Also, the
11652 "journalctl" tool gained the new --vacuum-files= switch to
11653 manually vacuum journal files to leave only the specified
11654 number of files in place.
11656 * udev will now create /dev/disk/by-path links for ATA devices
11657 on kernels where that is supported.
11659 * Galician, Serbian, Turkish and Korean translations were added.
11661 Contributions from: Aaro Koskinen, Alban Crequy, Beniamino
11662 Galvani, Benjamin Robin, Branislav Blaskovic, Chen-Han Hsiao
11663 (Stanley), Daniel Buch, Daniel Machon, Daniel Mack, David
11664 Herrmann, David Milburn, doubleodoug, Evgeny Vereshchagin,
11665 Felipe Franciosi, Filipe Brandenburger, Fran Dieguez, Gabriel
11666 de Perthuis, Georg Müller, Hans de Goede, Hendrik Brueckner,
11667 Ivan Shapovalov, Jacob Keller, Jan Engelhardt, Jan Janssen,
11668 Jan Synacek, Jens Kuske, Karel Zak, Kay Sievers, Krzesimir
11669 Nowak, Krzysztof Kotlenga, Lars Uebernickel, Lennart
11670 Poettering, Lukas Nykryn, Łukasz Stelmach, Maciej Wereski,
11671 Marcel Holtmann, Marius Thesing, Martin Pitt, Michael Biebl,
11672 Michael Gebetsroither, Michal Schmidt, Michal Sekletar, Mike
11673 Gilbert, Muhammet Kara, nazgul77, Nicolas Cornu, NoXPhasma,
11674 Olof Johansson, Patrik Flykt, Pawel Szewczyk, reverendhomer,
11675 Ronny Chevalier, Sangjung Woo, Seong-ho Cho, Susant Sahani,
11676 Sylvain Plantefève, Thomas Haller, Thomas Hindoe Paaboel
11677 Andersen, Tom Gundersen, Tom Lyon, Viktar Vauchkevich,
11678 Zbigniew Jędrzejewski-Szmek, Марко М. Костић
11680 — Berlin, 2015-10-07
11684 * The DHCP implementation of systemd-networkd gained a set of
11687 - The DHCP server now supports emitting DNS and NTP
11688 information. It may be enabled and configured via
11689 EmitDNS=, DNS=, EmitNTP=, and NTP=. If transmission of DNS
11690 and NTP information is enabled, but no servers are
11691 configured, the corresponding uplink information (if there
11692 is any) is propagated.
11694 - Server and client now support transmission and reception
11695 of timezone information. It can be configured via the
11696 newly introduced network options UseTimezone=,
11697 EmitTimezone=, and Timezone=. Transmission of timezone
11698 information is enabled between host and containers by
11699 default now: the container will change its local timezone
11700 to what the host has set.
11702 - Lease timeouts can now be configured via
11703 MaxLeaseTimeSec= and DefaultLeaseTimeSec=.
11705 - The DHCP server improved on the stability of
11706 leases. Clients are more likely to get the same lease
11707 information back, even if the server loses state.
11709 - The DHCP server supports two new configuration options to
11710 control the lease address pool metrics, PoolOffset= and
11713 * The encapsulation limit of tunnels in systemd-networkd may
11714 now be configured via 'EncapsulationLimit='. It allows
11715 modifying the maximum additional levels of encapsulation
11716 that are permitted to be prepended to a packet.
11718 * systemd now supports the concept of user buses replacing
11719 session buses, if used with dbus-1.10 (and enabled via dbus
11720 --enable-user-session). It previously only supported this on
11721 kdbus-enabled systems, and this release expands this to
11722 'dbus-daemon' systems.
11724 * systemd-networkd now supports predictable interface names
11725 for virtio devices.
11727 * systemd now optionally supports the new Linux kernel
11728 "unified" control group hierarchy. If enabled via the kernel
11729 command-line option 'systemd.unified_cgroup_hierarchy=1',
11730 systemd will try to mount the unified cgroup hierarchy
11731 directly on /sys/fs/cgroup. If not enabled, or not
11732 available, systemd will fall back to the legacy cgroup
11733 hierarchy setup, as before. Host system and containers can
11734 mix and match legacy and unified hierarchies as they
11735 wish. nspawn understands the $UNIFIED_CGROUP_HIERARCHY
11736 environment variable to individually select the hierarchy to
11737 use for executed containers. By default, nspawn will use the
11738 unified hierarchy for the containers if the host uses the
11739 unified hierarchy, and the legacy hierarchy otherwise.
11740 Please note that at this point the unified hierarchy is an
11741 experimental kernel feature and is likely to change in one
11742 of the next kernel releases. Therefore, it should not be
11743 enabled by default in downstream distributions yet. The
11744 minimum required kernel version for the unified hierarchy to
11745 work is 4.2. Note that when the unified hierarchy is used
11746 for the first time delegated access to controllers is
11747 safe. Because of this systemd-nspawn containers will get
11748 access to controllers now, as will systemd user
11749 sessions. This means containers and user sessions may now
11750 manage their own resources, partitioning up what the system
11753 * A new special scope unit "init.scope" has been introduced
11754 that encapsulates PID 1 of the system. It may be used to
11755 determine resource usage and enforce resource limits on PID
11756 1 itself. PID 1 hence moved out of the root of the control
11759 * The cgtop tool gained support for filtering out kernel
11760 threads when counting tasks in a control group. Also, the
11761 count of processes is now recursively summed up by
11762 default. Two options -k and --recursive= have been added to
11763 revert to old behaviour. The tool has also been updated to
11764 work correctly in containers now.
11766 * systemd-nspawn's --bind= and --bind-ro= options have been
11767 extended to allow creation of non-recursive bind mounts.
11769 * libsystemd gained two new calls sd_pid_get_cgroup() and
11770 sd_peer_get_cgroup() which return the control group path of
11771 a process or peer of a connected AF_UNIX socket. This
11772 function call is particularly useful when implementing
11773 delegated subtrees support in the control group hierarchy.
11775 * The "sd-event" event loop API of libsystemd now supports
11776 correct dequeuing of real-time signals, without losing
11779 * When systemd requests a polkit decision when managing units it
11780 will now add additional fields to the request, including unit
11781 name and desired operation. This enables more powerful polkit
11782 policies, that make decisions depending on these parameters.
11784 * nspawn learnt support for .nspawn settings files, that may
11785 accompany the image files or directories of containers, and
11786 may contain additional settings for the container. This is
11787 an alternative to configuring container parameters via the
11788 nspawn command line.
11790 Contributions from: Cristian Rodríguez, Daniel Mack, David
11791 Herrmann, Eugene Yakubovich, Evgeny Vereshchagin, Filipe
11792 Brandenburger, Hans de Goede, Jan Alexander Steffens, Jan
11793 Synacek, Kay Sievers, Lennart Poettering, Mangix, Marcel
11794 Holtmann, Martin Pitt, Michael Biebl, Michael Chapman, Michal
11795 Sekletar, Peter Hutterer, Piotr Drąg, reverendhomer, Robin
11796 Hack, Susant Sahani, Sylvain Pasche, Thomas Hindoe Paaboel
11797 Andersen, Tom Gundersen, Torstein Husebø
11799 — Berlin, 2015-09-08
11803 * machinectl gained a new verb 'shell' which opens a fresh
11804 shell on the target container or the host. It is similar to
11805 the existing 'login' command of machinectl, but spawns the
11806 shell directly without prompting for username or
11807 password. The pseudo machine '.host' now refers to the local
11808 host and is used by default. Hence, 'machinectl shell' can
11809 be used as replacement for 'su -' which spawns a session as
11810 a fresh systemd unit in a way that is fully isolated from
11811 the originating session.
11813 * systemd-networkd learned to cope with private-zone DHCP
11814 options and allows other programs to query the values.
11816 * SELinux access control when enabling/disabling units is no
11817 longer enforced with this release. The previous implementation
11818 was incorrect, and a new corrected implementation is not yet
11819 available. As unit file operations are still protected via
11820 polkit and D-Bus policy this is not a security problem. Yet,
11821 distributions which care about optimal SELinux support should
11822 probably not stabilize on this release.
11824 * sd-bus gained support for matches of type "arg0has=", that
11825 test for membership of strings in string arrays sent in bus
11828 * systemd-resolved now dumps the contents of its DNS and LLMNR
11829 caches to the logs on reception of the SIGUSR1 signal. This
11830 is useful to debug DNS behaviour.
11832 * The coredumpctl tool gained a new --directory= option to
11833 operate on journal files in a specific directory.
11835 * "systemctl reboot" and related commands gained a new
11836 "--message=" option which may be used to set a free-text
11837 wall message when shutting down or rebooting the
11838 system. This message is also logged, which is useful for
11839 figuring out the reason for a reboot or shutdown a
11842 * The "systemd-resolve-host" tool's -i switch now takes
11843 network interface numbers as alternative to interface names.
11845 * A new unit file setting for services has been introduced:
11846 UtmpMode= allows configuration of how precisely systemd
11847 handles utmp and wtmp entries for the service if this is
11848 enabled. This allows writing services that appear similar to
11849 user sessions in the output of the "w", "who", "last" and
11852 * systemd-resolved will now locally synthesize DNS resource
11853 records for the "localhost" and "gateway" domains as well as
11854 the local hostname. This should ensure that clients querying
11855 RRs via resolved will get similar results as those going via
11856 NSS, if nss-myhostname is enabled.
11858 Contributions from: Alastair Hughes, Alex Crawford, Daniel
11859 Mack, David Herrmann, Dimitri John Ledkov, Eric Kostrowski,
11860 Evgeny Vereshchagin, Felipe Sateler, HATAYAMA Daisuke, Jan
11861 Pokorný, Jan Synacek, Johnny Robeson, Karel Zak, Kay Sievers,
11862 Kefeng Wang, Lennart Poettering, Major Hayden, Marcel
11863 Holtmann, Markus Elfring, Martin Mikkelsen, Martin Pitt, Matt
11864 Turner, Maxim Mikityanskiy, Michael Biebl, Namhyung Kim,
11865 Nicolas Cornu, Owen W. Taylor, Patrik Flykt, Peter Hutterer,
11866 reverendhomer, Richard Maw, Ronny Chevalier, Seth Jennings,
11867 Stef Walter, Susant Sahani, Thomas Blume, Thomas Hindoe
11868 Paaboel Andersen, Thomas Meyer, Tom Gundersen, Vincent Batts,
11869 WaLyong Cho, Zbigniew Jędrzejewski-Szmek
11871 — Berlin, 2015-08-27
11875 * The systemd-efi-boot-generator functionality was merged into
11876 systemd-gpt-auto-generator.
11878 * systemd-networkd now supports Group Policy for vxlan
11879 devices. It can be enabled via the new boolean configuration
11880 option called 'GroupPolicyExtension='.
11882 Contributions from: Andreas Kempf, Christian Hesse, Daniel Mack, David
11883 Herrmann, Herman Fries, Johannes Nixdorf, Kay Sievers, Lennart
11884 Poettering, Peter Hutterer, Susant Sahani, Tom Gundersen
11886 — Berlin, 2015-07-31
11890 * The python-systemd code has been removed from the systemd repository.
11891 A new repository has been created which accommodates the code from
11892 now on, and we kindly ask distributions to create a separate package
11893 for this: https://github.com/systemd/python-systemd
11895 * The systemd daemon will now reload its main configuration
11896 (/etc/systemd/system.conf) on daemon-reload.
11898 * sd-dhcp now exposes vendor specific extensions via
11899 sd_dhcp_lease_get_vendor_specific().
11901 * systemd-networkd gained a number of new configuration options.
11903 - A new boolean configuration option for TAP devices called
11904 'VNetHeader='. If set, the IFF_VNET_HDR flag is set for the
11905 device, thus allowing to send and receive GSO packets.
11907 - A new tunnel configuration option called 'CopyDSCP='.
11908 If enabled, the DSCP field of ip6 tunnels is copied into the
11909 decapsulated packet.
11911 - A set of boolean bridge configuration options were added.
11912 'UseBPDU=', 'HairPin=', 'FastLeave=', 'AllowPortToBeRoot=',
11913 and 'UnicastFlood=' are now parsed by networkd and applied to the
11914 respective bridge link device via the respective IFLA_BRPORT_*
11917 - A new string configuration option to override the hostname sent
11918 to a DHCP server, called 'Hostname='. If set and 'SendHostname='
11919 is true, networkd will use the configured hostname instead of the
11920 system hostname when sending DHCP requests.
11922 - A new tunnel configuration option called 'IPv6FlowLabel='. If set,
11923 networkd will configure the IPv6 flow-label of the tunnel device
11924 according to RFC2460.
11926 - The 'macvtap' virtual network devices are now supported, similar to
11927 the already supported 'macvlan' devices.
11929 * systemd-resolved now implements RFC5452 to improve resilience against
11930 cache poisoning. Additionally, source port randomization is enabled
11931 by default to further protect against DNS spoofing attacks.
11933 * nss-mymachines now supports translating UIDs and GIDs of running
11934 containers with user-namespaces enabled. If a container 'foo'
11935 translates a host uid 'UID' to the container uid 'TUID', then
11936 nss-mymachines will also map uid 'UID' to/from username 'vu-foo-TUID'
11937 (with 'foo' and 'TUID' replaced accordingly). Similarly, groups are
11938 mapped as 'vg-foo-TGID'.
11940 Contributions from: Beniamino Galvani, cee1, Christian Hesse, Daniel
11941 Buch, Daniel Mack, daurnimator, David Herrmann, Dimitri John Ledkov,
11942 HATAYAMA Daisuke, Ivan Shapovalov, Jan Alexander Steffens (heftig),
11943 Johan Ouwerkerk, Jose Carlos Venegas Munoz, Karel Zak, Kay Sievers,
11944 Lennart Poettering, Lidong Zhong, Martin Pitt, Michael Biebl, Michael
11945 Olbrich, Michal Schmidt, Michal Sekletar, Mike Gilbert, Namhyung Kim,
11946 Nick Owens, Peter Hutterer, Richard Maw, Steven Allen, Sungbae Yoo,
11947 Susant Sahani, Thomas Blume, Thomas Hindoe Paaboel Andersen, Tom
11948 Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Vito Caputo,
11949 Vivenzio Pagliari, Zbigniew Jędrzejewski-Szmek
11951 — Berlin, 2015-07-29
11955 * udev does not longer support the WAIT_FOR_SYSFS= key in udev rules.
11956 There are no known issues with current sysfs, and udev does not need
11957 or should be used to work around such bugs.
11959 * udev does no longer enable USB HID power management. Several reports
11960 indicate, that some devices cannot handle that setting.
11962 * The udev accelerometer helper was removed. The functionality
11963 is now fully included in iio-sensor-proxy. But this means,
11964 older iio-sensor-proxy versions will no longer provide
11965 accelerometer/orientation data with this systemd version.
11966 Please upgrade iio-sensor-proxy to version 1.0.
11968 * networkd gained a new configuration option IPv6PrivacyExtensions=
11969 which enables IPv6 privacy extensions (RFC 4941, "Privacy Extensions
11970 for Stateless Address") on selected networks.
11972 * For the sake of fewer build-time dependencies and less code in the
11973 main repository, the python bindings are about to be removed in the
11974 next release. A new repository has been created which accommodates
11975 the code from now on, and we kindly ask distributions to create a
11976 separate package for this. The removal will take place in v223.
11978 https://github.com/systemd/python-systemd
11980 Contributions from: Abdo Roig-Maranges, Andrew Eikum, Bastien Nocera,
11981 Cédric Delmas, Christian Hesse, Christos Trochalakis, Daniel Mack,
11982 daurnimator, David Herrmann, Dimitri John Ledkov, Eric Biggers, Eric
11983 Cook, Felipe Sateler, Geert Jansen, Gerd Hoffmann, Gianpaolo Macario,
11984 Greg Kroah-Hartman, Iago López Galeiras, Jan Alexander Steffens
11985 (heftig), Jan Engelhardt, Jay Strict, Kay Sievers, Lennart Poettering,
11986 Markus Knetschke, Martin Pitt, Michael Biebl, Michael Marineau, Michal
11987 Sekletar, Miguel Bernal Marin, Peter Hutterer, Richard Maw, rinrinne,
11988 Susant Sahani, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Torstein
11989 Husebø, Vedran Miletić, WaLyong Cho, Zbigniew Jędrzejewski-Szmek
11991 — Berlin, 2015-07-07
11995 * The sd-bus.h and sd-event.h APIs have now been declared
11996 stable and have been added to the official interface of
11997 libsystemd.so. sd-bus implements an alternative D-Bus client
11998 library, that is relatively easy to use, very efficient and
11999 supports both classic D-Bus as well as kdbus as transport
12000 backend. sd-event is a generic event loop abstraction that
12001 is built around Linux epoll, but adds features such as event
12002 prioritization or efficient timer handling. Both APIs are good
12003 choices for C programs looking for a bus and/or event loop
12004 implementation that is minimal and does not have to be
12005 portable to other kernels.
12007 * kdbus support is no longer compile-time optional. It is now
12008 always built-in. However, it can still be disabled at
12009 runtime using the kdbus=0 kernel command line setting, and
12010 that setting may be changed to default to off, by specifying
12011 --disable-kdbus at build-time. Note though that the kernel
12012 command line setting has no effect if the kdbus.ko kernel
12013 module is not installed, in which case kdbus is (obviously)
12014 also disabled. We encourage all downstream distributions to
12015 begin testing kdbus by adding it to the kernel images in the
12016 development distributions, and leaving kdbus support in
12019 * The minimal required util-linux version has been bumped to
12022 * Support for chkconfig (--enable-chkconfig) was removed in
12023 favor of calling an abstraction tool
12024 /lib/systemd/systemd-sysv-install. This needs to be
12025 implemented for your distribution. See "SYSV INIT.D SCRIPTS"
12026 in README for details.
12028 * If there's a systemd unit and a SysV init script for the
12029 same service name, and the user executes "systemctl enable"
12030 for it (or a related call), then this will now enable both
12031 (or execute the related operation on both), not just the
12034 * The libudev API documentation has been converted from gtkdoc
12037 * gudev has been removed from the systemd tree, it is now an
12040 * The systemd-cgtop tool learnt a new --raw switch to generate
12041 "raw" (machine parsable) output.
12043 * networkd's IPForwarding= .network file setting learnt the
12044 new setting "kernel", which ensures that networkd does not
12045 change the IP forwarding sysctl from the default kernel
12048 * The systemd-logind bus API now exposes a new boolean
12049 property "Docked" that reports whether logind considers the
12050 system "docked", i.e. connected to a docking station or not.
12052 Contributions from: Alex Crawford, Andreas Pokorny, Andrei
12053 Borzenkov, Charles Duffy, Colin Guthrie, Cristian Rodríguez,
12054 Daniele Medri, Daniel Hahler, Daniel Mack, David Herrmann,
12055 David Mohr, Dimitri John Ledkov, Djalal Harouni, dslul, Ed
12056 Swierk, Eric Cook, Filipe Brandenburger, Gianpaolo Macario,
12057 Harald Hoyer, Iago López Galeiras, Igor Vuk, Jan Synacek,
12058 Jason Pleau, Jason S. McMullan, Jean Delvare, Jeff Huang,
12059 Jonathan Boulle, Karel Zak, Kay Sievers, kloun, Lennart
12060 Poettering, Marc-Antoine Perennou, Marcel Holtmann, Mario
12061 Limonciello, Martin Pitt, Michael Biebl, Michael Olbrich,
12062 Michal Schmidt, Mike Gilbert, Nick Owens, Pablo Lezaeta Reyes,
12063 Patrick Donnelly, Pavel Odvody, Peter Hutterer, Philip
12064 Withnall, Ronny Chevalier, Simon McVittie, Susant Sahani,
12065 Thomas Hindoe Paaboel Andersen, Tom Gundersen, Torstein
12066 Husebø, Umut Tezduyar Lindskog, Viktar Vauchkevich, Werner
12067 Fink, Zbigniew Jędrzejewski-Szmek
12069 — Berlin, 2015-06-19
12073 * The gudev library has been extracted into a separate repository
12074 available at: https://git.gnome.org/browse/libgudev/
12075 It is now managed as part of the Gnome project. Distributions
12076 are recommended to pass --disable-gudev to systemd and use
12077 gudev from the Gnome project instead. gudev is still included
12078 in systemd, for now. It will be removed soon, though. Please
12079 also see the announcement-thread on systemd-devel:
12080 https://lists.freedesktop.org/archives/systemd-devel/2015-May/032070.html
12082 * systemd now exposes a CPUUsageNSec= property for each
12083 service unit on the bus, that contains the overall consumed
12084 CPU time of a service (the sum of what each process of the
12085 service consumed). This value is only available if
12086 CPUAccounting= is turned on for a service, and is then shown
12087 in the "systemctl status" output.
12089 * Support for configuring alternative mappings of the old SysV
12090 runlevels to systemd targets has been removed. They are now
12091 hardcoded in a way that runlevels 2, 3, 4 all map to
12092 multi-user.target and 5 to graphical.target (which
12093 previously was already the default behaviour).
12095 * The auto-mounter logic gained support for mount point
12096 expiry, using a new TimeoutIdleSec= setting in .automount
12097 units. (Also available as x-systemd.idle-timeout= in /etc/fstab).
12099 * The EFI System Partition (ESP) as mounted to /boot by
12100 systemd-efi-boot-generator will now be unmounted
12101 automatically after 2 minutes of not being used. This should
12102 minimize the risk of ESP corruptions.
12104 * New /etc/fstab options x-systemd.requires= and
12105 x-systemd.requires-mounts-for= are now supported to express
12106 additional dependencies for mounts. This is useful for
12107 journaling file systems that support external journal
12108 devices or overlay file systems that require underlying file
12109 systems to be mounted.
12111 * systemd does not support direct live-upgrades (via systemctl
12112 daemon-reexec) from versions older than v44 anymore. As no
12113 distribution we are aware of shipped such old versions in a
12114 stable release this should not be problematic.
12116 * When systemd forks off a new per-connection service instance
12117 it will now set the $REMOTE_ADDR environment variable to the
12118 remote IP address, and $REMOTE_PORT environment variable to
12119 the remote IP port. This behaviour is similar to the
12120 corresponding environment variables defined by CGI.
12122 * systemd-networkd gained support for uplink failure
12123 detection. The BindCarrier= option allows binding interface
12124 configuration dynamically to the link sense of other
12125 interfaces. This is useful to achieve behaviour like in
12128 * systemd-networkd gained support for configuring the DHCP
12129 client identifier to use when requesting leases.
12131 * systemd-networkd now has a per-network UseNTP= option to
12132 configure whether NTP server information acquired via DHCP
12133 is passed on to services like systemd-timesyncd.
12135 * systemd-networkd gained support for vti6 tunnels.
12137 * Note that systemd-networkd manages the sysctl variable
12138 /proc/sys/net/ipv[46]/conf/*/forwarding for each interface
12139 it is configured for since v219. The variable controls IP
12140 forwarding, and is a per-interface alternative to the global
12141 /proc/sys/net/ipv[46]/ip_forward. This setting is
12142 configurable in the IPForward= option, which defaults to
12143 "no". This means if networkd is used for an interface it is
12144 no longer sufficient to set the global sysctl option to turn
12145 on IP forwarding! Instead, the .network file option
12146 IPForward= needs to be turned on! Note that the
12147 implementation of this behaviour was broken in v219 and has
12148 been fixed in v220.
12150 * Many bonding and vxlan options are now configurable in
12153 * systemd-nspawn gained a new --property= setting to set unit
12154 properties for the container scope. This is useful for
12155 setting resource parameters (e.g. "CPUShares=500") on
12156 containers started from the command line.
12158 * systemd-nspawn gained a new --private-users= switch to make
12159 use of user namespacing available on recent Linux kernels.
12161 * systemd-nspawn may now be called as part of a shell pipeline
12162 in which case the pipes used for stdin and stdout are passed
12163 directly to the process invoked in the container, without
12164 indirection via a pseudo tty.
12166 * systemd-nspawn gained a new switch to control the UNIX
12167 signal to use when killing the init process of the container
12168 when shutting down.
12170 * systemd-nspawn gained a new --overlay= switch for mounting
12171 overlay file systems into the container using the new kernel
12174 * When a container image is imported via systemd-importd and
12175 the host file system is not btrfs, a loopback block device
12176 file is created in /var/lib/machines.raw with a btrfs file
12177 system inside. It is then mounted to /var/lib/machines to
12178 enable btrfs features for container management. The loopback
12179 file and btrfs file system is grown as needed when container
12180 images are imported via systemd-importd.
12182 * systemd-machined/systemd-importd gained support for btrfs
12183 quota, to enforce container disk space limits on disk. This
12184 is exposed in "machinectl set-limit".
12186 * systemd-importd now can import containers from local .tar,
12187 .raw and .qcow2 images, and export them to .tar and .raw. It
12188 can also import dkr v2 images now from the network (on top
12191 * systemd-importd gained support for verifying downloaded
12192 images with gpg2 (previously only gpg1 was supported).
12194 * systemd-machined, systemd-logind, systemd: most bus calls are
12195 now accessible to unprivileged processes via polkit. Also,
12196 systemd-logind will now allow users to kill their own sessions
12197 without further privileges or authorization.
12199 * systemd-shutdownd has been removed. This service was
12200 previously responsible for implementing scheduled shutdowns
12201 as exposed in /usr/bin/shutdown's time parameter. This
12202 functionality has now been moved into systemd-logind and is
12203 accessible via a bus interface.
12205 * "systemctl reboot" gained a new switch --firmware-setup that
12206 can be used to reboot into the EFI firmware setup, if that
12207 is available. systemd-logind now exposes an API on the bus
12208 to trigger such reboots, in case graphical desktop UIs want
12209 to cover this functionality.
12211 * "systemctl enable", "systemctl disable" and "systemctl mask"
12212 now support a new "--now" switch. If specified the units
12213 that are enabled will also be started, and the ones
12214 disabled/masked also stopped.
12216 * The Gummiboot EFI boot loader tool has been merged into
12217 systemd, and renamed to "systemd-boot". The bootctl tool has been
12218 updated to support systemd-boot.
12220 * An EFI kernel stub has been added that may be used to create
12221 kernel EFI binaries that contain not only the actual kernel,
12222 but also an initrd, boot splash, command line and OS release
12223 information. This combined binary can then be signed as a
12224 single image, so that the firmware can verify it all in one
12225 step. systemd-boot has special support for EFI binaries created
12226 like this and can extract OS release information from them
12227 and show them in the boot menu. This functionality is useful
12228 to implement cryptographically verified boot schemes.
12230 * Optional support has been added to systemd-fsck to pass
12231 fsck's progress report to an AF_UNIX socket in the file
12234 * udev will no longer create device symlinks for all block devices by
12235 default. A deny list for excluding special block devices from this
12236 logic has been turned into an allow list that requires picking block
12237 devices explicitly that require device symlinks.
12239 * A new (currently still internal) API sd-device.h has been
12240 added to libsystemd. This modernized API is supposed to
12241 replace libudev eventually. In fact, already much of libudev
12242 is now just a wrapper around sd-device.h.
12244 * A new hwdb database for storing metadata about pointing
12245 stick devices has been added.
12247 * systemd-tmpfiles gained support for setting file attributes
12248 similar to the "chattr" tool with new 'h' and 'H' lines.
12250 * systemd-journald will no longer unconditionally set the
12251 btrfs NOCOW flag on new journal files. This is instead done
12252 with tmpfiles snippet using the new 'h' line type. This
12253 allows easy disabling of this logic, by masking the
12254 journal-nocow.conf tmpfiles file.
12256 * systemd-journald will now translate audit message types to
12257 human readable identifiers when writing them to the
12258 journal. This should improve readability of audit messages.
12260 * The LUKS logic gained support for the offset= and skip=
12261 options in /etc/crypttab, as previously implemented by
12264 * /usr/lib/os-release gained a new optional field VARIANT= for
12265 distributions that support multiple variants (such as a
12266 desktop edition, a server edition, …)
12268 Contributions from: Aaro Koskinen, Adam Goode, Alban Crequy,
12269 Alberto Fanjul Alonso, Alexander Sverdlin, Alex Puchades, Alin
12270 Rauta, Alison Chaiken, Andrew Jones, Arend van Spriel,
12271 Benedikt Morbach, Benjamin Franzke, Benjamin Tissoires, Blaž
12272 Tomažič, Chris Morgan, Chris Morin, Colin Walters, Cristian
12273 Rodríguez, Daniel Buch, Daniel Drake, Daniele Medri, Daniel
12274 Mack, Daniel Mustieles, daurnimator, Davide Bettio, David
12275 Herrmann, David Strauss, Didier Roche, Dimitri John Ledkov,
12276 Eric Cook, Gavin Li, Goffredo Baroncelli, Hannes Reinecke,
12277 Hans de Goede, Hans-Peter Deifel, Harald Hoyer, Iago López
12278 Galeiras, Ivan Shapovalov, Jan Engelhardt, Jan Janssen, Jan
12279 Pazdziora, Jan Synacek, Jasper St. Pierre, Jay Faulkner, John
12280 Paul Adrian Glaubitz, Jonathon Gilbert, Karel Zak, Kay
12281 Sievers, Koen Kooi, Lennart Poettering, Lubomir Rintel, Lucas
12282 De Marchi, Lukas Nykryn, Lukas Rusak, Lukasz Skalski, Łukasz
12283 Stelmach, Mantas Mikulėnas, Marc-Antoine Perennou, Marcel
12284 Holtmann, Martin Pitt, Mathieu Chevrier, Matthew Garrett,
12285 Michael Biebl, Michael Marineau, Michael Olbrich, Michal
12286 Schmidt, Michal Sekletar, Mirco Tischler, Nir Soffer, Patrik
12287 Flykt, Pavel Odvody, Peter Hutterer, Peter Lemenkov, Peter
12288 Waller, Piotr Drąg, Raul Gutierrez S, Richard Maw, Ronny
12289 Chevalier, Ross Burton, Sebastian Rasmussen, Sergey Ptashnick,
12290 Seth Jennings, Shawn Landden, Simon Farnsworth, Stefan Junker,
12291 Stephen Gallagher, Susant Sahani, Sylvain Plantefève, Thomas
12292 Haller, Thomas Hindoe Paaboel Andersen, Tobias Hunger, Tom
12293 Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Will
12294 Woods, Zachary Cook, Zbigniew Jędrzejewski-Szmek
12296 — Berlin, 2015-05-22
12300 * Introduce a new API "sd-hwdb.h" for querying the hardware
12301 metadata database. With this minimal interface one can query
12302 and enumerate the udev hwdb, decoupled from the old libudev
12303 library. libudev's interface for this is now only a wrapper
12304 around sd-hwdb. A new tool systemd-hwdb has been added to
12305 interface with and update the database.
12307 * When any of systemd's tools copies files (for example due to
12308 tmpfiles' C lines) a btrfs reflink will attempted first,
12309 before bytewise copying is done.
12311 * systemd-nspawn gained a new --ephemeral switch. When
12312 specified a btrfs snapshot is taken of the container's root
12313 directory, and immediately removed when the container
12314 terminates again. Thus, a container can be started whose
12315 changes never alter the container's root directory, and are
12316 lost on container termination. This switch can also be used
12317 for starting a container off the root file system of the
12318 host without affecting the host OS. This switch is only
12319 available on btrfs file systems.
12321 * systemd-nspawn gained a new --template= switch. It takes the
12322 path to a container tree to use as template for the tree
12323 specified via --directory=, should that directory be
12324 missing. This allows instantiating containers dynamically,
12325 on first run. This switch is only available on btrfs file
12328 * When a .mount unit refers to a mount point on which multiple
12329 mounts are stacked, and the .mount unit is stopped all of
12330 the stacked mount points will now be unmounted until no
12331 mount point remains.
12333 * systemd now has an explicit notion of supported and
12334 unsupported unit types. Jobs enqueued for unsupported unit
12335 types will now fail with an "unsupported" error code. More
12336 specifically .swap, .automount and .device units are not
12337 supported in containers, .busname units are not supported on
12338 non-kdbus systems. .swap and .automount are also not
12339 supported if their respective kernel compile time options
12342 * machinectl gained support for two new "copy-from" and
12343 "copy-to" commands for copying files from a running
12344 container to the host or vice versa.
12346 * machinectl gained support for a new "bind" command to bind
12347 mount host directories into local containers. This is
12348 currently only supported for nspawn containers.
12350 * networkd gained support for configuring bridge forwarding
12351 database entries (fdb) from .network files.
12353 * A new tiny daemon "systemd-importd" has been added that can
12354 download container images in tar, raw, qcow2 or dkr formats,
12355 and make them available locally in /var/lib/machines, so
12356 that they can run as nspawn containers. The daemon can GPG
12357 verify the downloads (not supported for dkr, since it has no
12358 provisions for verifying downloads). It will transparently
12359 decompress bz2, xz, gzip compressed downloads if necessary,
12360 and restore sparse files on disk. The daemon uses privilege
12361 separation to ensure the actual download logic runs with
12362 fewer privileges than the daemon itself. machinectl has
12363 gained new commands "pull-tar", "pull-raw" and "pull-dkr" to
12364 make the functionality of importd available to the
12365 user. With this in place the Fedora and Ubuntu "Cloud"
12366 images can be downloaded and booted as containers unmodified
12367 (the Fedora images lack the appropriate GPG signature files
12368 currently, so they cannot be verified, but this will change
12369 soon, hopefully). Note that downloading images is currently
12370 only fully supported on btrfs.
12372 * machinectl is now able to list container images found in
12373 /var/lib/machines, along with some metadata about sizes of
12374 disk and similar. If the directory is located on btrfs and
12375 quota is enabled, this includes quota display. A new command
12376 "image-status" has been added that shows additional
12377 information about images.
12379 * machinectl is now able to clone container images
12380 efficiently, if the underlying file system (btrfs) supports
12381 it, with the new "machinectl clone" command. It also
12382 gained commands for renaming and removing images, as well as
12383 marking them read-only or read-write (supported also on
12384 legacy file systems).
12386 * networkd gained support for collecting LLDP network
12387 announcements, from hardware that supports this. This is
12388 shown in networkctl output.
12390 * systemd-run gained support for a new -t (--pty) switch for
12391 invoking a binary on a pty whose input and output is
12392 connected to the invoking terminal. This allows executing
12393 processes as system services while interactively
12394 communicating with them via the terminal. Most interestingly
12395 this is supported across container boundaries. Invoking
12396 "systemd-run -t /bin/bash" is an alternative to running a
12397 full login session, the difference being that the former
12398 will not register a session, nor go through the PAM session
12401 * tmpfiles gained support for a new "v" line type for creating
12402 btrfs subvolumes. If the underlying file system is a legacy
12403 file system, this automatically degrades to creating a
12404 normal directory. Among others /var/lib/machines is now
12405 created like this at boot, should it be missing.
12407 * The directory /var/lib/containers/ has been deprecated and
12408 been replaced by /var/lib/machines. The term "machines" has
12409 been used in the systemd context as generic term for both
12410 VMs and containers, and hence appears more appropriate for
12411 this, as the directory can also contain raw images bootable
12414 * systemd-nspawn when invoked with -M but without --directory=
12415 or --image= is now capable of searching for the container
12416 root directory, subvolume or disk image automatically, in
12417 /var/lib/machines. systemd-nspawn@.service has been updated
12418 to make use of this, thus allowing it to be used for raw
12421 * A new machines.target unit has been introduced that is
12422 supposed to group all containers/VMs invoked as services on
12423 the system. systemd-nspawn@.service has been updated to
12424 integrate with that.
12426 * machinectl gained a new "start" command, for invoking a
12427 container as a service. "machinectl start foo" is mostly
12428 equivalent to "systemctl start systemd-nspawn@foo.service",
12429 but handles escaping in a nicer way.
12431 * systemd-nspawn will now mount most of the cgroupfs tree
12432 read-only into each container, with the exception of the
12433 container's own subtree in the name=systemd hierarchy.
12435 * journald now sets the special FS_NOCOW file flag for its
12436 journal files. This should improve performance on btrfs, by
12437 avoiding heavy fragmentation when journald's write-pattern
12438 is used on COW file systems. It degrades btrfs' data
12439 integrity guarantees for the files to the same levels as for
12440 ext3/ext4 however. This should be OK though as journald does
12441 its own data integrity checks and all its objects are
12442 checksummed on disk. Also, journald should handle btrfs disk
12443 full events a lot more gracefully now, by processing SIGBUS
12444 errors, and not relying on fallocate() anymore.
12446 * When journald detects that journal files it is writing to
12447 have been deleted it will immediately start new journal
12450 * systemd now provides a way to store file descriptors
12451 per-service in PID 1. This is useful for daemons to ensure
12452 that fds they require are not lost during a daemon
12453 restart. The fds are passed to the daemon on the next
12454 invocation in the same way socket activation fds are
12455 passed. This is now used by journald to ensure that the
12456 various sockets connected to all the system's stdout/stderr
12457 are not lost when journald is restarted. File descriptors
12458 may be stored in PID 1 via the sd_pid_notify_with_fds() API,
12459 an extension to sd_notify(). Note that a limit is enforced
12460 on the number of fds a service can store in PID 1, and it
12461 defaults to 0, so that no fds may be stored, unless this is
12462 explicitly turned on.
12464 * The default TERM variable to use for units connected to a
12465 terminal, when no other value is explicitly is set is now
12466 vt220 rather than vt102. This should be fairly safe still,
12467 but allows PgUp/PgDn work.
12469 * The /etc/crypttab option header= as known from Debian is now
12472 * "loginctl user-status" and "loginctl session-status" will
12473 now show the last 10 lines of log messages of the
12474 user/session following the status output. Similar,
12475 "machinectl status" will show the last 10 log lines
12476 associated with a virtual machine or container
12477 service. (Note that this is usually not the log messages
12478 done in the VM/container itself, but simply what the
12479 container manager logs. For nspawn this includes all console
12482 * "loginctl session-status" without further argument will now
12483 show the status of the session of the caller. Similar,
12484 "lock-session", "unlock-session", "activate",
12485 "enable-linger", "disable-linger" may now be called without
12486 session/user parameter in which case they apply to the
12487 caller's session/user.
12489 * An X11 session scriptlet is now shipped that uploads
12490 $DISPLAY and $XAUTHORITY into the environment of the systemd
12491 --user daemon if a session begins. This should improve
12492 compatibility with X11 enabled applications run as systemd
12495 * Generators are now subject to masking via /etc and /run, the
12496 same way as unit files.
12498 * networkd .network files gained support for configuring
12499 per-link IPv4/IPv6 packet forwarding as well as IPv4
12500 masquerading. This is by default turned on for veth links to
12501 containers, as registered by systemd-nspawn. This means that
12502 nspawn containers run with --network-veth will now get
12503 automatic routed access to the host's networks without any
12504 further configuration or setup, as long as networkd runs on
12507 * systemd-nspawn gained the --port= (-p) switch to expose TCP
12508 or UDP posts of a container on the host. With this in place
12509 it is possible to run containers with private veth links
12510 (--network-veth), and have their functionality exposed on
12511 the host as if their services were running directly on the
12514 * systemd-nspawn's --network-veth switch now gained a short
12515 version "-n", since with the changes above it is now truly
12516 useful out-of-the-box. The systemd-nspawn@.service has been
12517 updated to make use of it too by default.
12519 * systemd-nspawn will now maintain a per-image R/W lock, to
12520 ensure that the same image is not started more than once
12521 writable. (It's OK to run an image multiple times
12522 simultaneously in read-only mode.)
12524 * systemd-nspawn's --image= option is now capable of
12525 dissecting and booting MBR and GPT disk images that contain
12526 only a single active Linux partition. Previously it
12527 supported only GPT disk images with proper GPT type
12528 IDs. This allows running cloud images from major
12529 distributions directly with systemd-nspawn, without
12532 * In addition to collecting mouse dpi data in the udev
12533 hardware database, there's now support for collecting angle
12534 information for mouse scroll wheels. The database is
12535 supposed to guarantee similar scrolling behavior on mice
12536 that it knows about. There's also support for collecting
12537 information about Touchpad types.
12539 * udev's input_id built-in will now also collect touch screen
12540 dimension data and attach it to probed devices.
12542 * /etc/os-release gained support for a Distribution Privacy
12545 * networkd gained support for creating "ipvlan", "gretap",
12546 "ip6gre", "ip6gretap" and "ip6tnl" network devices.
12548 * systemd-tmpfiles gained support for "a" lines for setting
12551 * systemd-nspawn will now mount /tmp in the container to
12552 tmpfs, automatically.
12554 * systemd now exposes the memory.usage_in_bytes cgroup
12555 attribute and shows it for each service in the "systemctl
12556 status" output, if available.
12558 * When the user presses Ctrl-Alt-Del more than 7x within 2s an
12559 immediate reboot is triggered. This useful if shutdown is
12560 hung and is unable to complete, to expedite the
12561 operation. Note that this kind of reboot will still unmount
12562 all file systems, and hence should not result in fsck being
12563 run on next reboot.
12565 * A .device unit for an optical block device will now be
12566 considered active only when a medium is in the drive. Also,
12567 mount units are now bound to their backing devices thus
12568 triggering automatic unmounting when devices become
12569 unavailable. With this in place systemd will now
12570 automatically unmount left-over mounts when a CD-ROM is
12571 ejected or a USB stick is yanked from the system.
12573 * networkd-wait-online now has support for waiting for
12574 specific interfaces only (with globbing), and for giving up
12575 after a configurable timeout.
12577 * networkd now exits when idle. It will be automatically
12578 restarted as soon as interfaces show up, are removed or
12579 change state. networkd will stay around as long as there is
12580 at least one DHCP state machine or similar around, that keep
12583 * networkd may now configure IPv6 link-local addressing in
12584 addition to IPv4 link-local addressing.
12586 * The IPv6 "token" for use in SLAAC may now be configured for
12587 each .network interface in networkd.
12589 * Routes configured with networkd may now be assigned a scope
12592 * networkd's [Match] sections now support globbing and lists
12593 of multiple space-separated matches per item.
12595 Contributions from: Alban Crequy, Alin Rauta, Andrey Chaser,
12596 Bastien Nocera, Bruno Bottazzini, Carlos Garnacho, Carlos
12597 Morata Castillo, Chris Atkinson, Chris J. Arges, Christian
12598 Kirbach, Christian Seiler, Christoph Brill, Colin Guthrie,
12599 Colin Walters, Cristian Rodríguez, Daniele Medri, Daniel Mack,
12600 Dave Reisner, David Herrmann, Djalal Harouni, Erik Auerswald,
12601 Filipe Brandenburger, Frank Theile, Gabor Kelemen, Gabriel de
12602 Perthuis, Harald Hoyer, Hui Wang, Ivan Shapovalov, Jan
12603 Engelhardt, Jan Synacek, Jay Faulkner, Johannes Hölzl, Jonas
12604 Ådahl, Jonathan Boulle, Josef Andersson, Kay Sievers, Ken
12605 Werner, Lennart Poettering, Lucas De Marchi, Lukas Märdian,
12606 Lukas Nykryn, Lukasz Skalski, Luke Shumaker, Mantas Mikulėnas,
12607 Manuel Mendez, Marcel Holtmann, Marc Schmitzer, Marko
12608 Myllynen, Martin Pitt, Maxim Mikityanskiy, Michael Biebl,
12609 Michael Marineau, Michael Olbrich, Michal Schmidt, Mindaugas
12610 Baranauskas, Moez Bouhlel, Naveen Kumar, Patrik Flykt, Paul
12611 Martin, Peter Hutterer, Peter Mattern, Philippe De Swert,
12612 Piotr Drąg, Rafael Ferreira, Rami Rosen, Robert Milasan, Ronny
12613 Chevalier, Sangjung Woo, Sebastien Bacher, Sergey Ptashnick,
12614 Shawn Landden, Stéphane Graber, Susant Sahani, Sylvain
12615 Plantefève, Thomas Hindoe Paaboel Andersen, Tim JP, Tom
12616 Gundersen, Topi Miettinen, Torstein Husebø, Umut Tezduyar
12617 Lindskog, Veres Lajos, Vincent Batts, WaLyong Cho, Wieland
12618 Hoffmann, Zbigniew Jędrzejewski-Szmek
12620 — Berlin, 2015-02-16
12624 * When querying unit file enablement status (for example via
12625 "systemctl is-enabled"), a new state "indirect" is now known
12626 which indicates that a unit might not be enabled itself, but
12627 another unit listed in its Also= setting might be.
12629 * Similar to the various existing ConditionXYZ= settings for
12630 units, there are now matching AssertXYZ= settings. While
12631 failing conditions cause a unit to be skipped, but its job
12632 to succeed, failing assertions declared like this will cause
12633 a unit start operation and its job to fail.
12635 * hostnamed now knows a new chassis type "embedded".
12637 * systemctl gained a new "edit" command. When used on a unit
12638 file, this allows extending unit files with .d/ drop-in
12639 configuration snippets or editing the full file (after
12640 copying it from /usr/lib to /etc). This will invoke the
12641 user's editor (as configured with $EDITOR), and reload the
12642 modified configuration after editing.
12644 * "systemctl status" now shows the suggested enablement state
12645 for a unit, as declared in the (usually vendor-supplied)
12646 system preset files.
12648 * nss-myhostname will now resolve the single-label hostname
12649 "gateway" to the locally configured default IP routing
12650 gateways, ordered by their metrics. This assigns a stable
12651 name to the used gateways, regardless which ones are
12652 currently configured. Note that the name will only be
12653 resolved after all other name sources (if nss-myhostname is
12654 configured properly) and should hence not negatively impact
12655 systems that use the single-label hostname "gateway" in
12658 * systemd-inhibit now allows filtering by mode when listing
12661 * Scope and service units gained a new "Delegate" boolean
12662 property, which, when set, allows processes running inside the
12663 unit to further partition resources. This is primarily
12664 useful for systemd user instances as well as container
12667 * journald will now pick up audit messages directly from
12668 the kernel, and log them like any other log message. The
12669 audit fields are split up and fully indexed. This means that
12670 journalctl in many ways is now a (nicer!) alternative to
12671 ausearch, the traditional audit client. Note that this
12672 implements only a minimal audit client. If you want the
12673 special audit modes like reboot-on-log-overflow, please use
12674 the traditional auditd instead, which can be used in
12675 parallel to journald.
12677 * The ConditionSecurity= unit file option now understands the
12678 special string "audit" to check whether auditing is
12681 * journalctl gained two new commands --vacuum-size= and
12682 --vacuum-time= to delete old journal files until the
12683 remaining ones take up no more than the specified size on disk,
12684 or are not older than the specified time.
12686 * A new, native PPPoE library has been added to sd-network,
12687 systemd's library of light-weight networking protocols. This
12688 library will be used in a future version of networkd to
12689 enable PPPoE communication without an external pppd daemon.
12691 * The busctl tool now understands a new "capture" verb that
12692 works similar to "monitor", but writes a packet capture
12693 trace to STDOUT that can be redirected to a file which is
12694 compatible with libcap's capture file format. This can then
12695 be loaded in Wireshark and similar tools to inspect bus
12698 * The busctl tool now understands a new "tree" verb that shows
12699 the object trees of a specific service on the bus, or of all
12702 * The busctl tool now understands a new "introspect" verb that
12703 shows all interfaces and members of objects on the bus,
12704 including their signature and values. This is particularly
12705 useful to get more information about bus objects shown by
12706 the new "busctl tree" command.
12708 * The busctl tool now understands new verbs "call",
12709 "set-property" and "get-property" for invoking bus method
12710 calls, setting and getting bus object properties in a
12713 * busctl gained a new --augment-creds= argument that controls
12714 whether the tool shall augment credential information it
12715 gets from the bus with data from /proc, in a possibly
12718 * nspawn's --link-journal= switch gained two new values
12719 "try-guest" and "try-host" that work like "guest" and
12720 "host", but do not fail if the host has no persistent
12721 journaling enabled. -j is now equivalent to
12722 --link-journal=try-guest.
12724 * macvlan network devices created by nspawn will now have
12725 stable MAC addresses.
12727 * A new SmackProcessLabel= unit setting has been added, which
12728 controls the SMACK security label processes forked off by
12729 the respective unit shall use.
12731 * If compiled with --enable-xkbcommon, systemd-localed will
12732 verify x11 keymap settings by compiling the given keymap. It
12733 will spew out warnings if the compilation fails. This
12734 requires libxkbcommon to be installed.
12736 * When a coredump is collected, a larger number of metadata
12737 fields is now collected and included in the journal records
12738 created for it. More specifically, control group membership,
12739 environment variables, memory maps, working directory,
12740 chroot directory, /proc/$PID/status, and a list of open file
12741 descriptors is now stored in the log entry.
12743 * The udev hwdb now contains DPI information for mice. For
12746 http://who-t.blogspot.de/2014/12/building-a-dpi-database-for-mice.html
12748 * All systemd programs that read standalone configuration
12749 files in /etc now also support a corresponding series of
12750 .conf.d configuration directories in /etc/, /run/,
12751 /usr/local/lib/, /usr/lib/, and (if configured with
12752 --enable-split-usr) /lib/. In particular, the following
12753 configuration files now have corresponding configuration
12754 directories: system.conf user.conf, logind.conf,
12755 journald.conf, sleep.conf, bootchart.conf, coredump.conf,
12756 resolved.conf, timesyncd.conf, journal-remote.conf, and
12757 journal-upload.conf. Note that distributions should use the
12758 configuration directories in /usr/lib/; the directories in
12759 /etc/ are reserved for the system administrator.
12761 * systemd-rfkill will no longer take the rfkill device name
12762 into account when storing rfkill state on disk, as the name
12763 might be dynamically assigned and not stable. Instead, the
12764 ID_PATH udev variable combined with the rfkill type (wlan,
12765 bluetooth, …) is used.
12767 * A new service systemd-machine-id-commit.service has been
12768 added. When used on systems where /etc is read-only during
12769 boot, and /etc/machine-id is not initialized (but an empty
12770 file), this service will copy the temporary machine ID
12771 created as replacement into /etc after the system is fully
12772 booted up. This is useful for systems that are freshly
12773 installed with a non-initialized machine ID, but should get
12774 a fixed machine ID for subsequent boots.
12776 * networkd's .netdev files now provide a large set of
12777 configuration parameters for VXLAN devices. Similarly, the
12778 bridge port cost parameter is now configurable in .network
12779 files. There's also new support for configuring IP source
12780 routing. networkd .link files gained support for a new
12781 OriginalName= match that is useful to match against the
12782 original interface name the kernel assigned. .network files
12783 may include MTU= and MACAddress= fields for altering the MTU
12784 and MAC address while being connected to a specific network
12787 * The LUKS logic gained supported for configuring
12788 UUID-specific key files. There's also new support for naming
12789 LUKS device from the kernel command line, using the new
12790 luks.name= argument.
12792 * Timer units may now be transiently created via the bus API
12793 (this was previously already available for scope and service
12794 units). In addition it is now possible to create multiple
12795 transient units at the same time with a single bus call. The
12796 "systemd-run" tool has been updated to make use of this for
12797 running commands on a specified time, in at(1)-style.
12799 * tmpfiles gained support for "t" lines, for assigning
12800 extended attributes to files. Among other uses this may be
12801 used to assign SMACK labels to files.
12803 Contributions from: Alin Rauta, Alison Chaiken, Andrej
12804 Manduch, Bastien Nocera, Chris Atkinson, Chris Leech, Chris
12805 Mayo, Colin Guthrie, Colin Walters, Cristian Rodríguez,
12806 Daniele Medri, Daniel Mack, Dan Williams, Dan Winship, Dave
12807 Reisner, David Herrmann, Didier Roche, Felipe Sateler, Gavin
12808 Li, Hans de Goede, Harald Hoyer, Iago López Galeiras, Ivan
12809 Shapovalov, Jakub Filak, Jan Janssen, Jan Synacek, Joe
12810 Lawrence, Josh Triplett, Kay Sievers, Lennart Poettering,
12811 Lukas Nykryn, Łukasz Stelmach, Maciej Wereski, Mantas
12812 Mikulėnas, Marcel Holtmann, Martin Pitt, Maurizio Lombardi,
12813 Michael Biebl, Michael Chapman, Michael Marineau, Michal
12814 Schmidt, Michal Sekletar, Olivier Brunel, Patrik Flykt, Peter
12815 Hutterer, Przemyslaw Kedzierski, Rami Rosen, Ray Strode,
12816 Richard Schütz, Richard W.M. Jones, Ronny Chevalier, Ross
12817 Lagerwall, Sean Young, Stanisław Pitucha, Susant Sahani,
12818 Thomas Haller, Thomas Hindoe Paaboel Andersen, Tom Gundersen,
12819 Torstein Husebø, Umut Tezduyar Lindskog, Vicente Olivert
12820 Riera, WaLyong Cho, Wesley Dawson, Zbigniew Jędrzejewski-Szmek
12822 — Berlin, 2014-12-10
12826 * journalctl gained the new options -t/--identifier= to match
12827 on the syslog identifier (aka "tag"), as well as --utc to
12828 show log timestamps in the UTC timezone. journalctl now also
12829 accepts -n/--lines=all to disable line capping in a pager.
12831 * journalctl gained a new switch, --flush, that synchronously
12832 flushes logs from /run/log/journal to /var/log/journal if
12833 persistent storage is enabled. systemd-journal-flush.service
12834 now waits until the operation is complete.
12836 * Services can notify the manager before they start a reload
12837 (by sending RELOADING=1) or shutdown (by sending
12838 STOPPING=1). This allows the manager to track and show the
12839 internal state of daemons and closes a race condition when
12840 the process is still running but has closed its D-Bus
12843 * Services with Type=oneshot do not have to have any ExecStart
12846 * User units are now loaded also from
12847 $XDG_RUNTIME_DIR/systemd/user/. This is similar to the
12848 /run/systemd/user directory that was already previously
12849 supported, but is under the control of the user.
12851 * Job timeouts (i.e. timeouts on the time a job that is
12852 queued stays in the run queue) can now optionally result in
12853 immediate reboot or power-off actions (JobTimeoutAction= and
12854 JobTimeoutRebootArgument=). This is useful on ".target"
12855 units, to limit the maximum time a target remains
12856 undispatched in the run queue, and to trigger an emergency
12857 operation in such a case. This is now used by default to
12858 turn off the system if boot-up (as defined by everything in
12859 basic.target) hangs and does not complete for at least
12860 15min. Also, if power-off or reboot hang for at least 30min
12861 an immediate power-off/reboot operation is triggered. This
12862 functionality is particularly useful to increase reliability
12863 on embedded devices, but also on laptops which might
12864 accidentally get powered on when carried in a backpack and
12865 whose boot stays stuck in a hard disk encryption passphrase
12868 * systemd-logind can be configured to also handle lid switch
12869 events even when the machine is docked or multiple displays
12870 are attached (HandleLidSwitchDocked= option).
12872 * A helper binary and a service have been added which can be
12873 used to resume from hibernation in the initramfs. A
12874 generator will parse the resume= option on the kernel
12875 command line to trigger resume.
12877 * A user console daemon systemd-consoled has been
12878 added. Currently, it is a preview, and will so far open a
12879 single terminal on each session of the user marked as
12880 Desktop=systemd-console.
12882 * Route metrics can be specified for DHCP routes added by
12885 * The SELinux context of socket-activated services can be set
12886 from the information provided by the networking stack
12887 (SELinuxContextFromNet= option).
12889 * Userspace firmware loading support has been removed and
12890 the minimum supported kernel version is thus bumped to 3.7.
12892 * Timeout for udev workers has been increased from 1 to 3
12893 minutes, but a warning will be printed after 1 minute to
12894 help diagnose kernel modules that take a long time to load.
12896 * Udev rules can now remove tags on devices with TAG-="foobar".
12898 * systemd's readahead implementation has been removed. In many
12899 circumstances it didn't give expected benefits even for
12900 rotational disk drives and was becoming less relevant in the
12901 age of SSDs. As none of the developers has been using
12902 rotating media anymore, and nobody stepped up to actively
12903 maintain this component of systemd it has now been removed.
12905 * Swap units can use Options= to specify discard options.
12906 Discard options specified for swaps in /etc/fstab are now
12909 * Docker containers are now detected as a separate type of
12912 * The Password Agent protocol gained support for queries where
12913 the user input is shown, useful e.g. for user names.
12914 systemd-ask-password gained a new --echo option to turn that
12917 * The default sysctl.d/ snippets will now set:
12919 net.core.default_qdisc = fq_codel
12921 This selects Fair Queuing Controlled Delay as the default
12922 queuing discipline for network interfaces. fq_codel helps
12923 fight the network bufferbloat problem. It is believed to be
12924 a good default with no tuning required for most workloads.
12925 Downstream distributions may override this choice. On 10Gbit
12926 servers that do not do forwarding, "fq" may perform better.
12927 Systems without a good clocksource should use "pfifo_fast".
12929 * If kdbus is enabled during build a new option BusPolicy= is
12930 available for service units, that allows locking all service
12931 processes into a stricter bus policy, in order to limit
12932 access to various bus services, or even hide most of them
12933 from the service's view entirely.
12935 * networkctl will now show the .network and .link file
12936 networkd has applied to a specific interface.
12938 * sd-login gained a new API call sd_session_get_desktop() to
12939 query which desktop environment has been selected for a
12942 * UNIX utmp support is now compile-time optional to support
12943 legacy-free systems.
12945 * systemctl gained two new commands "add-wants" and
12946 "add-requires" for pulling in units from specific targets
12949 * If the word "rescue" is specified on the kernel command line
12950 the system will now boot into rescue mode (aka
12951 rescue.target), which was previously available only by
12952 specifying "1" or "systemd.unit=rescue.target" on the kernel
12953 command line. This new kernel command line option nicely
12954 mirrors the already existing "emergency" kernel command line
12957 * New kernel command line options mount.usr=, mount.usrflags=,
12958 mount.usrfstype= have been added that match root=, rootflags=,
12959 rootfstype= but allow mounting a specific file system to
12962 * The $NOTIFY_SOCKET is now also passed to control processes of
12963 services, not only the main process.
12965 * This version reenables support for fsck's -l switch. This
12966 means at least version v2.25 of util-linux is required for
12967 operation, otherwise dead-locks on device nodes may
12968 occur. Again: you need to update util-linux to at least
12969 v2.25 when updating systemd to v217.
12971 * The "multi-seat-x" tool has been removed from systemd, as
12972 its functionality has been integrated into X servers 1.16,
12973 and the tool is hence redundant. It is recommended to update
12974 display managers invoking this tool to simply invoke X
12975 directly from now on, again.
12977 * Support for the new ALLOW_INTERACTIVE_AUTHORIZATION D-Bus
12978 message flag has been added for all of systemd's polkit
12979 authenticated method calls has been added. In particular this
12980 now allows optional interactive authorization via polkit for
12981 many of PID1's privileged operations such as unit file
12982 enabling and disabling.
12984 * "udevadm hwdb --update" learnt a new switch "--usr" for
12985 placing the rebuilt hardware database in /usr instead of
12986 /etc. When used only hardware database entries stored in
12987 /usr will be used, and any user database entries in /etc are
12988 ignored. This functionality is useful for vendors to ship a
12989 pre-built database on systems where local configuration is
12990 unnecessary or unlikely.
12992 * Calendar time specifications in .timer units now also
12993 understand the strings "semi-annually", "quarterly" and
12994 "minutely" as shortcuts (in addition to the preexisting
12995 "annually", "hourly", …).
12997 * systemd-tmpfiles will now correctly create files in /dev
12998 at boot which are marked for creation only at boot. It is
12999 recommended to always create static device nodes with 'c!'
13000 and 'b!', so that they are created only at boot and not
13001 overwritten at runtime.
13003 * When the watchdog logic is used for a service (WatchdogSec=)
13004 and the watchdog timeout is hit the service will now be
13005 terminated with SIGABRT (instead of just SIGTERM), in order
13006 to make sure a proper coredump and backtrace is
13007 generated. This ensures that hanging services will result in
13008 similar coredump/backtrace behaviour as services that hit a
13009 segmentation fault.
13011 Contributions from: Andreas Henriksson, Andrei Borzenkov,
13012 Angus Gibson, Ansgar Burchardt, Ben Wolsieffer, Brandon L.
13013 Black, Christian Hesse, Cristian Rodríguez, Daniel Buch,
13014 Daniele Medri, Daniel Mack, Dan Williams, Dave Reisner, David
13015 Herrmann, David Sommerseth, David Strauss, Emil Renner
13016 Berthing, Eric Cook, Evangelos Foutras, Filipe Brandenburger,
13017 Gustavo Sverzut Barbieri, Hans de Goede, Harald Hoyer, Hristo
13018 Venev, Hugo Grostabussiat, Ivan Shapovalov, Jan Janssen, Jan
13019 Synacek, Jonathan Liu, Juho Son, Karel Zak, Kay Sievers, Klaus
13020 Purer, Koen Kooi, Lennart Poettering, Lukas Nykryn, Lukasz
13021 Skalski, Łukasz Stelmach, Mantas Mikulėnas, Marcel Holtmann,
13022 Marius Tessmann, Marko Myllynen, Martin Pitt, Michael Biebl,
13023 Michael Marineau, Michael Olbrich, Michael Scherer, Michal
13024 Schmidt, Michal Sekletar, Miroslav Lichvar, Patrik Flykt,
13025 Philippe De Swert, Piotr Drąg, Rahul Sundaram, Richard
13026 Weinberger, Robert Milasan, Ronny Chevalier, Ruben Kerkhof,
13027 Santiago Vila, Sergey Ptashnick, Simon McVittie, Sjoerd
13028 Simons, Stefan Brüns, Steven Allen, Steven Noonan, Susant
13029 Sahani, Sylvain Plantefève, Thomas Hindoe Paaboel Andersen,
13030 Timofey Titovets, Tobias Hunger, Tom Gundersen, Torstein
13031 Husebø, Umut Tezduyar Lindskog, WaLyong Cho, Zbigniew
13034 — Berlin, 2014-10-28
13038 * timedated no longer reads NTP implementation unit names from
13039 /usr/lib/systemd/ntp-units.d/*.list. Alternative NTP
13040 implementations should add a
13042 Conflicts=systemd-timesyncd.service
13044 to their unit files to take over and replace systemd's NTP
13045 default functionality.
13047 * systemd-sysusers gained a new line type "r" for configuring
13048 which UID/GID ranges to allocate system users/groups
13049 from. Lines of type "u" may now add an additional column
13050 that specifies the home directory for the system user to be
13051 created. Also, systemd-sysusers may now optionally read user
13052 information from STDIN instead of a file. This is useful for
13053 invoking it from RPM preinst scriptlets that need to create
13054 users before the first RPM file is installed since these
13055 files might need to be owned by them. A new
13056 %sysusers_create_inline RPM macro has been introduced to do
13057 just that. systemd-sysusers now updates the shadow files as
13058 well as the user/group databases, which should enhance
13059 compatibility with certain tools like grpck.
13061 * A number of bus APIs of PID 1 now optionally consult polkit to
13062 permit access for otherwise unprivileged clients under certain
13063 conditions. Note that this currently doesn't support
13064 interactive authentication yet, but this is expected to be
13065 added eventually, too.
13067 * /etc/machine-info now has new fields for configuring the
13068 deployment environment of the machine, as well as the
13069 location of the machine. hostnamectl has been updated with
13070 new command to update these fields.
13072 * systemd-timesyncd has been updated to automatically acquire
13073 NTP server information from systemd-networkd, which might
13074 have been discovered via DHCP.
13076 * systemd-resolved now includes a caching DNS stub resolver
13077 and a complete LLMNR name resolution implementation. A new
13078 NSS module "nss-resolve" has been added which can be used
13079 instead of glibc's own "nss-dns" to resolve hostnames via
13080 systemd-resolved. Hostnames, addresses and arbitrary RRs may
13081 be resolved via systemd-resolved D-Bus APIs. In contrast to
13082 the glibc internal resolver systemd-resolved is aware of
13083 multi-homed system, and keeps DNS server and caches separate
13084 and per-interface. Queries are sent simultaneously on all
13085 interfaces that have DNS servers configured, in order to
13086 properly handle VPNs and local LANs which might resolve
13087 separate sets of domain names. systemd-resolved may acquire
13088 DNS server information from systemd-networkd automatically,
13089 which in turn might have discovered them via DHCP. A tool
13090 "systemd-resolve-host" has been added that may be used to
13091 query the DNS logic in resolved. systemd-resolved implements
13092 IDNA and automatically uses IDNA or UTF-8 encoding depending
13093 on whether classic DNS or LLMNR is used as transport. In the
13094 next releases we intend to add a DNSSEC and mDNS/DNS-SD
13095 implementation to systemd-resolved.
13097 * A new NSS module nss-mymachines has been added, that
13098 automatically resolves the names of all local registered
13099 containers to their respective IP addresses.
13101 * A new client tool "networkctl" for systemd-networkd has been
13102 added. It currently is entirely passive and will query
13103 networking configuration from udev, rtnetlink and networkd,
13104 and present it to the user in a very friendly
13105 way. Eventually, we hope to extend it to become a full
13106 control utility for networkd.
13108 * .socket units gained a new DeferAcceptSec= setting that
13109 controls the kernels' TCP_DEFER_ACCEPT sockopt for
13110 TCP. Similarly, support for controlling TCP keep-alive
13111 settings has been added (KeepAliveTimeSec=,
13112 KeepAliveIntervalSec=, KeepAliveProbes=). Also, support for
13113 turning off Nagle's algorithm on TCP has been added
13116 * logind learned a new session type "web", for use in projects
13117 like Cockpit which register web clients as PAM sessions.
13119 * timer units with at least one OnCalendar= setting will now
13120 be started only after time-sync.target has been
13121 reached. This way they will not elapse before the system
13122 clock has been corrected by a local NTP client or
13123 similar. This is particular useful on RTC-less embedded
13124 machines, that come up with an invalid system clock.
13126 * systemd-nspawn's --network-veth= switch should now result in
13127 stable MAC addresses for both the outer and the inner side
13130 * systemd-nspawn gained a new --volatile= switch for running
13131 container instances with /etc or /var unpopulated.
13133 * The kdbus client code has been updated to use the new Linux
13134 3.17 memfd subsystem instead of the old kdbus-specific one.
13136 * systemd-networkd's DHCP client and server now support
13137 FORCERENEW. There are also new configuration options to
13138 configure the vendor client identifier and broadcast mode
13141 * systemd will no longer inform the kernel about the current
13142 timezone, as this is necessarily incorrect and racy as the
13143 kernel has no understanding of DST and similar
13144 concepts. This hence means FAT timestamps will be always
13145 considered UTC, similar to what Android is already
13146 doing. Also, when the RTC is configured to the local time
13147 (rather than UTC) systemd will never synchronize back to it,
13148 as this might confuse Windows at a later boot.
13150 * systemd-analyze gained a new command "verify" for offline
13151 validation of unit files.
13153 * systemd-networkd gained support for a couple of additional
13154 settings for bonding networking setups. Also, the metric for
13155 statically configured routes may now be configured. For
13156 network interfaces where this is appropriate the peer IP
13157 address may now be configured.
13159 * systemd-networkd's DHCP client will no longer request
13160 broadcasting by default, as this tripped up some networks.
13161 For hardware where broadcast is required the feature should
13162 be switched back on using RequestBroadcast=yes.
13164 * systemd-networkd will now set up IPv4LL addresses (when
13165 enabled) even if DHCP is configured successfully.
13167 * udev will now default to respect network device names given
13168 by the kernel when the kernel indicates that these are
13169 predictable. This behavior can be tweaked by changing
13170 NamePolicy= in the relevant .link file.
13172 * A new library systemd-terminal has been added that
13173 implements full TTY stream parsing and rendering. This
13174 library is supposed to be used later on for implementing a
13175 full userspace VT subsystem, replacing the current kernel
13178 * A new tool systemd-journal-upload has been added to push
13179 journal data to a remote system running
13180 systemd-journal-remote.
13182 * journald will no longer forward all local data to another
13183 running syslog daemon. This change has been made because
13184 rsyslog (which appears to be the most commonly used syslog
13185 implementation these days) no longer makes use of this, and
13186 instead pulls the data out of the journal on its own. Since
13187 forwarding the messages to a non-existent syslog server is
13188 more expensive than we assumed we have now turned this
13189 off. If you run a syslog server that is not a recent rsyslog
13190 version, you have to turn this option on again
13191 (ForwardToSyslog= in journald.conf).
13193 * journald now optionally supports the LZ4 compressor for
13194 larger journal fields. This compressor should perform much
13195 better than XZ which was the previous default.
13197 * machinectl now shows the IP addresses of local containers,
13198 if it knows them, plus the interface name of the container.
13200 * A new tool "systemd-escape" has been added that makes it
13201 easy to escape strings to build unit names and similar.
13203 * sd_notify() messages may now include a new ERRNO= field
13204 which is parsed and collected by systemd and shown among the
13205 "systemctl status" output for a service.
13207 * A new component "systemd-firstboot" has been added that
13208 queries the most basic systemd information (timezone,
13209 hostname, root password) interactively on first
13210 boot. Alternatively it may also be used to provision these
13211 things offline on OS images installed into directories.
13213 * The default sysctl.d/ snippets will now set
13215 net.ipv4.conf.default.promote_secondaries=1
13217 This has the benefit of no flushing secondary IP addresses
13218 when primary addresses are removed.
13220 Contributions from: Ansgar Burchardt, Bastien Nocera, Colin
13221 Walters, Dan Dedrick, Daniel Buch, Daniel Korostil, Daniel
13222 Mack, Dan Williams, Dave Reisner, David Herrmann, Denis
13223 Kenzior, Eelco Dolstra, Eric Cook, Hannes Reinecke, Harald
13224 Hoyer, Hong Shick Pak, Hui Wang, Jean-André Santoni, Jóhann
13225 B. Guðmundsson, Jon Severinsson, Karel Zak, Kay Sievers, Kevin
13226 Wells, Lennart Poettering, Lukas Nykryn, Mantas Mikulėnas,
13227 Marc-Antoine Perennou, Martin Pitt, Michael Biebl, Michael
13228 Marineau, Michael Olbrich, Michal Schmidt, Michal Sekletar,
13229 Miguel Angel Ajo, Mike Gilbert, Olivier Brunel, Robert
13230 Schiele, Ronny Chevalier, Simon McVittie, Sjoerd Simons, Stef
13231 Walter, Steven Noonan, Susant Sahani, Tanu Kaskinen, Thomas
13232 Blume, Thomas Hindoe Paaboel Andersen, Timofey Titovets,
13233 Tobias Geerinckx-Rice, Tomasz Torcz, Tom Gundersen, Umut
13234 Tezduyar Lindskog, Zbigniew Jędrzejewski-Szmek
13236 — Berlin, 2014-08-19
13240 * A new tool systemd-sysusers has been added. This tool
13241 creates system users and groups in /etc/passwd and
13242 /etc/group, based on static declarative system user/group
13243 definitions in /usr/lib/sysusers.d/. This is useful to
13244 enable factory resets and volatile systems that boot up with
13245 an empty /etc directory, and thus need system users and
13246 groups created during early boot. systemd now also ships
13247 with two default sysusers.d/ files for the most basic
13248 users and groups systemd and the core operating system
13251 * A new tmpfiles snippet has been added that rebuilds the
13252 essential files in /etc on boot, should they be missing.
13254 * A directive for ensuring automatic clean-up of
13255 /var/cache/man/ has been removed from the default
13256 configuration. This line should now be shipped by the man
13257 implementation. The necessary change has been made to the
13258 man-db implementation. Note that you need to update your man
13259 implementation to one that ships this line, otherwise no
13260 automatic clean-up of /var/cache/man will take place.
13262 * A new condition ConditionNeedsUpdate= has been added that
13263 may conditionalize services to only run when /etc or /var
13264 are "older" than the vendor operating system resources in
13265 /usr. This is useful for reconstructing or updating /etc
13266 after an offline update of /usr or a factory reset, on the
13267 next reboot. Services that want to run once after such an
13268 update or reset should use this condition and order
13269 themselves before the new systemd-update-done.service, which
13270 will mark the two directories as fully updated. A number of
13271 service files have been added making use of this, to rebuild
13272 the udev hardware database, the journald message catalog and
13273 dynamic loader cache (ldconfig). The systemd-sysusers tool
13274 described above also makes use of this now. With this in
13275 place it is now possible to start up a minimal operating
13276 system with /etc empty cleanly. For more information on the
13277 concepts involved see this recent blog story:
13279 https://0pointer.de/blog/projects/stateless.html
13281 * A new system group "input" has been introduced, and all
13282 input device nodes get this group assigned. This is useful
13283 for system-level software to get access to input devices. It
13284 complements what is already done for "audio" and "video".
13286 * systemd-networkd learnt minimal DHCPv4 server support in
13287 addition to the existing DHCPv4 client support. It also
13288 learnt DHCPv6 client and IPv6 Router Solicitation client
13289 support. The DHCPv4 client gained support for static routes
13290 passed in from the server. Note that the [DHCPv4] section
13291 known in older systemd-networkd versions has been renamed to
13292 [DHCP] and is now also used by the DHCPv6 client. Existing
13293 .network files using settings of this section should be
13294 updated, though compatibility is maintained. Optionally, the
13295 client hostname may now be sent to the DHCP server.
13297 * networkd gained support for vxlan virtual networks as well
13298 as tun/tap and dummy devices.
13300 * networkd gained support for automatic allocation of address
13301 ranges for interfaces from a system-wide pool of
13302 addresses. This is useful for dynamically managing a large
13303 number of interfaces with a single network configuration
13304 file. In particular this is useful to easily assign
13305 appropriate IP addresses to the veth links of a large number
13306 of nspawn instances.
13308 * RPM macros for processing sysusers, sysctl and binfmt
13309 drop-in snippets at package installation time have been
13312 * The /etc/os-release file should now be placed in
13313 /usr/lib/os-release. The old location is automatically
13314 created as symlink. /usr/lib is the more appropriate
13315 location of this file, since it shall actually describe the
13316 vendor operating system shipped in /usr, and not the
13317 configuration stored in /etc.
13319 * .mount units gained a new boolean SloppyOptions= setting
13320 that maps to mount(8)'s -s option which enables permissive
13321 parsing of unknown mount options.
13323 * tmpfiles learnt a new "L+" directive which creates a symlink
13324 but (unlike "L") deletes a pre-existing file first, should
13325 it already exist and not already be the correct
13326 symlink. Similarly, "b+", "c+" and "p+" directives have been
13327 added as well, which create block and character devices, as
13328 well as fifos in the filesystem, possibly removing any
13329 pre-existing files of different types.
13331 * For tmpfiles' "L", "L+", "C" and "C+" directives the final
13332 'argument' field (which so far specified the source to
13333 symlink/copy the files from) is now optional. If omitted the
13334 same file os copied from /usr/share/factory/ suffixed by the
13335 full destination path. This is useful for populating /etc
13336 with essential files, by copying them from vendor defaults
13337 shipped in /usr/share/factory/etc.
13339 * A new command "systemctl preset-all" has been added that
13340 applies the service preset settings to all installed unit
13341 files. A new switch --preset-mode= has been added that
13342 controls whether only enable or only disable operations
13345 * A new command "systemctl is-system-running" has been added
13346 that allows checking the overall state of the system, for
13347 example whether it is fully up and running.
13349 * When the system boots up with an empty /etc, the equivalent
13350 to "systemctl preset-all" is executed during early boot, to
13351 make sure all default services are enabled after a factory
13354 * systemd now contains a minimal preset file that enables the
13355 most basic services systemd ships by default.
13357 * Unit files' [Install] section gained a new DefaultInstance=
13358 field for defining the default instance to create if a
13359 template unit is enabled with no instance specified.
13361 * A new passive target cryptsetup-pre.target has been added
13362 that may be used by services that need to make they run and
13363 finish before the first LUKS cryptographic device is set up.
13365 * The /dev/loop-control and /dev/btrfs-control device nodes
13366 are now owned by the "disk" group by default, opening up
13367 access to this group.
13369 * systemd-coredump will now automatically generate a
13370 stack trace of all core dumps taking place on the system,
13371 based on elfutils' libdw library. This stack trace is logged
13374 * systemd-coredump may now optionally store coredumps directly
13375 on disk (in /var/lib/systemd/coredump, possibly compressed),
13376 instead of storing them unconditionally in the journal. This
13377 mode is the new default. A new configuration file
13378 /etc/systemd/coredump.conf has been added to configure this
13379 and other parameters of systemd-coredump.
13381 * coredumpctl gained a new "info" verb to show details about a
13382 specific coredump. A new switch "-1" has also been added
13383 that makes sure to only show information about the most
13384 recent entry instead of all entries. Also, as the tool is
13385 generally useful now the "systemd-" prefix of the binary
13386 name has been removed. Distributions that want to maintain
13387 compatibility with the old name should add a symlink from
13388 the old name to the new name.
13390 * journald's SplitMode= now defaults to "uid". This makes sure
13391 that unprivileged users can access their own coredumps with
13392 coredumpctl without restrictions.
13394 * New kernel command line options "systemd.wants=" (for
13395 pulling an additional unit during boot), "systemd.mask="
13396 (for masking a specific unit for the boot), and
13397 "systemd.debug-shell" (for enabling the debug shell on tty9)
13398 have been added. This is implemented in the new generator
13399 "systemd-debug-generator".
13401 * systemd-nspawn will now by default filter a couple of
13402 syscalls for containers, among them those required for
13403 kernel module loading, direct x86 IO port access, swap
13404 management, and kexec. Most importantly though
13405 open_by_handle_at() is now prohibited for containers,
13406 closing a hole similar to a recently discussed vulnerability
13407 in docker regarding access to files on file hierarchies the
13408 container should normally not have access to. Note that, for
13409 nspawn, we generally make no security claims anyway (and
13410 this is explicitly documented in the man page), so this is
13411 just a fix for one of the most obvious problems.
13413 * A new man page file-hierarchy(7) has been added that
13414 contains a minimized, modernized version of the file system
13415 layout systemd expects, similar in style to the FHS
13416 specification or hier(5). A new tool systemd-path(1) has
13417 been added to query many of these paths for the local
13420 * Automatic time-based clean-up of $XDG_RUNTIME_DIR is no
13421 longer done. Since the directory now has a per-user size
13422 limit, and is cleaned on logout this appears unnecessary,
13423 in particular since this now brings the lifecycle of this
13424 directory closer in line with how IPC objects are handled.
13426 * systemd.pc now exports a number of additional directories,
13427 including $libdir (which is useful to identify the library
13428 path for the primary architecture of the system), and a
13429 couple of drop-in directories.
13431 * udev's predictable network interface names now use the dev_port
13432 sysfs attribute, introduced in linux 3.15 instead of dev_id to
13433 distinguish between ports of the same PCI function. dev_id should
13434 only be used for ports using the same HW address, hence the need
13437 * machined has been updated to export the OS version of a
13438 container (read from /etc/os-release and
13439 /usr/lib/os-release) on the bus. This is now shown in
13440 "machinectl status" for a machine.
13442 * A new service setting RestartForceExitStatus= has been
13443 added. If configured to a set of exit signals or process
13444 return values, the service will be restarted when the main
13445 daemon process exits with any of them, regardless of the
13448 * systemctl's -H switch for connecting to remote systemd
13449 machines has been extended so that it may be used to
13450 directly connect to a specific container on the
13451 host. "systemctl -H root@foobar:waldi" will now connect as
13452 user "root" to host "foobar", and then proceed directly to
13453 the container named "waldi". Note that currently you have to
13454 authenticate as user "root" for this to work, as entering
13455 containers is a privileged operation.
13457 Contributions from: Andreas Henriksson, Benjamin Steinwender,
13458 Carl Schaefer, Christian Hesse, Colin Ian King, Cristian
13459 Rodríguez, Daniel Mack, Dave Reisner, David Herrmann, Eugene
13460 Yakubovich, Filipe Brandenburger, Frederic Crozat, Hristo
13461 Venev, Jan Engelhardt, Jonathan Boulle, Kay Sievers, Lennart
13462 Poettering, Luke Shumaker, Mantas Mikulėnas, Marc-Antoine
13463 Perennou, Marcel Holtmann, Michael Marineau, Michael Olbrich,
13464 Michał Bartoszkiewicz, Michal Sekletar, Patrik Flykt, Ronan Le
13465 Martret, Ronny Chevalier, Ruediger Oertel, Steven Noonan,
13466 Susant Sahani, Thadeu Lima de Souza Cascardo, Thomas Hindoe
13467 Paaboel Andersen, Tom Gundersen, Tom Hirst, Umut Tezduyar
13468 Lindskog, Uoti Urpala, Zbigniew Jędrzejewski-Szmek
13470 — Berlin, 2014-07-03
13474 * As an experimental feature, udev now tries to lock the
13475 disk device node (flock(LOCK_SH|LOCK_NB)) while it
13476 executes events for the disk or any of its partitions.
13477 Applications like partitioning programs can lock the
13478 disk device node (flock(LOCK_EX)) and claim temporary
13479 device ownership that way; udev will entirely skip all event
13480 handling for this disk and its partitions. If the disk
13481 was opened for writing, the close will trigger a partition
13482 table rescan in udev's "watch" facility, and if needed
13483 synthesize "change" events for the disk and all its partitions.
13484 This is now unconditionally enabled, and if it turns out to
13485 cause major problems, we might turn it on only for specific
13486 devices, or might need to disable it entirely. Device Mapper
13487 devices are excluded from this logic.
13489 * We temporarily dropped the "-l" switch for fsck invocations,
13490 since they collide with the flock() logic above. util-linux
13491 upstream has been changed already to avoid this conflict,
13492 and we will re-add "-l" as soon as util-linux with this
13493 change has been released.
13495 * The dependency on libattr has been removed. Since a long
13496 time, the extended attribute calls have moved to glibc, and
13497 libattr is thus unnecessary.
13499 * Virtualization detection works without privileges now. This
13500 means the systemd-detect-virt binary no longer requires
13501 CAP_SYS_PTRACE file capabilities, and our daemons can run
13502 with fewer privileges.
13504 * systemd-networkd now runs under its own "systemd-network"
13505 user. It retains the CAP_NET_ADMIN, CAP_NET_BIND_SERVICE,
13506 CAP_NET_BROADCAST, CAP_NET_RAW capabilities though, but
13507 loses the ability to write to files owned by root this way.
13509 * Similarly, systemd-resolved now runs under its own
13510 "systemd-resolve" user with no capabilities remaining.
13512 * Similarly, systemd-bus-proxyd now runs under its own
13513 "systemd-bus-proxy" user with only CAP_IPC_OWNER remaining.
13515 * systemd-networkd gained support for setting up "veth"
13516 virtual Ethernet devices for container connectivity, as well
13517 as GRE and VTI tunnels.
13519 * systemd-networkd will no longer automatically attempt to
13520 manually load kernel modules necessary for certain tunnel
13521 transports. Instead, it is assumed the kernel loads them
13522 automatically when required. This only works correctly on
13523 very new kernels. On older kernels, please consider adding
13524 the kernel modules to /etc/modules-load.d/ as a work-around.
13526 * The resolv.conf file systemd-resolved generates has been
13527 moved to /run/systemd/resolve/. If you have a symlink from
13528 /etc/resolv.conf, it might be necessary to correct it.
13530 * Two new service settings, ProtectHome= and ProtectSystem=,
13531 have been added. When enabled, they will make the user data
13532 (such as /home) inaccessible or read-only and the system
13533 (such as /usr) read-only, for specific services. This allows
13534 very light-weight per-service sandboxing to avoid
13535 modifications of user data or system files from
13536 services. These two new switches have been enabled for all
13537 of systemd's long-running services, where appropriate.
13539 * Socket units gained new SocketUser= and SocketGroup=
13540 settings to set the owner user and group of AF_UNIX sockets
13541 and FIFOs in the file system.
13543 * Socket units gained a new RemoveOnStop= setting. If enabled,
13544 all FIFOS and sockets in the file system will be removed
13545 when the specific socket unit is stopped.
13547 * Socket units gained a new Symlinks= setting. It takes a list
13548 of symlinks to create to file system sockets or FIFOs
13549 created by the specific Unix sockets. This is useful to
13550 manage symlinks to socket nodes with the same lifecycle as
13553 * The /dev/log socket and /dev/initctl FIFO have been moved to
13554 /run, and have been replaced by symlinks. This allows
13555 connecting to these facilities even if PrivateDevices=yes is
13556 used for a service (which makes /dev/log itself unavailable,
13557 but /run is left). This also has the benefit of ensuring
13558 that /dev only contains device nodes, directories and
13559 symlinks, and nothing else.
13561 * sd-daemon gained two new calls sd_pid_notify() and
13562 sd_pid_notifyf(). They are similar to sd_notify() and
13563 sd_notifyf(), but allow overriding of the source PID of
13564 notification messages if permissions permit this. This is
13565 useful to send notify messages on behalf of a different
13566 process (for example, the parent process). The
13567 systemd-notify tool has been updated to make use of this
13568 when sending messages (so that notification messages now
13569 originate from the shell script invoking systemd-notify and
13570 not the systemd-notify process itself. This should minimize
13571 a race where systemd fails to associate notification
13572 messages to services when the originating process already
13575 * A new "on-abnormal" setting for Restart= has been added. If
13576 set, it will result in automatic restarts on all "abnormal"
13577 reasons for a process to exit, which includes unclean
13578 signals, core dumps, timeouts and watchdog timeouts, but
13579 does not include clean and unclean exit codes or clean
13580 signals. Restart=on-abnormal is an alternative for
13581 Restart=on-failure for services that shall be able to
13582 terminate and avoid restarts on certain errors, by
13583 indicating so with an unclean exit code. Restart=on-failure
13584 or Restart=on-abnormal is now the recommended setting for
13585 all long-running services.
13587 * If the InaccessibleDirectories= service setting points to a
13588 mount point (or if there are any submounts contained within
13589 it), it is now attempted to completely unmount it, to make
13590 the file systems truly unavailable for the respective
13593 * The ReadOnlyDirectories= service setting and
13594 systemd-nspawn's --read-only parameter are now recursively
13595 applied to all submounts, too.
13597 * Mount units may now be created transiently via the bus APIs.
13599 * The support for SysV and LSB init scripts has been removed
13600 from the systemd daemon itself. Instead, it is now
13601 implemented as a generator that creates native systemd units
13602 from these scripts when needed. This enables us to remove a
13603 substantial amount of legacy code from PID 1, following the
13604 fact that many distributions only ship a very small number
13605 of LSB/SysV init scripts nowadays.
13607 * Privileged Xen (dom0) domains are not considered
13608 virtualization anymore by the virtualization detection
13609 logic. After all, they generally have unrestricted access to
13610 the hardware and usually are used to manage the unprivileged
13613 * systemd-tmpfiles gained a new "C" line type, for copying
13614 files or entire directories.
13616 * systemd-tmpfiles "m" lines are now fully equivalent to "z"
13617 lines. So far, they have been non-globbing versions of the
13618 latter, and have thus been redundant. In future, it is
13619 recommended to only use "z". "m" has hence been removed
13620 from the documentation, even though it stays supported.
13622 * A tmpfiles snippet to recreate the most basic structure in
13623 /var has been added. This is enough to create the /var/run →
13624 /run symlink and create a couple of structural
13625 directories. This allows systems to boot up with an empty or
13626 volatile /var. Of course, while with this change, the core OS
13627 now is capable with dealing with a volatile /var, not all
13628 user services are ready for it. However, we hope that sooner
13629 or later, many service daemons will be changed upstream so
13630 that they are able to automatically create their necessary
13631 directories in /var at boot, should they be missing. This is
13632 the first step to allow state-less systems that only require
13633 the vendor image for /usr to boot.
13635 * systemd-nspawn has gained a new --tmpfs= switch to mount an
13636 empty tmpfs instance to a specific directory. This is
13637 particularly useful for making use of the automatic
13638 reconstruction of /var (see above), by passing --tmpfs=/var.
13640 * Access modes specified in tmpfiles snippets may now be
13641 prefixed with "~", which indicates that they shall be masked
13642 by whether the existing file or directory is currently
13643 writable, readable or executable at all. Also, if specified,
13644 the sgid/suid/sticky bits will be masked for all
13647 * A new passive target unit "network-pre.target" has been
13648 added which is useful for services that shall run before any
13649 network is configured, for example firewall scripts.
13651 * The "floppy" group that previously owned the /dev/fd*
13652 devices is no longer used. The "disk" group is now used
13653 instead. Distributions should probably deprecate usage of
13656 Contributions from: Camilo Aguilar, Christian Hesse, Colin Ian
13657 King, Cristian Rodríguez, Daniel Buch, Dave Reisner, David
13658 Strauss, Denis Tikhomirov, John, Jonathan Liu, Kay Sievers,
13659 Lennart Poettering, Mantas Mikulėnas, Mark Eichin, Ronny
13660 Chevalier, Susant Sahani, Thomas Blume, Thomas Hindoe Paaboel
13661 Andersen, Tom Gundersen, Umut Tezduyar Lindskog, Zbigniew
13664 — Berlin, 2014-06-11
13668 * A new "systemd-timesyncd" daemon has been added for
13669 synchronizing the system clock across the network. It
13670 implements an SNTP client. In contrast to NTP
13671 implementations such as chrony or the NTP reference server,
13672 this only implements a client side, and does not bother with
13673 the full NTP complexity, focusing only on querying time from
13674 one remote server and synchronizing the local clock to
13675 it. Unless you intend to serve NTP to networked clients or
13676 want to connect to local hardware clocks, this simple NTP
13677 client should be more than appropriate for most
13678 installations. The daemon runs with minimal privileges, and
13679 has been hooked up with networkd to only operate when
13680 network connectivity is available. The daemon saves the
13681 current clock to disk every time a new NTP sync has been
13682 acquired, and uses this to possibly correct the system clock
13683 early at bootup, in order to accommodate for systems that
13684 lack an RTC such as the Raspberry Pi and embedded devices,
13685 and to make sure that time monotonically progresses on these
13686 systems, even if it is not always correct. To make use of
13687 this daemon, a new system user and group "systemd-timesync"
13688 needs to be created on installation of systemd.
13690 * The queue "seqnum" interface of libudev has been disabled, as
13691 it was generally incompatible with device namespacing as
13692 sequence numbers of devices go "missing" if the devices are
13693 part of a different namespace.
13695 * "systemctl list-timers" and "systemctl list-sockets" gained
13696 a --recursive switch for showing units of these types also
13697 for all local containers, similar in style to the already
13698 supported --recursive switch for "systemctl list-units".
13700 * A new RebootArgument= setting has been added for service
13701 units, which may be used to specify a kernel reboot argument
13702 to use when triggering reboots with StartLimitAction=.
13704 * A new FailureAction= setting has been added for service
13705 units which may be used to specify an operation to trigger
13706 when a service fails. This works similarly to
13707 StartLimitAction=, but unlike it, controls what is done
13708 immediately rather than only after several attempts to
13709 restart the service in question.
13711 * hostnamed got updated to also expose the kernel name,
13712 release, and version on the bus. This is useful for
13713 executing commands like hostnamectl with the -H switch.
13714 systemd-analyze makes use of this to properly display
13715 details when running non-locally.
13717 * The bootchart tool can now show cgroup information in the
13718 graphs it generates.
13720 * The CFS CPU quota cgroup attribute is now exposed for
13721 services. The new CPUQuota= switch has been added for this
13722 which takes a percentage value. Setting this will have the
13723 result that a service may never get more CPU time than the
13724 specified percentage, even if the machine is otherwise idle.
13726 * systemd-networkd learned IPIP and SIT tunnel support.
13728 * LSB init scripts exposing a dependency on $network will now
13729 get a dependency on network-online.target rather than simply
13730 network.target. This should bring LSB handling closer to
13731 what it was on SysV systems.
13733 * A new fsck.repair= kernel option has been added to control
13734 how fsck shall deal with unclean file systems at boot.
13736 * The (.ini) configuration file parser will now silently ignore
13737 sections whose names begin with "X-". This may be used to maintain
13738 application-specific extension sections in unit files.
13740 * machined gained a new API to query the IP addresses of
13741 registered containers. "machinectl status" has been updated
13742 to show these addresses in its output.
13744 * A new call sd_uid_get_display() has been added to the
13745 sd-login APIs for querying the "primary" session of a
13746 user. The "primary" session of the user is elected from the
13747 user's sessions and generally a graphical session is
13748 preferred over a text one.
13750 * A minimal systemd-resolved daemon has been added. It
13751 currently simply acts as a companion to systemd-networkd and
13752 manages resolv.conf based on per-interface DNS
13753 configuration, possibly supplied via DHCP. In the long run
13754 we hope to extend this into a local DNSSEC enabled DNS and
13757 * The systemd-networkd-wait-online tool is now enabled by
13758 default. It will delay network-online.target until a network
13759 connection has been configured. The tool primarily integrates
13760 with networkd, but will also make a best effort to make sense
13761 of network configuration performed in some other way.
13763 * Two new service options StartupCPUShares= and
13764 StartupBlockIOWeight= have been added that work similarly to
13765 CPUShares= and BlockIOWeight= however only apply during
13766 system startup. This is useful to prioritize certain services
13767 differently during bootup than during normal runtime.
13769 * hostnamed has been changed to prefer the statically
13770 configured hostname in /etc/hostname (unless set to
13771 'localhost' or empty) over any dynamic one supplied by
13772 dhcp. With this change, the rules for picking the hostname
13773 match more closely the rules of other configuration settings
13774 where the local administrator's configuration in /etc always
13775 overrides any other settings.
13777 Contributions from: Ali H. Caliskan, Alison Chaiken, Bas van
13778 den Berg, Brandon Philips, Cristian Rodríguez, Daniel Buch,
13779 Dan Kilman, Dave Reisner, David Härdeman, David Herrmann,
13780 David Strauss, Dimitris Spingos, Djalal Harouni, Eelco
13781 Dolstra, Evan Nemerson, Florian Albrechtskirchinger, Greg
13782 Kroah-Hartman, Harald Hoyer, Holger Hans Peter Freyther, Jan
13783 Engelhardt, Jani Nikula, Jason St. John, Jeffrey Clark,
13784 Jonathan Boulle, Kay Sievers, Lennart Poettering, Lukas
13785 Nykryn, Lukasz Skalski, Łukasz Stelmach, Mantas Mikulėnas,
13786 Marcel Holtmann, Martin Pitt, Matthew Monaco, Michael
13787 Marineau, Michael Olbrich, Michal Sekletar, Mike Gilbert, Nis
13788 Martensen, Patrik Flykt, Philip Lorenz, poma, Ray Strode,
13789 Reyad Attiyat, Robert Milasan, Scott Thrasher, Stef Walter,
13790 Steven Siloti, Susant Sahani, Tanu Kaskinen, Thomas Bächler,
13791 Thomas Hindoe Paaboel Andersen, Tom Gundersen, Umut Tezduyar
13792 Lindskog, WaLyong Cho, Will Woods, Zbigniew
13795 — Beijing, 2014-05-28
13799 * When restoring the screen brightness at boot, stay away from
13800 the darkest setting or from the lowest 5% of the available
13801 range, depending on which is the larger value of both. This
13802 should effectively protect the user from rebooting into a
13803 black screen, should the brightness have been set to minimum
13806 * sd-login gained a new sd_machine_get_class() call to
13807 determine the class ("vm" or "container") of a machine
13808 registered with machined.
13810 * sd-login gained new calls
13811 sd_peer_get_{session,owner_uid,unit,user_unit,slice,machine_name}(),
13812 to query the identity of the peer of a local AF_UNIX
13813 connection. They operate similarly to their sd_pid_get_xyz()
13816 * PID 1 will now maintain a system-wide system state engine
13817 with the states "starting", "running", "degraded",
13818 "maintenance", "stopping". These states are bound to system
13819 startup, normal runtime, runtime with at least one failed
13820 service, rescue/emergency mode and system shutdown. This
13821 state is shown in the "systemctl status" output when no unit
13822 name is passed. It is useful to determine system state, in
13823 particularly when doing so for many systems or containers at
13826 * A new command "list-machines" has been added to "systemctl"
13827 that lists all local OS containers and shows their system
13828 state (see above), if systemd runs inside of them.
13830 * systemctl gained a new "-r" switch to recursively enumerate
13831 units on all local containers, when used with the
13832 "list-unit" command (which is the default one that is
13833 executed when no parameters are specified).
13835 * The GPT automatic partition discovery logic will now honour
13836 two GPT partition flags: one may be set on a partition to
13837 cause it to be mounted read-only, and the other may be set
13838 on a partition to ignore it during automatic discovery.
13840 * Two new GPT type UUIDs have been added for automatic root
13841 partition discovery, for 32-bit and 64-bit ARM. This is not
13842 particularly useful for discovering the root directory on
13843 these architectures during bare-metal boots (since UEFI is
13844 not common there), but still very useful to allow booting of
13845 ARM disk images in nspawn with the -i option.
13847 * MAC addresses of interfaces created with nspawn's
13848 --network-interface= switch will now be generated from the
13849 machine name, and thus be stable between multiple invocations
13852 * logind will now automatically remove all IPC objects owned
13853 by a user if she or he fully logs out. This makes sure that
13854 users who are logged out cannot continue to consume IPC
13855 resources. This covers SysV memory, semaphores and message
13856 queues as well as POSIX shared memory and message
13857 queues. Traditionally, SysV and POSIX IPC had no lifecycle
13858 limits. With this functionality, that is corrected. This may
13859 be turned off by using the RemoveIPC= switch of logind.conf.
13861 * The systemd-machine-id-setup and tmpfiles tools gained a
13862 --root= switch to operate on a specific root directory,
13865 * journald can now forward logged messages to the TTYs of all
13866 logged in users ("wall"). This is the default for all
13867 emergency messages now.
13869 * A new tool systemd-journal-remote has been added to stream
13870 journal log messages across the network.
13872 * /sys/fs/cgroup/ is now mounted read-only after all cgroup
13873 controller trees are mounted into it. Note that the
13874 directories mounted beneath it are not read-only. This is a
13875 security measure and is particularly useful because glibc
13876 actually includes a search logic to pick any tmpfs it can
13877 find to implement shm_open() if /dev/shm is not available
13878 (which it might very well be in namespaced setups).
13880 * machinectl gained a new "poweroff" command to cleanly power
13881 down a local OS container.
13883 * The PrivateDevices= unit file setting will now also drop the
13884 CAP_MKNOD capability from the capability bound set, and
13885 imply DevicePolicy=closed.
13887 * PrivateDevices=, PrivateNetwork= and PrivateTmp= is now used
13888 comprehensively on all long-running systemd services where
13889 this is appropriate.
13891 * systemd-udevd will now run in a disassociated mount
13892 namespace. To mount directories from udev rules, make sure to
13893 pull in mount units via SYSTEMD_WANTS properties.
13895 * The kdbus support gained support for uploading policy into
13896 the kernel. sd-bus gained support for creating "monitoring"
13897 connections that can eavesdrop into all bus communication
13898 for debugging purposes.
13900 * Timestamps may now be specified in seconds since the UNIX
13901 epoch Jan 1st, 1970 by specifying "@" followed by the value
13904 * Native tcpwrap support in systemd has been removed. tcpwrap
13905 is old code, not really maintained anymore and has serious
13906 shortcomings, and better options such as firewalls
13907 exist. For setups that require tcpwrap usage, please
13908 consider invoking your socket-activated service via tcpd,
13909 like on traditional inetd.
13911 * A new system.conf configuration option
13912 DefaultTimerAccuracySec= has been added that controls the
13913 default AccuracySec= setting of .timer units.
13915 * Timer units gained a new WakeSystem= switch. If enabled,
13916 timers configured this way will cause the system to resume
13917 from system suspend (if the system supports that, which most
13920 * Timer units gained a new Persistent= switch. If enabled,
13921 timers configured this way will save to disk when they have
13922 been last triggered. This information is then used on next
13923 reboot to possible execute overdue timer events, that
13924 could not take place because the system was powered off.
13925 This enables simple anacron-like behaviour for timer units.
13927 * systemctl's "list-timers" will now also list the time a
13928 timer unit was last triggered in addition to the next time
13929 it will be triggered.
13931 * systemd-networkd will now assign predictable IPv4LL
13932 addresses to its local interfaces.
13934 Contributions from: Brandon Philips, Daniel Buch, Daniel Mack,
13935 Dave Reisner, David Herrmann, Gerd Hoffmann, Greg
13936 Kroah-Hartman, Hendrik Brueckner, Jason St. John, Josh
13937 Triplett, Kay Sievers, Lennart Poettering, Marc-Antoine
13938 Perennou, Michael Marineau, Michael Olbrich, Miklos Vajna,
13939 Patrik Flykt, poma, Sebastian Thorarensen, Thomas Bächler,
13940 Thomas Hindoe Paaboel Andersen, Tomasz Torcz, Tom Gundersen,
13941 Umut Tezduyar Lindskog, Wieland Hoffmann, Zbigniew
13944 — Berlin, 2014-03-25
13948 * A new unit file setting RestrictAddressFamilies= has been
13949 added to restrict which socket address families unit
13950 processes gain access to. This takes address family names
13951 like "AF_INET" or "AF_UNIX", and is useful to minimize the
13952 attack surface of services via exotic protocol stacks. This
13953 is built on seccomp system call filters.
13955 * Two new unit file settings RuntimeDirectory= and
13956 RuntimeDirectoryMode= have been added that may be used to
13957 manage a per-daemon runtime directories below /run. This is
13958 an alternative for setting up directory permissions with
13959 tmpfiles snippets, and has the advantage that the runtime
13960 directory's lifetime is bound to the daemon runtime and that
13961 the daemon starts up with an empty directory each time. This
13962 is particularly useful when writing services that drop
13963 privileges using the User= or Group= setting.
13965 * The DeviceAllow= unit setting now supports globbing for
13966 matching against device group names.
13968 * The systemd configuration file system.conf gained new
13969 settings DefaultCPUAccounting=, DefaultBlockIOAccounting=,
13970 DefaultMemoryAccounting= to globally turn on/off accounting
13971 for specific resources (cgroups) for all units. These
13972 settings may still be overridden individually in each unit
13975 * systemd-gpt-auto-generator is now able to discover /srv and
13976 root partitions in addition to /home and swap partitions. It
13977 also supports LUKS-encrypted partitions now. With this in
13978 place, automatic discovery of partitions to mount following
13979 the Discoverable Partitions Specification
13980 (https://systemd.io/DISCOVERABLE_PARTITIONS/)
13981 is now a lot more complete. This allows booting without
13982 /etc/fstab and without root= on the kernel command line on
13983 systems prepared appropriately.
13985 * systemd-nspawn gained a new --image= switch which allows
13986 booting up disk images and Linux installations on any block
13987 device that follow the Discoverable Partitions Specification
13988 (see above). This means that installations made with
13989 appropriately updated installers may now be started and
13990 deployed using container managers, completely
13991 unmodified. (We hope that libvirt-lxc will add support for
13992 this feature soon, too.)
13994 * systemd-nspawn gained a new --network-macvlan= setting to
13995 set up a private macvlan interface for the
13996 container. Similarly, systemd-networkd gained a new
13997 Kind=macvlan setting in .netdev files.
13999 * systemd-networkd now supports configuring local addresses
14002 * A new tool systemd-network-wait-online has been added to
14003 synchronously wait for network connectivity using
14006 * The sd-bus.h bus API gained a new sd_bus_track object for
14007 tracking the lifecycle of bus peers. Note that sd-bus.h is
14008 still not a public API though (unless you specify
14009 --enable-kdbus on the configure command line, which however
14010 voids your warranty and you get no API stability guarantee).
14012 * The $XDG_RUNTIME_DIR runtime directories for each user are
14013 now individual tmpfs instances, which has the benefit of
14014 introducing separate pools for each user, with individual
14015 size limits, and thus making sure that unprivileged clients
14016 can no longer negatively impact the system or other users by
14017 filling up their $XDG_RUNTIME_DIR. A new logind.conf setting
14018 RuntimeDirectorySize= has been introduced that allows
14019 controlling the default size limit for all users. It
14020 defaults to 10% of the available physical memory. This is no
14021 replacement for quotas on tmpfs though (which the kernel
14022 still does not support), as /dev/shm and /tmp are still
14023 shared resources used by both the system and unprivileged
14026 * logind will now automatically turn off automatic suspending
14027 on laptop lid close when more than one display is
14028 connected. This was previously expected to be implemented
14029 individually in desktop environments (such as GNOME),
14030 however has been added to logind now, in order to fix a
14031 boot-time race where a desktop environment might not have
14032 been started yet and thus not been able to take an inhibitor
14033 lock at the time where logind already suspends the system
14034 due to a closed lid.
14036 * logind will now wait at least 30s after each system
14037 suspend/resume cycle, and 3min after system boot before
14038 suspending the system due to a closed laptop lid. This
14039 should give USB docking stations and similar enough time to
14040 be probed and configured after system resume and boot in
14041 order to then act as suspend blocker.
14043 * systemd-run gained a new --property= setting which allows
14044 initialization of resource control properties (and others)
14045 for the created scope or service unit. Example: "systemd-run
14046 --property=BlockIOWeight=10 updatedb" may be used to run
14047 updatedb at a low block IO scheduling weight.
14049 * systemd-run's --uid=, --gid=, --setenv=, --setenv= switches
14050 now also work in --scope mode.
14052 * When systemd is compiled with kdbus support, basic support
14053 for enforced policies is now in place. (Note that enabling
14054 kdbus still voids your warranty and no API compatibility
14055 promises are made.)
14057 Contributions from: Andrey Borzenkov, Ansgar Burchardt, Armin
14058 K., Daniel Mack, Dave Reisner, David Herrmann, Djalal Harouni,
14059 Harald Hoyer, Henrik Grindal Bakken, Jasper St. Pierre, Kay
14060 Sievers, Kieran Clancy, Lennart Poettering, Lukas Nykryn,
14061 Mantas Mikulėnas, Marcel Holtmann, Mark Oteiza, Martin Pitt,
14062 Mike Gilbert, Peter Rajnoha, poma, Samuli Suominen, Stef
14063 Walter, Susant Sahani, Tero Roponen, Thomas Andersen, Thomas
14064 Bächler, Thomas Hindoe Paaboel Andersen, Tomasz Torcz, Tom
14065 Gundersen, Umut Tezduyar Lindskog, Uoti Urpala, Zachary Cook,
14066 Zbigniew Jędrzejewski-Szmek
14068 — Berlin, 2014-03-12
14072 * systemd will now relabel /dev after loading the SMACK policy
14073 according to SMACK rules.
14075 * A new unit file option AppArmorProfile= has been added to
14076 set the AppArmor profile for the processes of a unit.
14078 * A new condition check ConditionArchitecture= has been added
14079 to conditionalize units based on the system architecture, as
14080 reported by uname()'s "machine" field.
14082 * systemd-networkd now supports matching on the system
14083 virtualization, architecture, kernel command line, hostname
14086 * logind is now a lot more aggressive when suspending the
14087 machine due to a closed laptop lid. Instead of acting only
14088 on the lid close action, it will continuously watch the lid
14089 status and act on it. This is useful for laptops where the
14090 power button is on the outside of the chassis so that it can
14091 be reached without opening the lid (such as the Lenovo
14092 Yoga). On those machines, logind will now immediately
14093 re-suspend the machine if the power button has been
14094 accidentally pressed while the laptop was suspended and in a
14095 backpack or similar.
14097 * logind will now watch SW_DOCK switches and inhibit reaction
14098 to the lid switch if it is pressed. This means that logind
14099 will not suspend the machine anymore if the lid is closed
14100 and the system is docked, if the laptop supports SW_DOCK
14101 notifications via the input layer. Note that ACPI docking
14102 stations do not generate this currently. Also note that this
14103 logic is usually not fully sufficient and Desktop
14104 Environments should take a lid switch inhibitor lock when an
14105 external display is connected, as systemd will not watch
14108 * nspawn will now make use of the devices cgroup controller by
14109 default, and only permit creation of and access to the usual
14110 API device nodes like /dev/null or /dev/random, as well as
14111 access to (but not creation of) the pty devices.
14113 * We will now ship a default .network file for
14114 systemd-networkd that automatically configures DHCP for
14115 network interfaces created by nspawn's --network-veth or
14116 --network-bridge= switches.
14118 * systemd will now understand the usual M, K, G, T suffixes
14119 according to SI conventions (i.e. to the base 1000) when
14120 referring to throughput and hardware metrics. It will stay
14121 with IEC conventions (i.e. to the base 1024) for software
14122 metrics, according to what is customary according to
14123 Wikipedia. We explicitly document which base applies for
14124 each configuration option.
14126 * The DeviceAllow= setting in unit files now supports a syntax to
14127 allow-list an entire group of devices node majors at once, based on
14128 the /proc/devices listing. For example, with the string "char-pts",
14129 it is now possible to allow-list all current and future pseudo-TTYs
14132 * sd-event learned a new "post" event source. Event sources of
14133 this type are triggered by the dispatching of any event
14134 source of a type that is not "post". This is useful for
14135 implementing clean-up and check event sources that are
14136 triggered by other work being done in the program.
14138 * systemd-networkd is no longer statically enabled, but uses
14139 the usual [Install] sections so that it can be
14140 enabled/disabled using systemctl. It still is enabled by
14143 * When creating a veth interface pair with systemd-nspawn, the
14144 host side will now be prefixed with "vb-" if
14145 --network-bridge= is used, and with "ve-" if --network-veth
14146 is used. This way, it is easy to distinguish these cases on
14147 the host, for example to apply different configuration to
14148 them with systemd-networkd.
14150 * The compatibility libraries for libsystemd-journal.so,
14151 libsystem-id128.so, libsystemd-login.so and
14152 libsystemd-daemon.so do not make use of IFUNC
14153 anymore. Instead, we now build libsystemd.so multiple times
14154 under these alternative names. This means that the footprint
14155 is drastically increased, but given that these are
14156 transitional compatibility libraries, this should not matter
14157 much. This change has been made necessary to support the ARM
14158 platform for these compatibility libraries, as the ARM
14159 toolchain is not really at the same level as the toolchain
14160 for other architectures like x86 and does not support
14161 IFUNC. Please make sure to use --enable-compat-libs only
14162 during a transitional period!
14164 * The .include syntax has been deprecated and is not documented
14165 anymore. Drop-in files in .d directories should be used instead.
14167 Contributions from: Andreas Fuchs, Armin K., Colin Walters,
14168 Daniel Mack, Dave Reisner, David Herrmann, Djalal Harouni,
14169 Holger Schurig, Jason A. Donenfeld, Jason St. John, Jasper
14170 St. Pierre, Kay Sievers, Lennart Poettering, Łukasz Stelmach,
14171 Marcel Holtmann, Michael Scherer, Michal Sekletar, Mike
14172 Gilbert, Samuli Suominen, Thomas Bächler, Thomas Hindoe
14173 Paaboel Andersen, Tom Gundersen, Umut Tezduyar Lindskog,
14174 Zbigniew Jędrzejewski-Szmek
14176 — Berlin, 2014-02-24
14180 * A new component "systemd-networkd" has been added that can
14181 be used to configure local network interfaces statically or
14182 via DHCP. It is capable of bringing up bridges, VLANs, and
14183 bonding. Currently, no hook-ups for interactive network
14184 configuration are provided. Use this for your initrd,
14185 container, embedded, or server setup if you need a simple,
14186 yet powerful, network configuration solution. This
14187 configuration subsystem is quite nifty, as it allows wildcard
14188 hotplug matching in interfaces. For example, with a single
14189 configuration snippet, you can configure that all Ethernet
14190 interfaces showing up are automatically added to a bridge,
14191 or similar. It supports link-sensing and more.
14193 * A new tool "systemd-socket-proxyd" has been added which can
14194 act as a bidirectional proxy for TCP sockets. This is
14195 useful for adding socket activation support to services that
14196 do not actually support socket activation, including virtual
14197 machines and the like.
14199 * Add a new tool to save/restore rfkill state on
14202 * Save/restore state of keyboard backlights in addition to
14203 display backlights on shutdown/boot.
14205 * udev learned a new SECLABEL{} construct to label device
14206 nodes with a specific security label when they appear. For
14207 now, only SECLABEL{selinux} is supported, but the syntax is
14208 prepared for additional security frameworks.
14210 * udev gained a new scheme to configure link-level attributes
14211 from files in /etc/systemd/network/*.link. These files can
14212 match against MAC address, device path, driver name and type,
14213 and will apply attributes like the naming policy, link speed,
14214 MTU, duplex settings, Wake-on-LAN settings, MAC address, MAC
14215 address assignment policy (randomized, …).
14217 * The configuration of network interface naming rules for
14218 "permanent interface names" has changed: a new NamePolicy=
14219 setting in the [Link] section of .link files determines the
14220 priority of possible naming schemes (onboard, slot, MAC,
14221 path). The default value of this setting is determined by
14222 /usr/lib/net/links/99-default.link. Old
14223 80-net-name-slot.rules udev configuration file has been
14224 removed, so local configuration overriding this file should
14225 be adapted to override 99-default.link instead.
14227 * When the User= switch is used in a unit file, also
14228 initialize $SHELL= based on the user database entry.
14230 * systemd no longer depends on libdbus. All communication is
14231 now done with sd-bus, systemd's low-level bus library
14234 * kdbus support has been added to PID 1 itself. When kdbus is
14235 enabled, this causes PID 1 to set up the system bus and
14236 enable support for a new ".busname" unit type that
14237 encapsulates bus name activation on kdbus. It works a little
14238 bit like ".socket" units, except for bus names. A new
14239 generator has been added that converts classic dbus1 service
14240 activation files automatically into native systemd .busname
14241 and .service units.
14243 * sd-bus: add a light-weight vtable implementation that allows
14244 defining objects on the bus with a simple static const
14245 vtable array of its methods, signals and properties.
14247 * systemd will not generate or install static dbus
14248 introspection data anymore to /usr/share/dbus-1/interfaces,
14249 as the precise format of these files is unclear, and
14250 nothing makes use of it.
14252 * A proxy daemon is now provided to proxy clients connecting
14253 via classic D-Bus AF_UNIX sockets to kdbus, to provide full
14254 compatibility with classic D-Bus.
14256 * A bus driver implementation has been added that supports the
14257 classic D-Bus bus driver calls on kdbus, also for
14258 compatibility purposes.
14260 * A new API "sd-event.h" has been added that implements a
14261 minimal event loop API built around epoll. It provides a
14262 couple of features that direct epoll usage is lacking:
14263 prioritization of events, scales to large numbers of timer
14264 events, per-event timer slack (accuracy), system-wide
14265 coalescing of timer events, exit handlers, watchdog
14266 supervision support using systemd's sd_notify() API, child
14269 * A new API "sd-rntl.h" has been added that provides an API
14270 around the route netlink interface of the kernel, similar in
14271 style to "sd-bus.h".
14273 * A new API "sd-dhcp-client.h" has been added that provides a
14274 small DHCPv4 client-side implementation. This is used by
14275 "systemd-networkd".
14277 * There is a new kernel command line option
14278 "systemd.restore_state=0|1". When set to "0", none of the
14279 systemd tools will restore saved runtime state to hardware
14280 devices. More specifically, the rfkill and backlight states
14283 * The FsckPassNo= compatibility option in mount/service units
14284 has been removed. The fstab generator will now add the
14285 necessary dependencies automatically, and does not require
14286 PID1's support for that anymore.
14288 * journalctl gained a new switch, --list-boots, that lists
14289 recent boots with their times and boot IDs.
14291 * The various tools like systemctl, loginctl, timedatectl,
14292 busctl, systemd-run, … have gained a new switch "-M" to
14293 connect to a specific, local OS container (as direct
14294 connection, without requiring SSH). This works on any
14295 container that is registered with machined, such as those
14296 created by libvirt-lxc or nspawn.
14298 * systemd-run and systemd-analyze also gained support for "-H"
14299 to connect to remote hosts via SSH. This is particularly
14300 useful for systemd-run because it enables queuing of jobs
14301 onto remote systems.
14303 * machinectl gained a new command "login" to open a getty
14304 login in any local container. This works with any container
14305 that is registered with machined (such as those created by
14306 libvirt-lxc or nspawn), and which runs systemd inside.
14308 * machinectl gained a new "reboot" command that may be used to
14309 trigger a reboot on a specific container that is registered
14310 with machined. This works on any container that runs an init
14311 system of some kind.
14313 * systemctl gained a new "list-timers" command to print a nice
14314 listing of installed timer units with the times they elapse
14317 * Alternative reboot() parameters may now be specified on the
14318 "systemctl reboot" command line and are passed to the
14319 reboot() system call.
14321 * systemctl gained a new --job-mode= switch to configure the
14322 mode to queue a job with. This is a more generic version of
14323 --fail, --irreversible, and --ignore-dependencies, which are
14324 still available but not advertised anymore.
14326 * /etc/systemd/system.conf gained new settings to configure
14327 various default timeouts of units, as well as the default
14328 start limit interval and burst. These may still be overridden
14331 * PID1 will now export on the bus profile data of the security
14332 policy upload process (such as the SELinux policy upload to
14335 * journald: when forwarding logs to the console, include
14336 timestamps (following the setting in
14337 /sys/module/printk/parameters/time).
14339 * OnCalendar= in timer units now understands the special
14340 strings "yearly" and "annually". (Both are equivalent)
14342 * The accuracy of timer units is now configurable with the new
14343 AccuracySec= setting. It defaults to 1min.
14345 * A new dependency type JoinsNamespaceOf= has been added that
14346 allows running two services within the same /tmp and network
14347 namespace, if PrivateNetwork= or PrivateTmp= are used.
14349 * A new command "cat" has been added to systemctl. It outputs
14350 the original unit file of a unit, and concatenates the
14351 contents of additional "drop-in" unit file snippets, so that
14352 the full configuration is shown.
14354 * systemctl now supports globbing on the various "list-xyz"
14355 commands, like "list-units" or "list-sockets", as well as on
14356 those commands which take multiple unit names.
14358 * journalctl's --unit= switch gained support for globbing.
14360 * All systemd daemons now make use of the watchdog logic so
14361 that systemd automatically notices when they hang.
14363 * If the $container_ttys environment variable is set,
14364 getty-generator will automatically spawn a getty for each
14365 listed tty. This is useful for container managers to request
14366 login gettys to be spawned on as many ttys as needed.
14368 * %h, %s, %U specifier support is not available anymore when
14369 used in unit files for PID 1. This is because NSS calls are
14370 not safe from PID 1. They stay available for --user
14371 instances of systemd, and as special case for the root user.
14373 * loginctl gained a new "--no-legend" switch to turn off output
14374 of the legend text.
14376 * The "sd-login.h" API gained three new calls:
14377 sd_session_is_remote(), sd_session_get_remote_user(),
14378 sd_session_get_remote_host() to query information about
14381 * The udev hardware database now also carries vendor/product
14382 information of SDIO devices.
14384 * The "sd-daemon.h" API gained a new sd_watchdog_enabled() to
14385 determine whether watchdog notifications are requested by
14386 the system manager.
14388 * Socket-activated per-connection services now include a
14389 short description of the connection parameters in the
14392 * tmpfiles gained a new "--boot" option. When this is not used,
14393 only lines where the command character is not suffixed with
14394 "!" are executed. When this option is specified, those
14395 options are executed too. This partitions tmpfiles
14396 directives into those that can be safely executed at any
14397 time, and those which should be run only at boot (for
14398 example, a line that creates /run/nologin).
14400 * A new API "sd-resolve.h" has been added which provides a simple
14401 asynchronous wrapper around glibc NSS hostname resolution
14402 calls, such as getaddrinfo(). In contrast to glibc's
14403 getaddrinfo_a(), it does not use signals. In contrast to most
14404 other asynchronous name resolution libraries, this one does
14405 not reimplement DNS, but reuses NSS, so that alternate
14406 hostname resolution systems continue to work, such as mDNS,
14407 LDAP, etc. This API is based on libasyncns, but it has been
14408 cleaned up for inclusion in systemd.
14410 * The APIs "sd-journal.h", "sd-login.h", "sd-id128.h",
14411 "sd-daemon.h" are no longer found in individual libraries
14412 libsystemd-journal.so, libsystemd-login.so,
14413 libsystemd-id128.so, libsystemd-daemon.so. Instead, we have
14414 merged them into a single library, libsystemd.so, which
14415 provides all symbols. The reason for this is cyclic
14416 dependencies, as these libraries tend to use each other's
14417 symbols. So far, we have managed to workaround that by linking
14418 a copy of a good part of our code into each of these
14419 libraries again and again, which, however, makes certain
14420 things hard to do, like sharing static variables. Also, it
14421 substantially increases footprint. With this change, there
14422 is only one library for the basic APIs systemd
14423 provides. Also, "sd-bus.h", "sd-memfd.h", "sd-event.h",
14424 "sd-rtnl.h", "sd-resolve.h", "sd-utf8.h" are found in this
14425 library as well, however are subject to the --enable-kdbus
14426 switch (see below). Note that "sd-dhcp-client.h" is not part
14427 of this library (this is because it only consumes, never
14428 provides, services of/to other APIs). To make the transition
14429 easy from the separate libraries to the unified one, we
14430 provide the --enable-compat-libs compile-time switch which
14431 will generate stub libraries that are compatible with the
14432 old ones but redirect all calls to the new one.
14434 * All of the kdbus logic and the new APIs "sd-bus.h",
14435 "sd-memfd.h", "sd-event.h", "sd-rtnl.h", "sd-resolve.h",
14436 and "sd-utf8.h" are compile-time optional via the
14437 "--enable-kdbus" switch, and they are not compiled in by
14438 default. To make use of kdbus, you have to explicitly enable
14439 the switch. Note however, that neither the kernel nor the
14440 userspace API for all of this is considered stable yet. We
14441 want to maintain the freedom to still change the APIs for
14442 now. By specifying this build-time switch, you acknowledge
14443 that you are aware of the instability of the current
14446 * Also, note that while kdbus is pretty much complete,
14447 it lacks one thing: proper policy support. This means you
14448 can build a fully working system with all features; however,
14449 it will be highly insecure. Policy support will be added in
14450 one of the next releases, at the same time that we will
14451 declare the APIs stable.
14453 * When the kernel command line argument "kdbus" is specified,
14454 systemd will automatically load the kdbus.ko kernel module. At
14455 this stage of development, it is only useful for testing kdbus
14456 and should not be used in production. Note: if "--enable-kdbus"
14457 is specified, and the kdbus.ko kernel module is available, and
14458 "kdbus" is added to the kernel command line, the entire system
14459 runs with kdbus instead of dbus-daemon, with the above mentioned
14460 problem of missing the system policy enforcement. Also a future
14461 version of kdbus.ko or a newer systemd will not be compatible with
14462 each other, and will unlikely be able to boot the machine if only
14463 one of them is updated.
14465 * systemctl gained a new "import-environment" command which
14466 uploads the caller's environment (or parts thereof) into the
14467 service manager so that it is inherited by services started
14468 by the manager. This is useful to upload variables like
14469 $DISPLAY into the user service manager.
14471 * A new PrivateDevices= switch has been added to service units
14472 which allows running a service with a namespaced /dev
14473 directory that does not contain any device nodes for
14474 physical devices. More specifically, it only includes devices
14475 such as /dev/null, /dev/urandom, and /dev/zero which are API
14478 * logind has been extended to support behaviour like VT
14479 switching on seats that do not support a VT. This makes
14480 multi-session available on seats that are not the first seat
14481 (seat0), and on systems where kernel support for VTs has
14482 been disabled at compile-time.
14484 * If a process holds a delay lock for system sleep or shutdown
14485 and fails to release it in time, we will now log its
14486 identity. This makes it easier to identify processes that
14487 cause slow suspends or power-offs.
14489 * When parsing /etc/crypttab, support for a new key-slot=
14490 option as supported by Debian is added. It allows indicating
14491 which LUKS slot to use on disk, speeding up key loading.
14493 * The sd_journal_sendv() API call has been checked and
14494 officially declared to be async-signal-safe so that it may
14495 be invoked from signal handlers for logging purposes.
14497 * Boot-time status output is now enabled automatically after a
14498 short timeout if boot does not progress, in order to give
14499 the user an indication what she or he is waiting for.
14501 * The boot-time output has been improved to show how much time
14502 remains until jobs expire.
14504 * The KillMode= switch in service units gained a new possible
14505 value "mixed". If set, and the unit is shut down, then the
14506 initial SIGTERM signal is sent only to the main daemon
14507 process, while the following SIGKILL signal is sent to
14508 all remaining processes of the service.
14510 * When a scope unit is registered, a new property "Controller"
14511 may be set. If set to a valid bus name, systemd will send a
14512 RequestStop() signal to this name when it would like to shut
14513 down the scope. This may be used to hook manager logic into
14514 the shutdown logic of scope units. Also, scope units may now
14515 be put in a special "abandoned" state, in which case the
14516 manager process which created them takes no further
14517 responsibilities for it.
14519 * When reading unit files, systemd will now verify
14520 the access mode of these files, and warn about certain
14521 suspicious combinations. This has been added to make it
14522 easier to track down packaging bugs where unit files are
14523 marked executable or world-writable.
14525 * systemd-nspawn gained a new "--setenv=" switch to set
14526 container-wide environment variables. The similar option in
14527 systemd-activate was renamed from "--environment=" to
14528 "--setenv=" for consistency.
14530 * systemd-nspawn has been updated to create a new kdbus domain
14531 for each container that is invoked, thus allowing each
14532 container to have its own set of system and user buses,
14533 independent of the host.
14535 * systemd-nspawn gained a new --drop-capability= switch to run
14536 the container with less capabilities than the default. Both
14537 --drop-capability= and --capability= now take the special
14538 string "all" for dropping or keeping all capabilities.
14540 * systemd-nspawn gained new switches for executing containers
14541 with specific SELinux labels set.
14543 * systemd-nspawn gained a new --quiet switch to not generate
14544 any additional output but the container's own console
14547 * systemd-nspawn gained a new --share-system switch to run a
14548 container without PID namespacing enabled.
14550 * systemd-nspawn gained a new --register= switch to control
14551 whether the container is registered with systemd-machined or
14552 not. This is useful for containers that do not run full
14553 OS images, but only specific apps.
14555 * systemd-nspawn gained a new --keep-unit which may be used
14556 when invoked as the only program from a service unit, and
14557 results in registration of the unit service itself in
14558 systemd-machined, instead of a newly opened scope unit.
14560 * systemd-nspawn gained a new --network-interface= switch for
14561 moving arbitrary interfaces to the container. The new
14562 --network-veth switch creates a virtual Ethernet connection
14563 between host and container. The new --network-bridge=
14564 switch then allows assigning the host side of this virtual
14565 Ethernet connection to a bridge device.
14567 * systemd-nspawn gained a new --personality= switch for
14568 setting the kernel personality for the container. This is
14569 useful when running a 32-bit container on a 64-bit host. A
14570 similar option Personality= is now also available for service
14573 * logind will now also track a "Desktop" identifier for each
14574 session which encodes the desktop environment of it. This is
14575 useful for desktop environments that want to identify
14576 multiple running sessions of itself easily.
14578 * A new SELinuxContext= setting for service units has been
14579 added that allows setting a specific SELinux execution
14580 context for a service.
14582 * Most systemd client tools will now honour $SYSTEMD_LESS for
14583 settings of the "less" pager. By default, these tools will
14584 override $LESS to allow certain operations to work, such as
14585 jump-to-the-end. With $SYSTEMD_LESS, it is possible to
14586 influence this logic.
14588 * systemd's "seccomp" hook-up has been changed to make use of
14589 the libseccomp library instead of using its own
14590 implementation. This has benefits for portability among
14593 * For usage together with SystemCallFilter=, a new
14594 SystemCallErrorNumber= setting has been introduced that
14595 allows configuration of a system error number to be returned
14596 on filtered system calls, instead of immediately killing the
14597 process. Also, SystemCallArchitectures= has been added to
14598 limit access to system calls of a particular architecture
14599 (in order to turn off support for unused secondary
14600 architectures). There is also a global
14601 SystemCallArchitectures= setting in system.conf now to turn
14602 off support for non-native system calls system-wide.
14604 * systemd requires a kernel with a working name_to_handle_at(),
14605 please see the kernel config requirements in the README file.
14607 Contributions from: Adam Williamson, Alex Jia, Anatol Pomozov,
14608 Ansgar Burchardt, AppleBloom, Auke Kok, Bastien Nocera,
14609 Chengwei Yang, Christian Seiler, Colin Guthrie, Colin Walters,
14610 Cristian Rodríguez, Daniel Buch, Daniele Medri, Daniel J
14611 Walsh, Daniel Mack, Dan McGee, Dave Reisner, David Coppa,
14612 David Herrmann, David Strauss, Djalal Harouni, Dmitry Pisklov,
14613 Elia Pinto, Florian Weimer, George McCollister, Goffredo
14614 Baroncelli, Greg Kroah-Hartman, Hendrik Brueckner, Igor
14615 Zhbanov, Jan Engelhardt, Jan Janssen, Jason A. Donenfeld,
14616 Jason St. John, Jasper St. Pierre, Jóhann B. Guðmundsson, Jose
14617 Ignacio Naranjo, Karel Zak, Kay Sievers, Kristian Høgsberg,
14618 Lennart Poettering, Lubomir Rintel, Lukas Nykryn, Lukasz
14619 Skalski, Łukasz Stelmach, Luke Shumaker, Mantas Mikulėnas,
14620 Marc-Antoine Perennou, Marcel Holtmann, Marcos Felipe Rasia de
14621 Mello, Marko Myllynen, Martin Pitt, Matthew Monaco, Michael
14622 Marineau, Michael Scherer, Michał Górny, Michal Sekletar,
14623 Michele Curti, Oleksii Shevchuk, Olivier Brunel, Patrik Flykt,
14624 Pavel Holica, Raudi, Richard Marko, Ronny Chevalier, Sébastien
14625 Luttringer, Sergey Ptashnick, Shawn Landden, Simon Peeters,
14626 Stefan Beller, Susant Sahani, Sylvain Plantefeve, Sylvia Else,
14627 Tero Roponen, Thomas Bächler, Thomas Hindoe Paaboel Andersen,
14628 Tom Gundersen, Umut Tezduyar Lindskog, Unai Uribarri, Václav
14629 Pavlín, Vincent Batts, WaLyong Cho, William Giokas, Yang
14630 Zhiyong, Yin Kangkai, Yuxuan Shui, Zbigniew Jędrzejewski-Szmek
14632 — Berlin, 2014-02-20
14636 * logind has gained support for facilitating privileged input
14637 and drm device access for unprivileged clients. This work is
14638 useful to allow Wayland display servers (and similar
14639 programs, such as kmscon) to run under the user's ID and
14640 access input and drm devices which are normally
14641 protected. When this is used (and the kernel is new enough)
14642 logind will "mute" IO on the file descriptors passed to
14643 Wayland as long as it is in the background and "unmute" it
14644 if it returns into the foreground. This allows secure
14645 session switching without allowing background sessions to
14646 eavesdrop on input and display data. This also introduces
14647 session switching support if VT support is turned off in the
14648 kernel, and on seats that are not seat0.
14650 * A new kernel command line option luks.options= is understood
14651 now which allows specifying LUKS options for usage for LUKS
14652 encrypted partitions specified with luks.uuid=.
14654 * tmpfiles.d(5) snippets may now use specifier expansion in
14655 path names. More specifically %m, %b, %H, %v, are now
14656 replaced by the local machine id, boot id, hostname, and
14657 kernel version number.
14659 * A new tmpfiles.d(5) command "m" has been introduced which
14660 may be used to change the owner/group/access mode of a file
14661 or directory if it exists, but do nothing if it does not.
14663 * This release removes high-level support for the
14664 MemorySoftLimit= cgroup setting. The underlying kernel
14665 cgroup attribute memory.soft_limit= is currently badly
14666 designed and likely to be removed from the kernel API in its
14667 current form, hence we should not expose it for now.
14669 * The memory.use_hierarchy cgroup attribute is now enabled for
14670 all cgroups systemd creates in the memory cgroup
14671 hierarchy. This option is likely to be come the built-in
14672 default in the kernel anyway, and the non-hierarchical mode
14673 never made much sense in the intrinsically hierarchical
14676 * A new field _SYSTEMD_SLICE= is logged along with all journal
14677 messages containing the slice a message was generated
14678 from. This is useful to allow easy per-customer filtering of
14679 logs among other things.
14681 * systemd-journald will no longer adjust the group of journal
14682 files it creates to the "systemd-journal" group. Instead we
14683 rely on the journal directory to be owned by the
14684 "systemd-journal" group, and its setgid bit set, so that the
14685 kernel file system layer will automatically enforce that
14686 journal files inherit this group assignment. The reason for
14687 this change is that we cannot allow NSS look-ups from
14688 journald which would be necessary to resolve
14689 "systemd-journal" to a numeric GID, because this might
14690 create deadlocks if NSS involves synchronous queries to
14691 other daemons (such as nscd, or sssd) which in turn are
14692 logging clients of journald and might block on it, which
14693 would then dead lock. A tmpfiles.d(5) snippet included in
14694 systemd will make sure the setgid bit and group are
14695 properly set on the journal directory if it exists on every
14696 boot. However, we recommend adjusting it manually after
14697 upgrades too (or from RPM scriptlets), so that the change is
14698 not delayed until next reboot.
14700 * Backlight and random seed files in /var/lib/ have moved into
14701 the /var/lib/systemd/ directory, in order to centralize all
14702 systemd generated files in one directory.
14704 * Boot time performance measurements (as displayed by
14705 "systemd-analyze" for example) will now read ACPI 5.0 FPDT
14706 performance information if that's available to determine how
14707 much time BIOS and boot loader initialization required. With
14708 a sufficiently new BIOS you hence no longer need to boot
14709 with Gummiboot to get access to such information.
14711 Contributions from: Andrey Borzenkov, Chen Jie, Colin Walters,
14712 Cristian Rodríguez, Dave Reisner, David Herrmann, David
14713 Mackey, David Strauss, Eelco Dolstra, Evan Callicoat, Gao
14714 feng, Harald Hoyer, Jimmie Tauriainen, Kay Sievers, Lennart
14715 Poettering, Lukas Nykryn, Mantas Mikulėnas, Martin Pitt,
14716 Michael Scherer, Michał Górny, Mike Gilbert, Patrick McCarty,
14717 Sebastian Ott, Tom Gundersen, Zbigniew Jędrzejewski-Szmek
14719 — Berlin, 2013-10-02
14723 * The Restart= option for services now understands a new
14724 on-watchdog setting, which will restart the service
14725 automatically if the service stops sending out watchdog keep
14726 alive messages (as configured with WatchdogSec=).
14728 * The getty generator (which is responsible for bringing up a
14729 getty on configured serial consoles) will no longer only
14730 start a getty on the primary kernel console but on all
14731 others, too. This makes the order in which console= is
14732 specified on the kernel command line less important.
14734 * libsystemd-logind gained a new sd_session_get_vt() call to
14735 retrieve the VT number of a session.
14737 * If the option "tries=0" is set for an entry of /etc/crypttab
14738 its passphrase is queried indefinitely instead of any
14739 maximum number of tries.
14741 * If a service with a configure PID file terminates its PID
14742 file will now be removed automatically if it still exists
14743 afterwards. This should put an end to stale PID files.
14745 * systemd-run will now also take relative binary path names
14746 for execution and no longer insists on absolute paths.
14748 * InaccessibleDirectories= and ReadOnlyDirectories= now take
14749 paths that are optionally prefixed with "-" to indicate that
14750 it should not be considered a failure if they do not exist.
14752 * journalctl -o (and similar commands) now understands a new
14753 output mode "short-precise", it is similar to "short" but
14754 shows timestamps with usec accuracy.
14756 * The option "discard" (as known from Debian) is now
14757 synonymous to "allow-discards" in /etc/crypttab. In fact,
14758 "discard" is preferred now (since it is easier to remember
14761 * Some licensing clean-ups were made, so that more code is now
14762 LGPL-2.1 licensed than before.
14764 * A minimal tool to save/restore the display backlight
14765 brightness across reboots has been added. It will store the
14766 backlight setting as late as possible at shutdown, and
14767 restore it as early as possible during reboot.
14769 * A logic to automatically discover and enable home and swap
14770 partitions on GPT disks has been added. With this in place
14771 /etc/fstab becomes optional for many setups as systemd can
14772 discover certain partitions located on the root disk
14773 automatically. Home partitions are recognized under their
14774 GPT type ID 933ac7e12eb44f13b8440e14e2aef915. Swap
14775 partitions are recognized under their GPT type ID
14776 0657fd6da4ab43c484e50933c84b4f4f.
14778 * systemd will no longer pass any environment from the kernel
14779 or initrd to system services. If you want to set an
14780 environment for all services, do so via the kernel command
14781 line systemd.setenv= assignment.
14783 * The systemd-sysctl tool no longer natively reads the file
14784 /etc/sysctl.conf. If desired, the file should be symlinked
14785 from /etc/sysctl.d/99-sysctl.conf. Apart from providing
14786 legacy support by a symlink rather than built-in code, it
14787 also makes the otherwise hidden order of application of the
14788 different files visible. (Note that this partly reverts to a
14789 pre-198 application order of sysctl knobs!)
14791 * The "systemctl set-log-level" and "systemctl dump" commands
14792 have been moved to systemd-analyze.
14794 * systemd-run learned the new --remain-after-exit switch,
14795 which causes the scope unit not to be cleaned up
14796 automatically after the process terminated.
14798 * tmpfiles learned a new --exclude-prefix= switch to exclude
14799 certain paths from operation.
14801 * journald will now automatically flush all messages to disk
14802 as soon as a message at the log level CRIT, ALERT or EMERG
14805 Contributions from: Andrew Cook, Brandon Philips, Christian
14806 Hesse, Christoph Junghans, Colin Walters, Daniel Schaal,
14807 Daniel Wallace, Dave Reisner, David Herrmann, Gao feng, George
14808 McCollister, Giovanni Campagna, Hannes Reinecke, Harald Hoyer,
14809 Herczeg Zsolt, Holger Hans Peter Freyther, Jan Engelhardt,
14810 Jesper Larsen, Kay Sievers, Khem Raj, Lennart Poettering,
14811 Lukas Nykryn, Maciej Wereski, Mantas Mikulėnas, Marcel
14812 Holtmann, Martin Pitt, Michael Biebl, Michael Marineau,
14813 Michael Scherer, Michael Stapelberg, Michal Sekletar, Michał
14814 Górny, Olivier Brunel, Ondrej Balaz, Ronny Chevalier, Shawn
14815 Landden, Steven Hiscocks, Thomas Bächler, Thomas Hindoe
14816 Paaboel Andersen, Tom Gundersen, Umut Tezduyar, WANG Chao,
14817 William Giokas, Zbigniew Jędrzejewski-Szmek
14819 — Berlin, 2013-09-13
14823 * The documentation has been updated to cover the various new
14824 concepts introduced with 205.
14826 * Unit files now understand the new %v specifier which
14827 resolves to the kernel version string as returned by "uname
14830 * systemctl now supports filtering the unit list output by
14831 load state, active state and sub state, using the new
14832 --state= parameter.
14834 * "systemctl status" will now show the results of the
14835 condition checks (like ConditionPathExists= and similar) of
14836 the last start attempts of the unit. They are also logged to
14839 * "journalctl -b" may now be used to look for boot output of a
14840 specific boot. Try "journalctl -b -1" for the previous boot,
14841 but the syntax is substantially more powerful.
14843 * "journalctl --show-cursor" has been added which prints the
14844 cursor string the last shown log line. This may then be used
14845 with the new "journalctl --after-cursor=" switch to continue
14846 browsing logs from that point on.
14848 * "journalctl --force" may now be used to force regeneration
14851 * Creation of "dead" device nodes has been moved from udev
14852 into kmod and tmpfiles. Previously, udev would read the kmod
14853 databases to pre-generate dead device nodes based on meta
14854 information contained in kernel modules, so that these would
14855 be auto-loaded on access rather then at boot. As this
14856 does not really have much to do with the exposing actual
14857 kernel devices to userspace this has always been slightly
14858 alien in the udev codebase. Following the new scheme kmod
14859 will now generate a runtime snippet for tmpfiles from the
14860 module meta information and it now is tmpfiles' job to the
14861 create the nodes. This also allows overriding access and
14862 other parameters for the nodes using the usual tmpfiles
14863 facilities. As side effect this allows us to remove the
14864 CAP_SYS_MKNOD capability bit from udevd entirely.
14866 * logind's device ACLs may now be applied to these "dead"
14867 devices nodes too, thus finally allowing managed access to
14868 devices such as /dev/snd/sequencer without loading the
14869 backing module right-away.
14871 * A new RPM macro has been added that may be used to apply
14872 tmpfiles configuration during package installation.
14874 * systemd-detect-virt and ConditionVirtualization= now can
14875 detect User-Mode-Linux machines (UML).
14877 * journald will now implicitly log the effective capabilities
14878 set of processes in the message metadata.
14880 * systemd-cryptsetup has gained support for TrueCrypt volumes.
14882 * The initrd interface has been simplified (more specifically,
14883 support for passing performance data via environment
14884 variables and fsck results via files in /run has been
14885 removed). These features were non-essential, and are
14886 nowadays available in a much nicer way by having systemd in
14887 the initrd serialize its state and have the hosts systemd
14888 deserialize it again.
14890 * The udev "keymap" data files and tools to apply keyboard
14891 specific mappings of scan to key codes, and force-release
14892 scan code lists have been entirely replaced by a udev
14893 "keyboard" builtin and a hwdb data file.
14895 * systemd will now honour the kernel's "quiet" command line
14896 argument also during late shutdown, resulting in a
14897 completely silent shutdown when used.
14899 * There's now an option to control the SO_REUSEPORT socket
14900 option in .socket units.
14902 * Instance units will now automatically get a per-template
14903 subslice of system.slice unless something else is explicitly
14904 configured. For example, instances of sshd@.service will now
14905 implicitly be placed in system-sshd.slice rather than
14906 system.slice as before.
14908 * Test coverage support may now be enabled at build time.
14910 Contributions from: Dave Reisner, Frederic Crozat, Harald
14911 Hoyer, Holger Hans Peter Freyther, Jan Engelhardt, Jan
14912 Janssen, Jason St. John, Jesper Larsen, Kay Sievers, Lennart
14913 Poettering, Lukas Nykryn, Maciej Wereski, Martin Pitt, Michael
14914 Olbrich, Ramkumar Ramachandra, Ross Lagerwall, Shawn Landden,
14915 Thomas H.P. Andersen, Tom Gundersen, Tomasz Torcz, William
14916 Giokas, Zbigniew Jędrzejewski-Szmek
14918 — Berlin, 2013-07-23
14922 * Two new unit types have been introduced:
14924 Scope units are very similar to service units, however, are
14925 created out of pre-existing processes — instead of PID 1
14926 forking off the processes. By using scope units it is
14927 possible for system services and applications to group their
14928 own child processes (worker processes) in a powerful way
14929 which then maybe used to organize them, or kill them
14930 together, or apply resource limits on them.
14932 Slice units may be used to partition system resources in an
14933 hierarchical fashion and then assign other units to them. By
14934 default there are now three slices: system.slice (for all
14935 system services), user.slice (for all user sessions),
14936 machine.slice (for VMs and containers).
14938 Slices and scopes have been introduced primarily in
14939 context of the work to move cgroup handling to a
14940 single-writer scheme, where only PID 1
14941 creates/removes/manages cgroups.
14943 * There's a new concept of "transient" units. In contrast to
14944 normal units these units are created via an API at runtime,
14945 not from configuration from disk. More specifically this
14946 means it is now possible to run arbitrary programs as
14947 independent services, with all execution parameters passed
14948 in via bus APIs rather than read from disk. Transient units
14949 make systemd substantially more dynamic then it ever was,
14950 and useful as a general batch manager.
14952 * logind has been updated to make use of scope and slice units
14953 for managing user sessions. As a user logs in he will get
14954 his own private slice unit, to which all sessions are added
14955 as scope units. We also added support for automatically
14956 adding an instance of user@.service for the user into the
14957 slice. Effectively logind will no longer create cgroup
14958 hierarchies on its own now, it will defer entirely to PID 1
14959 for this by means of scope, service and slice units. Since
14960 user sessions this way become entities managed by PID 1
14961 the output of "systemctl" is now a lot more comprehensive.
14963 * A new mini-daemon "systemd-machined" has been added which
14964 may be used by virtualization managers to register local
14965 VMs/containers. nspawn has been updated accordingly, and
14966 libvirt will be updated shortly. machined will collect a bit
14967 of meta information about the VMs/containers, and assign
14968 them their own scope unit (see above). The collected
14969 meta-data is then made available via the "machinectl" tool,
14970 and exposed in "ps" and similar tools. machined/machinectl
14971 is compile-time optional.
14973 * As discussed earlier, the low-level cgroup configuration
14974 options ControlGroup=, ControlGroupModify=,
14975 ControlGroupPersistent=, ControlGroupAttribute= have been
14976 removed. Please use high-level attribute settings instead as
14977 well as slice units.
14979 * A new bus call SetUnitProperties() has been added to alter
14980 various runtime parameters of a unit. This is primarily
14981 useful to alter cgroup parameters dynamically in a nice way,
14982 but will be extended later on to make more properties
14983 modifiable at runtime. systemctl gained a new set-properties
14984 command that wraps this call.
14986 * A new tool "systemd-run" has been added which can be used to
14987 run arbitrary command lines as transient services or scopes,
14988 while configuring a number of settings via the command
14989 line. This tool is currently very basic, however already
14990 very useful. We plan to extend this tool to even allow
14991 queuing of execution jobs with time triggers from the
14992 command line, similar in fashion to "at".
14994 * nspawn will now inform the user explicitly that kernels with
14995 audit enabled break containers, and suggest the user to turn
14998 * Support for detecting the IMA and AppArmor security
14999 frameworks with ConditionSecurity= has been added.
15001 * journalctl gained a new "-k" switch for showing only kernel
15002 messages, mimicking dmesg output; in addition to "--user"
15003 and "--system" switches for showing only user's own logs
15006 * systemd-delta can now show information about drop-in
15007 snippets extending unit files.
15009 * libsystemd-bus has been substantially updated but is still
15010 not available as public API.
15012 * systemd will now look for the "debug" argument on the kernel
15013 command line and enable debug logging, similar to what
15014 "systemd.log_level=debug" already did before.
15016 * "systemctl set-default", "systemctl get-default" has been
15017 added to configure the default.target symlink, which
15018 controls what to boot into by default.
15020 * "systemctl set-log-level" has been added as a convenient
15021 way to raise and lower systemd logging threshold.
15023 * "systemd-analyze plot" will now show the time the various
15024 generators needed for execution, as well as information
15025 about the unit file loading.
15027 * libsystemd-journal gained a new sd_journal_open_files() call
15028 for opening specific journal files. journactl also gained a
15029 new switch to expose this new functionality. Previously we
15030 only supported opening all files from a directory, or all
15031 files from the system, as opening individual files only is
15032 racy due to journal file rotation.
15034 * systemd gained the new DefaultEnvironment= setting in
15035 /etc/systemd/system.conf to set environment variables for
15038 * If a privileged process logs a journal message with the
15039 OBJECT_PID= field set, then journald will automatically
15040 augment this with additional OBJECT_UID=, OBJECT_GID=,
15041 OBJECT_COMM=, OBJECT_EXE=, … fields. This is useful if
15042 system services want to log events about specific client
15043 processes. journactl/systemctl has been updated to make use
15044 of this information if all log messages regarding a specific
15047 Contributions from: Auke Kok, Chengwei Yang, Colin Walters,
15048 Cristian Rodríguez, Daniel Albers, Daniel Wallace, Dave
15049 Reisner, David Coppa, David King, David Strauss, Eelco
15050 Dolstra, Gabriel de Perthuis, Harald Hoyer, Jan Alexander
15051 Steffens, Jan Engelhardt, Jan Janssen, Jason St. John, Johan
15052 Heikkilä, Karel Zak, Karol Lewandowski, Kay Sievers, Lennart
15053 Poettering, Lukas Nykryn, Mantas Mikulėnas, Marius Vollmer,
15054 Martin Pitt, Michael Biebl, Michael Olbrich, Michael Tremer,
15055 Michal Schmidt, Michał Bartoszkiewicz, Nirbheek Chauhan,
15056 Pierre Neidhardt, Ross Burton, Ross Lagerwall, Sean McGovern,
15057 Thomas Hindoe Paaboel Andersen, Tom Gundersen, Umut Tezduyar,
15058 Václav Pavlín, Zachary Cook, Zbigniew Jędrzejewski-Szmek,
15059 Łukasz Stelmach, 장동준
15063 * The Python bindings gained some minimal support for the APIs
15064 exposed by libsystemd-logind.
15066 * ConditionSecurity= gained support for detecting SMACK. Since
15067 this condition already supports SELinux and AppArmor we only
15068 miss IMA for this. Patches welcome!
15070 Contributions from: Karol Lewandowski, Lennart Poettering,
15071 Zbigniew Jędrzejewski-Szmek
15075 * systemd-nspawn will now create /etc/resolv.conf if
15076 necessary, before bind-mounting the host's file onto it.
15078 * systemd-nspawn will now store meta information about a
15079 container on the container's cgroup as extended attribute
15080 fields, including the root directory.
15082 * The cgroup hierarchy has been reworked in many ways. All
15083 objects any of the components systemd creates in the cgroup
15084 tree are now suffixed. More specifically, user sessions are
15085 now placed in cgroups suffixed with ".session", users in
15086 cgroups suffixed with ".user", and nspawn containers in
15087 cgroups suffixed with ".nspawn". Furthermore, all cgroup
15088 names are now escaped in a simple scheme to avoid collision
15089 of userspace object names with kernel filenames. This work
15090 is preparation for making these objects relocatable in the
15091 cgroup tree, in order to allow easy resource partitioning of
15092 these objects without causing naming conflicts.
15094 * systemctl list-dependencies gained the new switches
15095 --plain, --reverse, --after and --before.
15097 * systemd-inhibit now shows the process name of processes that
15098 have taken an inhibitor lock.
15100 * nss-myhostname will now also resolve "localhost"
15101 implicitly. This makes /etc/hosts an optional file and
15102 nicely handles that on IPv6 ::1 maps to both "localhost" and
15103 the local hostname.
15105 * libsystemd-logind.so gained a new call
15106 sd_get_machine_names() to enumerate running containers and
15107 VMs (currently only supported by very new libvirt and
15108 nspawn). sd_login_monitor can now be used to watch
15109 VMs/containers coming and going.
15111 * .include is not allowed recursively anymore, and only in
15112 unit files. Usually it is better to use drop-in snippets in
15113 .d/*.conf anyway, as introduced with systemd 198.
15115 * systemd-analyze gained a new "critical-chain" command that
15116 determines the slowest chain of units run during system
15117 boot-up. It is very useful for tracking down where
15118 optimizing boot time is the most beneficial.
15120 * systemd will no longer allow manipulating service paths in
15121 the name=systemd:/system cgroup tree using ControlGroup= in
15122 units. (But is still fine with it in all other dirs.)
15124 * There's a new systemd-nspawn@.service service file that may
15125 be used to easily run nspawn containers as system
15126 services. With the container's root directory in
15127 /var/lib/container/foobar it is now sufficient to run
15128 "systemctl start systemd-nspawn@foobar.service" to boot it.
15130 * systemd-cgls gained a new parameter "--machine" to list only
15131 the processes within a certain container.
15133 * ConditionSecurity= now can check for "apparmor". We still
15134 are lacking checks for SMACK and IMA for this condition
15135 check though. Patches welcome!
15137 * A new configuration file /etc/systemd/sleep.conf has been
15138 added that may be used to configure which kernel operation
15139 systemd is supposed to execute when "suspend", "hibernate"
15140 or "hybrid-sleep" is requested. This makes the new kernel
15141 "freeze" state accessible to the user.
15143 * ENV{SYSTEMD_WANTS} in udev rules will now implicitly escape
15144 the passed argument if applicable.
15146 Contributions from: Auke Kok, Colin Guthrie, Colin Walters,
15147 Cristian Rodríguez, Daniel Buch, Daniel Wallace, Dave Reisner,
15148 Evangelos Foutras, Greg Kroah-Hartman, Harald Hoyer, Josh
15149 Triplett, Kay Sievers, Lennart Poettering, Lukas Nykryn,
15150 MUNEDA Takahiro, Mantas Mikulėnas, Mirco Tischler, Nathaniel
15151 Chen, Nirbheek Chauhan, Ronny Chevalier, Ross Lagerwall, Tom
15152 Gundersen, Umut Tezduyar, Ville Skyttä, Zbigniew
15157 * The output of 'systemctl list-jobs' got some polishing. The
15158 '--type=' argument may now be passed more than once. A new
15159 command 'systemctl list-sockets' has been added which shows
15160 a list of kernel sockets systemd is listening on with the
15161 socket units they belong to, plus the units these socket
15164 * The experimental libsystemd-bus library got substantial
15165 updates to work in conjunction with the (also experimental)
15166 kdbus kernel project. It works well enough to exchange
15167 messages with some sophistication. Note that kdbus is not
15168 ready yet, and the library is mostly an elaborate test case
15169 for now, and not installable.
15171 * systemd gained a new unit 'systemd-static-nodes.service'
15172 that generates static device nodes earlier during boot, and
15173 can run in conjunction with udev.
15175 * libsystemd-login gained a new call sd_pid_get_user_unit()
15176 to retrieve the user systemd unit a process is running
15177 in. This is useful for systems where systemd is used as
15180 * systemd-nspawn now places all containers in the new /machine
15181 top-level cgroup directory in the name=systemd
15182 hierarchy. libvirt will soon do the same, so that we get a
15183 uniform separation of /system, /user and /machine for system
15184 services, user processes and containers/virtual
15185 machines. This new cgroup hierarchy is also useful to stick
15186 stable names to specific container instances, which can be
15187 recognized later this way (this name may be controlled
15188 via systemd-nspawn's new -M switch). libsystemd-login also
15189 gained a new call sd_pid_get_machine_name() to retrieve the
15190 name of the container/VM a specific process belongs to.
15192 * bootchart can now store its data in the journal.
15194 * libsystemd-journal gained a new call
15195 sd_journal_add_conjunction() for AND expressions to the
15196 matching logic. This can be used to express more complex
15197 logical expressions.
15199 * journactl can now take multiple --unit= and --user-unit=
15202 * The cryptsetup logic now understands the "luks.key=" kernel
15203 command line switch for specifying a file to read the
15204 decryption key from. Also, if a configured key file is not
15205 found the tool will now automatically fall back to prompting
15208 * Python systemd.journal module was updated to wrap recently
15209 added functions from libsystemd-journal. The interface was
15210 changed to bring the low level interface in s.j._Reader
15211 closer to the C API, and the high level interface in
15212 s.j.Reader was updated to wrap and convert all data about
15215 Contributions from: Anatol Pomozov, Auke Kok, Harald Hoyer,
15216 Henrik Grindal Bakken, Josh Triplett, Kay Sievers, Lennart
15217 Poettering, Lukas Nykryn, Mantas Mikulėnas Marius Vollmer,
15218 Martin Jansa, Martin Pitt, Michael Biebl, Michal Schmidt,
15219 Mirco Tischler, Pali Rohar, Simon Peeters, Steven Hiscocks,
15220 Tom Gundersen, Zbigniew Jędrzejewski-Szmek
15224 * journalctl --update-catalog now understands a new --root=
15225 option to operate on catalogs found in a different root
15228 * During shutdown after systemd has terminated all running
15229 services a final killing loop kills all remaining left-over
15230 processes. We will now print the name of these processes
15231 when we send SIGKILL to them, since this usually indicates a
15234 * If /etc/crypttab refers to password files stored on
15235 configured mount points automatic dependencies will now be
15236 generated to ensure the specific mount is established first
15237 before the key file is attempted to be read.
15239 * 'systemctl status' will now show information about the
15240 network sockets a socket unit is listening on.
15242 * 'systemctl status' will also shown information about any
15243 drop-in configuration file for units. (Drop-In configuration
15244 files in this context are files such as
15245 /etc/systemd/system/foobar.service.d/*.conf)
15247 * systemd-cgtop now optionally shows summed up CPU times of
15248 cgroups. Press '%' while running cgtop to switch between
15249 percentage and absolute mode. This is useful to determine
15250 which cgroups use up the most CPU time over the entire
15251 runtime of the system. systemd-cgtop has also been updated
15252 to be 'pipeable' for processing with further shell tools.
15254 * 'hostnamectl set-hostname' will now allow setting of FQDN
15257 * The formatting and parsing of time span values has been
15258 changed. The parser now understands fractional expressions
15259 such as "5.5h". The formatter will now output fractional
15260 expressions for all time spans under 1min, i.e. "5.123456s"
15261 rather than "5s 123ms 456us". For time spans under 1s
15262 millisecond values are shown, for those under 1ms
15263 microsecond values are shown. This should greatly improve
15264 all time-related output of systemd.
15266 * libsystemd-login and libsystemd-journal gained new
15267 functions for querying the poll() events mask and poll()
15268 timeout value for integration into arbitrary event
15271 * localectl gained the ability to list available X11 keymaps
15272 (models, layouts, variants, options).
15274 * 'systemd-analyze dot' gained the ability to filter for
15275 specific units via shell-style globs, to create smaller,
15276 more useful graphs. I.e. it is now possible to create simple
15277 graphs of all the dependencies between only target units, or
15278 of all units that Avahi has dependencies with.
15280 Contributions from: Cristian Rodríguez, Dr. Tilmann Bubeck,
15281 Harald Hoyer, Holger Hans Peter Freyther, Kay Sievers, Kelly
15282 Anderson, Koen Kooi, Lennart Poettering, Maksim Melnikau,
15283 Marc-Antoine Perennou, Marius Vollmer, Martin Pitt, Michal
15284 Schmidt, Oleksii Shevchuk, Ronny Chevalier, Simon McVittie,
15285 Steven Hiscocks, Thomas Weißschuh, Umut Tezduyar, Václav
15286 Pavlín, Zbigniew Jędrzejewski-Szmek, Łukasz Stelmach
15290 * The boot-time readahead implementation for rotating media
15291 will now read the read-ahead data in multiple passes which
15292 consist of all read requests made in equidistant time
15293 intervals. This means instead of strictly reading read-ahead
15294 data in its physical order on disk we now try to find a
15295 middle ground between physical and access time order.
15297 * /etc/os-release files gained a new BUILD_ID= field for usage
15298 on operating systems that provide continuous builds of OS
15301 Contributions from: Auke Kok, Eelco Dolstra, Kay Sievers,
15302 Lennart Poettering, Lukas Nykryn, Martin Pitt, Václav Pavlín
15303 William Douglas, Zbigniew Jędrzejewski-Szmek
15307 * systemd-python gained an API exposing libsystemd-daemon.
15309 * The SMACK setup logic gained support for uploading CIPSO
15312 * Behaviour of PrivateTmp=, ReadWriteDirectories=,
15313 ReadOnlyDirectories= and InaccessibleDirectories= has
15314 changed. The private /tmp and /var/tmp directories are now
15315 shared by all processes of a service (which means
15316 ExecStartPre= may now leave data in /tmp that ExecStart= of
15317 the same service can still access). When a service is
15318 stopped its temporary directories are immediately deleted
15319 (normal clean-up with tmpfiles is still done in addition to
15322 * By default, systemd will now set a couple of sysctl
15323 variables in the kernel: the safe sysrq options are turned
15324 on, IP route verification is turned on, and source routing
15325 disabled. The recently added hardlink and softlink
15326 protection of the kernel is turned on. These settings should
15327 be reasonably safe, and good defaults for all new systems.
15329 * The predictable network naming logic may now be turned off
15330 with a new kernel command line switch: net.ifnames=0.
15332 * A new libsystemd-bus module has been added that implements a
15333 pretty complete D-Bus client library. For details see:
15335 https://lists.freedesktop.org/archives/systemd-devel/2013-March/009797.html
15337 * journald will now explicitly flush the journal files to disk
15338 at the latest 5min after each write. The file will then also
15339 be marked offline until the next write. This should increase
15340 reliability in case of a crash. The synchronization delay
15341 can be configured via SyncIntervalSec= in journald.conf.
15343 * There's a new remote-fs-setup.target unit that can be used
15344 to pull in specific services when at least one remote file
15345 system is to be mounted.
15347 * There are new targets timers.target and paths.target as
15348 canonical targets to pull user timer and path units in
15349 from. This complements sockets.target with a similar
15350 purpose for socket units.
15352 * libudev gained a new call udev_device_set_attribute_value()
15353 to set sysfs attributes of a device.
15355 * The udev daemon now sets the default number of worker
15356 processes executed in parallel based on the number of available
15357 CPUs instead of the amount of available RAM. This is supposed
15358 to provide a more reliable default and limit a too aggressive
15359 parallelism for setups with 1000s of devices connected.
15361 Contributions from: Auke Kok, Colin Walters, Cristian
15362 Rodríguez, Daniel Buch, Dave Reisner, Frederic Crozat, Hannes
15363 Reinecke, Harald Hoyer, Jan Alexander Steffens, Jan
15364 Engelhardt, Josh Triplett, Kay Sievers, Lennart Poettering,
15365 Mantas Mikulėnas, Martin Pitt, Mathieu Bridon, Michael Biebl,
15366 Michal Schmidt, Michal Sekletar, Miklos Vajna, Nathaniel Chen,
15367 Oleksii Shevchuk, Ozan Çağlayan, Thomas Hindoe Paaboel
15368 Andersen, Tollef Fog Heen, Tom Gundersen, Umut Tezduyar,
15369 Zbigniew Jędrzejewski-Szmek
15373 * Configuration of unit files may now be extended via drop-in
15374 files without having to edit/override the unit files
15375 themselves. More specifically, if the administrator wants to
15376 change one value for a service file foobar.service he can
15377 now do so by dropping in a configuration snippet into
15378 /etc/systemd/system/foobar.service.d/*.conf. The unit logic
15379 will load all these snippets and apply them on top of the
15380 main unit configuration file, possibly extending or
15381 overriding its settings. Using these drop-in snippets is
15382 generally nicer than the two earlier options for changing
15383 unit files locally: copying the files from
15384 /usr/lib/systemd/system/ to /etc/systemd/system/ and editing
15385 them there; or creating a new file in /etc/systemd/system/
15386 that incorporates the original one via ".include". Drop-in
15387 snippets into these .d/ directories can be placed in any
15388 directory systemd looks for units in, and the usual
15389 overriding semantics between /usr/lib, /etc and /run apply
15392 * Most unit file settings which take lists of items can now be
15393 reset by assigning the empty string to them. For example,
15394 normally, settings such as Environment=FOO=BAR append a new
15395 environment variable assignment to the environment block,
15396 each time they are used. By assigning Environment= the empty
15397 string the environment block can be reset to empty. This is
15398 particularly useful with the .d/*.conf drop-in snippets
15399 mentioned above, since this adds the ability to reset list
15400 settings from vendor unit files via these drop-ins.
15402 * systemctl gained a new "list-dependencies" command for
15403 listing the dependencies of a unit recursively.
15405 * Inhibitors are now honored and listed by "systemctl
15406 suspend", "systemctl poweroff" (and similar) too, not only
15407 GNOME. These commands will also list active sessions by
15410 * Resource limits (as exposed by the various control group
15411 controllers) can now be controlled dynamically at runtime
15412 for all units. More specifically, you can now use a command
15413 like "systemctl set-cgroup-attr foobar.service cpu.shares
15414 2000" to alter the CPU shares a specific service gets. These
15415 settings are stored persistently on disk, and thus allow the
15416 administrator to easily adjust the resource usage of
15417 services with a few simple commands. This dynamic resource
15418 management logic is also available to other programs via the
15419 bus. Almost any kernel cgroup attribute and controller is
15422 * systemd-vconsole-setup will now copy all font settings to
15423 all allocated VTs, where it previously applied them only to
15426 * libsystemd-login gained the new sd_session_get_tty() API
15429 * This release drops support for a few legacy or
15430 distribution-specific LSB facility names when parsing init
15431 scripts: $x-display-manager, $mail-transfer-agent,
15432 $mail-transport-agent, $mail-transfer-agent, $smtp,
15433 $null. Also, the mail-transfer-agent.target unit backing
15434 this has been removed. Distributions which want to retain
15435 compatibility with this should carry the burden for
15436 supporting this themselves and patch support for these back
15437 in, if they really need to. Also, the facilities $syslog and
15438 $local_fs are now ignored, since systemd does not support
15439 early-boot LSB init scripts anymore, and these facilities
15440 are implied anyway for normal services. syslog.target has
15443 * There are new bus calls on PID1's Manager object for
15444 cancelling jobs, and removing snapshot units. Previously,
15445 both calls were only available on the Job and Snapshot
15446 objects themselves.
15448 * systemd-journal-gatewayd gained SSL support.
15450 * The various "environment" files, such as /etc/locale.conf
15451 now support continuation lines with a backslash ("\") as
15452 last character in the line, similarly in style (but different)
15453 to how this is supported in shells.
15455 * For normal user processes the _SYSTEMD_USER_UNIT= field is
15456 now implicitly appended to every log entry logged. systemctl
15457 has been updated to filter by this field when operating on a
15458 user systemd instance.
15460 * nspawn will now implicitly add the CAP_AUDIT_WRITE and
15461 CAP_AUDIT_CONTROL capabilities to the capabilities set for
15462 the container. This makes it easier to boot unmodified
15463 Fedora systems in a container, which however still requires
15464 audit=0 to be passed on the kernel command line. Auditing in
15465 kernel and userspace is unfortunately still too broken in
15466 context of containers, hence we recommend compiling it out
15467 of the kernel or using audit=0. Hopefully this will be fixed
15468 one day for good in the kernel.
15470 * nspawn gained the new --bind= and --bind-ro= parameters to
15471 bind mount specific directories from the host into the
15474 * nspawn will now mount its own devpts file system instance
15475 into the container, in order not to leak pty devices from
15476 the host into the container.
15478 * systemd will now read the firmware boot time performance
15479 information from the EFI variables, if the used boot loader
15480 supports this, and takes it into account for boot performance
15481 analysis via "systemd-analyze". This is currently supported
15482 only in conjunction with Gummiboot, but could be supported
15483 by other boot loaders too. For details see:
15485 https://systemd.io/BOOT_LOADER_INTERFACE
15487 * A new generator has been added that automatically mounts the
15488 EFI System Partition (ESP) to /boot, if that directory
15489 exists, is empty, and no other file system has been
15490 configured to be mounted there.
15492 * logind will now send out PrepareForSleep(false) out
15493 unconditionally, after coming back from suspend. This may be
15494 used by applications as asynchronous notification for
15495 system resume events.
15497 * "systemctl unlock-sessions" has been added, that allows
15498 unlocking the screens of all user sessions at once, similar
15499 to how "systemctl lock-sessions" already locked all users
15500 sessions. This is backed by a new D-Bus call UnlockSessions().
15502 * "loginctl seat-status" will now show the master device of a
15503 seat. (i.e. the device of a seat that needs to be around for
15504 the seat to be considered available, usually the graphics
15507 * tmpfiles gained a new "X" line type, that allows
15508 configuration of files and directories (with wildcards) that
15509 shall be excluded from automatic cleanup ("aging").
15511 * udev default rules set the device node permissions now only
15512 at "add" events, and do not change them any longer with a
15513 later "change" event.
15515 * The log messages for lid events and power/sleep keypresses
15516 now carry a message ID.
15518 * We now have a substantially larger unit test suite, but this
15519 continues to be work in progress.
15521 * udevadm hwdb gained a new --root= parameter to change the
15522 root directory to operate relative to.
15524 * logind will now issue a background sync() request to the kernel
15525 early at shutdown, so that dirty buffers are flushed to disk early
15526 instead of at the last moment, in order to optimize shutdown
15529 * A new bootctl tool has been added that is an interface for
15530 certain boot loader operations. This is currently a preview
15531 and is likely to be extended into a small mechanism daemon
15532 like timedated, localed, hostnamed, and can be used by
15533 graphical UIs to enumerate available boot options, and
15534 request boot into firmware operations.
15536 * systemd-bootchart has been relicensed to LGPLv2.1+ to match
15537 the rest of the package. It also has been updated to work
15538 correctly in initrds.
15540 * polkit previously has been runtime optional, and is now also
15541 compile time optional via a configure switch.
15543 * systemd-analyze has been reimplemented in C. Also "systemctl
15544 dot" has moved into systemd-analyze.
15546 * "systemctl status" with no further parameters will now print
15547 the status of all active or failed units.
15549 * Operations such as "systemctl start" can now be executed
15550 with a new mode "--irreversible" which may be used to queue
15551 operations that cannot accidentally be reversed by a later
15552 job queuing. This is by default used to make shutdown
15553 requests more robust.
15555 * The Python API of systemd now gained a new module for
15556 reading journal files.
15558 * A new tool kernel-install has been added that can install
15559 kernel images according to the Boot Loader Specification:
15561 https://systemd.io/BOOT_LOADER_SPECIFICATION
15563 * Boot time console output has been improved to provide
15564 animated boot time output for hanging jobs.
15566 * A new tool systemd-activate has been added which can be used
15567 to test socket activation with, directly from the command
15568 line. This should make it much easier to test and debug
15569 socket activation in daemons.
15571 * journalctl gained a new "--reverse" (or -r) option to show
15572 journal output in reverse order (i.e. newest line first).
15574 * journalctl gained a new "--pager-end" (or -e) option to jump
15575 to immediately jump to the end of the journal in the
15576 pager. This is only supported in conjunction with "less".
15578 * journalctl gained a new "--user-unit=" option, that works
15579 similarly to "--unit=" but filters for user units rather than
15582 * A number of unit files to ease adoption of systemd in
15583 initrds has been added. This moves some minimal logic from
15584 the various initrd implementations into systemd proper.
15586 * The journal files are now owned by a new group
15587 "systemd-journal", which exists specifically to allow access
15588 to the journal, and nothing else. Previously, we used the
15589 "adm" group for that, which however possibly covers more
15590 than just journal/log file access. This new group is now
15591 already used by systemd-journal-gatewayd to ensure this
15592 daemon gets access to the journal files and as little else
15593 as possible. Note that "make install" will also set FS ACLs
15594 up for /var/log/journal to give "adm" and "wheel" read
15595 access to it, in addition to "systemd-journal" which owns
15596 the journal files. We recommend that packaging scripts also
15597 add read access to "adm" + "wheel" to /var/log/journal, and
15598 all existing/future journal files. To normal users and
15599 administrators little changes, however packagers need to
15600 ensure to create the "systemd-journal" system group at
15601 package installation time.
15603 * The systemd-journal-gatewayd now runs as unprivileged user
15604 systemd-journal-gateway:systemd-journal-gateway. Packaging
15605 scripts need to create these system user/group at
15608 * timedated now exposes a new boolean property CanNTP that
15609 indicates whether a local NTP service is available or not.
15611 * systemd-detect-virt will now also detect xen PVs
15613 * The pstore file system is now mounted by default, if it is
15616 * In addition to the SELinux and IMA policies we will now also
15617 load SMACK policies at early boot.
15619 Contributions from: Adel Gadllah, Aleksander Morgado, Auke
15620 Kok, Ayan George, Bastien Nocera, Colin Walters, Daniel Buch,
15621 Daniel Wallace, Dave Reisner, David Herrmann, David Strauss,
15622 Eelco Dolstra, Enrico Scholz, Frederic Crozat, Harald Hoyer,
15623 Jan Janssen, Jonathan Callen, Kay Sievers, Lennart Poettering,
15624 Lukas Nykryn, Mantas Mikulėnas, Marc-Antoine Perennou, Martin
15625 Pitt, Mauro Dreissig, Max F. Albrecht, Michael Biebl, Michael
15626 Olbrich, Michal Schmidt, Michal Sekletar, Michal Vyskocil,
15627 Michał Bartoszkiewicz, Mirco Tischler, Nathaniel Chen, Nestor
15628 Ovroy, Oleksii Shevchuk, Paul W. Frields, Piotr Drąg, Rob
15629 Clark, Ryan Lortie, Simon McVittie, Simon Peeters, Steven
15630 Hiscocks, Thomas Hindoe Paaboel Andersen, Tollef Fog Heen, Tom
15631 Gundersen, Umut Tezduyar, William Giokas, Zbigniew
15632 Jędrzejewski-Szmek, Zeeshan Ali (Khattak)
15636 * Timer units now support calendar time events in addition to
15637 monotonic time events. That means you can now trigger a unit
15638 based on a calendar time specification such as "Thu,Fri
15639 2013-*-1,5 11:12:13" which refers to 11:12:13 of the first
15640 or fifth day of any month of the year 2013, given that it is
15641 a Thursday or a Friday. This brings timer event support
15642 considerably closer to cron's capabilities. For details on
15643 the supported calendar time specification language see
15646 * udev now supports a number of different naming policies for
15647 network interfaces for predictable names, and a combination
15648 of these policies is now the default. Please see this wiki
15649 document for details:
15651 https://www.freedesktop.org/software/systemd/man/systemd.net-naming-scheme.html
15653 * Auke Kok's bootchart implementation has been added to the
15654 systemd tree. It is an optional component that can graph the
15655 boot in quite some detail. It is one of the best bootchart
15656 implementations around and minimal in its code and
15659 * nss-myhostname has been integrated into the systemd source
15660 tree. nss-myhostname guarantees that the local hostname
15661 always stays resolvable via NSS. It has been a weak
15662 requirement of systemd-hostnamed since a long time, and
15663 since its code is actually trivial we decided to just
15664 include it in systemd's source tree. It can be turned off
15665 with a configure switch.
15667 * The read-ahead logic is now capable of properly detecting
15668 whether a btrfs file system is on SSD or rotating media, in
15669 order to optimize the read-ahead scheme. Previously, it was
15670 only capable of detecting this on traditional file systems
15673 * In udev, additional device properties are now read from the
15674 IAB in addition to the OUI database. Also, Bluetooth company
15675 identities are attached to the devices as well.
15677 * In service files %U may be used as specifier that is
15678 replaced by the configured user name of the service.
15680 * nspawn may now be invoked without a controlling TTY. This
15681 makes it suitable for invocation as its own service. This
15682 may be used to set up a simple containerized server system
15683 using only core OS tools.
15685 * systemd and nspawn can now accept socket file descriptors
15686 when they are started for socket activation. This enables
15687 implementation of socket activated nspawn
15688 containers. i.e. think about autospawning an entire OS image
15689 when the first SSH or HTTP connection is received. We expect
15690 that similar functionality will also be added to libvirt-lxc
15693 * journalctl will now suppress ANSI color codes when
15694 presenting log data.
15696 * systemctl will no longer show control group information for
15697 a unit if the control group is empty anyway.
15699 * logind can now automatically suspend/hibernate/shutdown the
15702 * /etc/machine-info and hostnamed now also expose the chassis
15703 type of the system. This can be used to determine whether
15704 the local system is a laptop, desktop, handset or
15705 tablet. This information may either be configured by the
15706 user/vendor or is automatically determined from ACPI and DMI
15707 information if possible.
15709 * A number of polkit actions are now bound together with "imply"
15710 rules. This should simplify creating UIs because many actions
15711 will now authenticate similar ones as well.
15713 * Unit files learnt a new condition ConditionACPower= which
15714 may be used to conditionalize a unit depending on whether an
15715 AC power source is connected or not, of whether the system
15716 is running on battery power.
15718 * systemctl gained a new "is-failed" verb that may be used in
15719 shell scripts and suchlike to check whether a specific unit
15720 is in the "failed" state.
15722 * The EnvironmentFile= setting in unit files now supports file
15723 globbing, and can hence be used to easily read a number of
15724 environment files at once.
15726 * systemd will no longer detect and recognize specific
15727 distributions. All distribution-specific #ifdeffery has been
15728 removed, systemd is now fully generic and
15729 distribution-agnostic. Effectively, not too much is lost as
15730 a lot of the code is still accessible via explicit configure
15731 switches. However, support for some distribution specific
15732 legacy configuration file formats has been dropped. We
15733 recommend distributions to simply adopt the configuration
15734 files everybody else uses now and convert the old
15735 configuration from packaging scripts. Most distributions
15736 already did that. If that's not possible or desirable,
15737 distributions are welcome to forward port the specific
15738 pieces of code locally from the git history.
15740 * When logging a message about a unit systemd will now always
15741 log the unit name in the message meta data.
15743 * localectl will now also discover system locale data that is
15744 not stored in locale archives, but directly unpacked.
15746 * logind will no longer unconditionally use framebuffer
15747 devices as seat masters, i.e. as devices that are required
15748 to be existing before a seat is considered preset. Instead,
15749 it will now look for all devices that are tagged as
15750 "seat-master" in udev. By default, framebuffer devices will
15751 be marked as such, but depending on local systems, other
15752 devices might be marked as well. This may be used to
15753 integrate graphics cards using closed source drivers (such
15754 as NVidia ones) more nicely into logind. Note however, that
15755 we recommend using the open source NVidia drivers instead,
15756 and no udev rules for the closed-source drivers will be
15757 shipped from us upstream.
15759 Contributions from: Adam Williamson, Alessandro Crismani, Auke
15760 Kok, Colin Walters, Daniel Wallace, Dave Reisner, David
15761 Herrmann, David Strauss, Dimitrios Apostolou, Eelco Dolstra,
15762 Eric Benoit, Giovanni Campagna, Hannes Reinecke, Henrik
15763 Grindal Bakken, Hermann Gausterer, Kay Sievers, Lennart
15764 Poettering, Lukas Nykryn, Mantas Mikulėnas, Marcel Holtmann,
15765 Martin Pitt, Matthew Monaco, Michael Biebl, Michael Terry,
15766 Michal Schmidt, Michal Sekletar, Michał Bartoszkiewicz, Oleg
15767 Samarin, Pekka Lundstrom, Philip Nilsson, Ramkumar
15768 Ramachandra, Richard Yao, Robert Millan, Sami Kerola, Shawn
15769 Landden, Thomas Hindoe Paaboel Andersen, Thomas Jarosch,
15770 Tollef Fog Heen, Tom Gundersen, Umut Tezduyar, Zbigniew
15775 * udev gained support for loading additional device properties
15776 from an indexed database that is keyed by vendor/product IDs
15777 and similar device identifiers. For the beginning this
15778 "hwdb" is populated with data from the well-known PCI and
15779 USB database, but also includes PNP, ACPI and OID data. In
15780 the longer run this indexed database shall grow into
15781 becoming the one central database for non-essential
15782 userspace device metadata. Previously, data from the PCI/USB
15783 database was only attached to select devices, since the
15784 lookup was a relatively expensive operation due to O(n) time
15785 complexity (with n being the number of entries in the
15786 database). Since this is now O(1), we decided to add in this
15787 data for all devices where this is available, by
15788 default. Note that the indexed database needs to be rebuilt
15789 when new data files are installed. To achieve this you need
15790 to update your packaging scripts to invoke "udevadm hwdb
15791 --update" after installation of hwdb data files. For
15792 RPM-based distributions we introduced the new
15793 %udev_hwdb_update macro for this purpose.
15795 * The Journal gained support for the "Message Catalog", an
15796 indexed database to link up additional information with
15797 journal entries. For further details please check:
15799 https://www.freedesktop.org/wiki/Software/systemd/catalog
15801 The indexed message catalog database also needs to be
15802 rebuilt after installation of message catalog files. Use
15803 "journalctl --update-catalog" for this. For RPM-based
15804 distributions we introduced the %journal_catalog_update
15805 macro for this purpose.
15807 * The Python Journal bindings gained support for the standard
15808 Python logging framework.
15810 * The Journal API gained new functions for checking whether
15811 the underlying file system of a journal file is capable of
15812 properly reporting file change notifications, or whether
15813 applications that want to reflect journal changes "live"
15814 need to recheck journal files continuously in appropriate
15817 * It is now possible to set the "age" field for tmpfiles
15818 entries to 0, indicating that files matching this entry
15819 shall always be removed when the directories are cleaned up.
15821 * coredumpctl gained a new "gdb" verb which invokes gdb
15822 right-away on the selected coredump.
15824 * There's now support for "hybrid sleep" on kernels that
15825 support this, in addition to "suspend" and "hibernate". Use
15826 "systemctl hybrid-sleep" to make use of this.
15828 * logind's HandleSuspendKey= setting (and related settings)
15829 now gained support for a new "lock" setting to simply
15830 request the screen lock on all local sessions, instead of
15831 actually executing a suspend or hibernation.
15833 * systemd will now mount the EFI variables file system by
15836 * Socket units now gained support for configuration of the
15837 SMACK security label.
15839 * timedatectl will now output the time of the last and next
15840 daylight saving change.
15842 * We dropped support for various legacy and distro-specific
15843 concepts, such as insserv, early-boot SysV services
15844 (i.e. those for non-standard runlevels such as 'b' or 'S')
15845 or ArchLinux /etc/rc.conf support. We recommend the
15846 distributions who still need support this to either continue
15847 to maintain the necessary patches downstream, or find a
15848 different solution. (Talk to us if you have questions!)
15850 * Various systemd components will now bypass polkit checks for
15851 root and otherwise handle properly if polkit is not found to
15852 be around. This should fix most issues for polkit-less
15853 systems. Quite frankly this should have been this way since
15854 day one. It is absolutely our intention to make systemd work
15855 fine on polkit-less systems, and we consider it a bug if
15856 something does not work as it should if polkit is not around.
15858 * For embedded systems it is now possible to build udev and
15859 systemd without blkid and/or kmod support.
15861 * "systemctl switch-root" is now capable of switching root
15862 more than once. I.e. in addition to transitions from the
15863 initrd to the host OS it is now possible to transition to
15864 further OS images from the host. This is useful to implement
15865 offline updating tools.
15867 * Various other additions have been made to the RPM macros
15868 shipped with systemd. Use %udev_rules_update() after
15869 installing new udev rules files. %_udevhwdbdir,
15870 %_udevrulesdir, %_journalcatalogdir, %_tmpfilesdir,
15871 %_sysctldir are now available which resolve to the right
15872 directories for packages to place various data files in.
15874 * journalctl gained the new --full switch (in addition to
15875 --all, to disable ellipsation for long messages.
15877 Contributions from: Anders Olofsson, Auke Kok, Ben Boeckel,
15878 Colin Walters, Cosimo Cecchi, Daniel Wallace, Dave Reisner,
15879 Eelco Dolstra, Holger Hans Peter Freyther, Kay Sievers,
15880 Chun-Yi Lee, Lekensteyn, Lennart Poettering, Mantas Mikulėnas,
15881 Marti Raudsepp, Martin Pitt, Mauro Dreissig, Michael Biebl,
15882 Michal Schmidt, Michal Sekletar, Miklos Vajna, Nis Martensen,
15883 Oleksii Shevchuk, Olivier Brunel, Ramkumar Ramachandra, Thomas
15884 Bächler, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Tony
15885 Camuso, Umut Tezduyar, Zbigniew Jędrzejewski-Szmek
15889 * journalctl gained new --since= and --until= switches to
15890 filter by time. It also now supports nice filtering for
15891 units via --unit=/-u.
15893 * Type=oneshot services may use ExecReload= and do the
15896 * The journal daemon now supports time-based rotation and
15897 vacuuming, in addition to the usual disk-space based
15900 * The journal will now index the available field values for
15901 each field name. This enables clients to show pretty drop
15902 downs of available match values when filtering. The bash
15903 completion of journalctl has been updated
15904 accordingly. journalctl gained a new switch -F to list all
15905 values a certain field takes in the journal database.
15907 * More service events are now written as structured messages
15908 to the journal, and made recognizable via message IDs.
15910 * The timedated, localed and hostnamed mini-services which
15911 previously only provided support for changing time, locale
15912 and hostname settings from graphical DEs such as GNOME now
15913 also have a minimal (but very useful) text-based client
15914 utility each. This is probably the nicest way to changing
15915 these settings from the command line now, especially since
15916 it lists available options and is fully integrated with bash
15919 * There's now a new tool "systemd-coredumpctl" to list and
15920 extract coredumps from the journal.
15922 * We now install a README each in /var/log/ and
15923 /etc/rc.d/init.d explaining where the system logs and init
15924 scripts went. This hopefully should help folks who go to
15925 that dirs and look into the otherwise now empty void and
15926 scratch their heads.
15928 * When user-services are invoked (by systemd --user) the
15929 $MANAGERPID env var is set to the PID of systemd.
15931 * SIGRTMIN+24 when sent to a --user instance will now result
15932 in immediate termination of systemd.
15934 * gatewayd received numerous feature additions such as a
15935 "follow" mode, for live syncing and filtering.
15937 * browse.html now allows filtering and showing detailed
15938 information on specific entries. Keyboard navigation and
15939 mouse screen support has been added.
15941 * gatewayd/journalctl now supports HTML5/JSON
15942 Server-Sent-Events as output.
15944 * The SysV init script compatibility logic will now
15945 heuristically determine whether a script supports the
15946 "reload" verb, and only then make this available as
15947 "systemctl reload".
15949 * "systemctl status --follow" has been removed, use "journalctl
15952 * journald.conf's RuntimeMinSize=, PersistentMinSize= settings
15953 have been removed since they are hardly useful to be
15956 * And I'd like to take the opportunity to specifically mention
15957 Zbigniew for his great contributions. Zbigniew, you rock!
15959 Contributions from: Andrew Eikum, Christian Hesse, Colin
15960 Guthrie, Daniel J Walsh, Dave Reisner, Eelco Dolstra, Ferenc
15961 Wágner, Kay Sievers, Lennart Poettering, Lukas Nykryn, Mantas
15962 Mikulėnas, Martin Mikkelsen, Martin Pitt, Michael Olbrich,
15963 Michael Stapelberg, Michal Schmidt, Sebastian Ott, Thomas
15964 Bächler, Umut Tezduyar, Will Woods, Wulf C. Krueger, Zbigniew
15965 Jędrzejewski-Szmek, Сковорода Никита Андреевич
15969 * If /etc/vconsole.conf is non-existent or empty we will no
15970 longer load any console font or key map at boot by
15971 default. Instead the kernel defaults will be left
15972 intact. This is definitely the right thing to do, as no
15973 configuration should mean no configuration, and hard-coding
15974 font names that are different on all archs is probably a bad
15975 idea. Also, the kernel default key map and font should be
15976 good enough for most cases anyway, and mostly identical to
15977 the userspace fonts/key maps we previously overloaded them
15978 with. If distributions want to continue to default to a
15979 non-kernel font or key map they should ship a default
15980 /etc/vconsole.conf with the appropriate contents.
15982 Contributions from: Colin Walters, Daniel J Walsh, Dave
15983 Reisner, Kay Sievers, Lennart Poettering, Lukas Nykryn, Tollef
15984 Fog Heen, Tom Gundersen, Zbigniew Jędrzejewski-Szmek
15988 * journalctl gained a new --cursor= switch to show entries
15989 starting from the specified location in the journal.
15991 * We now enforce a size limit on journal entry fields exported
15992 with "-o json" in journalctl. Fields larger than 4K will be
15993 assigned null. This can be turned off with --all.
15995 * An (optional) journal gateway daemon is now available as
15996 "systemd-journal-gatewayd.service". This service provides
15997 access to the journal via HTTP and JSON. This functionality
15998 will be used to implement live log synchronization in both
15999 pull and push modes, but has various other users too, such
16000 as easy log access for debugging of embedded devices. Right
16001 now it is already useful to retrieve the journal via HTTP:
16003 # systemctl start systemd-journal-gatewayd.service
16004 # wget http://localhost:19531/entries
16006 This will download the journal contents in a
16007 /var/log/messages compatible format. The same as JSON:
16009 # curl -H"Accept: application/json" http://localhost:19531/entries
16011 This service is also accessible via a web browser where a
16012 single static HTML5 app is served that uses the JSON logic
16013 to enable the user to do some basic browsing of the
16014 journal. This will be extended later on. Here's an example
16015 screenshot of this app in its current state:
16017 https://0pointer.de/public/journal-gatewayd
16019 Contributions from: Kay Sievers, Lennart Poettering, Robert
16020 Milasan, Tom Gundersen
16024 * The bash completion logic is now available for journalctl
16027 * We do not mount the "cpuset" controller anymore together with
16028 "cpu" and "cpuacct", as "cpuset" groups generally cannot be
16029 started if no parameters are assigned to it. "cpuset" hence
16030 broke code that assumed it could create "cpu" groups and
16033 * journalctl -f will now subscribe to terminal size changes,
16034 and line break accordingly.
16036 Contributions from: Dave Reisner, Kay Sievers, Lennart
16037 Poettering, Lukas Nykrynm, Mirco Tischler, Václav Pavlín
16041 * nspawn will now create a symlink /etc/localtime in the
16042 container environment, copying the host's timezone
16043 setting. Previously this has been done via a bind mount, but
16044 since symlinks cannot be bind mounted this has now been
16045 changed to create/update the appropriate symlink.
16047 * journalctl -n's line number argument is now optional, and
16048 will default to 10 if omitted.
16050 * journald will now log the maximum size the journal files may
16051 take up on disk. This is particularly useful if the default
16052 built-in logic of determining this parameter from the file
16053 system size is used. Use "systemctl status
16054 systemd-journald.service" to see this information.
16056 * The multi-seat X wrapper tool has been stripped down. As X
16057 is now capable of enumerating graphics devices via udev in a
16058 seat-aware way the wrapper is not strictly necessary
16059 anymore. A stripped down temporary stop-gap is still shipped
16060 until the upstream display managers have been updated to
16061 fully support the new X logic. Expect this wrapper to be
16062 removed entirely in one of the next releases.
16064 * HandleSleepKey= in logind.conf has been split up into
16065 HandleSuspendKey= and HandleHibernateKey=. The old setting
16066 is not available anymore. X11 and the kernel are
16067 distinguishing between these keys and we should too. This
16068 also means the inhibition lock for these keys has been split
16071 Contributions from: Dave Airlie, Eelco Dolstra, Lennart
16072 Poettering, Lukas Nykryn, Václav Pavlín
16076 * Whenever a unit changes state we will now log this to the
16077 journal and show along the unit's own log output in
16078 "systemctl status".
16080 * ConditionPathIsMountPoint= can now properly detect bind
16081 mount points too. (Previously, a bind mount of one file
16082 system to another place in the same file system could not be
16083 detected as mount, since they shared struct stat's st_dev
16086 * We will now mount the cgroup controllers cpu, cpuacct,
16087 cpuset and the controllers net_cls, net_prio together by
16090 * nspawn containers will now have a virtualized boot
16091 ID. (i.e. /proc/sys/kernel/random/boot_id is now mounted
16092 over with a randomized ID at container initialization). This
16093 has the effect of making "journalctl -b" do the right thing
16096 * The JSON output journal serialization has been updated not
16097 to generate "endless" list objects anymore, but rather one
16098 JSON object per line. This is more in line how most JSON
16099 parsers expect JSON objects. The new output mode
16100 "json-pretty" has been added to provide similar output, but
16101 neatly aligned for readability by humans.
16103 * We dropped all explicit sync() invocations in the shutdown
16104 code. The kernel does this implicitly anyway in the kernel
16105 reboot() syscall. halt(8)'s -n option is now a compatibility
16108 * We now support virtualized reboot() in containers, as
16109 supported by newer kernels. We will fall back to exit() if
16110 CAP_SYS_REBOOT is not available to the container. Also,
16111 nspawn makes use of this now and will actually reboot the
16112 container if the containerized OS asks for that.
16114 * journalctl will only show local log output by default
16115 now. Use --merge (-m) to show remote log output, too.
16117 * libsystemd-journal gained the new sd_journal_get_usage()
16118 call to determine the current disk usage of all journal
16119 files. This is exposed in the new "journalctl --disk-usage"
16122 * journald gained a new configuration setting SplitMode= in
16123 journald.conf which may be used to control how user journals
16124 are split off. See journald.conf(5) for details.
16126 * A new condition type ConditionFileNotEmpty= has been added.
16128 * tmpfiles' "w" lines now support file globbing, to write
16129 multiple files at once.
16131 * We added Python bindings for the journal submission
16132 APIs. More Python APIs for a number of selected APIs will
16133 likely follow. Note that we intend to add native bindings
16134 only for the Python language, as we consider it common
16135 enough to deserve bindings shipped within systemd. There are
16136 various projects outside of systemd that provide bindings
16137 for languages such as PHP or Lua.
16139 * Many conditions will now resolve specifiers such as %i. In
16140 addition, PathChanged= and related directives of .path units
16141 now support specifiers as well.
16143 * There's now a new RPM macro definition for the system preset
16146 * journald will now warn if it ca not forward a message to the
16147 syslog daemon because its socket is full.
16149 * timedated will no longer write or process /etc/timezone,
16150 except on Debian. As we do not support late mounted /usr
16151 anymore /etc/localtime always being a symlink is now safe,
16152 and hence the information in /etc/timezone is not necessary
16155 * logind will now always reserve one VT for a text getty (VT6
16156 by default). Previously if more than 6 X sessions where
16157 started they took up all the VTs with auto-spawned gettys,
16158 so that no text gettys were available anymore.
16160 * udev will now automatically inform the btrfs kernel logic
16161 about btrfs RAID components showing up. This should make
16162 simple hotplug based btrfs RAID assembly work.
16164 * PID 1 will now increase its RLIMIT_NOFILE to 64K by default
16165 (but not for its children which will stay at the kernel
16166 default). This should allow setups with a lot more listening
16169 * systemd will now always pass the configured timezone to the
16170 kernel at boot. timedated will do the same when the timezone
16173 * logind's inhibition logic has been updated. By default,
16174 logind will now handle the lid switch, the power and sleep
16175 keys all the time, even in graphical sessions. If DEs want
16176 to handle these events on their own they should take the new
16177 handle-power-key, handle-sleep-key and handle-lid-switch
16178 inhibitors during their runtime. A simple way to achieve
16179 that is to invoke the DE wrapped in an invocation of:
16181 systemd-inhibit --what=handle-power-key:handle-sleep-key:handle-lid-switch …
16183 * Access to unit operations is now checked via SELinux taking
16184 the unit file label and client process label into account.
16186 * systemd will now notify the administrator in the journal
16187 when he over-mounts a non-empty directory.
16189 * There are new specifiers that are resolved in unit files,
16190 for the hostname (%H), the machine ID (%m) and the boot ID
16193 Contributions from: Allin Cottrell, Auke Kok, Brandon Philips,
16194 Colin Guthrie, Colin Walters, Daniel J Walsh, Dave Reisner,
16195 Eelco Dolstra, Jan Engelhardt, Kay Sievers, Lennart
16196 Poettering, Lucas De Marchi, Lukas Nykryn, Mantas Mikulėnas,
16197 Martin Pitt, Matthias Clasen, Michael Olbrich, Pierre Schmitz,
16198 Shawn Landden, Thomas Hindoe Paaboel Andersen, Tom Gundersen,
16199 Václav Pavlín, Yin Kangkai, Zbigniew Jędrzejewski-Szmek
16203 * Support for reading structured kernel messages from
16204 /dev/kmsg has now been added and is enabled by default.
16206 * Support for reading kernel messages from /proc/kmsg has now
16207 been removed. If you want kernel messages in the journal
16208 make sure to run a recent kernel (>= 3.5) that supports
16209 reading structured messages from /dev/kmsg (see
16210 above). /proc/kmsg is now exclusive property of classic
16211 syslog daemons again.
16213 * The libudev API gained the new
16214 udev_device_new_from_device_id() call.
16216 * The logic for file system namespace (ReadOnlyDirectory=,
16217 ReadWriteDirectoy=, PrivateTmp=) has been reworked not to
16218 require pivot_root() anymore. This means fewer temporary
16219 directories are created below /tmp for this feature.
16221 * nspawn containers will now see and receive all submounts
16222 made on the host OS below the root file system of the
16225 * Forward Secure Sealing is now supported for Journal files,
16226 which provide cryptographical sealing of journal files so
16227 that attackers cannot alter log history anymore without this
16228 being detectable. Lennart will soon post a blog story about
16229 this explaining it in more detail.
16231 * There are two new service settings RestartPreventExitStatus=
16232 and SuccessExitStatus= which allow configuration of exit
16233 status (exit code or signal) which will be excepted from the
16234 restart logic, resp. consider successful.
16236 * journalctl gained the new --verify switch that can be used
16237 to check the integrity of the structure of journal files and
16238 (if Forward Secure Sealing is enabled) the contents of
16241 * nspawn containers will now be run with /dev/stdin, /dev/fd/
16242 and similar symlinks pre-created. This makes running shells
16243 as container init process a lot more fun.
16245 * The fstab support can now handle PARTUUID= and PARTLABEL=
16248 * A new ConditionHost= condition has been added to match
16249 against the hostname (with globs) and machine ID. This is
16250 useful for clusters where a single OS image is used to
16251 provision a large number of hosts which shall run slightly
16252 different sets of services.
16254 * Services which hit the restart limit will now be placed in a
16257 Contributions from: Bertram Poettering, Dave Reisner, Huang
16258 Hang, Kay Sievers, Lennart Poettering, Lukas Nykryn, Martin
16259 Pitt, Simon Peeters, Zbigniew Jędrzejewski-Szmek
16263 * When running in --user mode systemd will now become a
16264 subreaper (PR_SET_CHILD_SUBREAPER). This should make the ps
16265 tree a lot more organized.
16267 * A new PartOf= unit dependency type has been introduced that
16268 may be used to group services in a natural way.
16270 * "systemctl enable" may now be used to enable instances of
16273 * journalctl now prints error log levels in red, and
16274 warning/notice log levels in bright white. It also supports
16275 filtering by log level now.
16277 * cgtop gained a new -n switch (similar to top), to configure
16278 the maximum number of iterations to run for. It also gained
16279 -b, to run in batch mode (accepting no input).
16281 * The suffix ".service" may now be omitted on most systemctl
16282 command lines involving service unit names.
16284 * There's a new bus call in logind to lock all sessions, as
16285 well as a loginctl verb for it "lock-sessions".
16287 * libsystemd-logind.so gained a new call sd_journal_perror()
16288 that works similar to libc perror() but logs to the journal
16289 and encodes structured information about the error number.
16291 * /etc/crypttab entries now understand the new keyfile-size=
16294 * shutdown(8) now can send a (configurable) wall message when
16295 a shutdown is cancelled.
16297 * The mount propagation mode for the root file system will now
16298 default to "shared", which is useful to make containers work
16299 nicely out-of-the-box so that they receive new mounts from
16300 the host. This can be undone locally by running "mount
16301 --make-rprivate /" if needed.
16303 * The prefdm.service file has been removed. Distributions
16304 should maintain this unit downstream if they intend to keep
16305 it around. However, we recommend writing normal unit files
16306 for display managers instead.
16308 * Since systemd is a crucial part of the OS we will now
16309 default to a number of compiler switches that improve
16310 security (hardening) such as read-only relocations, stack
16311 protection, and suchlike.
16313 * The TimeoutSec= setting for services is now split into
16314 TimeoutStartSec= and TimeoutStopSec= to allow configuration
16315 of individual time outs for the start and the stop phase of
16318 Contributions from: Artur Zaprzala, Arvydas Sidorenko, Auke
16319 Kok, Bryan Kadzban, Dave Reisner, David Strauss, Harald Hoyer,
16320 Jim Meyering, Kay Sievers, Lennart Poettering, Mantas
16321 Mikulėnas, Martin Pitt, Michal Schmidt, Michal Sekletar, Peter
16322 Alfredsen, Shawn Landden, Simon Peeters, Terence Honles, Tom
16323 Gundersen, Zbigniew Jędrzejewski-Szmek
16327 * The journal and id128 C APIs are now fully documented as man
16330 * Extra safety checks have been added when transitioning from
16331 the initial RAM disk to the main system to avoid accidental
16334 * /etc/crypttab entries now understand the new keyfile-offset=
16337 * systemctl -t can now be used to filter by unit load state.
16339 * The journal C API gained the new sd_journal_wait() call to
16340 make writing synchronous journal clients easier.
16342 * journalctl gained the new -D switch to show journals from a
16343 specific directory.
16345 * journalctl now displays a special marker between log
16346 messages of two different boots.
16348 * The journal is now explicitly flushed to /var via a service
16349 systemd-journal-flush.service, rather than implicitly simply
16350 by seeing /var/log/journal to be writable.
16352 * journalctl (and the journal C APIs) can now match for much
16353 more complex expressions, with alternatives and
16356 * When transitioning from the initial RAM disk to the main
16357 system we will now kill all processes in a killing spree to
16358 ensure no processes stay around by accident.
16360 * Three new specifiers may be used in unit files: %u, %h, %s
16361 resolve to the user name, user home directory resp. user
16362 shell. This is useful for running systemd user instances.
16364 * We now automatically rotate journal files if their data
16365 object hash table gets a fill level > 75%. We also size the
16366 hash table based on the configured maximum file size. This
16367 together should lower hash collisions drastically and thus
16368 speed things up a bit.
16370 * journalctl gained the new "--header" switch to introspect
16371 header data of journal files.
16373 * A new setting SystemCallFilters= has been added to services which may
16374 be used to apply deny lists or allow lists to system calls. This is
16375 based on SECCOMP Mode 2 of Linux 3.5.
16377 * nspawn gained a new --link-journal= switch (and quicker: -j)
16378 to link the container journal with the host. This makes it
16379 very easy to centralize log viewing on the host for all
16380 guests while still keeping the journal files separated.
16382 * Many bugfixes and optimizations
16384 Contributions from: Auke Kok, Eelco Dolstra, Harald Hoyer, Kay
16385 Sievers, Lennart Poettering, Malte Starostik, Paul Menzel, Rex
16386 Tsai, Shawn Landden, Tom Gundersen, Ville Skyttä, Zbigniew
16391 * Several tools now understand kernel command line arguments,
16392 which are only read when run in an initial RAM disk. They
16393 usually follow closely their normal counterparts, but are
16396 * There's a new tool to analyze the readahead files that are
16397 automatically generated at boot. Use:
16399 /usr/lib/systemd/systemd-readahead analyze /.readahead
16401 * We now provide an early debug shell on tty9 if this enabled. Use:
16403 systemctl enable debug-shell.service
16405 * All plymouth related units have been moved into the Plymouth
16406 package. Please make sure to upgrade your Plymouth version
16409 * systemd-tmpfiles now supports getting passed the basename of
16410 a configuration file only, in which case it will look for it
16411 in all appropriate directories automatically.
16413 * udevadm info now takes a /dev or /sys path as argument, and
16414 does the right thing. Example:
16416 udevadm info /dev/sda
16417 udevadm info /sys/class/block/sda
16419 * systemctl now prints a warning if a unit is stopped but a
16420 unit that might trigger it continues to run. Example: a
16421 service is stopped but the socket that activates it is left
16424 * "systemctl status" will now mention if the log output was
16425 shortened due to rotation since a service has been started.
16427 * The journal API now exposes functions to determine the
16428 "cutoff" times due to rotation.
16430 * journald now understands SIGUSR1 and SIGUSR2 for triggering
16431 immediately flushing of runtime logs to /var if possible,
16432 resp. for triggering immediate rotation of the journal
16435 * It is now considered an error if a service is attempted to
16436 be stopped that is not loaded.
16438 * XDG_RUNTIME_DIR now uses numeric UIDs instead of usernames.
16440 * systemd-analyze now supports Python 3
16442 * tmpfiles now supports cleaning up directories via aging
16443 where the first level dirs are always kept around but
16444 directories beneath it automatically aged. This is enabled
16445 by prefixing the age field with '~'.
16447 * Seat objects now expose CanGraphical, CanTTY properties
16448 which is required to deal with very fast bootups where the
16449 display manager might be running before the graphics drivers
16450 completed initialization.
16452 * Seat objects now expose a State property.
16454 * We now include RPM macros for service enabling/disabling
16455 based on the preset logic. We recommend RPM based
16456 distributions to make use of these macros if possible. This
16457 makes it simpler to reuse RPM spec files across
16460 * We now make sure that the collected systemd unit name is
16461 always valid when services log to the journal via
16464 * There's a new man page kernel-command-line(7) detailing all
16465 command line options we understand.
16467 * The fstab generator may now be disabled at boot by passing
16468 fstab=0 on the kernel command line.
16470 * A new kernel command line option modules-load= is now understood
16471 to load a specific kernel module statically, early at boot.
16473 * Unit names specified on the systemctl command line are now
16474 automatically escaped as needed. Also, if file system or
16475 device paths are specified they are automatically turned
16476 into the appropriate mount or device unit names. Example:
16478 systemctl status /home
16479 systemctl status /dev/sda
16481 * The SysVConsole= configuration option has been removed from
16482 system.conf parsing.
16484 * The SysV search path is no longer exported on the D-Bus
16487 * The Names= option has been removed from unit file parsing.
16489 * There's a new man page bootup(7) detailing the boot process.
16491 * Every unit and every generator we ship with systemd now
16492 comes with full documentation. The self-explanatory boot is
16495 * A couple of services gained "systemd-" prefixes in their
16496 name if they wrap systemd code, rather than only external
16497 code. Among them fsck@.service which is now
16498 systemd-fsck@.service.
16500 * The HaveWatchdog property has been removed from the D-Bus
16503 * systemd.confirm_spawn= on the kernel command line should now
16506 * There's a new man page crypttab(5) which details all options
16507 we actually understand.
16509 * systemd-nspawn gained a new --capability= switch to pass
16510 additional capabilities to the container.
16512 * timedated will now read known NTP implementation unit names
16513 from /usr/lib/systemd/ntp-units.d/*.list,
16514 systemd-timedated-ntp.target has been removed.
16516 * journalctl gained a new switch "-b" that lists log data of
16517 the current boot only.
16519 * The notify socket is in the abstract namespace again, in
16520 order to support daemons which chroot() at start-up.
16522 * There is a new Storage= configuration option for journald
16523 which allows configuration of where log data should go. This
16524 also provides a way to disable journal logging entirely, so
16525 that data collected is only forwarded to the console, the
16526 kernel log buffer or another syslog implementation.
16528 * Many bugfixes and optimizations
16530 Contributions from: Auke Kok, Colin Guthrie, Dave Reisner,
16531 David Strauss, Eelco Dolstra, Kay Sievers, Lennart Poettering,
16532 Lukas Nykryn, Michal Schmidt, Michal Sekletar, Paul Menzel,
16533 Shawn Landden, Tom Gundersen
16537 * "systemctl help <unit>" now shows the man page if one is
16540 * Several new man pages have been added.
16542 * MaxLevelStore=, MaxLevelSyslog=, MaxLevelKMsg=,
16543 MaxLevelConsole= can now be specified in
16544 journald.conf. These options allow reducing the amount of
16545 data stored on disk or forwarded by the log level.
16547 * TimerSlackNSec= can now be specified in system.conf for
16548 PID1. This allows system-wide power savings.
16550 Contributions from: Dave Reisner, Kay Sievers, Lauri Kasanen,
16551 Lennart Poettering, Malte Starostik, Marc-Antoine Perennou,
16556 * logind is now capable of (optionally) handling power and
16557 sleep keys as well as the lid switch.
16559 * journalctl now understands the syntax "journalctl
16560 /usr/bin/avahi-daemon" to get all log output of a specific
16563 * CapabilityBoundingSet= in system.conf now also influences
16564 the capability bound set of usermode helpers of the kernel.
16566 Contributions from: Daniel Drake, Daniel J. Walsh, Gert
16567 Michael Kulyk, Harald Hoyer, Jean Delvare, Kay Sievers,
16568 Lennart Poettering, Matthew Garrett, Matthias Clasen, Paul
16569 Menzel, Shawn Landden, Tero Roponen, Tom Gundersen
16573 * Note that we skipped 139 releases here in order to set the
16574 new version to something that is greater than both udev's
16575 and systemd's most recent version number.
16577 * udev: all udev sources are merged into the systemd source tree now.
16578 All future udev development will happen in the systemd tree. It
16579 is still fully supported to use the udev daemon and tools without
16580 systemd running, like in initramfs or other init systems. Building
16581 udev though, will require the *build* of the systemd tree, but
16582 udev can be properly *run* without systemd.
16584 * udev: /lib/udev/devices/ are not read anymore; systemd-tmpfiles
16585 should be used to create dead device nodes as workarounds for broken
16588 * udev: RUN+="socket:…" and udev_monitor_new_from_socket() is
16589 no longer supported. udev_monitor_new_from_netlink() needs to be
16590 used to subscribe to events.
16592 * udev: when udevd is started by systemd, processes which are left
16593 behind by forking them off of udev rules, are unconditionally cleaned
16594 up and killed now after the event handling has finished. Services or
16595 daemons must be started as systemd services. Services can be
16596 pulled-in by udev to get started, but they can no longer be directly
16597 forked by udev rules.
16599 * udev: the daemon binary is called systemd-udevd now and installed
16600 in /usr/lib/systemd/. Standalone builds or non-systemd systems need
16601 to adapt to that, create symlink, or rename the binary after building
16604 * libudev no longer provides these symbols:
16605 udev_monitor_from_socket()
16606 udev_queue_get_failed_list_entry()
16607 udev_get_{dev,sys,run}_path()
16608 The versions number was bumped and symbol versioning introduced.
16610 * systemd-loginctl and systemd-journalctl have been renamed
16611 to loginctl and journalctl to match systemctl.
16613 * The config files: /etc/systemd/systemd-logind.conf and
16614 /etc/systemd/systemd-journald.conf have been renamed to
16615 logind.conf and journald.conf. Package updates should rename
16616 the files to the new names on upgrade.
16618 * For almost all files the license is now LGPL2.1+, changed
16619 from the previous GPL2.0+. Exceptions are some minor stuff
16620 of udev (which will be changed to LGPL2.1 eventually, too),
16621 and the MIT licensed sd-daemon.[ch] library that is suitable
16622 to be used as drop-in files.
16624 * systemd and logind now handle system sleep states, in
16625 particular suspending and hibernating.
16627 * logind now implements a sleep/shutdown/idle inhibiting logic
16628 suitable for a variety of uses. Soonishly Lennart will blog
16629 about this in more detail.
16631 * var-run.mount and var-lock.mount are no longer provided
16632 (which previously bind mounted these directories to their new
16633 places). Distributions which have not converted these
16634 directories to symlinks should consider stealing these files
16635 from git history and add them downstream.
16637 * We introduced the Documentation= field for units and added
16638 this to all our shipped units. This is useful to make it
16639 easier to explore the boot and the purpose of the various
16642 * All smaller setup units (such as
16643 systemd-vconsole-setup.service) now detect properly if they
16644 are run in a container and are skipped when
16645 appropriate. This guarantees an entirely noise-free boot in
16646 Linux container environments such as systemd-nspawn.
16648 * A framework for implementing offline system updates is now
16649 integrated, for details see:
16650 https://www.freedesktop.org/software/systemd/man/systemd.offline-updates.html
16652 * A new service type Type=idle is available now which helps us
16653 avoiding ugly interleaving of getty output and boot status
16656 * There's now a system-wide CapabilityBoundingSet= option to
16657 globally reduce the set of capabilities for the
16658 system. This is useful to drop CAP_SYS_MKNOD, CAP_SYS_RAWIO,
16659 CAP_NET_RAW, CAP_SYS_MODULE, CAP_SYS_TIME, CAP_SYS_PTRACE or
16660 even CAP_NET_ADMIN system-wide for secure systems.
16662 * There are now system-wide DefaultLimitXXX= options to
16663 globally change the defaults of the various resource limits
16664 for all units started by PID 1.
16666 * Harald Hoyer's systemd test suite has been integrated into
16667 systemd which allows easy testing of systemd builds in qemu
16668 and nspawn. (This is really awesome! Ask us for details!)
16670 * The fstab parser is now implemented as generator, not inside
16673 * systemctl will now warn you if .mount units generated from
16674 /etc/fstab are out of date due to changes in fstab that
16675 have not been read by systemd yet.
16677 * systemd is now suitable for usage in initrds. Dracut has
16678 already been updated to make use of this. With this in place
16679 initrds get a slight bit faster but primarily are much
16680 easier to introspect and debug since "systemctl status" in
16681 the host system can be used to introspect initrd services,
16682 and the journal from the initrd is kept around too.
16684 * systemd-delta has been added, a tool to explore differences
16685 between user/admin configuration and vendor defaults.
16687 * PrivateTmp= now affects both /tmp and /var/tmp.
16689 * Boot time status messages are now much prettier and feature
16690 proper english language. Booting up systemd has never been
16693 * Read-ahead pack files now include the inode number of all
16694 files to pre-cache. When the inode changes the pre-caching
16695 is not attempted. This should be nicer to deal with updated
16696 packages which might result in changes of read-ahead
16699 * We now temporaritly lower the kernel's read_ahead_kb variable
16700 when collecting read-ahead data to ensure the kernel's
16701 built-in read-ahead does not add noise to our measurements
16702 of necessary blocks to pre-cache.
16704 * There's now RequiresMountsFor= to add automatic dependencies
16705 for all mounts necessary for a specific file system path.
16707 * MountAuto= and SwapAuto= have been removed from
16708 system.conf. Mounting file systems at boot has to take place
16711 * nspawn now learned a new switch --uuid= to set the machine
16712 ID on the command line.
16714 * nspawn now learned the -b switch to automatically search
16715 for an init system.
16717 * vt102 is now the default TERM for serial TTYs, upgraded from
16720 * systemd-logind now works on VT-less systems.
16722 * The build tree has been reorganized. The individual
16723 components now have directories of their own.
16725 * A new condition type ConditionPathIsReadWrite= is now available.
16727 * nspawn learned the new -C switch to create cgroups for the
16728 container in other hierarchies.
16730 * We now have support for hardware watchdogs, configurable in
16733 * The scheduled shutdown logic now has a public API.
16735 * We now mount /tmp as tmpfs by default, but this can be
16736 masked and /etc/fstab can override it.
16738 * Since udisks does not make use of /media anymore we are not
16739 mounting a tmpfs on it anymore.
16741 * journalctl gained a new --local switch to only interleave
16742 locally generated journal files.
16744 * We can now load the IMA policy at boot automatically.
16746 * The GTK tools have been split off into a systemd-ui.
16748 Contributions from: Andreas Schwab, Auke Kok, Ayan George,
16749 Colin Guthrie, Daniel Mack, Dave Reisner, David Ward, Elan
16750 Ruusamäe, Frederic Crozat, Gergely Nagy, Guillermo Vidal,
16751 Hannes Reinecke, Harald Hoyer, Javier Jardón, Kay Sievers,
16752 Lennart Poettering, Lucas De Marchi, Léo Gillot-Lamure,
16753 Marc-Antoine Perennou, Martin Pitt, Matthew Monaco, Maxim
16754 A. Mikityanskiy, Michael Biebl, Michael Olbrich, Michal
16755 Schmidt, Nis Martensen, Patrick McCarty, Roberto Sassu, Shawn
16756 Landden, Sjoerd Simons, Sven Anders, Tollef Fog Heen, Tom
16761 * This is mostly a bugfix release
16763 * Support optional initialization of the machine ID from the
16764 KVM or container configured UUID.
16766 * Support immediate reboots with "systemctl reboot -ff"
16768 * Show /etc/os-release data in systemd-analyze output
16770 * Many bugfixes for the journal, including endianness fixes and
16771 ensuring that disk space enforcement works
16773 * sd-login.h is C++ compatible again
16775 * Extend the /etc/os-release format on request of the Debian
16778 * We now refuse non-UTF8 strings used in various configuration
16779 and unit files. This is done to ensure we do not pass invalid
16780 data over D-Bus or expose it elsewhere.
16782 * Register Mimo USB Screens as suitable for automatic seat
16785 * Read SELinux client context from journal clients in a race
16788 * Reorder configuration file lookup order. /etc now always
16789 overrides /run in order to allow the administrator to always
16790 and unconditionally override vendor-supplied or
16791 automatically generated data.
16793 * The various user visible bits of the journal now have man
16794 pages. We still lack man pages for the journal API calls
16797 * We now ship all man pages in HTML format again in the
16800 Contributions from: Dave Reisner, Dirk Eibach, Frederic
16801 Crozat, Harald Hoyer, Kay Sievers, Lennart Poettering, Marti
16802 Raudsepp, Michal Schmidt, Shawn Landden, Tero Roponen, Thierry
16807 * This is mostly a bugfix release
16809 * systems lacking /etc/os-release are no longer supported.
16811 * Various functionality updates to libsystemd-login.so
16813 * Track class of PAM logins to distinguish greeters from
16814 normal user logins.
16816 Contributions from: Kay Sievers, Lennart Poettering, Michael
16821 * This is an important bugfix release for v41.
16823 * Building man pages is now optional which should be useful
16824 for those building systemd from git but unwilling to install
16827 * Watchdog support for supervising services is now usable. In
16828 a future release support for hardware watchdogs
16829 (i.e. /dev/watchdog) will be added building on this.
16831 * Service start rate limiting is now configurable and can be
16832 turned off per service. When a start rate limit is hit a
16833 reboot can automatically be triggered.
16835 * New CanReboot(), CanPowerOff() bus calls in systemd-logind.
16837 Contributions from: Benjamin Franzke, Bill Nottingham,
16838 Frederic Crozat, Lennart Poettering, Michael Olbrich, Michal
16839 Schmidt, Michał Górny, Piotr Drąg
16843 * The systemd binary is installed /usr/lib/systemd/systemd now;
16844 An existing /sbin/init symlink needs to be adapted with the
16847 * The code that loads kernel modules has been ported to invoke
16848 libkmod directly, instead of modprobe. This means we do not
16849 support systems with module-init-tools anymore.
16851 * Watchdog support is now already useful, but still not
16854 * A new kernel command line option systemd.setenv= is
16855 understood to set system wide environment variables
16856 dynamically at boot.
16858 * We now limit the set of capabilities of systemd-journald.
16860 * We now set SIGPIPE to ignore by default, since it only is
16861 useful in shell pipelines, and has little use in general
16862 code. This can be disabled with IgnoreSIPIPE=no in unit
16865 Contributions from: Benjamin Franzke, Kay Sievers, Lennart
16866 Poettering, Michael Olbrich, Michal Schmidt, Tom Gundersen,
16871 * This is mostly a bugfix release
16873 * We now expose the reason why a service failed in the
16874 "Result" D-Bus property.
16876 * Rudimentary service watchdog support (will be completed over
16877 the next few releases.)
16879 * When systemd forks off in order execute some service we will
16880 now immediately changes its argv[0] to reflect which process
16881 it will execute. This is useful to minimize the time window
16882 with a generic argv[0], which makes bootcharts more useful
16884 Contributions from: Alvaro Soliverez, Chris Paulson-Ellis, Kay
16885 Sievers, Lennart Poettering, Michael Olbrich, Michal Schmidt,
16886 Mike Kazantsev, Ray Strode
16890 * This is mostly a test release, but incorporates many
16893 * New systemd-cgtop tool to show control groups by their
16896 * Linking against libacl for ACLs is optional again. If
16897 disabled, support tracking device access for active logins
16898 goes becomes unavailable, and so does access to the user
16899 journals by the respective users.
16901 * If a group "adm" exists, journal files are automatically
16902 owned by them, thus allow members of this group full access
16903 to the system journal as well as all user journals.
16905 * The journal now stores the SELinux context of the logging
16906 client for all entries.
16908 * Add C++ inclusion guards to all public headers
16910 * New output mode "cat" in the journal to print only text
16911 messages, without any meta data like date or time.
16913 * Include tiny X server wrapper as a temporary stop-gap to
16914 teach XOrg udev display enumeration. This is used by display
16915 managers such as gdm, and will go away as soon as XOrg
16916 learned native udev hotplugging for display devices.
16918 * Add new systemd-cat tool for executing arbitrary programs
16919 with STDERR/STDOUT connected to the journal. Can also act as
16920 BSD logger replacement, and does so by default.
16922 * Optionally store all locally generated coredumps in the
16923 journal along with meta data.
16925 * systemd-tmpfiles learnt four new commands: n, L, c, b, for
16926 writing short strings to files (for usage for /sys), and for
16927 creating symlinks, character and block device nodes.
16929 * New unit file option ControlGroupPersistent= to make cgroups
16930 persistent, following the mechanisms outlined in
16931 https://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups
16933 * Support multiple local RTCs in a sane way
16935 * No longer monopolize IO when replaying readahead data on
16936 rotating disks, since we might starve non-file-system IO to
16937 death, since fanotify() will not see accesses done by blkid,
16940 * Do not show kernel threads in systemd-cgls anymore, unless
16941 requested with new -k switch.
16943 Contributions from: Dan Horák, Kay Sievers, Lennart
16944 Poettering, Michal Schmidt
16948 * This is mostly a test release, but incorporates many
16951 * The git repository moved to:
16952 git://anongit.freedesktop.org/systemd/systemd
16953 ssh://git.freedesktop.org/git/systemd/systemd
16955 * First release with the journal
16956 https://0pointer.de/blog/projects/the-journal.html
16958 * The journal replaces both systemd-kmsg-syslogd and
16959 systemd-stdout-bridge.
16961 * New sd_pid_get_unit() API call in libsystemd-logind
16963 * Many systemadm clean-ups
16965 * Introduce remote-fs-pre.target which is ordered before all
16966 remote mounts and may be used to start services before all
16969 * Added Mageia support
16971 * Add bash completion for systemd-loginctl
16973 * Actively monitor PID file creation for daemons which exit in
16974 the parent process before having finished writing the PID
16975 file in the daemon process. Daemons which do this need to be
16976 fixed (i.e. PID file creation must have finished before the
16977 parent exits), but we now react a bit more gracefully to them.
16979 * Add colourful boot output, mimicking the well-known output
16980 of existing distributions.
16982 * New option PassCredentials= for socket units, for
16983 compatibility with a recent kernel ABI breakage.
16985 * /etc/rc.local is now hooked in via a generator binary, and
16986 thus will no longer act as synchronization point during
16989 * systemctl list-unit-files now supports --root=.
16991 * systemd-tmpfiles now understands two new commands: z, Z for
16992 relabelling files according to the SELinux database. This is
16993 useful to apply SELinux labels to specific files in /sys,
16994 among other things.
16996 * Output of SysV services is now forwarded to both the console
16997 and the journal by default, not only just the console.
16999 * New man pages for all APIs from libsystemd-login.
17001 * The build tree got reorganized and the build system is a
17002 lot more modular allowing embedded setups to specifically
17003 select the components of systemd they are interested in.
17005 * Support for Linux systems lacking the kernel VT subsystem is
17008 * configure's --with-rootdir= got renamed to
17009 --with-rootprefix= to follow the naming used by udev and
17012 * Unless specified otherwise we will now install to /usr instead
17013 of /usr/local by default.
17015 * Processes with '@' in argv[0][0] are now excluded from the
17016 final shut-down killing spree, following the logic explained
17018 https://systemd.io/ROOT_STORAGE_DAEMONS/
17020 * All processes remaining in a service cgroup when we enter
17021 the START or START_PRE states are now killed with
17022 SIGKILL. That means it is no longer possible to spawn
17023 background processes from ExecStart= lines (which was never
17024 supported anyway, and bad style).
17026 * New PropagateReloadTo=/PropagateReloadFrom= options to bind
17027 reloading of units together.
17029 Contributions from: Bill Nottingham, Daniel J. Walsh, Dave
17030 Reisner, Dexter Morgan, Gregs Gregs, Jonathan Nieder, Kay
17031 Sievers, Lennart Poettering, Michael Biebl, Michal Schmidt,
17032 Michał Górny, Ran Benita, Thomas Jarosch, Tim Waugh, Tollef
17033 Fog Heen, Tom Gundersen, Zbigniew Jędrzejewski-Szmek
projects / thirdparty / systemd.git / blob