systemd System and Service Manager
-CHANGES WITH 246 in spe:
+CHANGES WITH 246:
* The service manager gained basic support for cgroup v2 freezer. Units
can now be suspended or resumed either using new systemctl verbs,
* .socket units gained a new boolean setting PassPacketInfo=. If
enabled, the kernel will attach additional per-packet metadata to all
- packets read from the socket, as ancillary message. This controls the
- IP_PKTINFO, IPV6_RECVPKTINFO, NETLINK_PKTINFO socket options,
+ packets read from the socket, as an ancillary message. This controls
+ the IP_PKTINFO, IPV6_RECVPKTINFO, NETLINK_PKTINFO socket options,
depending on socket type.
* .service units gained a new setting RootHash= which may be used to
* Most options in systemd that accept hexadecimal values prefixed with
0x in additional to the usual decimal notation now also support octal
- notation when he 0o prefix is used and binary notation if the 0b
+ notation when the 0o prefix is used and binary notation if the 0b
prefix is used.
* Unit files, tmpfiles.d/ snippets, sysusers.d/ snippets and other
from the documentation, but will now result in warnings when used,
and be converted to "journal" and "journal+console" automatically.
+ * If the service setting User= is set to the "nobody" user, a warning
+ message is now written to the logs (but the value is nonetheless
+ accepted). Setting User=nobody is unsafe, since the primary purpose
+ of the "nobody" user is to own all files whose owner cannot be mapped
+ locally. It's in particular used by the NFS subsystem and in user
+ namespacing. By running a service under this user's UID it might get
+ read and even write access to all these otherwise unmappable files,
+ which is quite likely a major security problem.
+
* A new kernel command line option systemd.hostname= has been added
that allows controlling the hostname that is initialized early during
boot.
enabled by default, please submit a patch that adds it to the
database (see /usr/lib/udev/hwdb.d/60-autosuspend.hwdb).
- * systemd-udevd gained new configuration option timeout_signal= as well
- as corresponding kernel command line option udev.timeout_signal=.
+ * systemd-udevd gained the new configuration option timeout_signal= as well
+ as a corresponding kernel command line option udev.timeout_signal=.
The option can be used to configure the UNIX signal that the main
daemon sends to the worker processes on timeout. Setting the signal
to SIGABRT is useful for debugging.
RxMiniBufferSize= and RxJumboBufferSize= in order to configure jumbo
frame ring buffer sizes.
+ * networkd.conf gained a new boolean setting ManageForeignRoutes=. If
+ enabled systemd-networkd manages all routes configured by other tools.
+
+ * .network files managed by systemd-networkd gained a new section
+ [SR-IOV], in order to configure SR-IOV capable network devices.
+
* systemd-networkd's [IPv6Prefix] section in .network files gained a
new boolean setting Assign=. If enabled an address from the prefix is
automatically assigned to the interface.
* systemd-networkd's [Network] section gained a new setting
IPv6PDSubnetId= that allows explicit configuration of the preferred
- subnet that networkd's Prefix Delegation logic assigns to an
- interfaces.
+ subnet that networkd's Prefix Delegation logic assigns to interfaces.
+
+ * systemd-networkd's [Network] section gained a new setting
+ IPv4AcceptLocal=. If enabled the interface accepts packets with local
+ source addresses.
* systemd-networkd gained support for configuring the HTB queuing
discipline in the [HierarchyTokenBucket] and
[DeficitRoundRobinSchedulerClass], "BFIFO" in [BFIFO],
"PFIFOHeadDrop" in [PFIFOHeadDrop], "PFIFOFast" in [PFIFOFast], "HHF"
in [HeavyHitterFilter], "ETS" in [EnhancedTransmissionSelection] and
- "QFQ" in [QuickFairQueueingClass].
+ "QFQ" in [QuickFairQueueing] and [QuickFairQueueingClass].
* systemd-networkd gained support for a new Termination= setting in the
[CAN] section for configuring the termination resistor. It also
traffic). DataBitRate=, DataSamplePoint=, FDMode=, FDNonISO= have
been added to configure various CAN-FD aspects.
- * systemd-networkd's [DHCPv6] section gained a new WithoutRA= boolean
- setting. If enabled, DHCPv6 will be attempted right-away without
- requiring an Router Advertisement packet suggesting it
- first. Conversely, the [IPv6AcceptRA] gained a boolean option
+ * systemd-networkd's [DHCPv6] section gained a new option WithoutRA=.
+ When enabled, DHCPv6 will be attempted right-away without requiring an
+ Router Advertisement packet suggesting it first (i.e. without the 'M'
+ or 'O' flags set). The [IPv6AcceptRA] section gained a boolean option
DHCPv6Client= that may be used to turn off the DHCPv6 client even if
the RA packets suggest it.
Description"). Support for "MUD" URLs was also added to the LLDP
stack, configurable in the [LLDP] section in .network files.
+ * The Mode= settings in [MACVLAN] and [MACVTAP] now support 'source'
+ mode. Also, the sections now support a new setting SourceMACAddress=.
+
* systemd-networkd's .netdev files now support a new setting
VLANProtocol= in the [Bridge] section that allows configuration of
the VLAN protocol to use.
* systemd-networkd supports a new Group= setting in the [Link] section
of the .network files, to control the link group.
+ * systemd-networkd's [Network] section gained a new
+ IPv6LinkLocalAddressGenerationMode= setting, which specifies how IPv6
+ link local address is generated.
+
* A new default .network file is now shipped that matches TUN/TAP
devices that begin with "vt-" in their name. Such interfaces will
have IP routing onto the host links set up automatically. This is
the default) an address from any acquired delegated prefix is
automatically chosen and assigned to the interface.
+ * systemd-networkd's [DHCPv6] section gained a new setting RouteMetric=
+ which sets the route priority for routes specified by the DHCP server.
+
+ * systemd-networkd's [DHCPv6] section gained a new setting VendorClass=
+ which configures the vendor class information sent to DHCP server.
+
* The BlackList= settings in .network files' [DHCPv4] and
[IPv6AcceptRA] sections have been renamed DenyList=. The old names
are still understood to provide compatibility.
storage and file system may now be configured explicitly, too, via
the new /etc/systemd/homed.conf configuration file.
+ * systemd-homed now supports unlocking home directories with FIDO2
+ security tokens that support the 'hmac-secret' extension, in addition
+ to the existing support for PKCS#11 security token unlocking
+ support. Note that many recent hardware security tokens support both
+ interfaces. The FIDO2 support is accessible via homectl's
+ --fido2-device= option.
+
+ * homectl's --pkcs11-uri= setting now accepts two special parameters:
+ if "auto" is specified and only one suitable PKCS#11 security token
+ is plugged in, its URL is automatically determined and enrolled for
+ unlocking the home directory. If "list" is specified a brief table of
+ suitable PKCS#11 security tokens is shown. Similar, the new
+ --fido2-device= option also supports these two special values, for
+ automatically selecting and listing suitable FIDO2 devices.
+
* The /etc/crypttab tmp option now optionally takes an argument
selecting the file system to use. Moreover, the default is now
changed from ext2 to ext4.
control the inode limit for the per-user $XDG_RUNTIME_DIR tmpfs
instance.
- * systemd-firstboot gained a new --root-password-hashed= parameter for
- setting the root user's password as UNIX password hash. There's a new
- --delete-root-password switch which instead of setting a password for
- the root user, removes it so that log-in without a password is
- permitted. There's now --force which if specified means any existing
- configuration is overwritten by the specified settings. It also
- gained a new --kernel-command-line= parameter which may be used to
- set the /etc/kernel/cmdline file of an OS image.
-
* A new generator systemd-xdg-autostart-generator has been added. It
generates systemd unit files from XDG autostart .desktop files, and
may be used to let the systemd user instance manage services that are
started automatically as part of the desktop session.
- * "booctl" gained a new verb "reboot-to-firmware" that may be used
- to query and change the firmware's reboot into firmware setup flag.
+ * "bootctl" gained a new verb "reboot-to-firmware" that may be used
+ to query and change the firmware's 'reboot into firmware' setup flag.
* systemd-firstboot gained a new switch --kernel-command-line= that may
be used to initialize the /etc/kernel/cmdline file of the image. It
specified on the command line (by default, the tool will not override
what has already been set before, i.e. is purely incremental).
+ * systemd-firstboot gained support for a new --image= switch, which is
+ similar to --root= but accepts the path to a disk image file, on
+ which it then operates.
+
* A new sd-path.h API has been added to libsystemd. It provides a
simple API for retrieving various search paths and primary
directories for various resources.
document the methods, signals and properties.
* The expectations on user/group name syntax are now documented in
- detail; documentation how classic home directories may be converted
- into home directories managed by homed has been added; documentation
- regarding integration of homed/userdb functionality in desktops has
- been added:
+ detail; documentation on how classic home directories may be
+ converted into home directories managed by homed has been added;
+ documentation regarding integration of homed/userdb functionality in
+ desktops has been added:
https://systemd.io/USER_NAMES
https://systemd.io/CONVERTING_TO_HOMED
https://systemd.io/JOURNAL_FILE_FORMAT
+ * The interface for containers (https://systemd.io/CONTAINER_INTERFACE)
+ has been extended by a set of environment variables that expose
+ select fields from the host's os-release file to the container
+ payload. Similarly, host's os-release files can be mounted into the
+ container underneath /run/hosts. Together, those mechanisms provide a
+ standardized way to expose information about the host to the
+ container payload. Both interfaces are implemented in systemd-nspawn.
+
* All D-Bus services shipped in systemd now implement the generic
LogControl1 D-Bus API which allows clients to change log level +
target of the service during runtime.
+ Contributions from: 24bisquitz, Adam Nielsen, Alan Perry, Alexander
+ Malafeev, Alin Popa, Amos Bird, Andreas Rammhold, AndreRH, Andrew
+ Doran, Anita Zhang, Ankit Jain, antznin, Arnaud Ferraris, Arthur Moraes
+ do Lago, Arusekk, Balaji Punnuru, Balint Reczey, Bastien Nocera,
+ bemarek, Benjamin Berg, Benjamin Dahlhoff, Benjamin Robin, Chris Down,
+ Chris Kerr, Christian Göttsche, Christian Hesse, Christian Oder,
+ Ciprian Hacman, codicodi, Corey Hinshaw, Daan De Meyer, Dana Olson, Dan
+ Callaghan, Daniel Fullmer, Daniel Rusek, Dan Streetman, Dave Reisner,
+ David Edmundson, David Wood, Denis Pronin, Diego Escalante Urrelo,
+ Dimitri John Ledkov, dolphrundgren, duguxy, Einsler Lee, Elisei Roca,
+ Emmanuel Garette, Eric Anderson, Eric DeVolder, Evgeny Vereshchagin,
+ ExtinctFire, fangxiuning, Ferran Pallarès Roca, Filipe Brandenburger,
+ Finn, Florian Klink, Franck Bui, Frantisek Sumsal, Gaoyi, gaurav, Georg
+ Müller, Gergely Polonkai, Giedrius Statkevičius, Gigadoc2, gogogogi,
+ gzjsgdsb, Hans de Goede, Haochen Tong, ianhi, ignapk, Jakov Smolic,
+ James T. Lee, Jan Janssen, Jan Klötzke, Jan Palus, Jay Burger, Jeremy
+ Cline, Jérémy Rosen, Jian-Hong Pan, Jiri Slaby, Joel Shapiro, Joerg
+ Behrmann, Jörg Thalheim, Jouke Witteveen, Kai-Heng Feng, Kenny
+ Levinsen, Kevin Kuehler, Kumar Kartikeya Dwivedi, layderv, laydervus,
+ Lénaïc Huard, Lennart Poettering, Lidong Zhong, Luca Boccassi, Luca
+ BRUNO, Lucas Werkmeister, Lukas Klingsbo, Lukáš Nykrýn, Łukasz
+ Stelmach, Maciej S. Szmigiero, MadMcCrow, Marc-André Lureau, Marcel
+ Holtmann, Marc Kleine-Budde, Martin Hundebøll, Matthew Leeds, Matt
+ Ranostay, Maxim Fomin, MaxVerevkin, Michael Biebl, Michael Chapman,
+ Michael Gubbels, Michael Marley, Michał Bartoszkiewicz, Michal Koutný,
+ Michal Sekletar, Michal Sekletár, Mike Gilbert, Mike Kazantsev, ml,
+ Motiejus Jakštys, nabijaczleweli, nerdopolis, Niccolò Maggioni, Niklas
+ Hambüchen, Norbert Lange, Paul Cercueil, pelzvieh, Peter Hutterer,
+ Piero La Terza, Pieter Lexis, Piotr Drąg, Rafael Fontenelle, Richard
+ Petri, Ronan Pigott, Ross Lagerwall, Rubens Figueiredo, satmandu,
+ Sean-StarLabs, Sebastian Jennen, sterlinghughes, Susant Sahani, Thomas
+ Haller, Tobias Hunger, Tom, Tomáš Pospíšek, Tomer Shechner, Tom Hughes,
+ Topi Miettinen, Tudor Roman, Uwe Kleine-König, Valery0xff, Vito Caputo,
+ Vladimir Panteleev, Vladyslav Tronko, Wen Yang, Yegor Vialov, Yigal
+ Korman, YmrDtnJu, Yuri Chornoivan, Yu Watanabe, Zbigniew
+ Jędrzejewski-Szmek, Zhu Li, Дамјан Георгиевски, наб
+
+ – Warsaw, 2020-07-09
CHANGES WITH 245:
projects / thirdparty / systemd.git / blobdiff