systemd System and Service Manager
-CHANGES WITH 247 in spe:
+CHANGES WITH 247:
- * KERNEL API INCOMPATIBILITY: Linux 4.12 introduced two new uevents
+ * KERNEL API INCOMPATIBILITY: Linux 4.14 introduced two new uevents
"bind" and "unbind" to the Linux device model. When this kernel
change was made, systemd-udevd was only minimally updated to handle
and propagate these new event types. The introduction of these new
programs that monitor or enumerate devices with libudev or sd-device,
or otherwise process uevents. Please note that this incompatibility
is not fault of systemd or udev, but caused by an incompatible kernel
- change that happened back in Linux 4.12, but is becoming more and
- more visible as the new uvents are generated by more kernel drivers.
+ change that happened back in Linux 4.14, but is becoming more and
+ more visible as the new uevents are generated by more kernel drivers.
To minimize issues resulting from this kernel change (but not avoid
them entirely) starting with systemd-udevd 247 the udev "tags"
new functions to enumerate these 'current' tags, in addition to the
existing APIs that now enumerate the 'sticky' ones.
- To properly handle "bind"/"unbind" on Linux 4.12 and newer it is
+ To properly handle "bind"/"unbind" on Linux 4.14 and newer it is
essential that all udev rules files and applications are updated to
handle the new events. Specifically:
this is not caused by systemd/udev changes, but result of a kernel
behaviour change.
+ * UPCOMING INCOMPATIBILITY: So far most downstream distribution
+ packages have not retriggered devices once the udev package (or any
+ auxiliary package installing additional udev rules) is updated. We
+ intend to work with major distributions to change this, so that
+ "udevadm trigger -a change" is issued on such upgrades, ensuring that
+ the updated ruleset is applied to the devices already discovered, so
+ that (asynchronously) after the upgrade completed the udev database
+ is consistent with the updated rule set. This means udev rules must
+ be ready to be retriggered with a "change" action any time, and
+ result in correct and complete udev database entries. While the
+ majority of udev rule files known to us currently get this right,
+ some don't. Specifically, there are udev rules files included in
+ various packages that only set udev properties on the "add" action,
+ but do not handle the "change" action. If a device matching those
+ rules is retriggered with the "change" action (as is intended here)
+ it would suddenly lose the relevant properties. This always has been
+ problematic, but as soon as all udev devices are triggered on relevant
+ package upgrades this will become particularly so. It is strongly
+ recommended to fix offending rules so that they can handle a "change"
+ action at any time, and acquire all necessary udev properties even
+ then. Or in other words: the header guard mentioned above
+ (ACTION=="remove",GOTO="xyz_end") is the correct approach to handle
+ this, as it makes sure rules are rerun on "change" correctly, and
+ accumulate the correct and complete set of udev properties. udev rule
+ definitions that cannot handle "change" events being triggered at
+ arbitrary times should be considered buggy.
+
* The MountAPIVFS= service file setting now defaults to on if
RootImage= and RootDirectory= are used, which means that with those
two settings /proc/, /sys/ and /dev/ are automatically properly set
desired the location to which systemd installs its PAM stack
configuration may be changed via the -Dpamconfdir Meson option.
- * The runtime dependencies on libqrencode, libpcre2, libpwquality and
- libcryptsetup have been changed to be based on dlopen(): instead of
- regular dynamic library dependencies declared in the binary ELF
- headers, these libraries are now loaded on demand only, if they are
- available. If the libraries cannot be found the relevant operations
- will fail gracefully, or a suitable fallback logic is chosen. This is
- supposed to be useful for general purpose distributions, as it allows
- minimizing the list of dependencies the systemd packages pull in,
- permitting building of more minimal OS images, while still making use
- of these "weak" dependencies should they be installed. Since many
- package managers automatically synthesize package dependencies from
- ELF shared library dependencies, some additional manual packaging
- work has to be done now to replace those (slightly downgraded from
- "required" to "recommended" or whatever is conceptually suitable for
- the package manager). Note that this change does not alter build-time
- behaviour: as before the build-time dependencies have to be installed
- during build, even if they now are optional during runtime.
+ * The runtime dependencies on libqrencode, libpcre2, libidn/libidn2,
+ libpwquality and libcryptsetup have been changed to be based on
+ dlopen(): instead of regular dynamic library dependencies declared in
+ the binary ELF headers, these libraries are now loaded on demand
+ only, if they are available. If the libraries cannot be found the
+ relevant operations will fail gracefully, or a suitable fallback
+ logic is chosen. This is supposed to be useful for general purpose
+ distributions, as it allows minimizing the list of dependencies the
+ systemd packages pull in, permitting building of more minimal OS
+ images, while still making use of these "weak" dependencies should
+ they be installed. Since many package managers automatically
+ synthesize package dependencies from ELF shared library dependencies,
+ some additional manual packaging work has to be done now to replace
+ those (slightly downgraded from "required" to "recommended" or
+ whatever is conceptually suitable for the package manager). Note that
+ this change does not alter build-time behaviour: as before the
+ build-time dependencies have to be installed during build, even if
+ they now are optional during runtime.
* sd-event.h gained a new call sd_event_add_time_relative() for
installing timers relative to the current time. This is mostly a
convenience wrapper around the pre-existing sd_event_add_time() call
which installs absolute timers.
+ * sd-event event sources may now be placed in a new "exit-on-failure"
+ mode, which may be controlled via the new
+ sd_event_source_get_exit_on_failure() and
+ sd_event_source_set_exit_on_failure() functions. If enabled, any
+ failure returned by the event source handler functions will result in
+ exiting the event loop (unlike the default behaviour of just
+ disabling the event source but continuing with the event loop). This
+ feature is useful to set for all event sources that define "primary"
+ program behaviour (where failure should be fatal) in contrast to
+ "auxiliary" behaviour (where failure should remain local).
+
+ * Most event source types sd-event supports now accept a NULL handler
+ function, in which case the event loop is exited once the event
+ source is to be dispatched, using the userdata pointer — converted to
+ a signed integer — as exit code of the event loop. Previously this
+ was supported for IO and signal event sources already. Exit event
+ sources still do not support this (simply because it makes little
+ sense there, as the event loop is already exiting when they are
+ dispatched).
+
* A new per-unit setting RootImageOptions= has been added which allows
tweaking the mount options for any file system mounted as effect of
the RootImage= setting.
mounting additional disk images into the file system tree accessible
to the service.
+ * Timer units gained a new FixedRandomDelay= boolean setting. If
+ enabled, the random delay configured with RandomizedDelaySec= is
+ selected in a way that is stable on a given system (though still
+ different for different units).
+
+ * Socket units gained a new setting Timestamping= that takes "us", "ns"
+ or "off". This controls the SO_TIMESTAMP/SO_TIMESTAMPNS socket
+ options.
+
* systemd-repart now generates JSON output when requested with the new
--json= switch.
them in local timezone or UTC, or whether to show µs granularity.
* Alibaba's "pouch" container manager is now detected by
- systemd-detect-virt, ConditionVirtualization= and similar constructs.
+ systemd-detect-virt, ConditionVirtualization= and similar
+ constructs. Similar, they now also recognize IBM PowerVM machine
+ virtualization.
* systemd-nspawn has been reworked to use the /run/host/incoming/ as
place to use for propagating external mounts into the
deprecated and undocumented for 6 years. systemd started to warn
about its use 1.5 years ago. It has now been removed entirely.
- * If the $SYSTEMD_LOG_SECCOMP=1 environment variable is set for
- systemd-nspawn all system call filter violations will be logged by
- the kernel (audit). This is useful for tracking down system calls
- invoked by container payloads that are prohibited by the container's
- system call filter policy.
-
* sd-bus.h gained a new API call sd_bus_error_has_names(), which takes
a sd_bus_error struct and a list of error names, and checks if the
error matches one of these names. It's a convenience wrapper that is
* Behaviour of system call filter allow lists has changed slightly:
system calls that are contained in @known will result in a EPERM by
default, while those not contained in it result in ENOSYS. This
- should improve compatibility because known syscalls will thus be
+ should improve compatibility because known system calls will thus be
communicated as prohibited, while unknown (and thus newer ones) will
be communicated as not implemented, which hopefully has the greatest
chance of triggering the right fallback code paths in client
applications.
+ * "systemd-analyze syscall-filter" will now show two separate sections
+ at the bottom of the output: system calls known during systemd build
+ time but not included in any of the filter groups shown above, and
+ system calls defined on the local kernel but known during systemd
+ build time.
+
+ * If the $SYSTEMD_LOG_SECCOMP=1 environment variable is set for
+ systemd-nspawn all system call filter violations will be logged by
+ the kernel (audit). This is useful for tracking down system calls
+ invoked by container payloads that are prohibited by the container's
+ system call filter policy.
+
+ * If the $SYSTEMD_SECCOMP=0 environment variable is set for
+ systemd-nspawn (and other programs that use seccomp) all seccomp
+ filtering is turned off.
+
* Two new unit file settings ProtectProc= and ProcSubset= have been
added that expose the hidepid= and subset= mount options of procfs.
All processes of the unit will only see processes in /proc that are
discipline in the [FlowQueuePIE] sections.
* systemd-networkd's .netdev files may now be used to create "BareUDP"
- tunnels, configured in the new [BareUDP] setting. VXLAN tunnels may
- now be marked to be independent of any underlying network interface
- via the new Independent= boolean setting.
+ tunnels, configured in the new [BareUDP] setting.
+
+ * systemd-networkd's Gateway= setting in .network files now accepts the
+ special values "_dhcp4" and "_ipv6ra" to configure additional,
+ locally defined, explicit routes to the gateway acquired via DHCP or
+ IPv6 Router Advertisements. The old setting "_dhcp" is deprecated,
+ but still accepted for backwards compatibility.
+
+ * systemd-networkd's [IPv6PrefixDelegation] section and
+ IPv6PrefixDelegation= options have been renamed as [IPv6SendRA] and
+ IPv6SendRA= (the old names are still accepted for backwards
+ compatibility).
+
+ * systemd-networkd's .network files gained the DHCPv6PrefixDelegation=
+ boolean setting in [Network] section. If enabled, the delegated prefix
+ gained by another link will be configured, and an address within the
+ prefix will be assigned.
+
+ * systemd-networkd's .network files gained the Announce= boolean setting
+ in [DHCPv6PrefixDelegation] section. When enabled, the delegated
+ prefix will be announced through IPv6 router advertisement (IPv6 RA).
+ The setting is enabled by default.
+
+ * VXLAN tunnels may now be marked as independent of any underlying
+ network interface via the new Independent= boolean setting.
* systemctl gained support for two new verbs: "service-log-level" and
"service-log-target" may be used on services that implement the
* The SystemCallErrorNumber= unit file setting now accepts the new
"kill" and "log" actions, in addition to arbitrary error number
- specifications as before. If "kill" the the processes are killed on
- the event, if "log" the offending syscall is audit logged.
+ specifications as before. If "kill" the processes are killed on the
+ event, if "log" the offending system call is audit logged.
* A new SystemCallLog= unit file setting has been added that accepts a
- list of syscalls that shall be logged about (audit).
+ list of system calls that shall be logged about (audit).
* The OS image dissection logic (as used by RootImage= in unit files or
systemd-nspawn's --image= switch) has gained support for identifying
will now log the thread ID in their log output. This is useful when
working with heavily threaded programs.
- * If the SYSTEMD_RDRAND enviroment variable is set to "0", systemd will
+ * If the SYSTEMD_RDRAND environment variable is set to "0", systemd will
not use the RDRAND CPU instruction. This is useful in environments
such as replay debuggers where non-deterministic behaviour is not
desirable.
- * When building systemd the Meson option
- -Dcompat-mutable-uid-boundaries may now be specified. If enabled,
- systemd reads the system UID boundaries from /etc/login.defs, instead
- of using the built-in values selected during build-time. This is an
- option to improve compatibility for upgrades from old systems. It's
- strongly recommended not to make use of this functionality on new
- systems (or even enable it during build), as it makes something
- runtime-configurable that is mostly an implementation detail of the
- OS, and permits avoidable differences in deployments that create all
- kinds of problems in the long run.
-
+ * The autopaging logic in systemd's various tools (such as systemctl)
+ has been updated to turn on "secure" mode in "less"
+ (i.e. $LESSECURE=1) if execution in a "sudo" environment is
+ detected. This disables invoking external programs from the pager,
+ via the pipe logic. This behaviour may be overridden via the new
+ $SYSTEMD_PAGERSECURE environment variable.
+
+ * Units which have resource limits (.service, .mount, .swap, .slice,
+ .socket, and .slice) gained new configuration settings
+ ManagedOOMSwap=, ManagedOOMMemoryPressure=, and
+ ManagedOOMMemoryPressureLimitPercent= that specify resource pressure
+ limits and optional action taken by systemd-oomd.
+
+ * A new service systemd-oomd has been added. It monitors resource
+ contention for selected parts of the unit hierarchy using the PSI
+ information reported by the kernel, and kills processes when memory
+ or swap pressure is above configured limits. This service is only
+ enabled by default in developer mode (see below) and should be
+ considered a preview in this release. Behaviour details and option
+ names are subject to change without the usual backwards-compatibility
+ promises.
+
+ * A new helper oomctl has been added to introspect systemd-oomd state.
+ It is only enabled by default in developer mode and should be
+ considered a preview without the usual backwards-compatibility
+ promises.
+
+ * New meson option -Dcompat-mutable-uid-boundaries= has been added. If
+ enabled, systemd reads the system UID boundaries from /etc/login.defs
+ at runtime, instead of using the built-in values selected during
+ build. This is an option to improve compatibility for upgrades from
+ old systems. It's strongly recommended not to make use of this
+ functionality on new systems (or even enable it during build), as it
+ makes something runtime-configurable that is mostly an implementation
+ detail of the OS, and permits avoidable differences in deployments
+ that create all kinds of problems in the long run.
+
+ * New meson option '-Dmode=developer|release' has been added. When
+ 'developer', additional checks and features are enabled that are
+ relevant during upstream development, e.g. verification that
+ semi-automatically-generated documentation has been properly updated
+ following API changes. Those checks are considered hints for
+ developers and are not actionable in downstream builds. In addition,
+ extra features that are not ready for general consumption may be
+ enabled in developer mode. It is thus recommended to set
+ '-Dmode=release' in end-user and distro builds.
+
+ * systemd-cryptsetup gained support for processing detached LUKS
+ headers specified on the kernel command line via the header=
+ parameter of the luks.options= kernel command line option. The same
+ device/path syntax as for key files is supported for header files
+ like this.
+
+ * The "net_id" built-in of udev has been updated to ignore ACPI _SUN
+ slot index data for devices that are connected through a PCI bridge
+ where the _SUN index is associated with the bridge instead of the
+ network device itself. Previously this would create ambiguous device
+ naming if multiple network interfaces were connected to the same PCI
+ bridge. Since this is a naming scheme incompatibility on systems that
+ possess hardware like this it has been introduced as new naming
+ scheme "v247". The previous scheme can be selected via the
+ "net.naming-scheme=v245" kernel command line parameter.
+
+ * ConditionFirstBoot= semantics have been modified to be safe towards
+ abnormal system power-off during first boot. Specifically, the
+ "systemd-machine-id-commit.service" service now acts as boot
+ milestone indicating when the first boot process is sufficiently
+ complete in order to not consider the next following boot also a
+ first boot. If the system is reset before this unit is reached the
+ first time, the next boot will still be considered a first boot; once
+ it has been reached, no further boots will be considered a first
+ boot. The "first-boot-complete.target" unit now acts as official hook
+ point to order against this. If a service shall be run on every boot
+ until the first boot fully succeeds it may thus be ordered before
+ this target unit (and pull it in) and carry ConditionFirstBoot=
+ appropriately.
+
+ * bootctl's set-default and set-oneshot commands now accept the three
+ special strings "@default", "@oneshot", "@current" in place of a boot
+ entry id. These strings are resolved to the current default and
+ oneshot boot loader entry, as well as the currently booted one. Thus
+ a command "bootctl set-default @current" may be used to make the
+ currently boot menu item the new default for all subsequent boots.
+
+ * "systemctl edit" has been updated to show the original effective unit
+ contents in commented form in the text editor.
+
+ * Units in user mode are now segregated into three new slices:
+ session.slice (units that form the core of graphical session),
+ app.slice ("normal" user applications), and background.slice
+ (low-priority tasks). Unless otherwise configured, user units are
+ placed in app.slice. The plan is to add resource limits and
+ protections for the different slices in the future.
+
+ * New GPT partition types for RISCV32/64 for the root and /usr
+ partitions, and their associated Verity partitions have been defined,
+ and are now understood by systemd-gpt-auto-generator, and the OS
+ image dissection logic.
+
+ Contributions from: Adolfo Jayme Barrientos, afg, Alec Moskvin, Alyssa
+ Ross, Amitanand Chikorde, Andrew Hangsleben, Anita Zhang, Ansgar
+ Burchardt, Arian van Putten, Aurelien Jarno, Axel Rasmussen, bauen1,
+ Beniamino Galvani, Benjamin Berg, Bjørn Mork, brainrom, Chandradeep
+ Dey, Charles Lee, Chris Down, Christian Göttsche, Christof Efkemann,
+ Christoph Ruegge, Clemens Gruber, Daan De Meyer, Daniele Medri, Daniel
+ Mack, Daniel Rusek, Dan Streetman, David Tardon, Dimitri John Ledkov,
+ Dmitry Borodaenko, Elias Probst, Elisei Roca, ErrantSpore, Etienne
+ Doms, Fabrice Fontaine, fangxiuning, Felix Riemann, Florian Klink,
+ Franck Bui, Frantisek Sumsal, fwSmit, George Rawlinson, germanztz,
+ Gibeom Gwon, Glen Whitney, Gogo Gogsi, Göran Uddeborg, Grant Mathews,
+ Hans de Goede, Hans Ulrich Niedermann, Haochen Tong, Harald Seiler,
+ huangyong, Hubert Kario, igo95862, Ikey Doherty, Insun Pyo, Jan Chren,
+ Jan Schlüter, Jérémy Nouhaud, Jian-Hong Pan, Joerg Behrmann, Jonathan
+ Lebon, Jörg Thalheim, Josh Brobst, Juergen Hoetzel, Julien Humbert,
+ Kai-Chuan Hsieh, Kairui Song, Kamil Dudka, Kir Kolyshkin, Kristijan
+ Gjoshev, Kyle Huey, Kyle Russell, Lee Whalen, Lennart Poettering,
+ lichangze, Luca Boccassi, Lucas Werkmeister, Luca Weiss, Marc
+ Kleine-Budde, Marco Wang, Martin Wilck, Marti Raudsepp, masmullin2000,
+ Máté Pozsgay, Matt Fenwick, Michael Biebl, Michael Scherer, Michal
+ Koutný, Michal Sekletár, Michal Suchanek, Mikael Szreder, Milo
+ Casagrande, mirabilos, Mitsuha_QuQ, mog422, Muhammet Kara, Nazar
+ Vinnichuk, Nicholas Narsing, Nicolas Fella, Njibhu, nl6720, Oğuz Ersen,
+ Olivier Le Moal, Ondrej Kozina, onlybugreports, Pass Automated Testing
+ Suite, Pat Coulthard, Pavel Sapezhko, Pedro Ruiz, perry_yuan, Peter
+ Hutterer, Phaedrus Leeds, PhoenixDiscord, Piotr Drąg, Plan C,
+ Purushottam choudhary, Rasmus Villemoes, Renaud Métrich, Robert Marko,
+ Roman Beranek, Ronan Pigott, Roy Chen (陳彥廷), RussianNeuroMancer,
+ Samanta Navarro, Samuel BF, scootergrisen, Sorin Ionescu, Steve Dodd,
+ Susant Sahani, Timo Rothenpieler, Tobias Hunger, Tobias Kaufmann, Topi
+ Miettinen, vanou, Vito Caputo, Weblate, Wen Yang, Whired Planck,
+ williamvds, Yu, Li-Yu, Yuri Chornoivan, Yu Watanabe, Zbigniew
+ Jędrzejewski-Szmek, Zmicer Turok, Дамјан Георгиевски
+
+ – Warsaw, 2020-11-26
CHANGES WITH 246:
configuration drop-ins are present, no action is taken.
* A new component "userdb" has been added, along with a small daemon
- "systemd-userdb.service" and a client tool "userdbctl". The framework
+ "systemd-userdbd.service" and a client tool "userdbctl". The framework
allows defining rich user and group records in a JSON format,
extending on the classic "struct passwd" and "struct group"
structures. Various components in systemd have been updated to
projects / thirdparty / systemd.git / blobdiff