systemd System and Service Manager
-CHANGES WITH 244 in spe:
+CHANGES WITH 244:
* Support for the cpuset cgroups v2 controller has been added.
Processes may be restricted to specific CPUs using the new
AllowedMemoryNodes= setting.
* The signal used in restart jobs (as opposed to e.g. stop jobs) may
- now be configured using a new RestartKillSignal= settting. This
+ now be configured using a new RestartKillSignal= setting. This
allows units which signals to request termination to implement
different behaviour when stopping in preparation for a restart.
SystemdOptions. This may be used to configure systemd behaviour when
modifying the kernel command line is inconvenient, but configuration
on disk is read too late, for example for the options related to
- cgroup hierarchy setup. 'bootctl system-options' may be used to
+ cgroup hierarchy setup. 'bootctl systemd-efi-options' may be used to
set the EFI variable.
* systemd will now disable printk ratelimits in early boot. This should
request prefix hints in the DHCPv6 solicitation.
* The DHCPv4 server may be configured to send arbitrary options using
- a new SendRawOption= setting.
+ a new SendOption= setting.
* The DHCPv4 server may now be configured to emit SIP server list using
the new EmitSIP= and SIP= settings.
used by the user service manager. The default is again to use the same
path as the system manager.
+ * The systemd-id128 tool gained a new switch "-u" (or "--uuid") for
+ outputting the 128bit IDs in UUID format (i.e. in the "canonical
+ representation").
+
+ * Service units gained a new sandboxing option ProtectKernelLogs= which
+ makes sure the program cannot get direct access to the kernel log
+ buffer anymore, i.e. the syslog() system call (not to be confused
+ with the API of the same name in libc, which is not affected), the
+ /proc/kmsg and /dev/kmsg nodes and the CAP_SYSLOG capability are made
+ inaccessible to the service. It's recommended to enable this setting
+ for all services that should not be able to read from or write to the
+ kernel log buffer, which are probably almost all.
+
+ Contributions from: Aaron Plattner, Alcaro, Anita Zhang, Balint Reczey,
+ Bastien Nocera, Baybal Ni, Benjamin Bouvier, Benjamin Gilbert, Carlo
+ Teubner, cbzxt, Chen Qi, Chris Down, Christian Rebischke, Claudio
+ Zumbo, ClydeByrdIII, crashfistfight, Cyprien Laplace, Daniel Edgecumbe,
+ Daniel Gorbea, Daniel Rusek, Daniel Stuart, Dan Streetman, David
+ Pedersen, David Tardon, Dimitri John Ledkov, Dominique Martinet, Donald
+ A. Cupp Jr, Evgeny Vereshchagin, Fabian Henneke, Filipe Brandenburger,
+ Franck Bui, Frantisek Sumsal, Georg Müller, Hans de Goede, Haochen
+ Tong, HATAYAMA Daisuke, Iwan Timmer, Jan Janssen, Jan Kundrát, Jan
+ Synacek, Jan Tojnar, Jay Strict, Jérémy Rosen, Jóhann B. Guðmundsson,
+ Jonas Jelten, Jonas Thelemann, Justin Trudell, J. Xing, Kai-Heng Feng,
+ Kenneth D'souza, Kevin Becker, Kevin Kuehler, Lennart Poettering,
+ Léonard Gérard, Lorenz Bauer, Luca Boccassi, Maciej Stanczew, Mario
+ Limonciello, Marko Myllynen, Mark Stosberg, Martin Wilck, matthiasroos,
+ Michael Biebl, Michael Olbrich, Michael Tretter, Michal Sekletar,
+ Michal Sekletár, Michal Suchanek, Mike Gilbert, Mike Kazantsev, Nicolas
+ Douma, nikolas, Norbert Lange, pan93412, Pascal de Bruijn, Paul Menzel,
+ Pavel Hrdina, Peter Wu, Philip Withnall, Piotr Drąg, Rafael Fontenelle,
+ Renaud Métrich, Riccardo Schirone, RoadrunnerWMC, Ronan Pigott, Ryan
+ Attard, Sebastian Wick, Serge, Siddharth Chandrasekara, Steve Ramage,
+ Steve Traylen, Susant Sahani, Thibault Nélis, Tim Teichmann, Tom
+ Fitzhenry, Tommy J, Torsten Hilbrich, Vito Caputo, ypf791, Yu Watanabe,
+ Zach Smith, Zbigniew Jędrzejewski-Szmek
+
+ – Warsaw, 2019-11-29
+
CHANGES WITH 243:
* This release enables unprivileged programs (i.e. requiring neither
* SuccessExitStatus=, RestartPreventExitStatus=, and
RestartForceExitStatus= now accept exit status names (e.g. "DATAERR"
is equivalent to "65"). Those exit status name mappings may be
- displayed with the sytemd-analyze exit-status verb describe above.
+ displayed with the systemd-analyze exit-status verb describe above.
* systemd-logind now exposes a per-session SetBrightness() bus call,
which may be used to securely change the brightness of a kernel