systemd System and Service Manager
-CHANGES WITH 243 in spe:
+CHANGES WITH 244:
+
+ * Support for the cpuset cgroups v2 controller has been added.
+ Processes may be restricted to specific CPUs using the new
+ AllowedCPUs= setting, and to specific memory NUMA nodes using the new
+ AllowedMemoryNodes= setting.
+
+ * The signal used in restart jobs (as opposed to e.g. stop jobs) may
+ now be configured using a new RestartKillSignal= setting. This
+ allows units which signals to request termination to implement
+ different behaviour when stopping in preparation for a restart.
+
+ * "systemctl clean" may now be used also for socket, mount, and swap
+ units.
+
+ * systemd will also read configuration options from the EFI variable
+ SystemdOptions. This may be used to configure systemd behaviour when
+ modifying the kernel command line is inconvenient, but configuration
+ on disk is read too late, for example for the options related to
+ cgroup hierarchy setup. 'bootctl systemd-efi-options' may be used to
+ set the EFI variable.
+
+ * systemd will now disable printk ratelimits in early boot. This should
+ allow us to capture more logs from the early boot phase where normal
+ storage is not available and the kernel ring buffer is used for
+ logging. Configuration on the kernel command line has higher priority
+ and overrides the systemd setting.
+
+ systemd programs which log to /dev/kmsg directly use internal
+ ratelimits to prevent runaway logging. (Normally this is only used
+ during early boot, so in practice this change has very little
+ effect.)
+
+ * Unit files now support top level dropin directories of the form
+ <unit_type>.d/ (e.g. service.d/) that may be used to add configuration
+ that affects all corresponding unit files.
+
+ * systemctl gained support for 'stop --job-mode=triggering' which will
+ stop the specified unit and any units which could trigger it.
+
+ * Unit status display now includes units triggering and triggered by
+ the unit being shown.
+
+ * The RuntimeMaxSec= setting is now supported by scopes, not just
+ .service units. This is particularly useful for PAM sessions which
+ create a scope unit for the user login. systemd.runtime_max_sec=
+ setting may used with the pam_systemd module to limit the duration
+ of the PAM session, for example for time-limited logins.
+
+ * A new @pkey system call group is now defined to make it easier to
+ whitelist memory protection syscalls for containers and services
+ which need to use them.
+
+ * systemd-udevd: removed the 30s timeout for killing stale workers on
+ exit. systemd-udevd now waits for workers to finish. The hard-coded
+ exit timeout of 30s was too short for some large installations, where
+ driver initialization could be prematurely interrupted during initrd
+ processing if the root file system had been mounted and init was
+ preparing to switch root. If udevd is run without systemd and workers
+ are hanging while udevd receives an exit signal, udevd will now exit
+ when udev.event_timeout is reached for the last hanging worker. With
+ systemd, the exit timeout can additionally be configured using
+ TimeoutStopSec= in systemd-udevd.service.
+
+ * udev now provides a program (fido_id) that identifies FIDO CTAP1
+ ("U2F")/CTAP2 security tokens based on the usage declared in their
+ report and descriptor and outputs suitable environment variables.
+ This replaces the externally maintained whitelists of all known
+ security tokens that were used previously.
+
+ * Automatically generated autosuspend udev rules for whitelisted
+ devices have been imported from the Chromium OS project. This should
+ improve power saving with many more devices.
+
+ * udev gained a new "CONST{key}=value" setting that allows matching
+ against system-wide constants without forking a helper binary.
+ Currently "arch" and "virt" keys are supported.
+
+ * udev now opens CDROMs in non-exclusive mode when querying their
+ capabilities. This should fix issues where other programs trying to
+ use the CDROM cannot gain access to it, but carries a risk of
+ interfering with programs writing to the disk, if they did not open
+ the device in exclusive mode as they should.
+
+ * systemd-networkd does not create a default route for IPv4 link local
+ addressing anymore. The creation of the route was unexpected and was
+ breaking routing in various cases, but people who rely on it being
+ created implicitly will need to adjust. Such a route may be requested
+ with DefaultRouteOnDevice=yes.
+
+ Similarly, systemd-networkd will not assign a link-local IPv6 address
+ when IPv6 link-local routing is not enabled.
+
+ * Receive and transmit buffers may now be configured on links with
+ the new RxBufferSize= and TxBufferSize= settings.
+
+ * systemd-networkd may now advertise additional IPv6 routes. A new
+ [IPv6RoutePrefix] section with Route= and LifetimeSec= options is
+ now supported.
+
+ * systemd-networkd may now configure "next hop" routes using the
+ [NextHop] section and Gateway= and Id= settings.
+
+ * systemd-networkd will now retain DHCP config on restarts by default
+ (but this may be overridden using the KeepConfiguration= setting).
+ The default for SendRelease= has been changed to true.
+
+ * The DHCPv4 client now uses the OPTION_INFORMATION_REFRESH_TIME option
+ received from the server.
+
+ The client will use the received SIP server list if UseSIP=yes is
+ set.
+
+ The client may be configured to request specific options from the
+ server using a new RequestOptions= setting.
+
+ The client may be configured to send arbitrary options to the server
+ using a new SendOption= setting.
+
+ A new IPServiceType= setting has been added to configure the "IP
+ service type" value used by the client.
+
+ * The DHCPv6 client learnt a new PrefixDelegationHint= option to
+ request prefix hints in the DHCPv6 solicitation.
+
+ * The DHCPv4 server may be configured to send arbitrary options using
+ a new SendOption= setting.
+
+ * The DHCPv4 server may now be configured to emit SIP server list using
+ the new EmitSIP= and SIP= settings.
+
+ * systemd-networkd and networkctl may now renew DHCP leases on demand.
+ networkctl has a new 'networkctl renew' verb.
+
+ * systemd-networkd may now reconfigure links on demand. networkctl
+ gained two new verbs: "reload" will reload the configuration, and
+ "reconfigure DEVICE…" will reconfigure one or more devices.
+
+ * .network files may now match on SSID and BSSID of a wireless network,
+ i.e. the access point name and hardware address using the new SSID=
+ and BSSID= options. networkctl will display the current SSID and
+ BSSID for wireless links.
+
+ .network files may also match on the wireless network type using the
+ new WLANInterfaceType= option.
+
+ * systemd-networkd now includes default configuration that enables
+ link-local addressing when connected to an ad-hoc wireless network.
+
+ * systemd-networkd may configure the Traffic Control queueing
+ disciplines in the kernel using the new
+ [TrafficControlQueueingDiscipline] section and Parent=,
+ NetworkEmulatorDelaySec=, NetworkEmulatorDelayJitterSec=,
+ NetworkEmulatorPacketLimit=, NetworkEmulatorLossRate=,
+ NetworkEmulatorDuplicateRate= settings.
+
+ * systemd-tmpfiles gained a new w+ setting to append to files.
+
+ * systemd-analyze dump will now report when the memory configuration in
+ the kernel does not match what systemd has configured (usually,
+ because some external program has modified the kernel configuration
+ on its own).
+
+ * systemd-analyze gained a new --base-time= switch instructs the
+ 'calendar' verb to resolve times relative to that timestamp instead
+ of the present time.
+
+ * journalctl --update-catalog now produces deterministic output (making
+ reproducible image builds easier).
+
+ * A new devicetree-overlay setting is now documented in the Boot Loader
+ Specification.
+
+ * The default value of the WatchdogSec= setting used in systemd
+ services (the ones bundled with the project itself) may be set at
+ configuration time using the -Dservice-watchdog= setting. If set to
+ empty, the watchdogs will be disabled.
+
+ * systemd-resolved validates IP addresses in certificates now when GnuTLS
+ is being used.
+
+ * libcryptsetup >= 2.0.1 is now required.
+
+ * A configuration option -Duser-path= may be used to override the $PATH
+ used by the user service manager. The default is again to use the same
+ path as the system manager.
+
+ * The systemd-id128 tool gained a new switch "-u" (or "--uuid") for
+ outputting the 128bit IDs in UUID format (i.e. in the "canonical
+ representation").
+
+ * Service units gained a new sandboxing option ProtectKernelLogs= which
+ makes sure the program cannot get direct access to the kernel log
+ buffer anymore, i.e. the syslog() system call (not to be confused
+ with the API of the same name in libc, which is not affected), the
+ /proc/kmsg and /dev/kmsg nodes and the CAP_SYSLOG capability are made
+ inaccessible to the service. It's recommended to enable this setting
+ for all services that should not be able to read from or write to the
+ kernel log buffer, which are probably almost all.
+
+ Contributions from: Aaron Plattner, Alcaro, Anita Zhang, Balint Reczey,
+ Bastien Nocera, Baybal Ni, Benjamin Bouvier, Benjamin Gilbert, Carlo
+ Teubner, cbzxt, Chen Qi, Chris Down, Christian Rebischke, Claudio
+ Zumbo, ClydeByrdIII, crashfistfight, Cyprien Laplace, Daniel Edgecumbe,
+ Daniel Gorbea, Daniel Rusek, Daniel Stuart, Dan Streetman, David
+ Pedersen, David Tardon, Dimitri John Ledkov, Dominique Martinet, Donald
+ A. Cupp Jr, Evgeny Vereshchagin, Fabian Henneke, Filipe Brandenburger,
+ Franck Bui, Frantisek Sumsal, Georg Müller, Hans de Goede, Haochen
+ Tong, HATAYAMA Daisuke, Iwan Timmer, Jan Janssen, Jan Kundrát, Jan
+ Synacek, Jan Tojnar, Jay Strict, Jérémy Rosen, Jóhann B. Guðmundsson,
+ Jonas Jelten, Jonas Thelemann, Justin Trudell, J. Xing, Kai-Heng Feng,
+ Kenneth D'souza, Kevin Becker, Kevin Kuehler, Lennart Poettering,
+ Léonard Gérard, Lorenz Bauer, Luca Boccassi, Maciej Stanczew, Mario
+ Limonciello, Marko Myllynen, Mark Stosberg, Martin Wilck, matthiasroos,
+ Michael Biebl, Michael Olbrich, Michael Tretter, Michal Sekletar,
+ Michal Sekletár, Michal Suchanek, Mike Gilbert, Mike Kazantsev, Nicolas
+ Douma, nikolas, Norbert Lange, pan93412, Pascal de Bruijn, Paul Menzel,
+ Pavel Hrdina, Peter Wu, Philip Withnall, Piotr Drąg, Rafael Fontenelle,
+ Renaud Métrich, Riccardo Schirone, RoadrunnerWMC, Ronan Pigott, Ryan
+ Attard, Sebastian Wick, Serge, Siddharth Chandrasekara, Steve Ramage,
+ Steve Traylen, Susant Sahani, Thibault Nélis, Tim Teichmann, Tom
+ Fitzhenry, Tommy J, Torsten Hilbrich, Vito Caputo, ypf791, Yu Watanabe,
+ Zach Smith, Zbigniew Jędrzejewski-Szmek
+
+ – Warsaw, 2019-11-29
+
+CHANGES WITH 243:
* This release enables unprivileged programs (i.e. requiring neither
setuid nor file capabilities) to send ICMP Echo (i.e. ping) requests
been renamed to LinkLayerAddress=, and it now allows configuration of
IP addresses, too.
+ * systemd-networkd's handling of the kernel's disable_ipv6 sysctl is
+ simplified: systemd-networkd will disable the sysctl (enable IPv6) if
+ IPv6 configuration (static or DHCPv6) was found for a given
+ interface. It will not touch the sysctl otherwise.
+
+ * The order of entries is $PATH used by the user manager instance was
+ changed to put bin/ entries before the corresponding sbin/ entries.
+ It is recommended to not rely on this order, and only ever have one
+ binary with a given name in the system paths under /usr.
+
* A new tool systemd-network-generator has been added that may generate
.network, .netdev and .link files from IP configuration specified on
the kernel command line in the format used by Dracut.
* SuccessExitStatus=, RestartPreventExitStatus=, and
RestartForceExitStatus= now accept exit status names (e.g. "DATAERR"
is equivalent to "65"). Those exit status name mappings may be
- displayed with the sytemd-analyze exit-status verb describe above.
+ displayed with the systemd-analyze exit-status verb describe above.
* systemd-logind now exposes a per-session SetBrightness() bus call,
which may be used to securely change the brightness of a kernel
Bastien Nocera, Ben Boeckel, Benjamin Robin, camoz, Chen Qi, Chris
Chiu, Chris Down, Christian Kellner, Clinton Roy, Connor Reeder, Daniel
Black, Daniele Medri, Dan Streetman, Dave Reisner, Dave Ross, David
- Art, David Tardon, Debarshi Ray, Dominick Grift, Donald Buczek, Douglas
- Christman, Eric DeVolder, EtherGraf, Evgeny Vereshchagin, Feldwor,
- Felix Riemann, Florian Dollinger, Francesco Pennica, Franck Bui,
- Frantisek Sumsal, Franz Pletz, frederik, Hans de Goede, Iago López
- Galeiras, Insun Pyo, Ivan Shapovalov, Iwan Timmer, Jack, Jakob
- Unterwurzacher, Jan Klötzke, Jan Pokorný, Jan Synacek, Jeka Pats,
+ Art, David Tardon, Debarshi Ray, Dimitri John Ledkov, Dominick Grift,
+ Donald Buczek, Douglas Christman, Eric DeVolder, EtherGraf, Evgeny
+ Vereshchagin, Feldwor, Felix Riemann, Florian Dollinger, Francesco
+ Pennica, Franck Bui, Frantisek Sumsal, Franz Pletz, frederik, Hans
+ de Goede, Iago López Galeiras, Insun Pyo, Ivan Shapovalov, Iwan Timmer,
+ Jack, Jakob Unterwurzacher, Jan Chren, Jan Klötzke, Jan Losinski, Jan
+ Pokorný, Jan Synacek, Jan-Michael Brummer, Jeka Pats, Jeremy Soller,
Jérémy Rosen, Jiri Pirko, Joe Lin, Joerg Behrmann, Joe Richey, Jóhann
B. Guðmundsson, Johannes Christ, Johannes Schmitz, Jonathan Rouleau,
Jorge Niedbalski, Kai Krakow, Kai Lüke, Karel Zak, Kashyap Chamarthy,
Santalla, Ronan Pigott, root, RussianNeuroMancer, Sebastian Jennen,
shinygold, Shreyas Behera, Simon Schricker, Susant Sahani, Thadeu Lima
de Souza Cascardo, Theo Ouzhinski, Thiebaud Weksteen, Thomas Haller,
- Thomas Weißschuh, Tomas Mraz, Tommi Rantala, Topi Miettinen, ven,
- Wieland Hoffmann, William A. Kennington III, William Wold, Xi Ruoyao,
- Yuri Chornoivan, Yu Watanabe, Zach Smith, Zbigniew Jędrzejewski-Szmek,
- Zhang Xianwei
+ Thomas Weißschuh, Tomas Mraz, Tommi Rantala, Topi Miettinen, VD-Lycos,
+ ven, Wieland Hoffmann, William A. Kennington III, William Wold, Xi
+ Ruoyao, Yuri Chornoivan, Yu Watanabe, Zach Smith, Zbigniew
+ Jędrzejewski-Szmek, Zhang Xianwei
- – Somewhere, SOME-TI-ME
+ – Camerino, 2019-09-03
CHANGES WITH 242:
projects / thirdparty / systemd.git / blobdiff