(as exposed via the SystemCallFilter= setting in service unit files).
It is apparently used by the linker now.
- New functionality and other changes:
+ Changes for Boot Loader Specification, kernel-install and sd-boot:
* kernel-install's and bootctl's Boot Loader Specification Type #1
entry generation logic has been reworked. The user may now pick
location. kernel-install will move them when all files have been
prepared successfully.
+ * New option sort-key= has been added to the Boot Loader Specification
+ to override the sorting order of the entries in the boot menu. It is
+ read by sd-boot and bootctl, and will be written by kernel-install,
+ with the default value of IMAGE_ID= or ID= fields from
+ os-release. Together, this means that on multiboot installations,
+ entries should be grouped and sorted in a predictable way.
+
+ * The kernel-install tool gained a new 'inspect' verb which shows the
+ paths and other settings used.
+
+ * sd-boot can now optionally beep when the menu is shown and menu
+ entries are selected, which can be useful on machines without a
+ working display. (Controllable via a loader.conf setting.)
+
+ * The --make-machine-id-directory= switch to bootctl has been replaced
+ by --make-entry-directory=, given that the entry directory is not
+ necessarily named after the machine ID, but after some other suitable
+ ID as selected via --entry-token= described above. The old name of
+ the option is still understood to maximize compatibility.
+
+ * 'bootctl list' gained support for a new --json= switch to output boot
+ menu entries in JSON format.
+
+ Changes for homed:
+
* Starting with v250 systemd-homed uses UID/GID mapping on the mounts
of activated home directories it manages (if the kernel and selected
file systems support it). So far it mapped three UID ranges: the
handling, and improving compatibility with home directories intended
to be portable like the ones managed by systemd-homed.
- * The journal JSON export format has been added to listed of stable
- interfaces (https://systemd.io/PORTABILITY_AND_STABILITY/).
-
- * /etc/locale.conf is now populated through tmpfiles.d factory /etc/
- handling with the values that were configured during systemd build
- (if /etc/locale.conf has not been created through some other
- mechanism). This means that /etc/locale.conf should always have
- reasonable contents and we avoid a potential mismatch in defaults.
+ Changes for shared libraries:
* A new libsystemd-core-<version>.so private shared library is
installed under /usr/lib/systemd/system, mirroring the existing
fail to execute because they were installed earlier or later than the
appropriate version of the library.
+ * The sd-id128 API gained a new call sd_id128_to_uuid_string() that is
+ similar to sd_id128_to_string() but formats the ID in RFC 4122 UUID
+ format instead of simple series of hex characters.
+
+ Changes for PID1 and systemctl:
+
* A new set of service monitor environment variables will be passed to
OnFailure=/OnSuccess= handlers, but only if exactly one unit lists the
handler unit as OnFailure=/OnSuccess=. The variables are:
'portablectl attach --extension=' now also accepts directory paths.
- * HARDWARE_VENDOR= and HARDWARE_MODEL= can be set in /etc/machine-info
- to override the values gleaned from the hwdb.
-
- * A ID_CHASSIS property can be set in the hwdb (for the DMI device
- /sys/class/dmi/id) to override the chassis that is reported by
- hostnamed.
-
- * hostnamed's D-Bus interface gained a new method GetHardwareSerial()
- for reading the hardware serial number, as reportd by DMI.
-
- * Two new hwdb files have been added. One lists "handhelds" (PDAs,
- calculators, etc.), the other AV production devices (DJ tables,
- keypads, etc.) that should accessible to the seat owner user by
- default.
-
- * A new unit systemd-networkd-wait-online@<interface>.service has been
- added that can be used to wait for a specific network interface to be
- up.
-
- * systemd-resolved is started earlier (in sysinit.target), so it
- available earlier and will also be started in the initrd if installed
- there.
-
- * udevadm trigger gained a new --prioritized-subsystem= option to
- process certain subsystems (and all their parent devices) earlier.
-
- systemd-udev-trigger.service now uses this new option to trigger
- block and TPM devices first, hopefully making the boot a bit faster.
-
- * udevadm trigger now implements --type=all, --initialized-match,
- --initialized-nomatch to trigger both subsystems and devices, only
- already-initialized devices, and only devices which haven't been
- initialized yet, respectively.
-
- * systemd-cryptenroll can now control whether to require the user to
- enter a PIN when using TPM-based unlocking of a volume via the new
- --tpm2-with-pin= option.
-
- Option tpm2-pin= can be used in /etc/crypttab.
-
- * When unlocking devices via TPM, TPM2 parameter encryption is now
- used, to ensure that communication between CPU and discrete TPM chips
- cannot be eavesdropped to acquire disk encryption keys.
-
* The user.delegate and user.invocation_id extended attributes on
cgroups are used in addition to trusted.delegate and
trusted.invocation_id. The latter pair requires privileges to set,
(Only supported on kernels ≥5.6.)
- * New option sort-key= has been added to the Boot Loader Specification
- to override the sorting order of the entries in the boot menu. It is
- read by sd-boot and bootctl, and will be written by kernel-install,
- with the default value of IMAGE_ID= or ID= fields from
- os-release. Together, this means that on multiboot installations,
- entries should be grouped and sorted in a predictable way.
-
- * sd-boot can now optionally beep when the menu is shown and menu
- entries are selected, which can be useful on machines without a
- working display. (Controllable via a loader.conf setting.)
-
* In unit files the new %y/%Y specifiers can be used to refer to
normalized unit file path, which is particularly useful for symlinked
unit files.
services, i.e. those run by the user's --user service manager, as long
as user namespaces are enabled on the system.
- * The --make-machine-id-directory= switch to bootctl has been replaced
- by --make-entry-directory=, given that the entry directory is not
- necessarily named after the machine ID, but after some other suitable
- ID as selected via --entry-token= described above. The old name of
- the option is still understood to maximize compatibility.
-
- * 'bootctl list' gained support for a new --json= switch to output boot
- menu entries in JSON format.
-
* Services with Restart=always and a failing ExecCondition= will no
longer be restarted, to bring ExecCondition= behaviour in line with
Condition*= settings.
that encapsulates the service's numeric cgroup ID that newer kernels
assign to each cgroup.
- * systemd-networkd gained a new [Bridge] Isolated=true|false setting
- that configures the eponymous kernel attribute on the bridge.
+ * PID 1 gained support for configuring the "pre-timeout" of watchdog
+ devices and the associated governor, via the new
+ RuntimeWatchdogPreSec= and RuntimeWatchdogPreGovernor= configuration
+ options in /etc/systemd/system.conf.
- * .netdev files now can be used to create virtual WLAN devices, and
- configure various settings on them, via the [VirtualWLAN] section.
+ * systemctl's --timestamp= option gained a new choice "unix", to show
+ timestamp as unix times, i.e. seconds since 1970, Jan 1st.
+
+ Changes for journald:
+
+ * The journal JSON export format has been added to listed of stable
+ interfaces (https://systemd.io/PORTABILITY_AND_STABILITY/).
+
+ * journalctl --list-boots now supports JSON output and the --reverse option.
+
+ * Under docs/: JOURNAL_EXPORT_FORMATS was imported from the wiki and
+ updated, BUILDING_IMAGES is new:
+
+ https://systemd.io/JOURNAL_EXPORT_FORMATS
+ https://systemd.io/BUILDING_IMAGES
+
+ Changes for udev:
+
+ * Two new hwdb files have been added. One lists "handhelds" (PDAs,
+ calculators, etc.), the other AV production devices (DJ tables,
+ keypads, etc.) that should accessible to the seat owner user by
+ default.
+
+ * udevadm trigger gained a new --prioritized-subsystem= option to
+ process certain subsystems (and all their parent devices) earlier.
+
+ systemd-udev-trigger.service now uses this new option to trigger
+ block and TPM devices first, hopefully making the boot a bit faster.
+
+ * udevadm trigger now implements --type=all, --initialized-match,
+ --initialized-nomatch to trigger both subsystems and devices, only
+ already-initialized devices, and only devices which haven't been
+ initialized yet, respectively.
+
+ * .link files gained support for setting MDI/MID-X on a link.
* .link files gained support for [Match] Firmware= setting to match on
the device firmware description string. By mistake, it was previously
only supported in .network files.
+ * .link files gained support for [Link] SR-IOVVirtualFunctions= setting
+ and [SR-IOV] section to configure SR-IOV virtual functions.
+
+ Changes for networkd:
+
+ * The default scope for unicast routes configured through [Route]
+ section is changed to "link", to make the behavior consistent with
+ "ip route" command. The manual configuration of [Route] Scope= is
+ still honored.
+
+ * A new unit systemd-networkd-wait-online@<interface>.service has been
+ added that can be used to wait for a specific network interface to be
+ up.
+
+ * systemd-networkd gained a new [Bridge] Isolated=true|false setting
+ that configures the eponymous kernel attribute on the bridge.
+
+ * .netdev files now can be used to create virtual WLAN devices, and
+ configure various settings on them, via the [WLAN] section.
+
* .link/.network files gained support for [Match] Kind= setting to match
on device kind ("bond", "bridge", "gre", "tun", "veth", etc.)
This value is also shown by 'networkctl status'.
- * .link files gained support for setting MDI/MID-X on a link.
+ * The Local= setting in .netdev files for various virtual network
+ devices gained support for specifying, in addition to the network
+ address, the name of a local interface which must have the specified
+ address.
- * The Local= setting for various virtual network devices gained support
- for specifying, in addition to the network address, the name of a
- local interface which must have the specified address.
+ * systemd-networkd gained a new [Tunnel] External= setting in .netdev
+ files, to configure tunnels in external mode (a.k.a. collect metadata
+ mode).
+
+ * [Network] L2TP= setting was removed. Please use interface specifier in
+ Local= setting in .netdev files of corresponding L2TP interface.
* New [DHCPServer] BootServerName=, BootServerAddress=, and
BootFilename= settings can be used to configure the server address,
server name, and file name sent in the DHCP packet (e.g. to configure
PXE boot).
- * journalctl --list-boots now supports JSON output and the --reverse option.
+ Changes for resolved:
- * Under docs/: JOURNAL_EXPORT_FORMATS was imported from the wiki and
- updated, BUILDING_IMAGES is new:
+ * systemd-resolved is started earlier (in sysinit.target), so it
+ available earlier and will also be started in the initrd if installed
+ there.
- https://systemd.io/JOURNAL_EXPORT_FORMATS
- https://systemd.io/BUILDING_IMAGES
+ Changes for disk encryption:
- * The sd-id128 API gained a new call sd_id128_to_uuid_string() that is
- similar to sd_id128_to_string() but formats the ID in RFC 4122 UUID
- format instead of simple series of hex characters.
+ * systemd-cryptenroll can now control whether to require the user to
+ enter a PIN when using TPM-based unlocking of a volume via the new
+ --tpm2-with-pin= option.
- * The userdbctl tool will now show UID range information as part of the
- list of known users.
+ Option tpm2-pin= can be used in /etc/crypttab.
- * systemctl's --timestamp= option gained a new choice "unix", to show
- timestamp as unix times, i.e. seconds since 1970, Jan 1st.
+ * When unlocking devices via TPM, TPM2 parameter encryption is now
+ used, to ensure that communication between CPU and discrete TPM chips
+ cannot be eavesdropped to acquire disk encryption keys.
- * PID 1 gained support for configuring the "pre-timeout" of watchdog
- devices and the associated governor, via the new
- RuntimeWatchdogPreSec= and RuntimeWatchdogPreGovernor= configuration
- options in /etc/systemd/system.conf.
+ Changes for hostnamed:
- * The kernel-install tool gained a new 'inspect' verb which shows the
- paths and other settings used.
+ * HARDWARE_VENDOR= and HARDWARE_MODEL= can be set in /etc/machine-info
+ to override the values gleaned from the hwdb.
+
+ * A ID_CHASSIS property can be set in the hwdb (for the DMI device
+ /sys/class/dmi/id) to override the chassis that is reported by
+ hostnamed.
+
+ * hostnamed's D-Bus interface gained a new method GetHardwareSerial()
+ for reading the hardware serial number, as reportd by DMI.
+
+ Changes for other components:
+
+ * /etc/locale.conf is now populated through tmpfiles.d factory /etc/
+ handling with the values that were configured during systemd build
+ (if /etc/locale.conf has not been created through some other
+ mechanism). This means that /etc/locale.conf should always have
+ reasonable contents and we avoid a potential mismatch in defaults.
+
+ * The userdbctl tool will now show UID range information as part of the
+ list of known users.
Experimental features:
projects / thirdparty / systemd.git / commitdiff
