scope: tiny cleanup: UNIT(s) -> u

[thirdparty/systemd.git] / NEWS

diff --git a/NEWS b/NEWS
index ee926a120337c6e7a152f1845bff88b1fdda6f20..0bb8e439b76784664b1118ff58ec236e05e05706 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,6 @@
 systemd System and Service Manager
 
 systemd System and Service Manager
 

-CHANGES WITH 241 in spe:
+CHANGES WITH 241:

 
         * The default locale can now be configured at compile time. Otherwise,
           a suitable default will be selected automatically (one of C.UTF-8,
 
         * The default locale can now be configured at compile time. Otherwise,
           a suitable default will be selected automatically (one of C.UTF-8,


@@ -22,13 +22,90 @@ CHANGES WITH 241 in spe:
         * $DBUS_SESSION_BUS_ADDRESS environment variable is set by pam_systemd
           again.
 
         * $DBUS_SESSION_BUS_ADDRESS environment variable is set by pam_systemd
           again.
 

-        * kernel-install script now optionally takes a path to an initrd file,
-          and passes it to all plugins.
+        * A new network device NamePolicy "keep" is implemented for link files,
+          and used by default in 99-default.link (the fallback configuration
+          provided by systemd). With this policy, if the network device name
+          was already set by userspace, the device will not be renamed again.
+          This matches the naming scheme that was implemented before
+          systemd-240. If naming-scheme < 240 is specified, the "keep" policy
+          is also enabled by default, even if not specified. Effectively, this
+          means that if naming-scheme >= 240 is specified, network devices will
+          be renamed according to the configuration, even if they have been
+          renamed already, if "keep" is not specified as the naming policy in
+          the .link file. The 99-default.link file provided by systemd includes
+          "keep" for backwards compatibility, but it is recommended for user
+          installed .link files to *not* include it.
+
+          The "kernel" policy, which keeps kernel names declared to be
+          "persistent", now works again as documented.
+
+        * kernel-install script now optionally takes the paths to one or more
+          initrd files, and passes them to all plugins.
+
+        * The mincore() system call has been dropped from the @system-service
+          system call filter group, as it is pretty exotic and may potentially
+          used for side-channel attacks.

 
         * -fPIE is dropped from compiler and linker options. Please specify
           -Db_pie=true option to meson to build position-independent
           executables. Note that the meson option is supported since meson-0.49.
 
 
         * -fPIE is dropped from compiler and linker options. Please specify
           -Db_pie=true option to meson to build position-independent
           executables. Note that the meson option is supported since meson-0.49.
 

+        * The fs.protected_regular and fs.protected_fifos sysctls, which were
+          added in Linux 4.19 to make some data spoofing attacks harder, are
+          now enabled by default. While this will hopefully improve the
+          security of most installations, it is technically a backwards
+          incompatible change; to disable these sysctls again, place the
+          following lines in /etc/sysctl.d/60-protected.conf or a similar file:
+
+              fs.protected_regular = 0
+              fs.protected_fifos = 0
+
+          Note that the similar hardlink and symlink protection has been
+          enabled since v199, and may be disabled likewise.
+
+        * The files read from the EnvironmentFile= setting in unit files now
+          parse backslashes inside quotes literally, matching the behaviour of
+          POSIX shells.
+
+        * udevadm trigger, udevadm control, udevadm settle and udevadm monitor
+          now automatically become NOPs when run in a chroot() environment.
+
+        * The tmpfiles.d/ "C" line type will now copy directory trees not only
+          when the destination is so far missing, but also if it already exists
+          as a directory and is empty. This is useful to cater for systems
+          where directory trees are put together from multiple separate mount
+          points but otherwise empty.
+
+        * A new function sd_bus_close_unref() (and the associated
+          sd_bus_close_unrefp()) has been added to libsystemd, that combines
+          sd_bus_close() and sd_bus_unref() in one.
+
+        * udevadm control learnt a new option for --ping for testing whether a
+          systemd-udevd instance is running and reacting.
+
+        * udevadm trigger learnt a new option for --wait-daemon for waiting
+          systemd-udevd daemon to be initialized.
+
+        Contributions from: Aaron Plattner, Alberts Muktupāvels, Alex Mayer,
+        Ayman Bagabas, Beniamino Galvani, Burt P, Chris Down, Chris Lamb, Chris
+        Morin, Christian Hesse, Claudius Ellsel, dana, Daniel Axtens, Daniele
+        Medri, Dave Reisner, David Santamaría Rogado, Diego Canuhe, Dimitri
+        John Ledkov, Evgeny Vereshchagin, Fabrice Fontaine, Filipe
+        Brandenburger, Franck Bui, Frantisek Sumsal, govwin, Hans de Goede,
+        James Hilliard, Jan Engelhardt, Jani Uusitalo, Jan Janssen, Jan
+        Synacek, Jonathan McDowell, Jonathan Roemer, Jonathon Kowalski, Joost
+        Heitbrink, Jörg Thalheim, Lance, Lennart Poettering, Louis Taylor,
+        Lucas Werkmeister, Mantas Mikulėnas, Marc-Antoine Perennou,
+        marvelousblack, Michael Biebl, Michael Sloan, Michal Sekletar, Mike
+        Auty, Mike Gilbert, Mikhail Kasimov, Neil Brown, Niklas Hambüchen,
+        Patrick Williams, Paul Seyfert, Peter Hutterer, Philip Withnall, Roger
+        James, Ronnie P. Thomas, Ryan Gonzalez, Sam Morris, Stephan Edel,
+        Stephan Gerhold, Susant Sahani, Taro Yamada, Thomas Haller, Topi
+        Miettinen, YiFei Zhu, YmrDtnJu, YunQiang Su, Yu Watanabe, Zbigniew
+        Jędrzejewski-Szmek, zsergeant77, Дамјан Георгиевски
+
+        — Berlin, 2019-02-14
+

 CHANGES WITH 240:
 
         * NoNewPrivileges=yes has been set for all long-running services
 CHANGES WITH 240:
 
         * NoNewPrivileges=yes has been set for all long-running services


@@ -131,7 +208,7 @@ CHANGES WITH 240:
           file descriptors currently enforced (fs.file-max, fs.nr_open,
           RLIMIT_NOFILE hard, RLIMIT_NOFILE soft) we turn off the first two,
           and keep only the latter two. A set of build-time options
           file descriptors currently enforced (fs.file-max, fs.nr_open,
           RLIMIT_NOFILE hard, RLIMIT_NOFILE soft) we turn off the first two,
           and keep only the latter two. A set of build-time options

-          (-Dbump-proc-sys-fs-file-max=no and -Dbump-proc-sys-fs-nr-open=no)
+          (-Dbump-proc-sys-fs-file-max=false and -Dbump-proc-sys-fs-nr-open=false)

           has been added to revert this change in behaviour, which might be
           an option for systems that turn off memcg in the kernel.
 
           has been added to revert this change in behaviour, which might be
           an option for systems that turn off memcg in the kernel.
 


@@ -492,6 +569,11 @@ CHANGES WITH 240:
         * $DBUS_SESSION_BUS_ADDRESS environment variable is not set by
           pam_systemd anymore.
 
         * $DBUS_SESSION_BUS_ADDRESS environment variable is not set by
           pam_systemd anymore.
 

+        * The naming scheme for network devices was changed to always rename
+          devices, even if they were already renamed by userspace. The "kernel"
+          policy was changed to only apply as a fallback, if no other naming
+          policy took effect.
+

         * The requirements to build systemd is bumped to meson-0.46 and
           python-3.5.
 
         * The requirements to build systemd is bumped to meson-0.46 and
           python-3.5.
 


@@ -908,6 +990,8 @@ CHANGES WITH 239:
           allows ordering services before the service that executes the actual
           update process in a generic way.
 
           allows ordering services before the service that executes the actual
           update process in a generic way.
 

+        * Systemd now emits warnings whenever .include syntax is used.
+

         Contributions from: Adam Duskett, Alan Jenkins, Alessandro Casale,
         Alexander Kurtz, Alex Gartrell, Anssi Hannula, Arnaud Rebillout, Brian
         J. Murrell, Bruno Vernay, Chris Lamb, Chris Lesiak, Christian Brauner,
         Contributions from: Adam Duskett, Alan Jenkins, Alessandro Casale,
         Alexander Kurtz, Alex Gartrell, Anssi Hannula, Arnaud Rebillout, Brian
         J. Murrell, Bruno Vernay, Chris Lamb, Chris Lesiak, Christian Brauner,


@@ -1873,12 +1957,14 @@ CHANGES WITH 234:
           systemd-logind to be safe. See
           https://cgit.freedesktop.org/xorg/xserver/commit/?id=dc48bd653c7e101.)
 
           systemd-logind to be safe. See
           https://cgit.freedesktop.org/xorg/xserver/commit/?id=dc48bd653c7e101.)
 

-        * All kernel install plugins are called with the environment variable
+        * All kernel-install plugins are called with the environment variable

           KERNEL_INSTALL_MACHINE_ID which is set to the machine ID given by
           KERNEL_INSTALL_MACHINE_ID which is set to the machine ID given by

-          /etc/machine-id. If the file is missing or empty, the variable is
-          empty and BOOT_DIR_ABS is the path of a temporary directory which is
-          removed after all the plugins exit. So, if KERNEL_INSTALL_MACHINE_ID
-          is empty, all plugins should not put anything in BOOT_DIR_ABS.
+          /etc/machine-id. If the machine ID could not be determined,
+          $KERNEL_INSTALL_MACHINE_ID will be empty. Plugins should not put
+          anything in the entry directory (passed as the second argument) if
+          $KERNEL_INSTALL_MACHINE_ID is empty. For backwards compatiblity, a
+          temporary directory is passed as the entry directory and removed
+          after all the plugins exit.

 
         Contributions from: Adrian Heine né Lang, Aggelos Avgerinos, Alexander
         Kurtz, Alexandros Frantzis, Alexey Brodkin, Alex Lu, Amir Pakdel, Amir
 
         Contributions from: Adrian Heine né Lang, Aggelos Avgerinos, Alexander
         Kurtz, Alexandros Frantzis, Alexey Brodkin, Alex Lu, Amir Pakdel, Amir


@@ -5662,7 +5748,7 @@ CHANGES WITH 214:
         * Socket units gained a new Symlinks= setting. It takes a list
           of symlinks to create to file system sockets or FIFOs
           created by the specific Unix sockets. This is useful to
         * Socket units gained a new Symlinks= setting. It takes a list
           of symlinks to create to file system sockets or FIFOs
           created by the specific Unix sockets. This is useful to

-          manage symlinks to socket nodes with the same life-cycle as
+          manage symlinks to socket nodes with the same lifecycle as

           the socket itself.
 
         * The /dev/log socket and /dev/initctl FIFO have been moved to
           the socket itself.
 
         * The /dev/log socket and /dev/initctl FIFO have been moved to


@@ -5970,7 +6056,7 @@ CHANGES WITH 212:
           users who are logged out cannot continue to consume IPC
           resources. This covers SysV memory, semaphores and message
           queues as well as POSIX shared memory and message
           users who are logged out cannot continue to consume IPC
           resources. This covers SysV memory, semaphores and message
           queues as well as POSIX shared memory and message

-          queues. Traditionally, SysV and POSIX IPC had no life-cycle
+          queues. Traditionally, SysV and POSIX IPC had no lifecycle

           limits. With this functionality, that is corrected. This may
           be turned off by using the RemoveIPC= switch of logind.conf.
 
           limits. With this functionality, that is corrected. This may
           be turned off by using the RemoveIPC= switch of logind.conf.
 


@@ -6120,7 +6206,7 @@ CHANGES WITH 211:
           systemd-networkd.
 
         * The sd-bus.h bus API gained a new sd_bus_track object for
           systemd-networkd.
 
         * The sd-bus.h bus API gained a new sd_bus_track object for

-          tracking the life-cycle of bus peers. Note that sd-bus.h is
+          tracking the lifecycle of bus peers. Note that sd-bus.h is

           still not a public API though (unless you specify
           --enable-kdbus on the configure command line, which however
           voids your warranty and you get no API stability guarantee).
           still not a public API though (unless you specify
           --enable-kdbus on the configure command line, which however
           voids your warranty and you get no API stability guarantee).


@@ -6277,6 +6363,9 @@ CHANGES WITH 210:
           IFUNC. Please make sure to use --enable-compat-libs only
           during a transitional period!
 
           IFUNC. Please make sure to use --enable-compat-libs only
           during a transitional period!
 

+        * The .include syntax has been deprecated and is not documented
+          anymore. Drop-in files in .d directories should be used instead.
+

         Contributions from: Andreas Fuchs, Armin K., Colin Walters,
         Daniel Mack, Dave Reisner, David Herrmann, Djalal Harouni,
         Holger Schurig, Jason A. Donenfeld, Jason St. John, Jasper
         Contributions from: Andreas Fuchs, Armin K., Colin Walters,
         Daniel Mack, Dave Reisner, David Herrmann, Djalal Harouni,
         Holger Schurig, Jason A. Donenfeld, Jason St. John, Jasper