stopped having this file around as anything else than a
symlink to /proc/self/mounts.
- * Support for the "pids" cgroup controller has been added.
- It allows accounting the number of tasks in a cgroup and
+ * Support for the "pids" cgroup controller has been added. It
+ allows accounting the number of tasks in a cgroup and
enforcing limits on it. This adds two new setting
TasksAccounting= and TasksMax= to each unit, as well as a
global option DefaultTasksAccounting=.
'machine-id-setup --commit'. The separate binary has been
removed.
- * The WorkingDirectory= directive in unit files may now be
- set to the special value '~'. In this case, the working
- directory is set to the home directory of the user configured
- in User=.
+ * The WorkingDirectory= directive in unit files may now be set
+ to the special value '~'. In this case, the working
+ directory is set to the home directory of the user
+ configured in User=.
* "machinectl shell" will now open the shell in the home
directory of the selected user by default.
- * A new systemd.crash_reboot=1 kernel command line option has
- been added that triggers a reboot after crashing. This can
- also be set through CrashReboot= in systemd.conf.
-
* The CrashChVT= configuration file setting is renamed to
- CrashChangeVT=, following our usual logic of not abbreviating
- unnecessarily. The old directive is still supported for compat
- reasons. Also, this directive now takes an integer value
- between 1 and 63, or a boolean value. The formerly supported
- '-1' value for disabling stays around for compat reasons.
+ CrashChangeVT=, following our usual logic of not
+ abbreviating unnecessarily. The old directive is still
+ supported for compat reasons. Also, this directive now takes
+ an integer value between 1 and 63, or a boolean value. The
+ formerly supported '-1' value for disabling stays around for
+ compat reasons.
* The PrivateTmp=, PrivateDevices=, PrivateNetwork=,
NoNewPrivileges=, TTYPath=, WorkingDirectory= and
processes have been killed, because the unit had no
processes attached, or similar.
+ * A new systemd.crash_reboot=1 kernel command line option has
+ been added that triggers a reboot after crashing. This can
+ also be set through CrashReboot= in systemd.conf.
+
+ * The RuntimeDirectory= setting now understands unit
+ specifiers like %i or %f.
+
* A new (still internal) libary API sd-ipv4acd has been added,
that implements address conflict detection for IPv4. It's
based on code from sd-ipv4ll, and will be useful for
detecting DHCP address conflicts.
- * The RuntimeDirectory= setting now understands unit
- specifiers like %i or %f.
+ * File descriptors passed during socket activation may now be
+ named. A new API sd_listen_fds_with_names() is added to
+ access the names. The default names may be overridden,
+ either in the .socket file using the FileDescriptorName=
+ parameter, or by passing FDNAME= when storing the file
+ descriptors using sd_notify().
+
+ * systemd-networkd gained support for:
- * networkd gained support for:
- - setting the IPv6 Router Advertisment settings via
+ - Setting the IPv6 Router Advertisment settings via
IPv6AcceptRouterAdvertisements= in .network files.
- - configuring the HelloTimeSec, MaxAgeSec and
- ForwardDelaySec bridge parameters in .netdev files.
- - configuring PreferredSource for static routes in
+
+ - Configuring the HelloTimeSec=, MaxAgeSec= and
+ ForwardDelaySec= bridge parameters in .netdev files.
+
+ - Configuring PreferredSource= for static routes in
.network files.
- * udev will now create /dev/disk/by-path links for ATA devices
- on kernels where that is supported.
+ * The "ask-password" framework used to query for LUKS harddisk
+ passwords or SSL passwords during boot gained support for
+ caching passwords in the kernel keyring, if it is
+ available. This makes sure that the user only has to type in
+ a passphrase once if there are multiple objects to unlock
+ with the same one. Previously, such password caching was
+ available only when Plymouth was used; this moves the
+ caching logic into the systemd codebase itself. The
+ "systemd-ask-password" utility gained a new --keyname=
+ switch to control which kernel keyring key to use for
+ caching a password in. This functionality is also useful for
+ enabling display managers such as gdm to automatically
+ unlock the user's GNOME keyring if its passphrase, the
+ user's password and the harddisk password are the same, if
+ gdm-autologin is used.
* When downloading tar or raw images using "machinectl
pull-tar" or "machinectl pull-raw", a matching ".nspawn"
only intermittendly, and even restores state if the previous
system shutdown was abrupt rather than clean.
- * Galician, Serbian, Turkish and Korean translations were added.
+ * The journal daemon gained support for vacuuming old journal
+ files controlled by the number of files that shall remain,
+ in addition to the already existing control by size and by
+ date. This is useful as journal interleaving performance
+ degrades with too many seperate journal files, and allows
+ putting an effective limit on them. The new setting defaults
+ to 100, but this may be changed by setting SystemMaxFiles=
+ and RuntimeMaxFiles= in journald.conf. Also, the
+ "journalctl" tool gained the new --vacuum-files= switch to
+ manually vacuum journal files to leave only the specified
+ number of files in place.
- Contributions from:
+ * udev will now create /dev/disk/by-path links for ATA devices
+ on kernels where that is supported.
+
+ * Galician, Serbian, Turkish and Korean translations were added.
- -- Berlin, 2015-09-xx
+ Contributions from: Aaro Koskinen, Alban Crequy, Beniamino
+ Galvani, Benjamin Robin, Branislav Blaskovic, Chen-Han Hsiao
+ (Stanley), Daniel Buch, Daniel Machon, Daniel Mack, David
+ Herrmann, David Milburn, doubleodoug, Evgeny Vereshchagin,
+ Felipe Franciosi, Filipe Brandenburger, Fran Dieguez, Gabriel
+ de Perthuis, Georg Müller, Hans de Goede, Hendrik Brueckner,
+ Ivan Shapovalov, Jacob Keller, Jan Engelhardt, Jan Janssen,
+ Jan Synacek, Jens Kuske, Karel Zak, Kay Sievers, Krzesimir
+ Nowak, Krzysztof Kotlenga, Lars Uebernickel, Lennart
+ Poettering, Lukas Nykryn, Łukasz Stelmach, Maciej Wereski,
+ Marcel Holtmann, Marius Thesing, Martin Pitt, Michael Biebl,
+ Michael Gebetsroither, Michal Schmidt, Michal Sekletar, Mike
+ Gilbert, Muhammet Kara, nazgul77, Nicolas Cornu, NoXPhasma,
+ Olof Johansson, Patrik Flykt, Pawel Szewczyk, reverendhomer,
+ Ronny Chevalier, Sangjung Woo, Seong-ho Cho, Susant Sahani,
+ Sylvain Plantefève, Thomas Haller, Thomas Hindoe Paaboel
+ Andersen, Tom Gundersen, Tom Lyon, Viktar Vauchkevich,
+ Zbigniew Jędrzejewski-Szmek, Марко М. Костић
+
+ -- Berlin, 2015-10-07
CHANGES WITH 226:
another unit listed in its Also= setting might be.
* Similar to the various existing ConditionXYZ= settings for
- units there are now matching AssertXYZ= settings. While
+ units, there are now matching AssertXYZ= settings. While
failing conditions cause a unit to be skipped, but its job
to succeed, failing assertions declared like this will cause
a unit start operation and its job to fail.
* hostnamed now knows a new chassis type "embedded".
* systemctl gained a new "edit" command. When used on a unit
- file this allows extending unit files with .d/ drop-in
+ file, this allows extending unit files with .d/ drop-in
configuration snippets or editing the full file (after
copying it from /usr/lib to /etc). This will invoke the
user's editor (as configured with $EDITOR), and reload the
inhibitors.
* Scope and service units gained a new "Delegate" boolean
- property, which when set allows processes running inside the
+ property, which, when set, allows processes running inside the
unit to further partition resources. This is primarily
useful for systemd user instances as well as container
managers.
audit fields are split up and fully indexed. This means that
journalctl in many ways is now a (nicer!) alternative to
ausearch, the traditional audit client. Note that this
- implements only a minimal audit client, if you want the
+ implements only a minimal audit client. If you want the
special audit modes like reboot-on-log-overflow, please use
the traditional auditd instead, which can be used in
parallel to journald.
* journalctl gained two new commands --vacuum-size= and
--vacuum-time= to delete old journal files until the
- remaining ones take up no more the specified size on disk,
+ remaining ones take up no more than the specified size on disk,
or are not older than the specified time.
* A new, native PPPoE library has been added to sd-network,
will spew out warnings if the compilation fails. This
requires libxkbcommon to be installed.
- * When a coredump is collected a larger number of metadata
+ * When a coredump is collected, a larger number of metadata
fields is now collected and included in the journal records
- created for it. More specifically control group membership,
+ created for it. More specifically, control group membership,
environment variables, memory maps, working directory,
chroot directory, /proc/$PID/status, and a list of open file
descriptors is now stored in the log entry.
a fixed machine ID for subsequent boots.
* networkd's .netdev files now provide a large set of
- configuration parameters for VXLAN devices. Similar, the
+ configuration parameters for VXLAN devices. Similarly, the
bridge port cost parameter is now configurable in .network
files. There's also new support for configuring IP source
routing. networkd .link files gained support for a new
* .socket units gained a new DeferAcceptSec= setting that
controls the kernels' TCP_DEFER_ACCEPT sockopt for
- TCP. Similar, support for controlling TCP keep-alive
+ TCP. Similarly, support for controlling TCP keep-alive
settings has been added (KeepAliveTimeSec=,
KeepAliveIntervalSec=, KeepAliveProbes=). Also, support for
turning off Nagle's algorithm on TCP has been added
* tmpfiles learnt a new "L+" directive which creates a symlink
but (unlike "L") deletes a pre-existing file first, should
it already exist and not already be the correct
- symlink. Similar, "b+", "c+" and "p+" directives have been
+ symlink. Similarly, "b+", "c+" and "p+" directives have been
added as well, which create block and character devices, as
well as fifos in the filesystem, possibly removing any
pre-existing files of different types.
open_by_handle_at() is now prohibited for containers,
closing a hole similar to a recently discussed vulnerability
in docker regarding access to files on file hierarchies the
- container should normally not have access to. Note that for
- nspawn we generally make no security claims anyway (and
+ container should normally not have access to. Note that, for
+ nspawn, we generally make no security claims anyway (and
this is explicitly documented in the man page), so this is
just a fix for one of the most obvious problems.
CAP_NET_BROADCAST, CAP_NET_RAW capabilities though, but
loses the ability to write to files owned by root this way.
- * Similar, systemd-resolved now runs under its own
+ * Similarly, systemd-resolved now runs under its own
"systemd-resolve" user with no capabilities remaining.
- * Similar, systemd-bus-proxyd now runs under its own
+ * Similarly, systemd-bus-proxyd now runs under its own
"systemd-bus-proxy" user with only CAP_IPC_OWNER remaining.
* systemd-networkd gained support for setting up "veth"
- virtual ethernet devices for container connectivity, as well
+ virtual Ethernet devices for container connectivity, as well
as GRE and VTI tunnels.
* systemd-networkd will no longer automatically attempt to
* The configuration of network interface naming rules for
"permanent interface names" has changed: a new NamePolicy=
setting in the [Link] section of .link files determines the
- priority of possible naming schemes (onboard, slot, mac,
+ priority of possible naming schemes (onboard, slot, MAC,
path). The default value of this setting is determined by
/usr/lib/net/links/99-default.link. Old
80-net-name-slot.rules udev configuration file has been
devices as seat masters, i.e. as devices that are required
to be existing before a seat is considered preset. Instead,
it will now look for all devices that are tagged as
- "seat-master" in udev. By default framebuffer devices will
- be marked as such, but depending on local systems other
+ "seat-master" in udev. By default, framebuffer devices will
+ be marked as such, but depending on local systems, other
devices might be marked as well. This may be used to
integrate graphics cards using closed source drivers (such
as NVidia ones) more nicely into logind. Note however, that
* Reorder configuration file lookup order. /etc now always
overrides /run in order to allow the administrator to always
- and unconditionally override vendor supplied or
+ and unconditionally override vendor-supplied or
automatically generated data.
* The various user visible bits of the journal now have man