systemd System and Service Manager
-CHANGES WITH 240 in spe:
+CHANGES WITH 241 in spe:
+
+ * The default locale can now be configured at compile time. Otherwise,
+ a suitable default will be selected automatically (one of C.UTF-8,
+ en_US.UTF-8, and C).
+
+ * The version string shown by systemd and other tools now includes the
+ git commit hash when built from git. An override may be specified
+ during compilation, which is intended to be used by distributions to
+ include the package release information.
+
+ * systemd-cat can now filter standard input and standard error streams
+ for different syslog priorities using the new --stderr-priority=
+ option.
+
+ * systemd-journald and systemd-journal-remote reject entries which
+ contain too many fields (CVE-2018-16865) and set limits on the
+ process' command line length (CVE-2018-16864).
+
+ * $DBUS_SESSION_BUS_ADDRESS environment variable is set by pam_systemd
+ again.
+
+ * kernel-install script now optionally takes a path to initrd file, and
+ it is passed to all plugins.
+
+ * -fPIE is dropped from compiler and linker option. Please specify
+ -Db_pie=true option to meson if you whant to build position-independent
+ executables. Note that the meson option is supported since meson-0.49.
+
+CHANGES WITH 240:
+
+ * NoNewPrivileges=yes has been set for all long-running services
+ implemented by systemd. Previously, this was problematic due to
+ SELinux (as this would also prohibit the transition from PID1's label
+ to the service's label). This restriction has since been lifted, but
+ an SELinux policy update is required.
+ (See e.g. https://github.com/fedora-selinux/selinux-policy/pull/234.)
+
+ * DynamicUser=yes is dropped from systemd-networkd.service,
+ systemd-resolved.service and systemd-timesyncd.service, which was
+ enabled in v239 for systemd-networkd.service and systemd-resolved.service,
+ and since v236 for systemd-timesyncd.service. The users and groups
+ systemd-network, systemd-resolve and systemd-timesync are created
+ by systemd-sysusers again. Distributors or system administrators
+ may need to create these users and groups if they not exist (or need
+ to re-enable DynamicUser= for those units) while upgrading systemd.
+ Also, the clock file for systemd-timesyncd may need to move from
+ /var/lib/private/systemd/timesync/clock to /var/lib/systemd/timesync/clock.
+
+ * When unit files are loaded from disk, previously systemd would
+ sometimes (depending on the unit loading order) load units from the
+ target path of symlinks in .wants/ or .requires/ directories of other
+ units. This meant that unit could be loaded from different paths
+ depending on whether the unit was requested explicitly or as a
+ dependency of another unit, not honouring the priority of directories
+ in search path. It also meant that it was possible to successfully
+ load and start units which are not found in the unit search path, as
+ long as they were requested as a dependency and linked to from
+ .wants/ or .requires/. The target paths of those symlinks are not
+ used for loading units anymore and the unit file must be found in
+ the search path.
* A new service type has been added: Type=exec. It's very similar to
Type=simple but ensures the service manager will wait for both fork()
* Support for disabling a particular cgroup controller within a sub-tree
has been added through the DisableControllers= directive.
+ * cgroup_no_v1=all on the kernel command line now also implies
+ using the unified cgroup hierarchy, unless one explicitly passes
+ systemd.unified_cgroup_hierarchy=0 on the kernel command line.
+
* The new "MemoryMin=" unit file property may now be used to set the
memory usage protection limit of processes invoked by the unit. This
- controls the cgroupsv2 memory.min attribute. Similarly, the new
+ controls the cgroup v2 memory.min attribute. Similarly, the new
"IODeviceLatencyTargetSec=" property has been added, wrapping the new
- cgroupsv2 io.latency cgroup property for configuring per-service I/O
+ cgroup v2 io.latency cgroup property for configuring per-service I/O
latency.
- * systemd now supports the cgroupsv2 devices BPF logic, as counterpart
- to the cgroupsv1 "devices" cgroup controller.
+ * systemd now supports the cgroup v2 devices BPF logic, as counterpart
+ to the cgroup v1 "devices" cgroup controller.
* systemd-escape now is able to combine --unescape with --template. It
also learnt a new option --instance for extracting and unescaping the
* The signal to use as last step of killing of unit processes is now
configurable. Previously it was hard-coded to SIGKILL, which may now
be overridden with the new KillSignal= setting. Note that this is the
- signal used when regular termination (i.e. SIGTERM) does suffice.
+ signal used when regular termination (i.e. SIGTERM) does not suffice.
Similarly, the signal used when aborting a program in case of a
watchdog timeout may now be configured too (WatchdogSignal=).
* Most configuration options that previously accepted percentage values
now also accept permille values with the '‰' suffix (instead of '%').
- * systemd-logind will offer hibernation only if the currently used
- kernel image is still available on disk.
-
* systemd-resolved may now optionally use OpenSSL instead of GnuTLS for
DNS-over-TLS.
* networkd gained support for Foo-Over-UDP, ERSPAN and ISATAP
tunnels. It also gained a new option ForceDHCPv6PDOtherInformation=
for forcing the "Other Information" bit in IPv6 RA messages. The
- bonding logic gained three new options AdActorSystemPriority=,
+ bonding logic gained four new options AdActorSystemPriority=,
AdUserPortKey=, AdActorSystem= for configuring various 802.3ad
- aspects. The tunnel logic gained a new IPv6RapidDeploymentPrefix=
- option for configuring IPv6 Rapid Deployment. The policy rule logic
- gained four new options IPProtocol=, SourcePort= and
- DestinationPort=, InvertRule=. The bridge logic gained support for
- the MulticastToUnicast= option. networkd also gained support for
- configuring static IPv4 ARP or IPv6 neighbor entries.
+ aspects, and DynamicTransmitLoadBalancing= for enabling dynamic
+ shuffling of flows. The tunnel logic gained a new
+ IPv6RapidDeploymentPrefix= option for configuring IPv6 Rapid
+ Deployment. The policy rule logic gained four new options IPProtocol=,
+ SourcePort= and DestinationPort=, InvertRule=. The bridge logic gained
+ support for the MulticastToUnicast= option. networkd also gained
+ support for configuring static IPv4 ARP or IPv6 neighbor entries.
* .preset files (as read by 'systemctl preset') may now be used to
instantiate services.
* The JoinControllers= option in system.conf is no longer supported, as
it didn't work correctly, is hard to support properly, is legacy (as
- the concept only exists on cgroupsv1) and apparently wasn't used.
+ the concept only exists on cgroup v1) and apparently wasn't used.
* Journal messages that are generated whenever a unit enters the failed
state are now tagged with a unique MESSAGE_ID. Similarly, messages
interface names even as systemd/udev are updated and the naming logic
is improved.
+ * sd-id128.h learnt two new auxiliary helpers: sd_id128_is_allf() and
+ SD_ID128_ALLF to test if a 128bit ID is set to all 0xFF bytes, and to
+ initialize one to all 0xFF.
+
+ * After loading the SELinux policy systemd will now recursively relabel
+ all files and directories listed in
+ /run/systemd/relabel-extra.d/*.relabel (which should be simple
+ newline separated lists of paths) in addition to the ones it already
+ implicitly relabels in /run, /dev and /sys. After the relabelling is
+ completed the *.relabel files (and /run/systemd/relabel-extra.d/) are
+ removed. This is useful to permit initrds (i.e. code running before
+ the SELinux policy is in effect) to generate files in the host
+ filesystem safely and ensure that the correct label is applied during
+ the transition to the host OS.
+
+ * KERNEL API BREAKAGE: Linux kernel 4.18 changed behaviour regarding
+ mknod() handling in user namespaces. Previously mknod() would always
+ fail with EPERM in user namespaces. Since 4.18 mknod() will succeed
+ but device nodes generated that way cannot be opened, and attempts to
+ open them result in EPERM. This breaks the "graceful fallback" logic
+ in systemd's PrivateDevices= sand-boxing option. This option is
+ implemented defensively, so that when systemd detects it runs in a
+ restricted environment (such as a user namespace, or an environment
+ where mknod() is blocked through seccomp or absence of CAP_SYS_MKNOD)
+ where device nodes cannot be created the effect of PrivateDevices= is
+ bypassed (following the logic that 2nd-level sand-boxing is not
+ essential if the system systemd runs in is itself already sand-boxed
+ as a whole). This logic breaks with 4.18 in container managers where
+ user namespacing is used: suddenly PrivateDevices= succeeds setting
+ up a private /dev/ file system containing devices nodes — but when
+ these are opened they don't work.
+
+ At this point is is recommended that container managers utilizing
+ user namespaces that intend to run systemd in the payload explicitly
+ block mknod() with seccomp or similar, so that the graceful fallback
+ logic works again.
+
+ We are very sorry for the breakage and the requirement to change
+ container configurations for newer kernels. It's purely caused by an
+ incompatible kernel change. The relevant kernel developers have been
+ notified about this userspace breakage quickly, but they chose to
+ ignore it.
+
+ * PermissionsStartOnly= setting is deprecated (but is still supported
+ for backwards compatibility). The same functionality is provided by
+ the more flexible "+", "!", and "!!" prefixes to ExecStart= and other
+ commands.
+
+ * $DBUS_SESSION_BUS_ADDRESS environment variable is not set by
+ pam_systemd anymore.
+
+ * The requirements to build systemd is bumped to meson-0.46 and
+ python-3.5.
+
Contributions from: afg, Alan Jenkins, Aleksei Timofeyev, Alexander
Filippov, Alexander Kurtz, Alexey Bogdanenko, Andreas Henriksson,
Andrew Jorgensen, Anita Zhang, apnix-uk, Arkan49, Arseny Maslennikov,
asavah, Asbjørn Apeland, aszlig, Bastien Nocera, Ben Boeckel, Benedikt
- Morbach, Benjamin Berg, Carlo Caione, Cedric Viou, Chen Qi, ChenQi1989,
- Chris Chiu, Chris Down, Chris Morin, Christian Rebischke, Claudius
- Ellsel, ColinGuthrie, dana, Daniel, Daniele Medri, Daniel Kahn Gillmor,
- Daniel Rusek, Daniel van Vugt, Dariusz Gadomski, Dave Reisner, David
- Anderson, Davide Cavalca, David Leeds, David Malcolm, David Strauss,
- David Tardon, Dimitri John Ledkov, dj-kaktus, Dongsu Park, Elias
- Probst, Emil Soleyman, Erik Kooistra, Ervin Peters, Evgeni Golov,
- Evgeny Vereshchagin, Fabrice Fontaine, Faheel Ahmad, faizalluthfi,
- Felix Yan, Filipe Brandenburger, Franck Bui, Frank Schaefer, Frantisek
- Sumsal, Gianluca Boiano, Giuseppe Scrivano, glitsj16, Hans de Goede,
- Harald Hoyer, Harry Mallon, Harshit Jain, hellcp, Helmut Grohne, Henry
- Tung, Hui Yiqun, imayoda, Insun Pyo, INSUN PYO, Iwan Timmer,
- jambonmcyeah, Jan Janssen, Jan Pokorný, Jan Synacek, Jason
- A. Donenfeld, javitoom, Jérémy Nouhaud, Jiuyang liu, João Paulo Rechi
+ Morbach, Benjamin Berg, Bruce Zhang, Carlo Caione, Cedric Viou, Chen
+ Qi, Chris Chiu, Chris Down, Chris Morin, Christian Rebischke, Claudius
+ Ellsel, Colin Guthrie, dana, Daniel, Daniele Medri, Daniel Kahn
+ Gillmor, Daniel Rusek, Daniel van Vugt, Dariusz Gadomski, Dave Reisner,
+ David Anderson, Davide Cavalca, David Leeds, David Malcolm, David
+ Strauss, David Tardon, Dimitri John Ledkov, Dmitry Torokhov, dj-kaktus,
+ Dongsu Park, Elias Probst, Emil Soleyman, Erik Kooistra, Ervin Peters,
+ Evgeni Golov, Evgeny Vereshchagin, Fabrice Fontaine, Faheel Ahmad,
+ Faizal Luthfi, Felix Yan, Filipe Brandenburger, Franck Bui, Frank
+ Schaefer, Frantisek Sumsal, Gautier Husson, Gianluca Boiano, Giuseppe
+ Scrivano, glitsj16, Hans de Goede, Harald Hoyer, Harry Mallon, Harshit
+ Jain, Helmut Grohne, Henry Tung, Hui Yiqun, imayoda, Insun Pyo, Iwan
+ Timmer, Jan Janssen, Jan Pokorný, Jan Synacek, Jason A. Donenfeld,
+ javitoom, Jérémy Nouhaud, Jeremy Su, Jiuyang Liu, João Paulo Rechi
Vita, Joe Hershberger, Joe Rayhawk, Joerg Behrmann, Joerg Steffens,
- Jonas DOREL, Jon Ringle, Josh Soref, Julian Andres Klode, Jürg
- Billeter, Keith Busch, killermoehre, Kirill Marinushkin, Lennart
- Poettering, LennartPoettering, Liberasys, Lion Yang, Li Song, Lorenz
+ Jonas Dorel, Jon Ringle, Josh Soref, Julian Andres Klode, Jun Bo Bi,
+ Jürg Billeter, Keith Busch, Khem Raj, Kirill Marinushkin, Larry
+ Bernstone, Lennart Poettering, Lion Yang, Li Song, Lorenz
Hübschle-Schneider, Lubomir Rintel, Lucas Werkmeister, Ludwin Janvier,
Lukáš Nykrýn, Luke Shumaker, mal, Marc-Antoine Perennou, Marcin
Skarbek, Marco Trevisan (Treviño), Marian Cepok, Mario Hros, Marko
Myllynen, Markus Grimm, Martin Pitt, Martin Sobotka, Martin Wilck,
Mathieu Trudel-Lapierre, Matthew Leeds, Michael Biebl, Michael Olbrich,
- Michael 'pbone' Pobega, Michal Koutný, Michal Sekletar, Michal Soltys,
- Mike Gilbert, Mike Palmer, Muhammet Kara, Neal Gompa, Network Silence,
- nikolas, NOGISAKA Sadata, Oliver Smith, Patrik Flykt, Pavel Hrdina,
- Paweł Szewczyk, Peter Hutterer, Piotr Drąg, Ray Strode, remueller,
+ Michael 'pbone' Pobega, Michael Scherer, Michal Koutný, Michal
+ Sekletar, Michal Soltys, Mike Gilbert, Mike Palmer, Muhammet Kara, Neal
+ Gompa, Neil Brown, Network Silence, Niklas Tibbling, Nikolas Nyby,
+ Nogisaka Sadata, Oliver Smith, Patrik Flykt, Pavel Hrdina, Paweł
+ Szewczyk, Peter Hutterer, Piotr Drąg, Ray Strode, Reinhold Mueller,
Renaud Métrich, Roman Gushchin, Ronny Chevalier, Rubén Suárez Alvarez,
- Ruixin Bao, RussianNeuroMancer, Ryutaroh Matsumoto, Saleem Rashid,
- Samuel Morris, Sandy, scootergrisen, seb128, Sergey Ptashnick, Shawn
- Landden, Shengyao Xue, Shih-Yuan Lee (FourDollars), Sjoerd Simons,
- Stephen Gallagher, Steven Allen, Steve Ramage, Susant Sahani, Sven
- Joachim, Sylvain Plantefève, TanuKaskinen, Tejun Heo, Thiago Macieira,
- Thomas Blume, Thomas Haller, Thomas H. P. Andersen, Tim Ruffing, TJ,
- Tobias Jungel, Todd Walton, Tommi Rantala, Tomsod M, Tony Novak,
- Trevonn, Victor Laskurain, Victor Tapia, Violet Halo, Vojtech Trefny,
- welaq, William A. Kennington III, William Douglas, Wyatt Ward, Xiang
- Fan, Xi Ruoyao, Xuanwo, Yann E. MORIN, YmrDtnJu, Yu Watanabe, Zbigniew
- Jędrzejewski-Szmek, Zhang Xianwei, Zsolt Dollenstein
-
- — Somewhere, 2018-xx-yy
+ Ruixin Bao, RussianNeuroMancer, Ryutaroh Matsumoto, Saleem Rashid, Sam
+ Morris, Samuel Morris, Sandy Carter, scootergrisen, Sébastien Bacher,
+ Sergey Ptashnick, Shawn Landden, Shengyao Xue, Shih-Yuan Lee
+ (FourDollars), Silvio Knizek, Sjoerd Simons, Stasiek Michalski, Stephen
+ Gallagher, Steven Allen, Steve Ramage, Susant Sahani, Sven Joachim,
+ Sylvain Plantefève, Tanu Kaskinen, Tejun Heo, Thiago Macieira, Thomas
+ Blume, Thomas Haller, Thomas H. P. Andersen, Tim Ruffing, TJ, Tobias
+ Jungel, Todd Walton, Tommi Rantala, Tomsod M, Tony Novak, Tore
+ Anderson, Trevonn, Victor Laskurain, Victor Tapia, Violet Halo, Vojtech
+ Trefny, welaq, William A. Kennington III, William Douglas, Wyatt Ward,
+ Xiang Fan, Xi Ruoyao, Xuanwo, Yann E. Morin, YmrDtnJu, Yu Watanabe,
+ Zbigniew Jędrzejewski-Szmek, Zhang Xianwei, Zsolt Dollenstein
+
+ — Warsaw, 2018-12-21
CHANGES WITH 239:
instance to migrate processes if it itself gets the request to
migrate processes and the kernel refuses this due to access
restrictions. Thanks to this "systemd-run --scope --user …" works
- again in pure cgroups v2 environments when invoked from the user
+ again in pure cgroup v2 environments when invoked from the user
session scope.
* A new TemporaryFileSystem= setting can be used to mask out part of
desired options.
* systemd now supports the "memory" cgroup controller also on
- cgroupsv2.
+ cgroup v2.
* The systemd-cgtop tool now optionally takes a control group path as
command line argument. If specified, the control group list shown is