systemd System and Service Manager
CHANGES WITH 246 in spe:
+
+ * The various programs included in systemd can now optionally output
+ their log messages on stderr prefixed with a timestamp, controlled by
+ the $SYSTEMD_LOG_TIME environment variable.
+
+ * A new boolean kernel command line option systemd.swap= has been
+ added, which may be used to turn off automatic activation of swap
+ devices, as listed in /etc/fstab.
+
+ * The CPUAffinity= setting in service unit files now supports a new
+ special value "numa". If used, the NUMA mask is copied into the CPU
+ affinity mask.
+
+ * The man pages for the sd-bus and sd-hwdb APIs have been completed.
+
+ * networkctl gained the new "forcerenew" command for forcing all DHCP
+ server clients to renew their lease. The interface "status" output
+ will now show numerous additional fields of information about an
+ interface. There are new "up" and "down" commands to bring specific
+ interfaces up or down.
+
+ * systemd-networkd's [IPv6Prefix] section in .network files gained a
+ new boolean setting Assign=. If enabled an address from the prefix is
+ automatically assigned to the interface.
+
+ * systemd-networkd's [Network] section gained a new setting
+ IPv6PDSubnetId= that allows explicit configuration of the preferred
+ subnet that networkd's Prefix Delegation logic assigns to an
+ interfaces.
+
+ * systemd-networkd gained support for configuring the HTB queuing
+ discipline in the [HierarchyTokenBucket] and
+ [HierarchyTokenBucketClass] sections. Similar the "pfifo" qdisc may
+ be configured in the [PFIFO] section, "GRED" in
+ [GenericRandomEarlyDetection], "SFB" in [StochasticFairBlue], "cake"
+ in [CAKE], "PIE" in [PIE], "DRR" in [DeficitRoundRobinScheduler] and
+ [DeficitRoundRobinSchedulerClass], "BFIFO" in [BFIFO],
+ "PFIFOHeadDrop" in [PFIFOHeadDrop], "PFIFOFast" in [PFIFOFast] and
+ "HHF" in [HeavyHitterFilter].
+
+ * systemd-networkd gained support for a new Termination= setting in the
+ [CAN] section for configuring the termination resistor. It also
+ gained a new ListenOnly= setting for controlling whether to only
+ listen on CAN interfaces, without interfering with traffic otherwise
+ (which is useful for debugging/monitoring CAN network
+ traffic). DataBitRate=, DataSamplePoint=, FDMode=, FDNonISO= have
+ been added to configure various CAN-FD aspects.
+
+ * .link files managed by systemd-udevd gained options RxFlowControl=,
+ TxFlowControl=, AutoNegotiationFlowControl= in the [Link] section, in
+ order to configure various flow control parameters. They also gained
+ RxMiniBufferSize= and RxJumboBufferSize= in order to configure jumbo
+ frame ring buffer sizes.
+
+ * systemd-networkd's [DHCPv6] section gained a new WithoutRA= boolean
+ setting. If enabled, DHCPv6 will be attempted right-away without
+ requiring an Router Advertisement packet suggesting it
+ first. Conversely, the [IPv6AcceptRA] gained a boolean option
+ DHCPv6Client= that may be used to turn off the DHCPv6 client even if
+ the RA packets suggest it.
+
+ * systemd-networkd's [DHCPv4] section gained a new setting UseGateway=
+ which may be used to turn off use of the gateway information provided
+ by the DHCP lease. A new FallbackLeaseLifetimeSec= setting may be
+ used to configure how to process leases that lack a lifetime option.
+
+ * systemd-networkd's [DHCPv4] and [DHCPServer] sections gained a new
+ setting SendVendorOption= allowing configuration of additional vendor
+ options to send in the DHCP requests/responses. The [DHCPv6] section
+ gained a new SendOption= setting for sending arbitrary DHCP
+ options. RequestOptions= has been added to request arbitrary options
+ from the server. UserClass= has been added to set the DHCP user class
+ field.
+
+ * systemd-networkd's [DHCPServer] section gained a new set of options
+ EmitPOP3=/POP3=, EmitSMTP=/SMTP=, EmitLPR=/LPR= for including server
+ information about these three protocols in the DHCP lease. It also
+ gained support for including "MUD" URLs ("Manufacturer Usage
+ Description"). Support for "MUD" URLs was also added to the LLDP
+ stack, configurable in the [LLDP] section in .network files.
+
+ * systemd-resolved's DNS= configuration option now optionally accepts
+ DNS server addresses suffixed by "#" followed by a host name. If
+ used, the DNS-over-TLS certificate is validated to match the
+ specified hostname.
+
+ * systemd-resolved may be configured to forward single-label DNS names.
+ This is not standard-conformant, but may make sense in setups where
+ public DNS servers are not used.
+
+ * systemd-resolved's DNS-over-TLS support gained SNI validation.
+
* The fs.suid_dumpable sysctl is set to 2 / "suidsafe". This allows
systemd-coredump to save core files for suid processes. When saving
the core file, systemd-coredump will use the effective uid and gid of
can now be suspended or resumed either using new systemctl verbs,
freeze and thaw respectively, or via D-Bus.
+ * systemd-udevd gained new configuration option timeout_signal= as well
+ as coresponding kernel command line option udev.timeout_signal.
+ The option can be used to configure the UNIX signal that the main
+ daemon sends to the worker processes on timeout.
+
+ * A new sd-path.h API has been added to libsystemd. It provides a
+ simple API for retrieving various search paths and primary
+ directories for various resources.
+
+ * The sd-bus API gained a number of convenience functions that take
+ va_list arguments rather than "...". For example, there's now
+ sd_bus_call_methodv() to match sd_bus_call_method(). Previously,
+ these were missing since the calls are convenience calls only and
+ could be put together from the more low-level functions they build
+ on.
+
+ * sd-bus vtable entries learnt a new flag SD_BUS_VTABLE_ABSOLUTE_OFFSET
+ which alters how the userdata pointer to pass to the callbacks is
+ determined. If the flag is set the offset field is converted as-is
+ into a pointer, without adding it to the object pointer the vtable is
+ associated with.
+
+ * sd-bus now exposes four new functions:
+ sd_bus_interface_name_is_valid() + sd_bus_service_name_is_valid() +
+ sd_bus_member_name_is_valid() + sd_bus_object_path_is_valid() will
+ validate strings to check if they qualify as various D-Bus concepts.
+
+ * The sd-bus API gained the SD_BUS_METHOD_WITH_ARGS(),
+ SD_BUS_METHOD_WITH_ARGS_OFFSET() and SD_BUS_SIGNAL_WITH_ARGS() macros
+ that simplify adding argument names to D-Bus methods and signals.
+
+ * systemctl gained a new "-P" switch that is a shortcut for "--value
+ --property=…".
+
+ * The expectations on user/group name syntax are now documented in
+ detail; documentation how classic home directories may be converted
+ into home directories managed by homed has been added; documentation
+ regarding integration of homed/userdb functionality in desktops has
+ been added:
+
+ https://systemd.io/USER_NAMES
+ https://systemd.io/CONVERTING_TO_HOMED
+ https://systemd.io/USERDB_AND_DESKTOPS
+
+ * systemd-run gained a new switch --slice-inherit. If specified the
+ unit it generates is placed in the same slice as the systemd-run
+ process itself.
+
+ * service unit files now accept a new setting CoredumpFilter= which
+ allows configuration of the memory sections coredumps of the
+ service's processes shall include.
+
+ * coredumpctl gained a new --file= switch, matching the same one in
+ journalctl: a specific journal file may be specified to read the
+ coredump data from.
+
+ * Various D-Bus APIs of systemd daemons now have man pages that
+ document the methods, signals and properties.
+
+ * journald.conf gained a new boolean setting Audit= that may be used to
+ control whether systemd-journald will enable audit during
+ initialization.
+
+ * A new default .network file is now shipped that matches TUN/TAP
+ devices that begin with "vt-" in their name. Such interfaces will
+ have IP routing onto the host links set up automatically. This is
+ supposed to be used by VM managers to trivially acquire a network
+ interface which is fully set up for host communication, simply by
+ carefully picking an interface name to use.
+
+ * All D-Bus services shipped in systemd now implement the generic
+ LogControl1 D-Bus API which allows clients to change log level +
+ target of the service during runtime.
+
+ * systemd-nspawn's --resolv-conf= switch gained a number of new
+ supported values. Specifically, options starting with "replace-" are
+ like those prefixed "copy-" but replace any existing resolv.conf
+ file. And options ending in "-uplink" and "-stub" can now be used to
+ propagate other flavours of resolv.conf into the container (as
+ defined by systemd-resolved).
+
+ * systemd-binfmt gained a new switch --unregister for unregistering all
+ registered entries at once. This is now invoked automatically at
+ shutdown, so that binary formats registered with the "F" flag will
+ not block clean file system unmounting.
+
+ * Unit files, tmpfiles.d/ snippets, sysusers.d/ snippets and other
+ configuration files that support specifier expansion learnt six new
+ specifiers: %a resolves to the current architecture, %o/%w/%B/%W
+ resolve to the various ID fields from /etc/os-release, %l resolves to
+ the "short" hostname of the system, i.e. the kernel configured
+ hostname, truncated at the first dot.
+
+ * systemd-notify's --pid= switch gained new values: "parent", "self",
+ "auto" for controlling which PID to send to the service manager: the
+ systemd-notify process' PID, or the one of the process invoking it.
+
+ * When sending a file descriptor (fd) to the service manager to keep
+ track of, using the sd_notify() mechanism, a new parameter FDPOLL=0
+ may be specified. If passed the service manager will refrain from
+ poll()ing on the file descriptor. Traditionally (and when the
+ parameter is not specified), the service manager will poll it for
+ POLLHUP or POLLERR events, and immediately close the fds in that
+ case.
+
+ * A new call sd_notify_barrier() has been added to the sd-daemon.h
+ API. The call will block until all previously sent sd_notify()
+ messages have been processed by the service manager. This is useful
+ to remove races caused by a process already having disappeared at the
+ time a notification message is processed by the service manager,
+ making correct attribution impossible. The systemd-notify tool will
+ now make use of this call implicitly, but this can be turned off again
+ via the new --no-block switch.
+
+ * systemd-logind's Session bus object learnt a new method call
+ SetType() for temporarily updating the session type of an already
+ allocated session. This is useful for upgrading tty sessions to
+ graphical ones once a compositor is invoked.
+
+ * .mount units gained a new ReadWriteOnly= boolean option. If set
+ it will not be attempted to mount a file system read-only if mounting
+ in read-write mode doesn't succeed. An option x-systemd.rw-only is
+ available in /etc/fstab to control the same.
+
+ * coredumps collected by systemd-coredump may now be compressed using
+ the zstd algorithm.
+
+ * journalctl's "-o cat" output mode will now show one or more journal
+ fields specified with --output-fields= instead of unconditionally
+ MESSAGE=. This is useful to retrieve a very specific set of fields
+ without any decoration.
+
+ * systemd-socket-proxy gained a new switch --exit-idle-time= for
+ configuring an exit-on-idle time.
+
+ * systemd-homed's LUKS backend gained the ability to discard empty file
+ system blocks automatically when the user logs out. This is enabled
+ by default to ensure that home directories take minimal space when
+ logged out but get full size guarantees when logged in. This may be
+ controlled with the new --luks-offline-discard= switch to homectl.
+
+ * If systemd-homed detects that /home/ is encrypted as a whole it will
+ now default to the directory or subvolume backends instead of the
+ LUKS backend, in order to avoid double encryption. The default
+ storage and file system may now be configured explicitly, too, via
+ the new /etc/systemd/homed.conf configuration file.
+
+ * when systemd-journald's log stream is broken up into multiple lines
+ because the PID of the sender changed this is indicated in the
+ generated log records via the _LINE_BREAK=pid-change field.
+
+ * systemd-networkd's .netdev files now support a new setting
+ VLANProtocol= in the [Bridge] section that allows configuration of
+ the VLAN protocol to use.
+
+ * systemd-repart's --empty= setting gained a new value "create". If
+ specified a new empty regular disk image file is created under the
+ specified name. Its size may be specified with the new --size=
+ option. The latter is also supported without the "create" mode, in
+ order to grow existing disk image files to the specified size. These
+ two new options are useful when creating or manipulating disk images
+ instead of operating on actual block devices.
+
+ * systemd-repart drop-ins now support a new UUID= setting to control
+ the UUID to assign to a newly created partition.
+
+ * StandardError= and StandardOutput= in unit files no longer support
+ the "syslog" and "syslog-console" switches. They were long removed
+ from the documentation, but will now result in warnings when used,
+ and be converted to "journal" and "journal+console" automatically.
+
+ * systemd-networkd supports a new Group= setting in the [Link] section
+ of the .network files, to control the link group.
+
+ * Two new unit file settings
+ ConditionPathIsEncrypted=/AssertPathIsEncrypted= have been
+ added. They may be used to check whether a specific file system path
+ resides on a block device that is encrypted on the block level
+ (i.e. using dm-crypt/LUKS).
+
+ * Another pair of new settings ConditionEnvironment=/AssertEnvironment=
+ has been added that may be used for simple environment checks. This
+ is particularly useful when passing in environment variables from a
+ container manager (or from PAM in case of the systemd --user
+ instance).
+
+ * The /sys/module/kernel/parameters/crash_kexec_post_notifiers file is
+ now automatically set to "Y" at boot, in order to enable pstore
+ generation for collection with systemd-pstore.
+
+ * New kernel command line options systemd.condition-needs-update= and
+ systemd.condition-first-boot= have been added, which override the
+ result of the ConditionNeedsUpdate= and ConditionFirstBoot=
+ conditions.
+
+ * A new kernel command line option systemd.clock-usec= has been added
+ that allows setting the system clock to the specified time in µs
+ since Jan 1st, 1970 early during boot. This is in particular useful
+ in order to make test cases more reliable.
+
+ * A new kernel command line option systemd.hostname= has been added
+ that allows controlling the hostname that is initialized early during
+ boot.
+
+ * The /etc/crypttab tmp option now optionally takes an argument
+ selecting the file system to use. Moreover, the default is now
+ changed from ext2 to ext4.
+
+ * There's a new /etc/crypttab option "keyfile-erase". If specified the
+ key file listed in the same line is removed after use, regardless if
+ volume activation was successful or not. This is useful if the key
+ file is only acquired transiently at runtime and shall be erased
+ before the system continues to boot.
+
+ * There's also a new /etc/crypttab option "try-empty-password". If
+ specified, before asking the user for a password it is attempted to
+ unlock the volume with an empty password. This is useful for
+ installing encrypted images whose password shall be set on first boot
+ instead of at installation time.
+
+ * systemd-cryptsetup will now attempt to load the keys to unlock
+ volumes with automatically from files in
+ /etc/cryptsetup-keys.d/<volume>.key and
+ /run/cryptsetup-keys.d/<volume>.key, if any of these files exist.
+
+ * logind.conf gained a new RuntimeDirectoryInodesMax= setting to
+ control the inode limit for the per-user $XDG_RUNTIME_DIR tmpfs
+ instance.
+
+ * systemd-firstboot gained a new --root-password-hashed= parameter for
+ setting the root user's password as UNIX password hash. There's a new
+ --delete-root-password switch which instead of setting a password for
+ the root user, removes it so that log-in without a password is
+ permitted. There's now --force which if specified means any existing
+ configuration is overwritten by the specified settings. It also
+ gained a new --kernel-command-line= parameter which may be used to
+ set the /etc/kernel/cmdline file of an OS image.
+
+ * A new generator systemd-xdg-autostart-generator has been added. It
+ automatically generates systemd unit files from XDG autostart
+ .desktop files, and is useful for allowing systemd to manage services
+ defined that way safely and automatically.
+
+ * systemd will now log about all left-over processes remaining in a
+ unit when the unit is stopped. It will now warn about services using
+ KillMode=none, as this is generally an unsafe thing to make use of.
+
+ * .socket units gained a new boolean setting PassPacketInfo=. If
+ enabled, the kernel will attach additional per-packet metadata to all
+ packets read from the socket, as ancillary message. This controls the
+ IP_PKTINFO, IPV6_RECVPKTINFO, NETLINK_PKTINFO socket options,
+ depending on socket type.
+
+ * A new boolean option AssignAcquiredDelegatedPrefixAddress= has been
+ added to the [DHCPv6] section of .network files. If enabled (which is
+ the default) an address from any acquired delegated prefix is
+ automatically chosen and assigned to the interface.
+
+ * "systemctl reboot" takes the option "--reboot-argument=".
+ The optional positional argument to "systemctl reboot" is now
+ being deprecated in favor of this option.
+
+ * Support for the .include syntax in unit files has been removed. The
+ concept has been obsolete for 6 years and we started warning about
+ its pending removal 2 years ago (also see NEWS file below). It's
+ finally gone now.
+
+ * The BlackList= settings in .network files' [DHCPv4] and
+ [IPv6AcceptRA] sections have been renamed DenyList=. The old names
+ are still understood to provide compatibility.
+
CHANGES WITH 245:
* A new tool "systemd-repart" has been added, that operates as an
* systemd-sysusers gained support for creating users with the primary
group named differently than the user.
- * systemd-resolved's DNS-over-TLS support gained SNI validation.
-
* systemd-growfs (i.e. the x-systemd.growfs mount option in /etc/fstab)
gained support for growing XFS partitions. Previously it supported
only ext4 and btrfs partitions.
of the PAM session, for example for time-limited logins.
* A new @pkey system call group is now defined to make it easier to
- whitelist memory protection syscalls for containers and services
+ allow-list memory protection syscalls for containers and services
which need to use them.
* systemd-udevd: removed the 30s timeout for killing stale workers on
* udev now provides a program (fido_id) that identifies FIDO CTAP1
("U2F")/CTAP2 security tokens based on the usage declared in their
report and descriptor and outputs suitable environment variables.
- This replaces the externally maintained whitelists of all known
+ This replaces the externally maintained allow lists of all known
security tokens that were used previously.
- * Automatically generated autosuspend udev rules for whitelisted
+ * Automatically generated autosuspend udev rules for allow-listed
devices have been imported from the Chromium OS project. This should
improve power saving with many more devices.
the IO accounting data is included in the resource log message
generated whenever a unit stops.
- * Units may now configure an explicit time-out to wait for when killed
+ * Units may now configure an explicit timeout to wait for when killed
with SIGABRT, for example when a service watchdog is hit. Previously,
- the regular TimeoutStopSec= time-out was applied in this case too —
- now a separate time-out may be set using TimeoutAbortSec=.
+ the regular TimeoutStopSec= timeout was applied in this case too —
+ now a separate timeout may be set using TimeoutAbortSec=.
* Services may now send a special WATCHDOG=trigger message with
sd_notify() to trigger an immediate "watchdog missed" event, and thus
* If processes terminated during the last phase of shutdown do not exit
quickly systemd will now show their names after a short time, to make
- debugging easier. After a longer time-out they are forcibly killed,
+ debugging easier. After a longer timeout they are forcibly killed,
as before.
* journalctl (and the other tools that display logs) will now highlight
* systemd-networkd's DHCPv4 support now understands a new MaxAttempts=
option for configuring the maximum number of DHCP lease requests. It
- also learnt a new BlackList= option for blacklisting DHCP servers (a
+ also learnt a new BlackList= option for deny-listing DHCP servers (a
similar setting has also been added to the IPv6 RA client), as well
as a SendRelease= option for configuring whether to send a DHCP
RELEASE message when terminating.
any relevant symlinks both in /run and /etc.
* Note that all long-running system services shipped with systemd will
- now default to a system call whitelist (rather than a blacklist, as
+ now default to a system call allow list (rather than a deny list, as
before). In particular, systemd-udevd will now enforce one too. For
most cases this should be safe, however downstream distributions
which disabled sandboxing of systemd-udevd (specifically the
MountFlags= setting), might want to disable this security feature
- too, as the default whitelisting will prohibit all mount, swap,
+ too, as the default allow-listing will prohibit all mount, swap,
reboot and clock changing operations from udev rules.
* sd-boot acquired new loader configuration settings to optionally turn
* systemd-nspawn gained support for a new --system-call-filter= command
line option for adding and removing entries in the default system
call filter it applies. Moreover systemd-nspawn has been changed to
- implement a system call whitelist instead of a blacklist.
+ implement a system call allow list instead of a deny list.
* systemd-run gained support for a new --pipe command line option. If
used the STDIN/STDOUT/STDERR file descriptors passed to systemd-run
fsck's progress report to an AF_UNIX socket in the file
system.
- * udev will no longer create device symlinks for all block
- devices by default. A blacklist for excluding special block
- devices from this logic has been turned into a whitelist
- that requires picking block devices explicitly that require
- device symlinks.
+ * udev will no longer create device symlinks for all block devices by
+ default. A deny list for excluding special block devices from this
+ logic has been turned into a allow list that requires picking block
+ devices explicitly that require device symlinks.
* A new (currently still internal) API sd-device.h has been
added to libsystemd. This modernized API is supposed to
Wikipedia. We explicitly document which base applies for
each configuration option.
- * The DeviceAllow= setting in unit files now supports a syntax
- to whitelist an entire group of devices node majors at once,
- based on the /proc/devices listing. For example, with the
- string "char-pts", it is now possible to whitelist all
- current and future pseudo-TTYs at once.
+ * The DeviceAllow= setting in unit files now supports a syntax to
+ allow-list an entire group of devices node majors at once, based on
+ the /proc/devices listing. For example, with the string "char-pts",
+ it is now possible to allow-list all current and future pseudo-TTYs
+ at once.
* sd-event learned a new "post" event source. Event sources of
this type are triggered by the dispatching of any event
* journalctl gained the new "--header" switch to introspect
header data of journal files.
- * A new setting SystemCallFilters= has been added to services
- which may be used to apply blacklists or whitelists to
- system calls. This is based on SECCOMP Mode 2 of Linux 3.5.
+ * A new setting SystemCallFilters= has been added to services which may
+ be used to apply deny lists or allow lists to system calls. This is
+ based on SECCOMP Mode 2 of Linux 3.5.
* nspawn gained a new --link-journal= switch (and quicker: -j)
to link the container journal with the host. This makes it