mounting additional disk images into the file system tree accessible
to the service.
+ * Timer units gained a new FixedRandomDelay= boolean setting. If
+ enabled, the random delay configured with RandomizedDelaySec= is
+ selected in a way that is stable on a given system (though still
+ different for different units).
+
+ * Socket units gained a new setting Timestamping= that takes "us", "ns"
+ or "off". This controls the SO_TIMESTAMP/SO_TIMESTAMPNS socket
+ options.
+
* systemd-repart now generates JSON output when requested with the new
--json= switch.
invoked by container payloads that are prohibited by the container's
system call filter policy.
+ * If the $SYSTEMD_SECCOMP=0 environment variable is set for
+ systemd-nspawn (and other programs that use seccomp) all seccomp
+ filtering is turned off.
+
* Two new unit file settings ProtectProc= and ProcSubset= have been
added that expose the hidepid= and subset= mount options of procfs.
All processes of the unit will only see processes in /proc that are
discipline in the [FlowQueuePIE] sections.
* systemd-networkd's .netdev files may now be used to create "BareUDP"
- tunnels, configured in the new [BareUDP] setting. VXLAN tunnels may
- now be marked to be independent of any underlying network interface
- via the new Independent= boolean setting.
+ tunnels, configured in the new [BareUDP] setting.
* systemd-networkd's Gateway= setting in .network files now accepts the
- special values _dhcp4 and _ipv6ra to configure additional, locally
- defined, explicit routes to the gateway acquired via DHCP or IPv6
- Router Advertisements.
+ special values "_dhcp4" and "_ipv6ra" to configure additional,
+ locally defined, explicit routes to the gateway acquired via DHCP or
+ IPv6 Router Advertisements. The old setting "_dhcp" is deprecated,
+ but still accepted for backwards compatibility.
+
+ * systemd-networkd's [IPv6PrefixDelegation] section and
+ IPv6PrefixDelegation= options have been renamed as [IPv6SendRA] and
+ IPv6SendRA= (the old names are still accepted for backwards
+ compatibility).
+
+ * systemd-networkd's .network files gained the DHCPv6PrefixDelegation=
+ boolean setting in [Network] section. If enabled, the delegated prefix
+ gained by another link will be configured, and an address within the
+ prefix will be assigned.
+
+ * systemd-networkd's .network files gained the Announce= boolean setting
+ in [DHCPv6PrefixDelegation] section. When enabled, the delegated
+ prefix will be announced through IPv6 router advertisement (IPv6 RA).
+ The setting is enabled by default.
+
+ * VXLAN tunnels may now be marked as independent of any underlying
+ network interface via the new Independent= boolean setting.
* systemctl gained support for two new verbs: "service-log-level" and
"service-log-target" may be used on services that implement the
* The SystemCallErrorNumber= unit file setting now accepts the new
"kill" and "log" actions, in addition to arbitrary error number
- specifications as before. If "kill" the the processes are killed on
- the event, if "log" the offending system call is audit logged.
+ specifications as before. If "kill" the processes are killed on the
+ event, if "log" the offending system call is audit logged.
* A new SystemCallLog= unit file setting has been added that accepts a
list of system calls that shall be logged about (audit).
contention for selected parts of the unit hierarchy using the PSI
information reported by the kernel, and kills processes when memory
or swap pressure is above configured limits. This service is only
- enabled in developer mode (see below) and should be considered a
- preview in this release. Behaviour details and option names are
- subject to change without the usual backwards-compatibility promises.
+ enabled by default in developer mode (see below) and should be
+ considered a preview in this release. Behaviour details and option
+ names are subject to change without the usual backwards-compatibility
+ promises.
* A new helper oomctl has been added to introspect systemd-oomd state.
- If also is only available in developer mode and should be considered
- a preview without the usual backwards-compatibility promises.
+ It is only enabled by default in developer mode and should be
+ considered a preview without the usual backwards-compatibility
+ promises.
* New meson option -Dcompat-mutable-uid-boundaries= has been added. If
enabled, systemd reads the system UID boundaries from /etc/login.defs
a command "bootctl set-default @current" may be used to make the
currently boot menu item the new default for all subsequent boots.
- * A new generic target unit "initrd-cryptsetup.target" has been added
- that is supposed to pull in all encrypted volumes that shall be set
- up during the initrd phase. It takes the place of "cryptsetup.target"
- and "remote-cryptsetup.target" that exist during the host boot
- phase. In other words, the new "initrd-cryptsetup.target" is supposed
- to take the role for "initrd-fs.target", but for encrypted volumes.
-
* "systemctl edit" has been updated to show the original effective unit
contents in commented form in the text editor.
+ * Units in user mode are now segregated into three new slices:
+ session.slice (units that form the core of graphical session),
+ app.slice ("normal" user applications), and background.slice
+ (low-priority tasks). Unless otherwise configured, user units are
+ placed in app.slice. The plan is to add resource limits and
+ protections for the different slices in the future.
+
+ Contributions from: Adolfo Jayme Barrientos, afg, Alec Moskvin, Alyssa
+ Ross, Amitanand Chikorde, Andrew Hangsleben, Anita Zhang, Ansgar
+ Burchardt, Arian van Putten, Aurelien Jarno, Axel Rasmussen, bauen1,
+ Beniamino Galvani, Benjamin Berg, Bjørn Mork, brainrom, Chandradeep
+ Dey, Charles Lee, Chris Down, Christian Göttsche, Clemens Gruber, Daan
+ De Meyer, Daniele Medri, Daniel Mack, Daniel Rusek, Dan Streetman,
+ David Tardon, Dimitri John Ledkov, Dmitry Borodaenko, Elias Probst,
+ Elisei Roca, ErrantSpore, Etienne Doms, Fabrice Fontaine, fangxiuning,
+ Felix Riemann, Florian Klink, Franck Bui, Frantisek Sumsal, fwSmit,
+ George Rawlinson, germanztz, Gibeom Gwon, Glen Whitney, Gogo Gogsi,
+ Göran Uddeborg, Grant Mathews, Hans de Goede, Hans Ulrich Niedermann,
+ Haochen Tong, Harald Seiler, huangyong, Hubert Kario, Ikey Doherty, Jan
+ Chren, Jan Schlüter, Jérémy Nouhaud, Jian-Hong Pan, Joerg Behrmann,
+ Jonathan Lebon, Josh Brobst, Juergen Hoetzel, Julien Humbert, Kai-Chuan
+ Hsieh, Kairui Song, Kamil Dudka, Kir Kolyshkin, Kristijan Gjoshev, Kyle
+ Huey, Kyle Russell, Lennart Poettering, lichangze, Luca Boccassi, Lucas
+ Werkmeister, Luca Weiss, Marc Kleine-Budde, Marco Wang, Martin Wilck,
+ Marti Raudsepp, masmullin2000, Máté Pozsgay, Matt Fenwick, Michael
+ Biebl, Michael Scherer, Michal Koutný, Michal Sekletár, Michal
+ Suchanek, Mikael Szreder, Milo Casagrande, mirabilos, Mitsuha_QuQ,
+ mog422, Muhammet Kara, Nazar Vinnichuk, Nicholas Narsing, Nicolas
+ Fella, Njibhu, nl6720, Oğuz Ersen, Olivier Le Moal, Ondrej Kozina,
+ onlybugreports, Pass Automated Testing Suite, Pat Coulthard, Pedro
+ Ruiz, Peter Hutterer, Phaedrus Leeds, PhoenixDiscord, Piotr Drąg, Plan
+ C, Purushottam choudhary, Rasmus Villemoes, Renaud Métrich, Robert
+ Marko, Ronan Pigott, Roy Chen (陳彥廷), RussianNeuroMancer, Samanta
+ Navarro, Samuel BF, scootergrisen, Sorin Ionescu, Steve Dodd, Susant
+ Sahani, Timo Rothenpieler, Tobias Hunger, Tobias Kaufmann, Topi
+ Miettinen, Vito Caputo, Weblate, Wen Yang, williamvds, Yu, Li-Yu, Yuri
+ Chornoivan, Yu Watanabe, Zbigniew Jędrzejewski-Szmek, Zmicer Turok,
+ Дамјан Георгиевски
+
+ – Warsaw, 2020-11-10
+
CHANGES WITH 246:
* The service manager gained basic support for cgroup v2 freezer. Units
configuration drop-ins are present, no action is taken.
* A new component "userdb" has been added, along with a small daemon
- "systemd-userdb.service" and a client tool "userdbctl". The framework
+ "systemd-userdbd.service" and a client tool "userdbctl". The framework
allows defining rich user and group records in a JSON format,
extending on the classic "struct passwd" and "struct group"
structures. Various components in systemd have been updated to
projects / thirdparty / systemd.git / blobdiff