systemd System and Service Manager
-CHANGES WITH 254 in spe:
+CHANGES WITH 255 in spe:
+
+ Announcements of Future Feature Removals and Incompatible Changes:
+
+ * Support for split-usr (/usr/ mounted separately during late boot,
+ instead of being mounted by the initrd before switching to the rootfs)
+ and unmerged-usr (parallel directories /bin/ and /usr/bin/, /lib/ and
+ /usr/lib/, …) has been removed. For more details, see:
+ https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html
+
+ * We intend to remove cgroup v1 support from a systemd release after
+ the end of 2023. If you run services that make explicit use of
+ cgroup v1 features (i.e. the "legacy hierarchy" with separate
+ hierarchies for each controller), please implement compatibility with
+ cgroup v2 (i.e. the "unified hierarchy") sooner rather than later.
+ Most of Linux userspace has been ported over already.
+
+ * Support for System V service scripts is now deprecated and will be
+ removed in a future release. Please make sure to update your software
+ *now* to include a native systemd unit file instead of a legacy
+ System V script to retain compatibility with future systemd releases.
+
+ * Support for the SystemdOptions EFI variable is deprecated.
+ 'bootctl systemd-efi-options' will emit a warning when used. It seems
+ that this feature is little-used and it is better to use alternative
+ approaches like credentials and confexts. The plan is to drop support
+ altogether at a later point, but this might be revisited based on
+ user feedback.
+
+ * systemd-run's switch --expand-environment= which currently is disabled
+ by default when combined with --scope, will be changed in a future
+ release to be enabled by default.
+
+ * "systemctl switch-root" is now restricted to initrd transitions only.
+ Transitions between real systems should be done with "systemctl soft-reboot"
+ instead.
+
+ Device Management:
+
+ * udev will now create symlinks to loopback block devices in the
+ /dev/disk/by-loop-ref/ directory that are based on the .lo_file_name
+ string field selected during allocation. The systemd-dissect tool and
+ the util-linux losetup command now supports a complementing new
+ switch --loop-ref= for selecting the string. This means a loopback
+ block device may now be allocated under a caller-chosen reference and
+ can subsequently be referenced by that without first having to look
+ up the block device name the caller ended up with.
+
+ * udev also creates symlinks to loopback block devices in the
+ /dev/disk/by-loop-inode/ directory based on the .st_dev/st_ino fields
+ of the inode attached to the loopback block device. This means that
+ attaching a file to a loopback device will implicitly make a handle
+ available to be found via that file's inode information.
+
+ Network Management:
+
+ * The "duid-only" option for DHCPv4 client's ClientIdentifier= setting
+ is now dropped, as it never worked, hence it should not be used by
+ anyone.
+
+ Changes in systemd-analyze:
+
+ * "systemd-analyze plot" has gained tooltips on each unit name with
+ related-unit information in its svg output, such as Before=,
+ Requires=, and similar properties.
+
+CHANGES WITH 254:
Announcements of Future Feature Removals and Incompatible Changes:
trailing with escape as a non comment line. For details, see:
https://github.com/systemd/systemd/issues/27975
+ * PrivateNetwork=yes and NetworkNamespacePath= now imply
+ PrivateMounts=yes unless PrivateMounts=no is explicitly specified.
+
* Behaviour of sandboxing options for the per-user service manager
units has changed. They now imply PrivateUsers=yes, which means user
namespaces will be implicitly enabled when a sandboxing option is
needed in the system service manager. For more details, see:
https://lists.freedesktop.org/archives/systemd-devel/2022-December/048682.html
+ * systemd-run's switch --expand-environment= which currently is disabled
+ by default when combined with --scope, will be changed in a future
+ release to be enabled by default.
+
Security Relevant Changes:
* pam_systemd will now by default pass the CAP_WAKE_ALARM ambient
Service Manager:
- * "Startup" memory settings are now supported. Previously IO and CPU
- settings were already supported via StartupCPUWeight= and similar.
- The same logic has been added for the various per-unit memory
- settings StartupMemoryMax= and related.
+ * Memory limits that apply while the unit is activating are now
+ supported. Previously IO and CPU settings were already supported via
+ StartupCPUWeight= and similar. The same logic has been added for the
+ various manager and unit memory settings (DefaultStartupMemoryLow=,
+ StartupMemoryLow=, StartupMemoryHigh=, StartupMemoryMax=,
+ StartupMemorySwapMax=, StartupMemoryZSwapMax=).
* The service manager gained support for enqueuing POSIX signals to
services that carry an additional integer value, exposing the
or RootDirectory= an ephemeral copy of the disk image or directory
tree is made when the service is started. It is removed automatically
when the service is stopped. That ephemeral copy is made using
- btrfs/xfs reflinks or btrfs snaphots, if available.
+ btrfs/xfs reflinks or btrfs snapshots, if available.
* The service activation logic gained new settings RestartSteps= and
RestartMaxDelaySec= which allow exponentially-growing restart
system reset involves. Moreover, open file descriptors may be passed
across the soft reboot into the new system where they will be passed
back to the originating services. This allows pinning resources
- across the reboot, thus minimizing grey-out time further. Moreover,
- it is possible to allow specific crucial services to survive the
- reboot process, if they run off a separate root file system (i.e. use
- RootDirectory= or RootImage=, or are portable services). This new
+ across the reboot, thus minimizing grey-out time further. This new
reboot mechanism is accessible via the new "systemctl soft-reboot"
command.
automatically adjusted to match the specified CPU architecture, in
order to simplify cross-architecture DDI building.
+ * systemd-repart will now default to a minimum size of 300MB for XFS
+ filesystems if no size parameter is specified. This matches what the
+ XFS tools (xfsprogs) can support.
+
systemd-boot, systemd-stub, ukify, bootctl, kernel-install:
* gnu-efi is no longer required to build systemd-boot and systemd-stub.
specified command line after sending the requested messages. This is
useful for sending out READY=1 first, and then continuing invocation
without changing process ID, so that the tool can be nicely used
- within an ExecStart= line of a unit file that uses Type=ready.
+ within an ExecStart= line of a unit file that uses Type=notify.
sd-event + sd-bus APIs:
* systemd-resolved gained a new resolved.conf setting
StateRetentionSec= which may be used to retain cached DNS records
even after their nominal TTL, and use them in case upstream DNS
- servers cannot be reached. This can be sued to make name resolution
+ servers cannot be reached. This can be used to make name resolution
more resilient in case of network problems.
* resolvectl gained a new verb "show-cache" to show the current cache
* systemd-run gained a new switch --expand-environment=no to disable
server-side environment variable expansion in specified command
- lines.
+ lines. Expansion defaults to enabled for all execution types except
+ --scope, where it defaults to off (and prints a warning) for backward
+ compatibility reasons. --scope will be flipped to enabled by default
+ too in a future release. If you are using --scope and passing a '$'
+ character in the payload you should start explicitly using
+ --expand-environment=yes/no according to the use case.
* The systemd-system-update-generator has been updated to also look for
the special flag file /etc/system-update in addition to the existing
* systemd-fstab-generator now understands two new kernel command line
options systemd.mount-extra= and systemd.swap-extra=, which configure
- additional mounts or swaps in a format similar to /etc/fstab. It also
- now supports the new fstab.extra and fstab.extra.initrd credentials
- that may contain additional /etc/fstab lines to apply at boot.
+ additional mounts or swaps in a format similar to /etc/fstab. 'fsck'
+ will be ran on these block devices, like it already happens for
+ 'root='. It also now supports the new fstab.extra and
+ fstab.extra.initrd credentials that may contain additional /etc/fstab
+ lines to apply at boot.
* systemd-getty-generator now understands two new credentials
getty.ttys.container and getty.ttys.serial. These credentials may
contain a list of TTY devices – one per line – to instantiate
container-getty@.service and serial-getty@.service on.
+ * The getty/serial-getty/container-getty units now import the 'agetty.*'
+ and 'login.*' credentials, which are consumed by the 'login' and
+ 'agetty' programs starting from util-linux v2.40.
+
* systemd-sysupdate's sysupdate.d/ drop-ins gained a new setting
PathRelativeTo=, which can be set to "esp", "xbootldr", "boot", in
which case the Path= setting is taken relative to the ESP or XBOOTLDR
systemd.battery-check=0 through the kernel command line.
* The 'passwdqc' library is now supported as an alternative to the
- 'pwquality' library and it can be selected at build time.
+ 'pwquality' library and can be selected at build time.
Contributions from: 김인수, 07416, Addison Snelling, Adrian Vovk,
Aidan Dang, Alexander Krabler, Alfred Klomp, Anatoli Babenia,
Christian Hesse, Christoph Anton Mitterer, Christopher Gurnee,
Colin Walters, Cornelius Hoffmann, Cristian Rodríguez, cunshunxia,
cvlc12, Cyril Roelandt, Daan De Meyer, Daniele Medri,
- Daniel P. Berrangé, Dan Streetman, David Edmundson,
+ Daniel P. Berrangé, Daniel Rusek, Dan Streetman, David Edmundson,
David Schroeder, David Tardon, dependabot[bot],
Dimitri John Ledkov, Dmitrii Fomchenkov, Dmitry V. Levin, dmkUK,
Dominique Martinet, don bright, drosdeck, Edson Juliano Drosdeck,
Egor Ignatov, EinBaum, Emanuele Giuseppe Esposito, Eric Curtin,
- Evgeny Vereshchagin, Florian Klink, Franck Bui, François Rigault,
- Fran Diéguez, Franklin Yu, Frantisek Sumsal, Fuminobu TAKEYAMA,
- Gaël PORTAY, Gerd Hoffmann, Gertalitec, Gibeom Gwon,
- Gustavo Noronha Silva, Hannu Lounento, Hans de Goede,
- Haochen Tong, HATAYAMA Daisuke, Henrik Holst, Hoe Hao Cheng,
- Igor Tsiglyar, Ivan Vecera, James Hilliard, Jan Engelhardt,
- Jan Janssen, Jan Luebbe, Jan Macku, Janne Sirén, jcg, Jeidnx,
- Joan Bruguera, Joerg Behrmann, jonathanmetzman, Jordan Rome,
- Josef Miegl, Joshua Goins, Joyce, Joyce Brum, Juno Computers,
- Kai Lueke, Kevin P. Fleming, Kiran Vemula, Klaus, Klaus Zipfel,
- Lawrence Thorpe, Lennart Poettering, licunlong, Lily Foster,
- Luca Boccassi, Ludwig Nussel, Luna Jernberg, maanyagoenka,
- Maanya Goenka, Maksim Kliazovich, Malte Poll, Marko Korhonen,
- Masatake YAMATO, Mateusz Poliwczak, Matt Johnston, Miao Wang,
- Micah Abbott, Michal Koutný, Michal Sekletár, Mike Yuan, mooo,
- Morten Linderud, msizanoen, Nick Rosbrook, nikstur, Olivier Gayot,
- Omojola Joshua, Paolo Velati, Paul Barker, Pavel Borecki,
+ Erik Sjölund, Evgeny Vereshchagin, Florian Klink, Franck Bui,
+ François Rigault, Fran Diéguez, Franklin Yu, Frantisek Sumsal,
+ Fuminobu TAKEYAMA, Gaël PORTAY, Gerd Hoffmann, Gertalitec,
+ Gibeom Gwon, Gustavo Noronha Silva, Hannu Lounento,
+ Hans de Goede, Haochen Tong, HATAYAMA Daisuke, Henrik Holst,
+ Hoe Hao Cheng, Igor Tsiglyar, Ivan Vecera, James Hilliard,
+ Jan Engelhardt, Jan Janssen, Jan Luebbe, Jan Macku, Janne Sirén,
+ jcg, Jeidnx, Joan Bruguera, Joerg Behrmann, jonathanmetzman,
+ Jordan Rome, Josef Miegl, Joshua Goins, Joyce, Joyce Brum,
+ Juno Computers, Kai Lueke, Kevin P. Fleming, Kiran Vemula, Klaus,
+ Klaus Zipfel, Lawrence Thorpe, Lennart Poettering, licunlong,
+ Lily Foster, Luca Boccassi, Ludwig Nussel, Luna Jernberg,
+ maanyagoenka, Maanya Goenka, Maksim Kliazovich, Malte Poll,
+ Marko Korhonen, Masatake YAMATO, Mateusz Poliwczak, Matt Johnston,
+ Miao Wang, Micah Abbott, Michael A Cassaniti, Michal Koutný,
+ Michal Sekletár, Mike Yuan, mooo, Morten Linderud, msizanoen,
+ Nick Rosbrook, nikstur, Olivier Gayot, Omojola Joshua,
+ Paolo Velati, Paul Barker, Pavel Borecki, Petr Menšík,
Philipp Kern, Philip Withnall, Piotr Drąg, Quintin Hill,
Rene Hollander, Richard Phibel, Robert Meijers, Robert Scheck,
Roger Gammans, Romain Geissler, Ronan Pigott, Russell Harmon,
Zbigniew Jędrzejewski-Szmek, zhmylove, ZjYwMj,
Дамјан Георгиевски, наб
- — Edinburgh, 2023-07-14
+ — Edinburgh, 2023-07-28
CHANGES WITH 253:
packages have not retriggered devices once the udev package (or any
auxiliary package installing additional udev rules) is updated. We
intend to work with major distributions to change this, so that
- "udevadm trigger -a change" is issued on such upgrades, ensuring that
+ "udevadm trigger -c change" is issued on such upgrades, ensuring that
the updated ruleset is applied to the devices already discovered, so
that (asynchronously) after the upgrade completed the udev database
is consistent with the updated rule set. This means udev rules must
hibernates again.
* networkd's ClientIdentifier= now accepts a new option "duid-only". If
- set the client will only send a DUID as client identifier.
+ set the client will only send a DUID as client identifier. (EDIT: the
+ option was broken, and was dropped in v255.)
* The nss-systemd glibc NSS module will now enumerate dynamic users and
groups in effect. Previously, it could resolve UIDs/GIDs to user
* The watchdog device PID 1 will ping may now be configured through the
WatchdogDevice= configuration file setting, or by setting the
- systemd.watchdog_service= kernel commandline option.
+ systemd.watchdog_service= kernel command line option.
* systemd-resolved's gained support for registering DNS-SD services on
the local network using MulticastDNS. Services may either be