systemd System and Service Manager
-CHANGES WITH 253 in spe:
+CHANGES WITH 254 in spe:
+
+ Security relevant changes:
+
+ * pam_systemd will now by default pass the CAP_WAKE_ALARM ambient
+ process capability to invoked session processes of regular users on
+ local seats (as well as to systemd --user), unless configured
+ otherwise via data from JSON user records, or via the PAM module's
+ parameter list. This is useful in order allow desktop tools such as
+ GNOME's Alarm Clock application to set a timer for
+ CLOCK_REALTIME_ALARM that wakes up the system when it elapses. A
+ per-user service unit file may thus use AmbientCapability= to pass
+ the capability to invoked processes. Note that this capability is
+ relatively narrow in focus (in particular compared to other process
+ capabilities such as CAP_SYS_ADMIN) and we already — by default —
+ permit more impactful operations such as system suspend to local
+ users.
- Deprecations and incompatible changes
+CHANGES WITH 253:
- * systemctl will now warn when invoked without /proc mounted (e.g. when
- invoked after chroot into an image without the API mount points like
- /proc being set up.) Operation in such an environment is not fully
- supported.
+ Announcements of Future Feature Removals and Incompatible Changes:
+
+ * We intend to remove cgroup v1 support from systemd release after the
+ end of 2023. If you run services that make explicit use of cgroup v1
+ features (i.e. the "legacy hierarchy" with separate hierarchies for
+ each controller), please implement compatibility with cgroup v2 (i.e.
+ the "unified hierarchy") sooner rather than later. Most of Linux
+ userspace has been ported over already.
+
+ * We intend to remove support for split-usr (/usr mounted separately
+ during boot) and unmerged-usr (parallel directories /bin and
+ /usr/bin, /lib and /usr/lib, etc). This will happen in the second
+ half of 2023, in the first release that falls into that time window.
+ For more details, see:
+ https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html
+
+ * We intend to change behaviour w.r.t. units of the per-user service
+ manager and sandboxing options, so that they work without having to
+ manually enable PrivateUsers= as well, which is not required for
+ system units. To make this work, we will implicitly enable user
+ namespaces (PrivateUsers=yes) when a sandboxing option is enabled in a
+ user unit. The drawback is that system users will no longer be visible
+ (and appear as 'nobody') to the user unit when a sandboxing option is
+ enabled. By definition a sandboxed user unit should run with reduced
+ privileges, so impact should be small. This will remove a great source
+ of confusion that has been reported by users over the years, due to
+ how these options require an extra setting to be manually enabled when
+ used in the per-user service manager, as opposed as to the system
+ service manager. We plan to enable this change in the next release
+ later this year. For more details, see:
+ https://lists.freedesktop.org/archives/systemd-devel/2022-December/048682.html
+
+ Deprecations and incompatible changes:
+
+ * systemctl will now warn when invoked without /proc/ mounted
+ (e.g. when invoked after chroot() into an directory tree without the
+ API mount points like /proc/ being set up.) Operation in such an
+ environment is not fully supported.
+
+ * The return value of 'systemctl is-active|is-enabled|is-failed' for
+ unknown units is changed: previously 1 or 3 were returned, but now 4
+ (EXIT_PROGRAM_OR_SERVICES_STATUS_UNKNOWN) is used as documented.
* 'udevadm hwdb' subcommand is deprecated and will emit a warning.
systemd-hwdb (added in 2014) should be used instead.
- * 'bootctl --json' now outputs well-formed JSON, instead of a stream
+ * 'bootctl --json' now outputs a single JSON array, instead of a stream
of newline-separated JSON objects.
- * Udev rules in 60-evdev.rules have been changed to load hwdb properties
- for all modalias patterns. Previously only the first matching pattern
- was used. This could change what properties are assigned if the user
- has more and less specific patterns that could match the same device,
- but it is expected that the change will have no effect for most users.
-
- New components:
-
- * A tool to build, measure, and sign Unified Kernel Images (UKIs) has
- been added. This replaces functionality provided by 'dracut --uefi'
- and extends it with automatic calculation of offsets, insertion of
- signed PCR policies generated by systemd-measure, support for initrd
- concatenation, signing of the embedded Linux image and the combined
- image with sbsign, and heuristics to autodetect the kernel uname and
- verify the splash image.
+ * Udev rules in 60-evdev.rules have been changed to load hwdb
+ properties for all modalias patterns. Previously only the first
+ matching pattern was used. This could change what properties are
+ assigned if the user has more and less specific patterns that could
+ match the same device, but it is expected that the change will have
+ no effect for most users.
+
+ * systemd-networkd-wait-online exits successfully when all interfaces
+ are ready or unmanaged. Previously, if neither '--any' nor
+ '--interface=' options were used, at least one interface had to be in
+ configured state. This change allows the case where systemd-networkd
+ is enabled, but no interfaces are configured, to be handled
+ gracefully. It may occur in particular when a different network
+ manager is also enabled and used.
+
+ * Some compatibility helpers were dropped: EmergencyAction= in the user
+ manager, as well as measuring kernel command line into PCR 8 in
+ systemd-stub, along with the -Defi-tpm-pcr-compat compile-time
+ option.
- Changes in systemd:
+ * The '-Dupdate-helper-user-timeout=' build-time option has been
+ renamed to '-Dupdate-helper-user-timeout-sec=', and now takes an
+ integer as parameter instead of a string.
+
+ * The DDI image dissection logic (which backs RootImage= in service
+ unit files, the --image= switch in various tools such as
+ systemd-nspawn, as well as systemd-dissect) will now only mount file
+ systems of types btrfs, ext4, xfs, erofs, squashfs, vfat. This list
+ can be overridden via the $SYSTEMD_DISSECT_FILE_SYSTEMS environment
+ variable. These file systems are fairly well supported and maintained
+ in current kernels, while others are usually more niche, exotic or
+ legacy and thus typically do not receive the same level of security
+ support and fixes.
+
+ * The default per-link multicast DNS mode is changed to "yes"
+ (that was previously "no"). As the default global multicast DNS mode
+ has been "yes" (but can be changed by the build option), now the
+ multicast DNS is enabled on all links by default. You can disable the
+ multicast DNS on all links by setting MulticastDNS= in resolved.conf,
+ or on an interface by calling "resolvectl mdns INTERFACE no".
- * Initrd environments which are not on a temporary file system (for
- example an overlayfs combination) are now supported. Systemd will only
- skip removal of the files in the initrd if it doesn't detect a
- temporary file system.
+ New components:
- * New MemoryZSwapMax= option has been added to configure
- memory.zswap.max cgroup properties (the maximum amount of zswap used).
+ * A tool 'ukify' tool to build, measure, and sign Unified Kernel Images
+ (UKIs) has been added. This replaces functionality provided by
+ 'dracut --uefi' and extends it with automatic calculation of PE file
+ offsets, insertion of signed PCR policies generated by
+ systemd-measure, support for initrd concatenation, signing of the
+ embedded Linux image and the combined image with sbsign, and
+ heuristics to autodetect the kernel uname and verify the splash
+ image.
+
+ Changes in systemd and units:
+
+ * A new service type Type=notify-reload is defined. When such a unit is
+ reloaded a UNIX process signal (typically SIGHUP) is sent to the main
+ service process. The manager will then wait until it receives a
+ "RELOADING=1" followed by a "READY=1" notification from the unit as
+ response (via sd_notify()). Otherwise, this type is the same as
+ Type=notify. A new setting ReloadSignal= may be used to change the
+ signal to send from the default of SIGHUP.
+
+ user@.service, systemd-networkd.service, systemd-udevd.service, and
+ systemd-logind have been updated to this type.
+
+ * Initrd environments which are not on a pure memory file system (e.g.
+ overlayfs combination as opposed to tmpfs) are now supported. With
+ this change, during the initrd → host transition ("switch root")
+ systemd will erase all files of the initrd only when the initrd is
+ backed by a memory file system such as tmpfs.
+
+ * New per-unit MemoryZSwapMax= option has been added to configure
+ memory.zswap.max cgroup properties (the maximum amount of zswap
+ used).
+
+ * A new LogFilterPatterns= option has been added for units. It may be
+ used to specify accept/deny regular expressions for log messages
+ generated by the unit, that shall be enforced by systemd-journald.
+ Rejected messages are neither stored in the journal nor forwarded.
+ This option may be used to suppress noisy or uninteresting messages
+ from units.
+
+ * The manager has a new
+ org.freedesktop.systemd1.Manager.GetUnitByPIDFD() D-Bus method to
+ query process ownership via a PIDFD, which is more resilient against
+ PID recycling issues.
* Scope units now support OOMPolicy=. Login session scopes default to
- OOMPolicy=continue, allowing login scopes to survive the oom killer
+ OOMPolicy=continue, allowing login scopes to survive the OOM killer
terminating some processes in the scope.
* systemd-fstab-generator now supports x-systemd.makefs option for
- /sysroot (in the initrd).
+ /sysroot/ (in the initrd).
+
+ * The maximum rate at which daemon reloads are executed can now be
+ limited with the new ReloadLimitIntervalSec=/ReloadLimitBurst=
+ options. (Or the equivalent on the kernel command line:
+ systemd.reload_limit_interval_sec=/systemd.reload_limit_burst=). In
+ addition, systemd now logs the originating unit and PID when a reload
+ request is received over D-Bus.
+
+ * When enabling a swap device systemd will now reinitialize the device
+ when the page size of the swap space does not match the page size of
+ the running kernel. Note that this requires the 'swapon' utility to
+ provide the '--fixpgsz' option, as implemented by util-linux, and it
+ is not supported by busybox at the time of writing.
+
+ * systemd now executes generator programs in a mount namespace
+ "sandbox" with most of the file system read-only and write access
+ restricted to the output directories, and with a temporary /tmp/
+ mount provided. This provides a safeguard against programming errors
+ in the generators, but also fixes here-docs in shells, which
+ previously didn't work in early boot when /tmp/ wasn't available
+ yet. (This feature has no security implications, because the code is
+ still privileged and can trivially exit the sandbox.)
+
+ * The system manager will now parse a new "vmm.notify_socket"
+ system credential, which may be supplied to a VM via SMBIOS. If
+ found, the manager will send a "READY=1" notification on the
+ specified socket after boot is complete. This allows readiness
+ notification to be sent from a VM guest to the VM host over a VSOCK
+ socket.
+
+ * The sample PAM configuration file for systemd-user@.service now
+ includes a call to pam_namespace. This puts children of user@.service
+ in the expected namespace. (Many distributions replace their file
+ with something custom, so this change has limited effect.)
+
+ * A new environment variable $SYSTEMD_DEFAULT_MOUNT_RATE_LIMIT_BURST
+ can be used to override the mount units burst late limit for
+ parsing '/proc/self/mountinfo', which was introduced in v249.
+ Defaults to 5.
+
+ * Drop-ins for init.scope changing control group resource limits are
+ now applied, while they were previously ignored.
+
+ * New build-time configuration options '-Ddefault-timeout-sec=' and
+ '-Ddefault-user-timeout-sec=' have been added, to let distributions
+ choose the default timeout for starting/stopping/aborting system and
+ user units respectively.
+
+ * Service units gained a new setting OpenFile= which may be used to
+ open arbitrary files in the file system (or connect to arbitrary
+ AF_UNIX sockets in the file system), and pass the open file
+ descriptor to the invoked process via the usual file descriptor
+ passing protocol. This is useful to give unprivileged services access
+ to select files which have restrictive access modes that would
+ normally not allow this. It's also useful in case RootDirectory= or
+ RootImage= is used to allow access to files from the host environment
+ (which is after all not visible from the service if these two options
+ are used.)
Changes in udev:
* The new net naming scheme "v253" has been introduced. In the new
scheme, ID_NET_NAME_PATH is also set for USB devices not connected via
- a PCI bus. This extends the converage of predictable interface names
+ a PCI bus. This extends the coverage of predictable interface names
in some embedded systems.
The "amba" bus path is now included in ID_NET_NAME_PATH, resulting in
a more informative path on some embedded systems.
+ * Partition block devices will now also get symlinks in
+ /dev/disk/by-diskseq/<seq>-part<n>, which may be used to reference
+ block device nodes via the kernel's "diskseq" value. Previously those
+ symlinks were only created for the main block device.
+
+ * A new operator '-=' is supported for SYMLINK variables. This allows
+ symlinks to be unconfigured even if an earlier rule added them.
+
+ * 'udevadm --trigger --settle' now also works for network devices
+ that are being renamed.
+
Changes in sd-boot, bootctl, and the Boot Loader Specification:
- * systemd-boot now passes its random seed directly to the kernel's RNG
- via the LINUX_EFI_RANDOM_SEED_TABLE_GUID configuration table, which
- means the RNG gets seeded very early in boot before userspace has
- started.
+ * systemd-boot now passes its random seed directly to the kernel's RNG
+ via the LINUX_EFI_RANDOM_SEED_TABLE_GUID configuration table, which
+ means the RNG gets seeded very early in boot before userspace has
+ started.
+
+ * systemd-boot will pass a disk-backed random seed – even when secure
+ boot is enabled – if it can additionally get a random seed from EFI
+ itself (via EFI's RNG protocol), or a prior seed in
+ LINUX_EFI_RANDOM_SEED_TABLE_GUID from a preceding bootloader.
+
+ * systemd-boot-system-token.service was renamed to
+ systemd-boot-random-seed.service and extended to always save a random
+ seed to ESP on every boot when a compatible boot loader is used. This
+ allows a refreshed random seed to be used in the boot loader.
+
+ * systemd-boot handles various seed inputs using a domain- and
+ field-separated hashing scheme.
+
+ * systemd-boot's 'random-seed-mode' option has been removed. A system
+ token is now always required to be present for random seeds to be
+ used.
+
+ * systemd-boot now supports being loaded from other locations than the
+ ESP, for example for direct kernel boot under QEMU or when embedded
+ into the firmware.
+
+ * systemd-boot now parses SMBIOS information to detect
+ virtualization. This information is used to skip some warnings which
+ are not useful in a VM and to conditionalize other aspects of
+ behaviour.
+
+ * systemd-boot now supports a new 'if-safe' mode that will perform UEFI
+ Secure Boot automated certificate enrollment from the ESP only if it
+ is considered 'safe' to do so. At the moment 'safe' means running in
+ a virtual machine.
- * systemd-boot will pass a random seed when secure boot is enabled if
- it can additionally get a random seed from EFI itself, via EFI's RNG
- protocol or a prior seed in LINUX_EFI_RANDOM_SEED_TABLE_GUID from a
- preceding bootloader.
+ * systemd-stub now processes random seeds in the same way as
+ systemd-boot already does, in case a unified kernel image is being
+ used from a different bootloader than systemd-boot, or without any
+ boot load at all.
- * The random seed stored in the ESP is now refreshed whenever
- systemd-random-seed.service is run.
+ * bootctl will now generate a system token on all EFI systems, even
+ virtualized ones, and is activated in the case that the system token
+ is missing from either sd-boot and sd-stub booted systems.
- * systemd-boot handles various seed inputs using a domain- and
- field-separated hashing scheme.
+ * bootctl now implements two new verbs: 'kernel-identify' prints the
+ type of a kernel image file, and 'kernel-inspect' provides
+ information about the embedded command line and kernel version of
+ UKIs.
- * systemd-boot's 'random-seed-mode' option has been removed. A system
- token is now always required to be present for random seeds to be
- used.
+ * bootctl now honours $KERNEL_INSTALL_CONF_ROOT with the same meaning
+ as for kernel-install.
- * systemd-stub now processes random seeds in the same way as
- systemd-boot, in case a unified kernel image is being used from a
- different bootloader than systemd-boot.
+ * The JSON output of "bootctl list" will now contain two more fields:
+ isDefault and isSelected are boolean fields set to true on the
+ default and currently booted boot menu entries.
- * bootctl will now generate a system token on all EFI systems, even
- virtualized ones, and is activated in the case that the system token
- is missing from either sd-boot and sd-stub booted systems.
+ * bootctl gained a new verb "unlink" for removing a boot loader entry
+ type #1 file from disk in a safe and robust way.
- * systemd-boot now supports being loaded not from the ESP, for example
- for direct kernel boot under QEMU or when embedded into the firmware.
+ * bootctl also gained a new verb "cleanup" that automatically removes
+ all files from the ESP's and XBOOTLDR's "entry-token" directory, that
+ is not referenced anymore by any installed Type #1 boot loader
+ specification entry. This is particularly useful in environments where
+ a large number of entries reference the same or partly the same
+ resources (for example, for snapshot-based setups).
Changes in kernel-install:
- * A new "installation layout" can be configured as layout=uki. With this
- setting, a Boot Loader Specification Type#1 entry will not be created.
- Instead, a new kernel-install plugin 90-uki-copy.install will copy any
- .efi files from the staging area into the boot partition. A plugin to
- generate the UKI .efi file must be provided separately.
+ * A new "installation layout" can be configured as layout=uki. With
+ this setting, a Boot Loader Specification Type#1 entry will not be
+ created. Instead, a new kernel-install plugin 90-uki-copy.install
+ will copy any .efi files from the staging area into the boot
+ partition. A plugin to generate the UKI .efi file must be provided
+ separately.
Changes in systemctl:
* 'systemctl reboot' has dropped support for accepting a positional
argument as the argument to the reboot(2) syscall. Please use the
- --reboot-argument option instead.
+ --reboot-argument= option instead.
- * 'systemctl disable' will now warn when called on units without install
- information. A new --no-warn option has been added that silences this
- warning.
+ * 'systemctl disable' will now warn when called on units without
+ install information. A new --no-warn option has been added that
+ silences this warning.
- * 'systemctl kexec' now supports XEN.
+ * New option '--drop-in=' can be used to tell 'systemctl edit' the name
+ of the drop-in to edit. (Previously, 'override.conf' was always
+ used.)
+
+ * 'systemctl list-dependencies' now respects --type= and --state=.
+
+ * 'systemctl kexec' now supports XEN VMM environments.
+
+ * 'systemctl edit' will now tell the invoked editor to jump into the
+ first line with actual unit file data, skipping over synthesized
+ comments.
Changes in systemd-networkd and related tools:
+ * The [DHCPv4] section in .network file gained new SocketPriority=
+ setting that assigns the Linux socket priority used by the DHCPv4 raw
+ socket. This may be used in conjunction with the
+ EgressQOSMaps=setting in [VLAN] section of .netdev file to send the
+ desired ethernet 802.1Q frame priority for DHCPv4 initial
+ packets. This cannot be achieved with netfilter mangle tables because
+ of the raw socket bypass.
+
+ * The [DHCPv4] and [IPv6AcceptRA] sections in .network file gained a
+ new QuickAck= boolean setting that enables the TCP quick ACK mode for
+ the routes configured by the acquired DHCPv4 lease or received router
+ advertisements (RAs).
+
* The RouteMetric= option (for DHCPv4, DHCPv6, and IPv6 advertised
routes) now accepts three values, for high, medium, and low preference
of the router (which can be set with the RouterPreference=) setting.
- * systemd-networkd-wait-online now supports alternative interface names.
+ * systemd-networkd-wait-online now supports matching via alternative
+ interface names.
+
+ * The [DHCPv6] section in .network file gained new SendRelease=
+ setting which enables the DHCPv6 client to send release when
+ it stops. This is the analog of the [DHCPv4] SendRelease= setting.
+ It is enabled by default.
+
+ * If the Address= setting in [Network] or [Address] sections in .network
+ specified without its prefix length, then now systemd-networkd assumes
+ /32 for IPv4 or /128 for IPv6 addresses.
+
+ * networkctl shows network and link file dropins in status output.
Changes in systemd-dissect:
- * systemd-dissect gained a new option --list, to print the paths fo the
- files and directories in the image.
+ * systemd-dissect gained a new option --list, to print the paths of
+ all files and directories in a DDI.
- * systemd-dissect gained a new option --mtree, to generate output
- compatible with BSD mtree(5).
+ * systemd-dissect gained a new option --mtree, to generate a file
+ manifest compatible with BSD mtree(5) of a DDI
- * systemd-dissect gained a new option --with, to execute a command in
- the image temporarily mounted.
+ * systemd-dissect gained a new option --with, to execute a command with
+ the specified DDI temporarily mounted and used as working
+ directory. This is for example useful to convert a DDI to "tar"
+ simply by running it within a "systemd-dissect --with" invocation.
* systemd-dissect gained a new option --discover, to search for
- Discoverable Disk Images (DDIs) in well-known directories. This will
- list machine, portable service and system extension disk images.
+ Discoverable Disk Images (DDIs) in well-known directories of the
+ system. This will list machine, portable service and system extension
+ disk images.
* systemd-dissect now understands 2nd stage initrd images stored as a
Discoverable Disk Image (DDI).
+ * systemd-dissect will now display the main UUID of GPT DDIs (i.e. the
+ disk UUID stored in the GPT header) among the other data it can show.
+
+ * systemd-dissect gained a new --in-memory switch to operate on an
+ in-memory copy of the specified DDI file. This is useful to access a
+ DDI with write access without persisting any changes. It's also
+ useful for accessing a DDI without keeping the originating file
+ system busy.
+
+ * The DDI dissection logic will now automatically detect the intended
+ sector size of disk images stored in files, based on the GPT
+ partition table arrangement. Loopback block devices for such DDIs
+ will then be configured automatically for the right sector size. This
+ is useful to make dealing with modern 4K sector size DDIs fully
+ automatic. The systemd-dissect tool will now show the detected sector
+ size among the other DDI information in its output.
+
Changes in systemd-repart:
- * systemd-repart gained new options --include-partitions and
- --exclude-partitions to filter operation on partitions by type UUID.
+ * systemd-repart gained new options --include-partitions= and
+ --exclude-partitions= to filter operation on partitions by type UUID.
This allows systemd-repart to be used to build images in which the
type of one partition is set based on the contents of another
partition (for example when the boot partition shall include a verity
hash of the root partition).
- * systemd-repart now supports erofs (a read-only file system similar to
- squashfs).
+ * systemd-repart also gained a --defer-partitions= option that is
+ similar to --exclude-partitions=, but the size of the partition is
+ still taken into account when sizing partitions, but without
+ populating it.
- Changes in systemd-homed:
+ * systemd-repart gained a new --sector-size= option to specify what
+ sector size should be used when an image is created.
+
+ * systemd-repart now supports generating erofs file systems via
+ CopyFiles= (a read-only file system similar to squashfs).
+
+ * The Minimize= option was extended to accept "best" (which means the
+ most minimal image possible, but may require multiple attempts) and
+ "guess" (which means a reasonably small image).
+
+ * The systemd-growfs binary now comes with a regular unit file template
+ systemd-growfs@.service which can be instantiated directly for any
+ desired file system. (Previously, the unit was generated dynamically
+ by various generators, but no regular unit file template was
+ available.)
+
+ Changes in journal tools:
+
+ * Various systemd tools will append extra fields to log messages when
+ in debug mode, or when SYSTEMD_ENABLE_LOG_CONTEXT=1 is set. Currently
+ this includes information about D-Bus messages when sd-bus is used,
+ e.g. DBUS_SENDER=, DBUS_DESTINATION=, and DBUS_PATH=, and information
+ about devices when sd-device is used, e.g. DEVNAME= and DRIVER=.
+ Details of what is logged and when are subject to change.
+
+ * The systemd-journald-audit.socket can now be disabled via the usual
+ "systemctl disable" mechanism to stop collection of audit
+ messages. Please note that it is not enabled statically anymore and
+ must be handled by the preset/enablement logic in package
+ installation scripts.
+
+ * New options MaxUse=, KeepFree=, MaxFileSize=, and MaxFiles= can
+ be used to curtail disk use by systemd-journal-remote. This is
+ similar to the options supported by systemd-journald.
+
+ Changes in systemd-cryptenroll, systemd-cryptsetup, and related
+ components:
+
+ * When enrolling new keys systemd-cryptenroll now supports unlocking
+ via FIDO2 tokens (option --unlock-fido2-device=). Previously, a
+ password was strictly required to be specified.
+
+ * systemd-cryptsetup now supports pre-flight requests for FIDO2 tokens
+ (except for tokens with user verification, UV) to identify tokens
+ before authentication. Multiple FIDO2 tokens can now be enrolled at
+ the same time, and systemd-cryptsetup will automatically select one
+ that corresponds to one of the available LUKS key slots.
+
+ * systemd-cryptsetup now supports new options tpm2-measure-bank= and
+ tpm2-measure-pcr= in crypttab(5). These allow specifying the TPM2 PCR
+ bank and number into which the volume key should be measured. This is
+ automatically enabled for the encrypted root volume discovered and
+ activated by systemd-gpt-auto-generator.
+
+ * systemd-gpt-auto-generator mounts the ESP and XBOOTLDR partitions with
+ "noexec,nosuid,nodev".
+
+ * systemd-gpt-auto-generator will now honour the rootfstype= and
+ rootflags= kernel command line switches for root file systems it
+ discovers, to match behaviour in case an explicit root fs is
+ specified via root=.
+
+ * systemd-pcrphase gained new options --machine-id and --file-system=
+ to measure the machine-id and mount point information into PCR 15. New
+ service unit files systemd-pcrmachine.service and
+ systemd-pcrfs@.service have been added that invoke the tool with
+ these switches during early boot.
+
+ * systemd-pcrphase gained a --graceful switch will make it exit cleanly
+ with a success exit code even if no TPM device is detected.
+
+ * systemd-cryptenroll now stores the user-supplied PIN with a salt,
+ making it harder to brute-force.
+
+ Changes in other tools:
* systemd-homed gained support for luksPbkdfForceIterations (the
intended number of iterations for the PBKDF operation on LUKS).
- Changes in systemd-homenamed:
+ * Environment variables $SYSTEMD_HOME_MKFS_OPTIONS_BTRFS,
+ $SYSTEMD_HOME_MKFS_OPTIONS_EXT4, and $SYSTEMD_HOME_MKFS_OPTIONS_XFS
+ may now be used to specify additional arguments for mkfs when
+ systemd-homed formats a file system.
- * systemd-homed now exports the contents of
+ * systemd-hostnamed now exports the contents of
/sys/class/dmi/id/bios_vendor and /sys/class/dmi/id/bios_date via two
new D-Bus properties: FirmwareVendor and FirmwareDate. This allows
unprivileged code to access those values.
+ systemd-hostnamed also exports the SUPPORT_END= field from
+ os-release(5) as OperatingSystemSupportEnd. hostnamectl make uses of
+ this to show the status of the installed system.
+
+ * systemd-measure gained an --append= option to sign multiple phase
+ paths with different signing keys. This allows secrets to be
+ accessible only in certain parts of the boot sequence. Note that
+ 'ukify' provides similar functionality in a more accessible form.
+
+ * systemd-timesyncd will now write a structured log message with
+ MESSAGE_ID set to SD_MESSAGE_TIME_BUMP when it bumps the clock based
+ on a on-disk timestamp, similarly to what it did when reaching
+ synchronization via NTP.
+
+ * systemd-timesyncd will now update the on-disk timestamp file on each
+ boot at least once, making it more likely that the system time
+ increases in subsequent boots.
+
+ * systemd-vconsole-setup gained support for system/service credentials:
+ vconsole.keymap/vconsole.keymap_toggle and
+ vconsole.font/vconsole.font_map/vconsole.font_unimap are analogous
+ the similarly-named options in vconsole.conf.
+
+ * systemd-localed will now save the XKB keyboard configuration to
+ /etc/vconsole.conf, and also read it from there with a higher
+ preference than the /etc/X11/xorg.conf.d/00-keyboard.conf config
+ file. Previously, this information was stored in the former file in
+ converted form, and only in latter file in the original form. Tools
+ which want to access keyboard configuration can now do so from a
+ standard location.
+
+ * systemd-resolved gained support for configuring the nameservers and
+ search domains via kernel command line (nameserver=, domain=) and
+ credentials (network.dns, network.search_domains).
+
+ * systemd-resolved will now synthesize host names for the DNS stub
+ addresses it supports. Specifically when "_localdnsstub" is resolved,
+ 127.0.0.53 is returned, and if "_localdnsproxy" is resolved
+ 127.0.0.54 is returned.
+
+ * systemd-notify will now send a "RELOADING=1" notification when called
+ with --reloading, and "STOPPING=1" when called with --stopping. This
+ can be used to implement notifications from units where it's easier
+ to call a program than to use the sd-daemon library.
+
+ * systemd-analyze's 'plot' command can now output its information in
+ JSON, controlled via the --json= switch. Also, new --table, and
+ --no-legend options have been added.
+
+ * 'machinectl enable' will now automatically enable machines.target
+ unit in addition to adding the machine unit to the target.
+
+ Similarly, 'machinectl start|stop' gained a --now option to enable or
+ disable the machine unit when starting or stopping it.
+
+ * systemd-sysusers will now create /etc/ if it is missing.
+
+ * systemd-sleep 'HibernateDelaySec=' setting is changed back to
+ pre-v252's behaviour, and a new 'SuspendEstimationSec=' setting is
+ added to provide the new initial value for the new automated battery
+ estimation functionality. If 'HibernateDelaySec=' is set to any value,
+ the automated estimate (and thus the automated hibernation on low
+ battery to avoid data loss) functionality will be disabled.
+
+ * Default tmpfiles.d/ configuration will now automatically create
+ credentials storage directory '/etc/credstore/' with the appropriate,
+ secure permissions. If '/run/credstore/' exists, its permissions will
+ be fixed too in case they are not correct.
+
Changes in libsystemd and shared code:
* sd-bus gained new convenience functions sd_bus_emit_signal_to(),
sd_bus_emit_signal_tov(), and sd_bus_message_new_signal_to().
- * Detection of chroot environments now works if /proc/ is not mounted.
- This affects systemd-detect-virt --chroot, but also means that systemd
- tools will silently skip various operations in such an environment.
-
- * "Lockheed Matrin Hardened Security for Intel Processors" (HS SRE)
+ * sd-id128 functions now return -EUCLEAN (instead of -EIO) when the
+ 128bit ID in files such as /etc/machine-id has an invalid
+ format. They also accept NULL as output parameter in more places,
+ which is useful when the caller only wants to validate the inputs and
+ does not need the output value.
+
+ * sd-login gained new functions sd_pidfd_get_session(),
+ sd_pidfd_get_owner_uid(), sd_pidfd_get_unit(),
+ sd_pidfd_get_user_unit(), sd_pidfd_get_slice(),
+ sd_pidfd_get_user_slice(), sd_pidfd_get_machine_name(), and
+ sd_pidfd_get_cgroup(), that are analogous to sd_pid_get_*(),
+ but accept a PIDFD instead of a PID.
+
+ * sd-path (and systemd-path) now export four new paths:
+ SD_PATH_SYSTEMD_SYSTEM_ENVIRONMENT_GENERATOR,
+ SD_PATH_SYSTEMD_USER_ENVIRONMENT_GENERATOR,
+ SD_PATH_SYSTEMD_SEARCH_SYSTEM_ENVIRONMENT_GENERATOR, and
+ SD_PATH_SYSTEMD_SEARCH_USER_ENVIRONMENT_GENERATOR,
+
+ * sd_notify() now supports AF_VSOCK as transport for notification
+ messages (in addition to the existing AF_UNIX support). This is
+ enabled if $NOTIFY_SOCKET is set in a "vsock:CID:port" format.
+
+ * Detection of chroot() environments now works if /proc/ is not
+ mounted. This affects systemd-detect-virt --chroot, but also means
+ that systemd tools will silently skip various operations in such an
+ environment.
+
+ * "Lockheed Martin Hardened Security for Intel Processors" (HS SRE)
virtualization is now detected.
Changes in the build system:
- * Standalone variant of systemd-repart is built (if -Dstandalone=true).
+ * Standalone variants of systemd-repart and systemd-shutdown may now be
+ built (if -Dstandalone=true).
+
+ * systemd-ac-power has been moved from /usr/lib/ to /usr/bin/, to, for
+ example, allow scripts to conditionalize execution on AC power
+ supply.
- * systemd-ac-power has been moved to /usr/bin/, to, for example, allow
- scripts to conditionalize execution on AC power supply.
+ * The libp11kit library is now loaded through dlopen(3).
Changes in the documentation:
https://uapi-group.org/specifications/: the Boot Loader Specification
and the Discoverable Partitions Specification.
+ Contributions from: 김인수, 13r0ck, Aidan Dang, Alberto Planas,
+ Alvin Šipraga, Andika Triwidada, AndyChi, angus-p, Anita Zhang,
+ Antonio Alvarez Feijoo, Arsen Arsenović, asavah, Benjamin Fogle,
+ Benjamin Tissoires, berenddeschouwer, BerndAdameit,
+ Bernd Steinhauser, blutch112, cake03, Callum Farmer, Carlo Teubner,
+ Charles Hardin, chris, Christian Brauner, Christian Göttsche,
+ Cristian Rodríguez, Daan De Meyer, Dan Streetman, DaPigGuy,
+ Darrell Kavanagh, David Tardon, dependabot[bot], Dirk Su,
+ Dmitry V. Levin, drosdeck, Edson Juliano Drosdeck, edupont,
+ Eric DeVolder, Erik Moqvist, Evgeny Vereshchagin, Fabian Gurtner,
+ Felix Riemann, Franck Bui, Frantisek Sumsal, Geert Lorang,
+ Gerd Hoffmann, Gio, Hannoskaj, Hans de Goede, Hugo Carvalho,
+ igo95862, Ilya Leoshkevich, Ivan Shapovalov, Jacek Migacz,
+ Jade Lovelace, Jan Engelhardt, Jan Janssen, Jan Macku, January,
+ Jason A. Donenfeld, jcg, Jean-Tiare Le Bigot, Jelle van der Waa,
+ Jeremy Linton, Jian Zhang, Jiayi Chen, Jia Zhang, Joerg Behrmann,
+ Jörg Thalheim, Joshua Goins, joshuazivkovic, Joshua Zivkovic,
+ Kai-Chuan Hsieh, Khem Raj, Koba Ko, Lennart Poettering, lichao,
+ Li kunyu, Luca Boccassi, Luca BRUNO, Ludwig Nussel,
+ Łukasz Stelmach, Lycowolf, marcel151, Marcus Schäfer, Marek Vasut,
+ Mark Laws, Michael Biebl, Michał Kotyla, Michal Koutný,
+ Michal Sekletár, Mike Gilbert, Mike Yuan, MkfsSion, ml,
+ msizanoen1, mvzlb, MVZ Ludwigsburg, Neil Moore, Nick Rosbrook,
+ noodlejetski, Pasha Vorobyev, Peter Cai, p-fpv, Phaedrus Leeds,
+ Philipp Jungkamp, Quentin Deslandes, Raul Tambre, Ray Strode,
+ reuben olinsky, Richard E. van der Luit, Richard Phibel,
+ Ricky Tigg, Robin Humble, rogg, Rudi Heitbaum, Sam James,
+ Samuel Cabrero, Samuel Thibault, Siddhesh Poyarekar, Simon Brand,
+ Space Meyer, Spindle Security, Steve Ramage, Takashi Sakamoto,
+ Thomas Haller, Tonći Galić, Topi Miettinen, Torsten Hilbrich,
+ Tuetuopay, uerdogan, Ulrich Ölmann, Valentin David,
+ Vitaly Kuznetsov, Vito Caputo, Waltibaba, Will Fancher,
+ William Roberts, wouter bolsterlee, Youfu Zhang, Yu Watanabe,
+ Zbigniew Jędrzejewski-Szmek, Дамјан Георгиевски,
+ наб
+
+ — Warsaw, 2023-02-15
CHANGES WITH 252 🎃:
* ConditionKernelVersion= checks that use the '=' or '!=' operators
will now do simple string comparisons (instead of version comparisons
- á la stverscmp()). Version comparisons are still done for the
+ Ã la stverscmp()). Version comparisons are still done for the
ordering operators '<', '>', '<=', '>='. Moreover, if no operator is
specified, a shell-style glob match is now done. This creates a minor
incompatibility compared to older systemd versions when the '*', '?',
(e.g. comparisons for empty strings). Boot counting is now part of
the main specification.
- * New PCRs measurements are performed during boot: PCR 11 for the the
+ * New PCRs measurements are performed during boot: PCR 11 for the
kernel+initrd combo, PCR 13 for any sysext images. If a measurement
took place this is now reported to userspace via the new
StubPcrKernelImage and StubPcrInitRDSysExts EFI variables.
* A new build-time configuration setting default-user-shell= can be
used to set the default shell for user records and nspawn shell
- invocations (instead of of the default /bin/bash).
+ invocations (instead of the default /bin/bash).
* systemd-timesyncd now provides a D-Bus API for receiving NTP server
information dynamically at runtime via IPC.
now also owned by the system group "sgx".
* A new build-time meson option "extra-net-naming-schemes=" has been
- added to define additional naming schemes schemes for udev's network
+ added to define additional naming schemes for udev's network
interface naming logic. This is useful for enterprise distributions
and similar which want to pin the schemes of certain distribution
releases under a specific name and previously had to patch the
projects / thirdparty / systemd.git / blobdiff