systemd System and Service Manager
-CHANGES WITH 253 in spe:
+CHANGES WITH 254 in spe:
+
+ Security relevant changes:
+
+ * pam_systemd will now by default pass the CAP_WAKE_ALARM ambient
+ process capability to invoked session processes of regular users on
+ local seats (as well as to systemd --user), unless configured
+ otherwise via data from JSON user records, or via the PAM module's
+ parameter list. This is useful in order allow desktop tools such as
+ GNOME's Alarm Clock application to set a timer for
+ CLOCK_REALTIME_ALARM that wakes up the system when it elapses. A
+ per-user service unit file may thus use AmbientCapability= to pass
+ the capability to invoked processes. Note that this capability is
+ relatively narrow in focus (in particular compared to other process
+ capabilities such as CAP_SYS_ADMIN) and we already — by default —
+ permit more impactful operations such as system suspend to local
+ users.
+
+CHANGES WITH 253:
Announcements of Future Feature Removals and Incompatible Changes:
legacy and thus typically do not receive the same level of security
support and fixes.
+ * The default per-link multicast DNS mode is changed to "yes"
+ (that was previously "no"). As the default global multicast DNS mode
+ has been "yes" (but can be changed by the build option), now the
+ multicast DNS is enabled on all links by default. You can disable the
+ multicast DNS on all links by setting MulticastDNS= in resolved.conf,
+ or on an interface by calling "resolvectl mdns INTERFACE no".
+
New components:
* A tool 'ukify' tool to build, measure, and sign Unified Kernel Images
yet. (This feature has no security implications, because the code is
still privileged and can trivially exit the sandbox.)
- * The system manager manager will now parse a new "vmm.notify_socket"
+ * The system manager will now parse a new "vmm.notify_socket"
system credential, which may be supplied to a VM via SMBIOS. If
found, the manager will send a "READY=1" notification on the
specified socket after boot is complete. This allows readiness
with something custom, so this change has limited effect.)
* A new environment variable $SYSTEMD_DEFAULT_MOUNT_RATE_LIMIT_BURST
- can can be used to override the mount units burst late limit for
+ can be used to override the mount units burst late limit for
parsing '/proc/self/mountinfo', which was introduced in v249.
Defaults to 5.
Gerd Hoffmann, Gio, Hannoskaj, Hans de Goede, Hugo Carvalho,
igo95862, Ilya Leoshkevich, Ivan Shapovalov, Jacek Migacz,
Jade Lovelace, Jan Engelhardt, Jan Janssen, Jan Macku, January,
- Jason A. Donenfeld, jcg, Jelle van der Waa, Jeremy Linton,
- Jian Zhang, Jiayi Chen, Jia Zhang, Joerg Behrmann, Jörg Thalheim,
- Joshua Goins, joshuazivkovic, Joshua Zivkovic, Kai-Chuan Hsieh,
- Khem Raj, Koba Ko, Lennart Poettering, lichao, Li kunyu,
- Luca Boccassi, Luca BRUNO, Ludwig Nussel, Łukasz Stelmach,
- Lycowolf, marcel151, Marcus Schäfer, Marek Vasut, Mark Laws,
- Michael Biebl, Michał Kotyla, Michal Koutný, Michal Sekletár,
- Mike Yuan, MkfsSion, msizanoen1, mvzlb, MVZ Ludwigsburg, Neil Moore,
- Nick Rosbrook, noodlejetski, Pasha Vorobyev, Peter Cai, p-fpv,
- Phaedrus Leeds, Philipp Jungkamp, Quentin Deslandes, Ray Strode,
+ Jason A. Donenfeld, jcg, Jean-Tiare Le Bigot, Jelle van der Waa,
+ Jeremy Linton, Jian Zhang, Jiayi Chen, Jia Zhang, Joerg Behrmann,
+ Jörg Thalheim, Joshua Goins, joshuazivkovic, Joshua Zivkovic,
+ Kai-Chuan Hsieh, Khem Raj, Koba Ko, Lennart Poettering, lichao,
+ Li kunyu, Luca Boccassi, Luca BRUNO, Ludwig Nussel,
+ Łukasz Stelmach, Lycowolf, marcel151, Marcus Schäfer, Marek Vasut,
+ Mark Laws, Michael Biebl, Michał Kotyla, Michal Koutný,
+ Michal Sekletár, Mike Gilbert, Mike Yuan, MkfsSion, ml,
+ msizanoen1, mvzlb, MVZ Ludwigsburg, Neil Moore, Nick Rosbrook,
+ noodlejetski, Pasha Vorobyev, Peter Cai, p-fpv, Phaedrus Leeds,
+ Philipp Jungkamp, Quentin Deslandes, Raul Tambre, Ray Strode,
reuben olinsky, Richard E. van der Luit, Richard Phibel,
Ricky Tigg, Robin Humble, rogg, Rudi Heitbaum, Sam James,
Samuel Cabrero, Samuel Thibault, Siddhesh Poyarekar, Simon Brand,
Zbigniew Jędrzejewski-Szmek, Дамјан Георгиевски,
наб
- — Warsaw, 2023-02-10
+ — Warsaw, 2023-02-15
CHANGES WITH 252 🎃:
* ConditionKernelVersion= checks that use the '=' or '!=' operators
will now do simple string comparisons (instead of version comparisons
- á la stverscmp()). Version comparisons are still done for the
+ Ã la stverscmp()). Version comparisons are still done for the
ordering operators '<', '>', '<=', '>='. Moreover, if no operator is
specified, a shell-style glob match is now done. This creates a minor
incompatibility compared to older systemd versions when the '*', '?',
(e.g. comparisons for empty strings). Boot counting is now part of
the main specification.
- * New PCRs measurements are performed during boot: PCR 11 for the the
+ * New PCRs measurements are performed during boot: PCR 11 for the
kernel+initrd combo, PCR 13 for any sysext images. If a measurement
took place this is now reported to userspace via the new
StubPcrKernelImage and StubPcrInitRDSysExts EFI variables.
* A new build-time configuration setting default-user-shell= can be
used to set the default shell for user records and nspawn shell
- invocations (instead of of the default /bin/bash).
+ invocations (instead of the default /bin/bash).
* systemd-timesyncd now provides a D-Bus API for receiving NTP server
information dynamically at runtime via IPC.
now also owned by the system group "sgx".
* A new build-time meson option "extra-net-naming-schemes=" has been
- added to define additional naming schemes schemes for udev's network
+ added to define additional naming schemes for udev's network
interface naming logic. This is useful for enterprise distributions
and similar which want to pin the schemes of certain distribution
releases under a specific name and previously had to patch the