CHANGES WITH 243 in spe:
+ * This release enables unprivileged programs (i.e. requiring neither
+ setuid nor file capabilities) to send ICMP Echo (i.e. ping) requests
+ by turning on the "net.ipv4.ping_group_range" sysctl of the Linux
+ kernel for the whole UNIX group range, i.e. all processes. This
+ change should be reasonably safe, as the kernel support for it was
+ specifically implemented to allow safe access to ICMP Echo for
+ processes lacking any privileges. If this is not desirable, it can be
+ disabled again by setting the parameter to "1 0".
+
* Previously, filters defined with SystemCallFilter= would have the
- effect that an calling an offending system call would terminate the
- calling thread. This behaviour never made much sense, since killing
- individual threads of unexpecting processes is likely to create more
- problems than it solves. With this release the default action changed
- from killing the thread to killing the whole process. For this to
- work correctly both a kernel version (>= 4.14) and a libseccomp
- version (>= 2.4.0) supporting this new seccomp action is required. If
- an older kernel or libseccomp is used the old behaviour continues to
- be used. This change does not affect any services that have no system
- call filters defined, or that use SystemCallErrorNumber= (and thus
- see EPERM or another error instead of being killed when calling an
- offending system call). Note that systemd documentation always
- claimed that the whole process is killed. With this change behaviour
- is thus adjusted to match the documentation.
+ effect that any calling of an offending system call would terminate
+ the calling thread. This behaviour never made much sense, since
+ killing individual threads of unsuspecting processes is likely to
+ create more problems than it solves. With this release the default
+ action changed from killing the thread to killing the whole
+ process. For this to work correctly both a kernel version (>= 4.14)
+ and a libseccomp version (>= 2.4.0) supporting this new seccomp
+ action is required. If an older kernel or libseccomp is used the old
+ behaviour continues to be used. This change does not affect any
+ services that have no system call filters defined, or that use
+ SystemCallErrorNumber= (and thus see EPERM or another error instead
+ of being killed when calling an offending system call). Note that
+ systemd documentation always claimed that the whole process is
+ killed. With this change behaviour is thus adjusted to match the
+ documentation.
* The "kernel.pid_max" sysctl is now bumped to 4194304 by default,
i.e. the full 22bit range the kernel allows, up from the old 16bit
* Man pages are not built by default anymore (html pages were already
disabled by default), to make development builds quicker. When
building systemd for a full installation with documentation, meson
- should be called -Dman=true and/or -Dhtml=true as appropriate. The
- default was changed based on the assumption that quick one-off or
- repeated development builds are much more common than full optimized
- builds for installation, and people need to pass various other
- options to when doing "proper" builds anyway, so the gain from making
- development builds quicker is bigger than the one time disruption for
- packagers.
+ should be called with -Dman=true and/or -Dhtml=true as
+ appropriate. The default was changed based on the assumption that
+ quick one-off or repeated development builds are much more common
+ than full optimized builds for installation, and people need to pass
+ various other options to when doing "proper" builds anyway, so the
+ gain from making development builds quicker is bigger than the one
+ time disruption for packagers.
Two scripts are created in the *build* directory to generate and
preview man and html pages on demand, e.g.:
long number (with the length varying by architecture), so they can be
unambiguously distinguished.
+ * SuccessExitStatus=, RestartPreventExitStatus=, and
+ RestartForceExitStatus= now accept exit code names (e.g. "DATAERR" is
+ equivalent to "65"). systemd-analyze learnt a new 'exit-codes' verb
+ to display those exit code name mappings.
+
* /usr/sbin/halt.local is no longer supported. Implementation in
distributions was inconsistent and it seems this functionality was
very rarely used.
interfaces should really be matched.
* A new setting NUMAPolicy= may be used to set process memory
- allocation policy. Setting can be specified in system.conf and
- hence will set the default policy for PID1. Default policy can be
- overridden on per-service basis. Related setting NUMAMask= is used to
- specify NUMA node mask that should be associated with the selected
- policy.
+ allocation policy. This setting can be specified in
+ /etc/systemd/system.conf and hence will set the default policy for
+ PID1. The default policy can be overridden on a per-service
+ basis. The related setting NUMAMask= is used to specify NUMA node
+ mask that should be associated with the selected policy.
* PID 1 will now listen to Out-Of-Memory (OOM) events the kernel
generates when processes it manages are reaching their memory limits,
the IO accounting data is included in the resource log message
generated whenever a unit stops.
- * units may now configure an explicit time-out to apply to when killed
+ * Units may now configure an explicit time-out to wait for when killed
with SIGABRT, for example when a service watchdog is hit. Previously,
the regular TimeoutStopSec= time-out was applied in this case too —
now a separate time-out may be set using TimeoutAbortSec=.
* systemd-resolved gained support for a new 'strict' DNS-over-TLS mode.
- * systemd-resolved "Cache=" configuration option in resolved.conf has been extended
- to also accept the 'no-negative' value. Previously,
- only a boolean option was allowed (yes/no), having yes as the default.
- If this option is set to 'no-negative', negative answers are skipped
- from being cached while keeping the same cache heuristics for positive answers.
- The default remains as "yes" (i. e. caching is enabled).
+ * systemd-resolved "Cache=" configuration option in resolved.conf has
+ been extended to also accept the 'no-negative' value. Previously,
+ only a boolean option was allowed (yes/no), having yes as the
+ default. If this option is set to 'no-negative', negative answers
+ are skipped from being cached while keeping the same cache heuristics
+ for positive answers. The default remains as "yes" (i.e. caching is
+ enabled).
* The predictable naming scheme for network devices now supports
generating predictable names for "netdevsim" devices.
associated with (AssociatedWith=).
* systemd-networkd's DHCPv4 support now understands a new MaxAttempts=
- option for configuring the maximum number of attempts to request a
- DHCP lease. It also learnt a new BlackList= option for blacklisting
- DHCP servers (a similar setting has also been added to the IPv6 RA
- client), as well as a SendRelease= option for configuring whether to
- send a DHCP RELEASE message when terminating.
+ option for configuring the maximum number of DHCP lease requests. It
+ also learnt a new BlackList= option for blacklisting DHCP servers (a
+ similar setting has also been added to the IPv6 RA client), as well
+ as a SendRelease= option for configuring whether to send a DHCP
+ RELEASE message when terminating.
* systemd-networkd's DHCPv4 and DHCPv6 stacks can now be configured
- seperately in the [DHCPv4] and [DHCPv6] sections.
+ separately in the [DHCPv4] and [DHCPv6] sections.
+
+ * systemd-networkd's DHCP support will now optionally create an
+ implicit host route to the DNS server specified in the DHCP lease, in
+ addition to the routes listed explicitly in the lease. This should
+ ensure that in multi-homed systems DNS traffic leaves the systems on
+ the interface that acquired the DNS server information even if other
+ routes such as default routes exist. This behaviour may be turned on
+ with the new RoutesToDNS= option.
* systemd-networkd's VXLAN support gained a new option
GenericProtocolExtension= for enabling VXLAN Generic Protocol
* systemd-networkd's bridging support gained two new options ProxyARP=
and ProxyARPWifi= for configuring proxy ARP behaviour as well as
- MulticastRouter= for configureing multicast routing behaviour.
+ MulticastRouter= for configuring multicast routing behaviour. A new
+ option MulticastIGMPVersion= may be used to change bridge's multicast
+ Internet Group Management Protocol (IGMP) version.
* systemd-networkd's FooOverUDP support gained the ability to configure
local and peer IP addresses via Local= and Peer=. A new option
devices, as well as a new "--stats" switch for showing device
statistics.
+ * networkd.conf gained a new setting SpeedMeter= and
+ SpeedMeterIntervalSec=, to measure bitrate of network interfaces. The
+ measured speed may be shown by 'networkctl status'.
+
* systemd-networkd's .network and .link files gained a new Property=
setting in the [Match] section, to match against devices with
specific udev properties.
been renamed to LinkLayerAddress=, and it now allows configuration of
IP addresses, too.
+ * A new tool systemd-network-generator has been added that may generate
+ .network, .netdev and .link files from IP configuration specified on
+ the kernel command line, compatible with the format Dracut expects.
+
* The CriticalConnection= setting in .network files is now deprecated,
and replaced by a new KeepConfiguration= setting which allows more
detailed configuration of the IP configuration to keep in place.
the StatusUnitFormat= setting in /etc/systemd/system.conf or the
kernel command line option systemd.status_unit_format=.
+ * PID 1 now understands a new option KExecWatchdogSec= in
+ /etc/systemd/system.conf. It allows configuration of a watchdog
+ timeout to write to a hardware watchdog device on kexec-based
+ reboots. Previously this functionality was only available for regular
+ reboots. This option defaults to off, since it depends on drivers and
+ software setup whether the watchdog is correctly reset again after
+ the kexec completed, and thus for the general case not clear if safe
+ (since it might cause unwanted watchdog reboots after the kexec
+ completed otherwise). Moreover, the old ShutdownWatchdogSec= setting
+ has been renamed to RebootWatchdogSec= to more clearly communicate
+ what it is about. The old name of the setting is still accepted for
+ compatibility.
+
* The systemd.debug_shell kernel command line option now optionally
takes a tty name to spawn the debug shell on, which allows selecting
a different tty than the built-in default.
(for exit codes 1 through 254), or stop execution and fail the unit
(for exit code 255 or cases of abnormal termination).
- …
+ * A new service systemd-pstore.service has been added that pulls data
+ from /sys/fs/pstore/ and saves it to /var/lib/pstore for later
+ review.
+
+ * timedatectl gained new verbs for configuring per-interface NTP
+ service configuration for systemd-timesyncd.
+
+ * "localectl list-locales" won't list non-UTF-8 locales anymore. It's
+ 2019. (You can set non-UTF-8 locales though, if you know their name.)
+
+ * If variable assignments in sysctl.d/ files are prefixed with "-" any
+ failures to apply them are now ignored.
+
+ * systemd-random-seed.service now optionally credits entropy when
+ applying the seed to the system. Set $SYSTEMD_RANDOM_SEED_CREDIT to
+ true for the service to enable this behaviour, but please consult the
+ documentation first, since this comes with a couple of caveats.
+
+ * systemd-random-seed.service is now a synchronization point for the
+ point in time where the kernel's entropy pool is fully
+ initialized. Order services that require /dev/urandom to be correctly
+ initialized after this service.
+
+ * The systemd-boot boot loader has been updated to optionally maintain
+ a random seed file in the EFI System Partition (ESP). During the boot
+ phase, this random seed is read and updated with a new seed
+ crytographically derived from it. Another derived seed is passed to
+ the OS. The latter seed is then credited to the kernel's entropy pool
+ very early during userspace initialization (from PID 1). This allows
+ systems to boot up with a fully initialized kernel entropy pool from
+ earliest boot on, and thus entirely removes all entropy pool
+ initialization delays from systems using systemd-boot. Special care
+ is taken to ensure different seeds are derived on system images
+ replicated to multiple systems.
+
+ * bootctl gained a new verb "is-installed" that checks whether
+ systemd-boot is currently installed.
+
+ * A new document has been added describing systemd's use and support
+ for the kernel's entropy pool subsystem:
+
+ https://systemd.io/RANDOM_SEEDS
+
+ Contributions from: Aaron Barany, Adrian Bunk, Alan Jenkins, Andrej
+ Valek, Anita Zhang, Arian van Putten, Balint Reczey, Bastien Nocera,
+ Ben Boeckel, Benjamin Robin, camoz, Chen Qi, Chris Chiu, Chris Down,
+ Christian Kellner, Clinton Roy, Connor Reeder, Daniele Medri, Dan
+ Streetman, Dave Reisner, Dave Ross, David Art, David Tardon, Debarshi
+ Ray, Dominick Grift, Donald Buczek, Douglas Christman, Eric DeVolder,
+ Evgeny Vereshchagin, Feldwor, Felix Riemann, Florian Dollinger, Franck
+ Bui, Frantisek Sumsal, Franz Pletz, Hans de Goede, Iago López Galeiras,
+ Insun Pyo, Ivan Shapovalov, Iwan Timmer, Jack, Jakob Unterwurzacher,
+ Jan Klötzke, Jan Pokorný, Jan Synacek, Jeka Pats, Jérémy Rosen, Jiri
+ Pirko, Joe Lin, Joerg Behrmann, Joe Richey, Jóhann B. Guðmundsson,
+ Johannes Schmitz, Jonathan Rouleau, Jorge Niedbalski, Kai Lüke, Karel
+ Zak, Kashyap Chamarthy, Krayushkin Konstantin, Lennart Poettering,
+ Lubomir Rintel, Luca Boccassi, Luís Ferreira, Marc-André Lureau, Markus
+ Felten, Martin Pitt, Michael Biebl, Michael Olbrich, Michael Prokop,
+ Michael Stapelberg, Michael Zhivich, Michal Koutný, Michal Sekletar,
+ Mike Gilbert, Milan Broz, mpe85, Network Silence, Oliver Harley,
+ pan93412, Paul Menzel, pEJipE, Peter A. Bigot, Philip Withnall, Piotr
+ Drąg, Rafael Fontenelle, Roberto Santalla, root, RussianNeuroMancer,
+ Sebastian Jennen, Shreyas Behera, Simon Schricker, Susant Sahani,
+ Thadeu Lima de Souza Cascardo, Theo Ouzhinski, Thomas Haller, Thomas
+ Weißschuh, Tomas Mraz, Topi Miettinen, ven, Wieland Hoffmann, Xi
+ Ruoyao, Yuri Chornoivan, Yu Watanabe, Zach Smith, Zbigniew
+ Jędrzejewski-Szmek, Zhang Xianwei
+
+ – Somewhere, SOME-TI-ME
CHANGES WITH 242: