systemd System and Service Manager
-CHANGES WITH 246 in spe:
+CHANGES WITH 247 in spe:
+
+ * KERNEL API INCOMPATIBILITY: Linux 4.12 introduced two new uevents
+ "bind" and "unbind" to the Linux device model. When this kernel
+ change was made, systemd-udevd was only minimally updated to handle
+ and propagate these new event types. The introduction of these new
+ uevents (which are typically generated for USB devices and devices
+ needing a firmware upload before being functional) resulted in a
+ number of issues which we so far didn't address. We hoped the kernel
+ maintainers would themselves address these issues in some form, but
+ that did not happen. To handle them properly, many (if not most) udev
+ rules files shipped in various packages need updating, and so do many
+ programs that monitor or enumerate devices with libudev or sd-device,
+ or otherwise process uevents. Please note that this incompatibility
+ is not fault of systemd or udev, but caused by an incompatible kernel
+ change that happened back in Linux 4.12, but is becoming more and
+ more visible as the new uvents are generated by more kernel drivers.
+
+ To minimize issues resulting from this kernel change (but not avoid
+ them entirely) starting with systemd-udevd 247 the udev "tags"
+ concept (which is a concept for marking and filtering devices during
+ enumeration and monitoring) has been reworked: udev tags are now
+ "sticky", meaning that once a tag is assigned to a device it will not
+ be removed from the device again until the device itself is removed
+ (i.e. unplugged). This makes sure that any application monitoring
+ devices that match a specific tag is guaranteed to both see uevents
+ where the device starts being relevant, and those where it stops
+ being relevant (the latter now regularly happening due to the new
+ "unbind" uevent type). The udev tags concept is hence now a concept
+ tied to a *device* instead of a device *event* — unlike for example
+ udev properties whose lifecycle (as before) is generally tied to a
+ device event, meaning that the previously determined properties are
+ forgotten whenever a new uevent is processed.
+
+ With the newly redefined udev tags concept, sometimes it's necessary
+ to determine which tags are the ones applied by the most recent
+ uevent/database update, in order to discern them from those
+ originating from earlier uevents/database updates of the same
+ device. To accommodate for this a new automatic property CURRENT_TAGS
+ has been added that works similar to the existing TAGS property but
+ only lists tags set by the most recent uevent/database
+ update. Similarly, the libudev/sd-device API has been updated with
+ new functions to enumerate these 'current' tags, in addition to the
+ existing APIs that now enumerate the 'sticky' ones.
+
+ To properly handle "bind"/"unbind" on Linux 4.12 and newer it is
+ essential that all udev rules files and applications are updated to
+ handle the new events. Specifically:
+
+ • All rule files that currently use a header guard similar to
+ ACTION!="add|change",GOTO="xyz_end" should be updated to use
+ ACTION=="remove",GOTO="xyz_end" instead, so that the
+ properties/tags they add are also applied whenever "bind" (or
+ "unbind") is seen. (This is most important for all physical device
+ types — those for which "bind" and "unbind" are currently
+ generated, for all other device types this change is still
+ recommended but not as important — but certainly prepares for
+ future kernel uevent type additions).
+
+ • Similarly, all code monitoring devices that contains an 'if' branch
+ discerning the "add" + "change" uevent actions from all other
+ uevents actions (i.e. considering devices only relevant after "add"
+ or "change", and irrelevant on all other events) should be reworked
+ to instead negatively check for "remove" only (i.e. considering
+ devices relevant after all event types, except for "remove", which
+ invalidates the device). Note that this also means that devices
+ should be considered relevant on "unbind", even though conceptually
+ this — in some form — invalidates the device. Since the precise
+ effect of "unbind" is not generically defined, devices should be
+ considered relevant even after "unbind", however I/O errors
+ accessing the device should then be handled gracefully.
+
+ • Any code that uses device tags for deciding whether a device is
+ relevant or not most likely needs to be updated to use the new
+ udev_device_has_current_tag() API (or sd_device_has_current_tag()
+ in case sd-device is used), to check whether the tag is set at the
+ moment an uevent is seen (as opposed to the existing
+ udev_device_has_tag() API which checks if the tag ever existed on
+ the device, following the API concept redefinition explained
+ above).
+
+ We are very sorry for this breakage and the requirement to update
+ packages using these interfaces. We'd again like to underline that
+ this is not caused by systemd/udev changes, but result of a kernel
+ behaviour change.
+
+ * The MountAPIVFS= service file setting now defaults to on if
+ RootImage= and RootDirectory= are used, which means that with those
+ two settings /proc/, /sys/ and /dev/ are automatically properly set
+ up for services. Previous behaviour may be restored by explicitly
+ setting MountAPIVFS=off.
+
+ * Since PAM 1.2.0 (2015) configuration snippets may be placed in
+ /usr/lib/pam.d/ in addition to /etc/pam.d/. If a file exists in the
+ latter it takes precedence over the former, similar to how most of
+ systemd's own configuration is handled. Given that PAM stack
+ definitions are primarily put together by OS vendors/distributions
+ (though possibly overridden by users), this systemd release moves its
+ own PAM stack configuration for the "systemd-user" PAM service (i.e.
+ for the PAM session invoked by the per-user user@.service instance)
+ from /etc/pam.d/ to /usr/lib/pam.d/. We recommend moving all
+ packages' vendor versions of their PAM stack definitions from
+ /etc/pam.d/ to /usr/lib/pam.d/, but if such OS-wide migration is not
+ desired the location to which systemd installs its PAM stack
+ configuration may be changed via the -Dpamconfdir Meson option.
+
+ * The runtime dependencies on libqrencode, libpcre2, libpwquality and
+ libcryptsetup have been changed to be based on dlopen(): instead of
+ regular dynamic library dependencies declared in the binary ELF
+ headers, these libraries are now loaded on demand only, if they are
+ available. If the libraries cannot be found the relevant operations
+ will fail gracefully, or a suitable fallback logic is chosen. This is
+ supposed to be useful for general purpose distributions, as it allows
+ minimizing the list of dependencies the systemd packages pull in,
+ permitting building of more minimal OS images, while still making use
+ of these "weak" dependencies should they be installed. Since many
+ package managers automatically synthesize package dependencies from
+ ELF shared library dependencies, some additional manual packaging
+ work has to be done now to replace those (slightly downgraded from
+ "required" to "recommended" or whatever is conceptually suitable for
+ the package manager). Note that this change does not alter build-time
+ behaviour: as before the build-time dependencies have to be installed
+ during build, even if they now are optional during runtime.
+
+ * sd-event.h gained a new call sd_event_add_time_relative() for
+ installing timers relative to the current time. This is mostly a
+ convenience wrapper around the pre-existing sd_event_add_time() call
+ which installs absolute timers.
+
+ * A new per-unit setting RootImageOptions= has been added which allows
+ tweaking the mount options for any file system mounted as effect of
+ the RootImage= setting.
+
+ * Another new per-unit setting MountImages= has been added, that allows
+ mounting additional disk images into the file system tree accessible
+ to the service.
+
+ * systemd-repart now generates JSON output when requested with the new
+ --json= switch.
+
+ * systemd-machined's OpenMachineShell() bus call will now pass
+ additional policy metadata data fields to the PolicyKit
+ authentication request.
+
+ * systemd-tmpfiles gained a new -E switch, which is equivalent to
+ --exclude-prefix=/dev --exclude-prefix=/proc --exclude=/run
+ --exclude=/sys. It's particularly useful in combination with --root=,
+ when operating on OS trees that do not have any of these four runtime
+ directories mounted, as this means no files below these subtrees are
+ created or modified, since those mount points should probably remain
+ empty.
+
+ * systemd-tmpfiles gained a new --image= switch which is like --root=,
+ but takes a disk image instead of a directory as argument. The
+ specified disk image is mounted inside a temporary mount namespace
+ and the tmpfiles.d/ drop-ins stored in the image are executed and
+ applied to the image. systemd-sysusers similarly gained a new
+ --image= switch, that allows the sysusers.d/ drop-ins stored in the
+ image to be applied onto the image.
+
+ * Similarly, the journalctl command also gained an --image= switch,
+ which is a quick one-step solution to look at the log data included
+ in OS disk images.
+
+ * journalctl's --output=cat option (which outputs the log content
+ without any metadata, just the pure text messages) will now make use
+ of terminal colors when run on a suitable terminal, similarly to the
+ other output modes.
+
+ * JSON group records now support a "description" string that may be
+ used to add a human-readable textual description to such groups. This
+ is supposed to match the user's GECOS field which traditionally
+ didn't have a counterpart for group records.
+
+ * The "systemd-dissect" tool that may be used to inspect OS disk images
+ and that was previously installed to /usr/lib/systemd/ has now been
+ moved to /usr/bin/, reflecting its updated status of an officially
+ supported tool with a stable interface. It gained support for a new
+ --mkdir switch which when combined with --mount has the effect of
+ creating the directory to mount the image to if it is missing
+ first. It also gained two new commands --copy-from and --copy-to for
+ copying files and directories in and out of an OS image without the
+ need to manually mount it. It also acquired support for a new option
+ --json= to generate JSON output when inspecting an OS image.
+
+ * The cgroup2 file system is now mounted with the
+ "memory_recursiveprot" mount option, supported since kernel 5.7. This
+ means that the MemoryLow= and MemoryMin= unit file settings now apply
+ recursively to whole subtrees.
+
+ * systemd-homed now defaults to using the btrfs file system — if
+ available — when creating home directories in LUKS volumes. This may
+ be changed with the DefaultFileSystemType= setting in homed.conf.
+ It's now the default file system in various major distributions and
+ has the major benefit for homed that it can be grown and shrunk while
+ mounted, unlike the other contenders ext4 and xfs, which can both be
+ grown online, but not shrunk (in fact xfs is the technically most
+ limited option here, as it cannot be shrunk at all).
+
+ * JSON user records managed by systemd-homed gained support for
+ "recovery keys". These are basically secondary passphrases that can
+ unlock user accounts/home directories. They are computer-generated
+ rather than user-chosen, and typically have greater entropy.
+ homectl's --recovery-key= option may be used to add a recovery key to
+ a user account. The generated recovery key is displayed as a QR code,
+ so that it can be scanned to be kept in a safe place. This feature is
+ particularly useful in combination with systemd-homed's support for
+ FIDO2 or PKCS#11 authentication, as a secure fallback in case the
+ security tokens are lost. Recovery keys may be entered wherever the
+ system asks for a password.
+
+ * systemd-homed now maintains a "dirty" flag for each LUKS encrypted
+ home directory which indicates that a home directory has not been
+ deactivated cleanly when offline. This flag is useful to identify
+ home directories for which the offline discard logic did not run when
+ offlining, and where it would be a good idea to log in again to catch
+ up.
+
+ * systemctl gained a new parameter --timestamp= which may be used to
+ change the style in which timestamps are output, i.e. whether to show
+ them in local timezone or UTC, or whether to show µs granularity.
+
+ * Alibaba's "pouch" container manager is now detected by
+ systemd-detect-virt, ConditionVirtualization= and similar constructs.
+
+ * systemd-nspawn has been reworked to use the /run/host/incoming/ as
+ place to use for propagating external mounts into the
+ container. Similarly /run/host/notify is now used as the socket path
+ for container payloads to communicate with the container manager
+ using sd_notify(). The container manager now uses the
+ /run/host/inaccessible/ directory to place "inaccessible" file nodes
+ of all relevant types which may be used by the container payload as
+ bind mount source to over-mount inodes to make them inaccessible.
+ /run/host/container-manager will now be initialized with the same
+ string as the $container environment variable passed to the
+ container's PID 1. /run/host/container-uuid will be initialized with
+ the same string as $container_uuid. This means the /run/host/
+ hierarchy is now the primary way to make host resources available to
+ the container. The Container Interface documents these new files and
+ directories:
+
+ https://systemd.io/CONTAINER_INTERFACE
+
+ * Support for the "ConditionNull=" unit file condition has been
+ deprecated and undocumented for 6 years. systemd started to warn
+ about its use 1.5 years ago. It has now been removed entirely.
+
+ * If the $SYSTEMD_LOG_SECCOMP=1 environment variable is set for
+ systemd-nspawn all system call filter violations will be logged by
+ the kernel (audit). This is useful for tracking down system calls
+ invoked by container payloads that are prohibited by the container's
+ system call filter policy.
+
+ * sd-bus.h gained a new API call sd_bus_error_has_names(), which takes
+ a sd_bus_error struct and a list of error names, and checks if the
+ error matches one of these names. It's a convenience wrapper that is
+ useful in cases where multiple errors shall be handled the same way.
+
+ * A new system call filter list "@known" has been added, that contains
+ all system calls known at the time systemd was built.
+
+ * Behaviour of system call filter allow lists has changed slightly:
+ system calls that are contained in @known will result in a EPERM by
+ default, while those not contained in it result in ENOSYS. This
+ should improve compatibility because known syscalls will thus be
+ communicated as prohibited, while unknown (and thus newer ones) will
+ be communicated as not implemented, which hopefully has the greatest
+ chance of triggering the right fallback code paths in client
+ applications.
+
+ * Two new unit file settings ProtectProc= and ProcSubset= have been
+ added that expose the hidepid= and subset= mount options of procfs.
+ All processes of the unit will only see processes in /proc that are
+ are owned by the unit's user. This is an important new sandboxing
+ option that is recommended to be set on all system services. All
+ long-running system services that are included in systemd itself set
+ this option now. This option is only supported on kernel 5.8 and
+ above, since the hidepid= option supported on older kernels was not a
+ per-mount option but actually applied to the whole PID namespace.
+
+ * Socket units gained a new boolean setting FlushPending=. If enabled
+ all pending socket data/connections are flushed whenever the socket
+ unit enters the "listening" state, i.e. after the associated service
+ exited.
+
+ * The unit file setting NUMAMask= gained a new "all" value: when used,
+ all existing NUMA nodes are added to the NUMA mask.
+
+ * A new "credentials" logic has been added to system services. This is
+ a simple mechanism to pass privileged data to services in a safe and
+ secure way. It's supposed to be used to pass per-service secret data
+ such as passwords or cryptographic keys but also associated less
+ private information such as user names, certificates, and similar to
+ system services. Each credential is identified by a short user-chosen
+ name and may contain arbitrary binary data. Two new unit file
+ settings have been added: SetCredential= and LoadCredential=. The
+ former allows setting a credential to a literal string, the latter
+ sets a credential to the contents of a file (or data read from a
+ user-chosen AF_UNIX stream socket). Credentials are passed to the
+ service via a special credentials directory, one file for each
+ credential. The path to the credentials directory is passed in a new
+ $CREDENTIALS_DIRECTORY environment variable. Since the credentials
+ are passed in the file system they may be easily referenced in
+ ExecStart= command lines too, thus no explicit support for the
+ credentials logic in daemons is required (though ideally daemons
+ would look for the bits they need in $CREDENTIALS_DIRECTORY
+ themselves automatically, if set). The $CREDENTIALS_DIRECTORY is
+ backed by unswappable memory if privileges allow it, immutable if
+ privileges allow it, is accessible only to the service's UID, and is
+ automatically destroyed when the service stops.
+
+ * systemd-nspawn supports the same credentials logic. It can both
+ consume credentials passed to it via the aforementioned
+ $CREDENTIALS_DIRECTORY protocol as well as pass these credentials on
+ to its payload. The service manager/PID 1 has been updated to match
+ this: it can also accept credentials from the container manager that
+ invokes it (in fact: any process that invokes it), and passes them on
+ to its services. Thus, credentials can be propagated recursively down
+ the tree: from a system's service manager to a systemd-nspawn
+ service, to the service manager that runs as container payload and to
+ the service it runs below. Credentials may also be added on the
+ systemd-nspawn command line, using new --set-credential= and
+ --load-credential= command line switches that match the
+ aforementioned service settings.
+
+ * systemd-repart gained new settings Format=, Encrypt=, CopyFiles= in
+ the partition drop-ins which may be used to format/LUKS
+ encrypt/populate any created partitions. The partitions are
+ encrypted/formatted/populated before they are registered in the
+ partition table, so that they appear atomically: either the
+ partitions do not exist yet or they exist fully encrypted, formatted,
+ and populated — there is no time window where they are
+ "half-initialized". Thus the system is robust to abrupt shutdown: if
+ the tool is terminated half-way during its operations on next boot it
+ will start from the beginning.
+
+ * systemd-repart's --size= operation gained a new "auto" value. If
+ specified, and operating on a loopback file it is automatically sized
+ to the minimal size the size constraints permit. This is useful to
+ use "systemd-repart" as an image builder for minimally sized images.
+
+ * systemd-resolved now gained a third IPC interface for requesting name
+ resolution: besides D-Bus and local DNS to 127.0.0.53 a Varlink
+ interface is now supported. The nss-resolve NSS module has been
+ modified to use this new interface instead of D-Bus. Using Varlink
+ has a major benefit over D-Bus: it works without a broker service,
+ and thus already during earliest boot, before the dbus daemon has
+ been started. This means name resolution via systemd-resolved now
+ works at the same time systemd-networkd operates: from earliest boot
+ on, including in the initrd.
+
+ * systemd-resolved gained support for a new DNSStubListenerExtra=
+ configuration file setting which may be used to specify additional IP
+ addresses the built-in DNS stub shall listen on, in addition to the
+ main one on 127.0.0.53:53.
+
+ * Name lookups issued via systemd-resolved's D-Bus and Varlink
+ interfaces (and thus also via glibc NSS if nss-resolve is used) will
+ now honour a trailing dot in the hostname: if specified the search
+ path logic is turned off. Thus "resolvectl query foo." is now
+ equivalent to "resolvectl query --search=off foo.".
+
+ * systemd-resolved gained a new D-Bus property "ResolvConfMode" that
+ exposes how /etc/resolv.conf is currently managed: by resolved (and
+ in which mode if so) or another subsystem. "resolvctl" will display
+ this property in its status output.
+
+ * The resolv.conf snippets systemd-resolved provides will now set "."
+ as the search domain if no other search domain is known. This turns
+ off the derivation of an implicit search domain by nss-dns for the
+ hostname, when the hostname is set to an FQDN. This change is done to
+ make nss-dns using resolv.conf provided by systemd-resolved behave
+ more similarly to nss-resolve.
+
+ * systemd-tmpfiles' file "aging" logic (i.e. the automatic clean-up of
+ /tmp/ and /var/tmp/ based on file timestamps) now looks at the
+ "birth" time (btime) of a file in addition to the atime, mtime, and
+ ctime.
+
+ * systemd-analyze gained a new verb "capability" that lists all known
+ capabilities by the systemd build and by the kernel.
+
+ * If a file /usr/lib/clock-epoch exists, PID 1 will read its mtime and
+ advance the system clock to it at boot if it is noticed to be before
+ that time. Previously, PID 1 would only advance the time to an epoch
+ time that is set during build-time. With this new file OS builders
+ can change this epoch timestamp on individual OS images without
+ having to rebuild systemd.
+
+ * systemd-logind will now listen to the KEY_RESTART key from the Linux
+ input layer and reboot the system if it is pressed, similarly to how
+ it already handles KEY_POWER, KEY_SUSPEND or KEY_SLEEP. KEY_RESTART
+ was originally defined in the Multimedia context (to restart playback
+ of a song or film), but is now primarily used in various embedded
+ devices for "Reboot" buttons. Accordingly, systemd-logind will now
+ honour it as such. This may configured in more detail via the new
+ HandleRebootKey= and RebootKeyIgnoreInhibited=.
+
+ * systemd-nspawn/systemd-machined will now reconstruct hardlinks when
+ copying OS trees, for example in "systemd-nspawn --ephemeral",
+ "systemd-nspawn --template=", "machinectl clone" and similar. This is
+ useful when operating with OSTree images, which use hardlinks heavily
+ throughout, and where such copies previously resulting in "exploding"
+ hardlinks.
+
+ * systemd-nspawn's --console= setting gained support for a new
+ "autopipe" value, which is identical to "interactive" when invoked on
+ a TTY, and "pipe" otherwise.
+
+ * systemd-networkd's .network files gained support for explicitly
+ configuring the multicast membership entries of bridge devices in the
+ [BridgeMDB] section. It also gained support for the PIE queuing
+ discipline in the [FlowQueuePIE] sections.
+
+ * systemd-networkd's .netdev files may now be used to create "BareUDP"
+ tunnels, configured in the new [BareUDP] setting. VXLAN tunnels may
+ now be marked to be independent of any underlying network interface
+ via the new Independent= boolean setting.
+
+ * systemctl gained support for two new verbs: "service-log-level" and
+ "service-log-target" may be used on services that implement the
+ generic org.freedesktop.LogControl1 D-Bus interface to dynamically
+ adjust the log level and target. All of systemd's long-running
+ services support this now, but ideally all system services would
+ implement this interface to make the system more uniformly
+ debuggable.
+
+ * The SystemCallErrorNumber= unit file setting now accepts the new
+ "kill" and "log" actions, in addition to arbitrary error number
+ specifications as before. If "kill" the the processes are killed on
+ the event, if "log" the offending syscall is audit logged.
+
+ * A new SystemCallLog= unit file setting has been added that accepts a
+ list of syscalls that shall be logged about (audit).
+
+ * The OS image dissection logic (as used by RootImage= in unit files or
+ systemd-nspawn's --image= switch) has gained support for identifying
+ and mounting explicit /usr/ partitions, which are now defined in the
+ discoverable partition specification. This should be useful for
+ environments where the root file system is
+ generated/formatted/populated dynamically on first boot and combined
+ with an immutable /usr/ tree that is supplied by the vendor.
+
+ * In the final phase of shutdown, within the systemd-shutdown binary
+ we'll now try to detach MD devices (i.e software RAID) in addition to
+ loopback block devices and DM devices as before. This is supposed to
+ be a safety net only, in order to increase robustness if things go
+ wrong. Storage subsystems are expected to properly detach their
+ storage volumes during regular shutdown already (or in case of
+ storage backing the root file system: in the initrd hook we return to
+ later).
+
+ * If the SYSTEMD_LOG_TID environment variable is set all systemd tools
+ will now log the thread ID in their log output. This is useful when
+ working with heavily threaded programs.
+
+ * If the SYSTEMD_RDRAND enviroment variable is set to "0", systemd will
+ not use the RDRAND CPU instruction. This is useful in environments
+ such as replay debuggers where non-deterministic behaviour is not
+ desirable.
+
+ * When building systemd the Meson option
+ -Dcompat-mutable-uid-boundaries may now be specified. If enabled,
+ systemd reads the system UID boundaries from /etc/login.defs, instead
+ of using the built-in values selected during build-time. This is an
+ option to improve compatibility for upgrades from old systems. It's
+ strongly recommended not to make use of this functionality on new
+ systems (or even enable it during build), as it makes something
+ runtime-configurable that is mostly an implementation detail of the
+ OS, and permits avoidable differences in deployments that create all
+ kinds of problems in the long run.
+
+
+CHANGES WITH 246:
* The service manager gained basic support for cgroup v2 freezer. Units
can now be suspended or resumed either using new systemctl verbs,
* .socket units gained a new boolean setting PassPacketInfo=. If
enabled, the kernel will attach additional per-packet metadata to all
- packets read from the socket, as ancillary message. This controls the
- IP_PKTINFO, IPV6_RECVPKTINFO, NETLINK_PKTINFO socket options,
+ packets read from the socket, as an ancillary message. This controls
+ the IP_PKTINFO, IPV6_RECVPKTINFO, NETLINK_PKTINFO socket options,
depending on socket type.
* .service units gained a new setting RootHash= which may be used to
notation when the 0o prefix is used and binary notation if the 0b
prefix is used.
+ * Various command line parameters and configuration file settings that
+ configure key or certificate files now optionally take paths to
+ AF_UNIX sockets in the file system. If configured that way a stream
+ connection is made to the socket and the required data read from
+ it. This is a simple and natural extension to the existing regular
+ file logic, and permits other software to provide keys or
+ certificates via simple IPC services, for example when unencrypted
+ storage on disk is not desired. Specifically, systemd-networkd's
+ Wireguard and MACSEC key file settings as well as
+ systemd-journal-gatewayd's and systemd-journal-remote's PEM
+ key/certificate parameters support this now.
+
* Unit files, tmpfiles.d/ snippets, sysusers.d/ snippets and other
configuration files that support specifier expansion learnt six new
specifiers: %a resolves to the current architecture, %o/%w/%B/%W
from the documentation, but will now result in warnings when used,
and be converted to "journal" and "journal+console" automatically.
+ * If the service setting User= is set to the "nobody" user, a warning
+ message is now written to the logs (but the value is nonetheless
+ accepted). Setting User=nobody is unsafe, since the primary purpose
+ of the "nobody" user is to own all files whose owner cannot be mapped
+ locally. It's in particular used by the NFS subsystem and in user
+ namespacing. By running a service under this user's UID it might get
+ read and even write access to all these otherwise unmappable files,
+ which is quite likely a major security problem.
+
+ * tmpfs mounts automatically created by systemd (/tmp, /run, /dev/shm,
+ and others) now have a size and inode limits applied (50% of RAM for
+ /tmp and /dev/shm, 10% of RAM for other mounts, etc.). Please note
+ that the implicit kernel default is 50% too, so there is no change
+ in the size limit for /tmp and /dev/shm.
+
+ * nss-mymachines lost support for resolution of users and groups, and
+ now only does resolution of hostnames. This functionality is now
+ provided by nss-systemd. Thus, the 'mymachines' entry should be
+ removed from the 'passwd:' and 'group:' lines in /etc/nsswitch.conf
+ (and 'systemd' added if it is not already there).
+
* A new kernel command line option systemd.hostname= has been added
that allows controlling the hostname that is initialized early during
boot.
now automatically set to "Y" at boot, in order to enable pstore
generation for collection with systemd-pstore.
- * A new 'hwdb' file has been added that collects information about PCI
- and USB devices that correctly support auto-suspend, on top of the
- databases for this we import from the ChromiumOS project. If you have
- a device that supports auto-suspend correctly and where it should be
- enabled by default, please submit a patch that adds it to the
- database (see /usr/lib/udev/hwdb.d/60-autosuspend.hwdb).
+ * We provide a set of udev rules to enable auto-suspend on PCI and USB
+ devices that were tested to correctly support it. Previously, this
+ was distributed as a set of udev rules, but has now been replaced by
+ by a set of hwdb entries (and a much shorter udev rule to take action
+ if the device modalias matches one of the new hwdb entries).
+
+ As before, entries are periodically imported from the database
+ maintained by the ChromiumOS project. If you have a device that
+ supports auto-suspend correctly and where it should be enabled by
+ default, please submit a patch that adds it to the database (see
+ /usr/lib/udev/hwdb.d/60-autosuspend.hwdb).
- * systemd-udevd gained new configuration option timeout_signal= as well
- as corresponding kernel command line option udev.timeout_signal=.
+ * systemd-udevd gained the new configuration option timeout_signal= as well
+ as a corresponding kernel command line option udev.timeout_signal=.
The option can be used to configure the UNIX signal that the main
daemon sends to the worker processes on timeout. Setting the signal
to SIGABRT is useful for debugging.
new boolean setting Assign=. If enabled an address from the prefix is
automatically assigned to the interface.
- * systemd-networkd's [Network] section gained a new setting
- IPv6PDSubnetId= that allows explicit configuration of the preferred
- subnet that networkd's Prefix Delegation logic assigns to interfaces.
+ * systemd-networkd gained a new section [DHCPv6PrefixDelegation] which
+ controls delegated prefixes assigned by DHCPv6 client. The section
+ has three settings: SubnetID=, Assign=, and Token=. The setting
+ SubnetID= allows explicit configuration of the preferred subnet that
+ systemd-networkd's Prefix Delegation logic assigns to interfaces. If
+ Assign= is enabled (which is the default) an address from any acquired
+ delegated prefix is automatically chosen and assigned to the
+ interface. The setting Token= specifies an optional address generation
+ mode for Assign=.
* systemd-networkd's [Network] section gained a new setting
IPv4AcceptLocal=. If enabled the interface accepts packets with local
Description"). Support for "MUD" URLs was also added to the LLDP
stack, configurable in the [LLDP] section in .network files.
+ * The Mode= settings in [MACVLAN] and [MACVTAP] now support 'source'
+ mode. Also, the sections now support a new setting SourceMACAddress=.
+
* systemd-networkd's .netdev files now support a new setting
VLANProtocol= in the [Bridge] section that allows configuration of
the VLAN protocol to use.
interface which is fully set up for host communication, simply by
carefully picking an interface name to use.
- * A new boolean option AssignAcquiredDelegatedPrefixAddress= has been
- added to the [DHCPv6] section of .network files. If enabled (which is
- the default) an address from any acquired delegated prefix is
- automatically chosen and assigned to the interface.
-
* systemd-networkd's [DHCPv6] section gained a new setting RouteMetric=
which sets the route priority for routes specified by the DHCP server.
interface. There are new "up" and "down" commands to bring specific
interfaces up or down.
- * systemd-resolved's DNS= configuration option now optionally accepts
- DNS server addresses suffixed by "#" followed by a host name. If
- used, the DNS-over-TLS certificate is validated to match the
- specified hostname.
+ * systemd-resolved's DNS= configuration option now optionally accepts a
+ port number (after ":") and a host name (after "#"). When the host
+ name is specified, the DNS-over-TLS certificate is validated to match
+ the specified hostname. Additionally, in case of IPv6 addresses, an
+ interface may be specified (after "%").
* systemd-resolved may be configured to forward single-label DNS names.
This is not standard-conformant, but may make sense in setups where
MESSAGE=. This is useful to retrieve a very specific set of fields
without any decoration.
+ * The sd-journal.h API gained two new functions:
+ sd_journal_enumerate_available_unique() and
+ sd_journal_enumerate_available_data() that operate like their
+ counterparts that lack the _available_ in the name, but skip items
+ that cannot be read and processed by the local implementation
+ (i.e. are compressed in an unsupported format or such),
+
* coredumpctl gained a new --file= switch, matching the same one in
journalctl: a specific journal file may be specified to read the
coredump data from.
storage and file system may now be configured explicitly, too, via
the new /etc/systemd/homed.conf configuration file.
+ * systemd-homed now supports unlocking home directories with FIDO2
+ security tokens that support the 'hmac-secret' extension, in addition
+ to the existing support for PKCS#11 security token unlocking
+ support. Note that many recent hardware security tokens support both
+ interfaces. The FIDO2 support is accessible via homectl's
+ --fido2-device= option.
+
+ * homectl's --pkcs11-uri= setting now accepts two special parameters:
+ if "auto" is specified and only one suitable PKCS#11 security token
+ is plugged in, its URL is automatically determined and enrolled for
+ unlocking the home directory. If "list" is specified a brief table of
+ suitable PKCS#11 security tokens is shown. Similar, the new
+ --fido2-device= option also supports these two special values, for
+ automatically selecting and listing suitable FIDO2 devices.
+
* The /etc/crypttab tmp option now optionally takes an argument
selecting the file system to use. Moreover, the default is now
changed from ext2 to ext4.
control the inode limit for the per-user $XDG_RUNTIME_DIR tmpfs
instance.
- * systemd-firstboot gained a new --root-password-hashed= parameter for
- setting the root user's password as UNIX password hash. There's a new
- --delete-root-password switch which instead of setting a password for
- the root user, removes it so that log-in without a password is
- permitted. There's now --force which if specified means any existing
- configuration is overwritten by the specified settings. It also
- gained a new --kernel-command-line= parameter which may be used to
- set the /etc/kernel/cmdline file of an OS image.
-
* A new generator systemd-xdg-autostart-generator has been added. It
generates systemd unit files from XDG autostart .desktop files, and
may be used to let the systemd user instance manage services that are
also gained a new switch --root-password-hashed= which is like
--root-password= but accepts a pre-hashed UNIX password as
argument. The new option --delete-root-password may be used to unset
- any password for the root user (dangerous!). A new --force option may
- be used to override any already set settings with the parameters
- specified on the command line (by default, the tool will not override
- what has already been set before, i.e. is purely incremental).
+ any password for the root user (dangerous!). The --root-shell= switch
+ may be used to control the shell to use for the root account. A new
+ --force option may be used to override any already set settings with
+ the parameters specified on the command line (by default, the tool
+ will not override what has already been set before, i.e. is purely
+ incremental).
+
+ * systemd-firstboot gained support for a new --image= switch, which is
+ similar to --root= but accepts the path to a disk image file, on
+ which it then operates.
* A new sd-path.h API has been added to libsystemd. It provides a
simple API for retrieving various search paths and primary
document the methods, signals and properties.
* The expectations on user/group name syntax are now documented in
- detail; documentation how classic home directories may be converted
- into home directories managed by homed has been added; documentation
- regarding integration of homed/userdb functionality in desktops has
- been added:
+ detail; documentation on how classic home directories may be
+ converted into home directories managed by homed has been added;
+ documentation regarding integration of homed/userdb functionality in
+ desktops has been added:
https://systemd.io/USER_NAMES
https://systemd.io/CONVERTING_TO_HOMED
https://systemd.io/JOURNAL_FILE_FORMAT
+ * The interface for containers (https://systemd.io/CONTAINER_INTERFACE)
+ has been extended by a set of environment variables that expose
+ select fields from the host's os-release file to the container
+ payload. Similarly, host's os-release files can be mounted into the
+ container underneath /run/host. Together, those mechanisms provide a
+ standardized way to expose information about the host to the
+ container payload. Both interfaces are implemented in systemd-nspawn.
+
* All D-Bus services shipped in systemd now implement the generic
LogControl1 D-Bus API which allows clients to change log level +
target of the service during runtime.
+ * Only relevant for developers: the mkosi.default symlink has been
+ dropped from version control. Please create a symlink to one of the
+ distribution-specific defaults in .mkosi/ based on your preference.
+
+ Contributions from: 24bisquitz, Adam Nielsen, Alan Perry, Alexander
+ Malafeev, Amitanand.Chikorde, Alin Popa, Alvin Šipraga, Amos Bird,
+ Andreas Rammhold, AndreRH, Andrew Doran, Anita Zhang, Ankit Jain,
+ antznin, Arnaud Ferraris, Arthur Moraes do Lago, Arusekk, Balaji
+ Punnuru, Balint Reczey, Bastien Nocera, bemarek, Benjamin Berg,
+ Benjamin Dahlhoff, Benjamin Robin, Chris Down, Chris Kerr, Christian
+ Göttsche, Christian Hesse, Christian Oder, Ciprian Hacman, Clinton Roy,
+ codicodi, Corey Hinshaw, Daan De Meyer, Dana Olson, Dan Callaghan,
+ Daniel Fullmer, Daniel Rusek, Dan Streetman, Dave Reisner, David
+ Edmundson, David Wood, Denis Pronin, Diego Escalante Urrelo, Dimitri
+ John Ledkov, dolphrundgren, duguxy, Einsler Lee, Elisei Roca, Emmanuel
+ Garette, Eric Anderson, Eric DeVolder, Evgeny Vereshchagin,
+ ExtinctFire, fangxiuning, Ferran Pallarès Roca, Filipe Brandenburger,
+ Filippo Falezza, Finn, Florian Klink, Florian Mayer, Franck Bui,
+ Frantisek Sumsal, gaurav, Georg Müller, Gergely Polonkai, Giedrius
+ Statkevičius, Gigadoc2, gogogogi, Gaurav Singh, gzjsgdsb, Hans de
+ Goede, Haochen Tong, ianhi, ignapk, Jakov Smolic, James T. Lee, Jan
+ Janssen, Jan Klötzke, Jan Palus, Jay Burger, Jeremy Cline, Jérémy
+ Rosen, Jian-Hong Pan, Jiri Slaby, Joel Shapiro, Joerg Behrmann, Jörg
+ Thalheim, Jouke Witteveen, Kai-Heng Feng, Kenny Levinsen, Kevin
+ Kuehler, Kumar Kartikeya Dwivedi, layderv, laydervus, Lénaïc Huard,
+ Lennart Poettering, Lidong Zhong, Luca Boccassi, Luca BRUNO, Lucas
+ Werkmeister, Lukas Klingsbo, Lukáš Nykrýn, Łukasz Stelmach, Maciej
+ S. Szmigiero, MadMcCrow, Marc-André Lureau, Marcel Holtmann, Marc
+ Kleine-Budde, Martin Hundebøll, Matthew Leeds, Matt Ranostay, Maxim
+ Fomin, MaxVerevkin, Michael Biebl, Michael Chapman, Michael Gubbels,
+ Michael Marley, Michał Bartoszkiewicz, Michal Koutný, Michal Sekletár,
+ Mike Gilbert, Mike Kazantsev, Mikhail Novosyolov, ml, Motiejus Jakštys,
+ nabijaczleweli, nerdopolis, Niccolò Maggioni, Niklas Hambüchen, Norbert
+ Lange, Paul Cercueil, pelzvieh, Peter Hutterer, Piero La Terza, Pieter
+ Lexis, Piotr Drąg, Rafael Fontenelle, Richard Petri, Ronan Pigott, Ross
+ Lagerwall, Rubens Figueiredo, satmandu, Sean-StarLabs, Sebastian
+ Jennen, sterlinghughes, Surhud More, Susant Sahani, szb512, Thomas
+ Haller, Tobias Hunger, Tom, Tomáš Pospíšek, Tomer Shechner, Tom Hughes,
+ Topi Miettinen, Tudor Roman, Uwe Kleine-König, Valery0xff, Vito Caputo,
+ Vladimir Panteleev, Vladyslav Tronko, Wen Yang, Yegor Vialov, Yigal
+ Korman, Yi Gao, YmrDtnJu, Yuri Chornoivan, Yu Watanabe, Zbigniew
+ Jędrzejewski-Szmek, Zhu Li, Дамјан Георгиевски, наб
+
+ – Warsaw, 2020-07-30
CHANGES WITH 245: