X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=NEWS;h=6e1918495f97eb41659343732a6b9629950dcada;hb=df7f9afaa7c727c3f7774db4b9f4513fc0478a5b;hp=40886e45e40dd2018d55ee7c01479b6de8da0c9c;hpb=bd36ef0a7c0defbb57f8525ec388088a7680158f;p=thirdparty%2Fsystemd.git diff --git a/NEWS b/NEWS index 40886e45e40..6e1918495f9 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,376 @@ systemd System and Service Manager -CHANGES WITH 241 in spe: +CHANGES WITH 243 in spe: + + * Previously, filters defined with SystemCallFilter= would have the + effect that an calling an offending system call would terminate the + calling thread. This behaviour never made much sense, since killing + individual threads of unexpecting processes is likely to create more + problems than it solves. With this release the default action changed + from killing the thread to killing the whole process. For this to + work correctly both a kernel version (>= 4.14) and a libseccomp + version (>= 2.4.0) supporting this new seccomp action is required. If + an older kernel or libseccomp is used the old behaviour continues to + be used. This change does not affect any services that have no system + call filters defined, or that use SystemCallErrorNumber= (and thus + see EPERM or another error instead of being killed when calling an + offending system call). Note that systemd documentation always + claimed that the whole process is killed. With this change behaviour + is thus adjusted to match the documentation. + + * The "kernel.pid_max" sysctl is now bumped to 4194304 by default, + i.e. the full 22bit range the kernel allows, up from the old 16bit + range. This should improve security and robustness a bit, as PID + collisions are made less likely (though certainly still + possible). There are rumours this might create compatibility + problems, though at this moment no practical ones are known to + us. Downstream distributions are hence advised to undo this change in + their builds if they are concerned about maximum compatibility, but + for everybody else we recommend leaving the value bumped. Besides + improving security and robustness this should also simplify things as + the maximum number of allowed concurrent tasks was previously bounded + by both "kernel.pid_max" and "kernel.threads-max" and now only a + single knob is left ("kernel.threads-max"). There have been concerns + that usability is affected by this change because larger PID numbers + are harder to type, but we believe the change from 5 digit PIDs to 7 + digit PIDs is not too hampering for usability. + + * MemoryLow and MemoryMin gained hierarchy-aware counterparts, + DefaultMemoryLow and DefaultMemoryMin, which can be used to + hierarchically set default memory protection values for a particular + subtree of the unit hierarchy. + + * Memory protection directives can now take a value of zero, allowing + explicit opting out of a default value propagated by an ancestor. + + * systemd now defaults to the "unified" cgroup hierarchy setup during + build-time, i.e. -Ddefault-hierarchy=unified is now the build-time + default. Previously, -Ddefault-hierarchy=hybrid was the default. This + change reflects the fact that cgroupsv2 support has matured + substantially in both systemd and in the kernel, and is clearly the + way forward. Downstream production distributions might want to + continue to use -Ddefault-hierarchy=hybrid (or even =legacy) for + their builds as unfortunately the popular container managers have not + caught up with the kernel API changes. + + * Man pages are not built by default anymore (html pages were already + disabled by default), to make development builds quicker. When + building systemd for a full installation with documentation, meson + should be called -Dman=true and/or -Dhtml=true as appropriate. The + default was changed based on the assumption that quick one-off or + repeated development builds are much more common than full optimized + builds for installation, and people need to pass various other + options to when doing "proper" builds anyway, so the gain from making + development builds quicker is bigger than the one time disruption for + packagers. + + Two scripts are created in the *build* directory to generate and + preview man and html pages on demand, e.g.: + + build/man/man systemctl + build/man/html systemd.index + + * The D-Bus "wire format" for CPUAffinity attribute is changed on + big-endian machines. Before, bytes were written and read in native + machine order as exposed by the native libc __cpu_mask interface. + Now, little-endian order is always used (CPUs 0–7 are described by + bits 0–7 in byte 0, CPUs 8–15 are described by byte 1, and so on). + This change fixes D-Bus calls that cross endianness boundary. + + The presentation format used for CPUAffinity by systemctl show and + systemd-analyze dump is changed to present CPU indices instead of the + raw __cpu_mask bitmask. For example, CPUAffinity=0-1 would be shown + as CPUAffinity=03000000000000000000000000000… (on little-endian) or + CPUAffinity=00000000000000300000000000000… (on 64-bit big-endian), + and is now shown as CPUAffinity=0-1, matching the input format. The + maximum integer that will be printed in new format is 8191 (four + digits), while the old format always used a very long number (with + the length varying by architecture), so they can be unambiguously + distinguished. + + * /usr/sbin/halt.local is no longer supported. Implementation in + distributions was inconsistent and it seems this functionality was + very rarely used. + + To replace this functionality, users should: + - either define a new unit and make it a dependency of final.target + (systemctl add-wants final.target my-halt-local.service) + - or move the shutdown script to /usr/lib/systemd/system-shutdown/ + and ensure that it accepts "halt", "poweroff", "reboot", and + "kexec" as an argument, see the description in systemd-shutdown(8). + + * When a [Match] section in .link or .network file is empty (contains + no match patterns), a warning will be emitted. Please add any "match + all" pattern instead, e.g. OriginalName=* or Name=* in case all + interfaces should really be matched. + + … + +CHANGES WITH 242: + + * In .link files, MACAddressPolicy=persistent (the default) is changed + to cover more devices. For devices like bridges, tun, tap, bond, and + similar interfaces that do not have other identifying information, + the interface name is used as the basis for persistent seed for MAC + and IPv4LL addresses. The way that devices that were handled + previously is not changed, and this change is about covering more + devices then previously by the "persistent" policy. + + MACAddressPolicy=random may be used to force randomized MACs and + IPv4LL addresses for a device if desired. + + Hint: the log output from udev (at debug level) was enhanced to + clarify what policy is followed and which attributes are used. + `SYSTEMD_LOG_LEVEL=debug udevadm test-builtin net_setup_link /sys/class/net/` + may be used to view this. + + * The .device units generated by systemd-fstab-generator and other + generators do not automatically pull in the corresponding .mount unit + as a Wants= dependency. This means that simply plugging in the device + will not cause the mount unit to be started automatically. But please + note that the mount unit may be started for other reasons, in + particular if it is part of local-fs.target, and any unit which + (transitively) depends on local-fs.target is started. + + * networkctl list/status/lldp now accept globbing wildcards for network + interface names to match against all existing interfaces. + + * The $PIDFILE environment variable is set to point the absolute path + configured with PIDFile= for processes of that service. + + * The fallback DNS server list was augmented with Cloudflare public DNS + servers. Use `-Ddns-servers=` to set a different fallback. + + * A new special target usb-gadget.target will be started automatically + when a USB Device Controller is detected (which means that the system + is a USB peripheral). + + * A new unit setting CPUQuotaPeriodSec= assigns the time period + relatively to which the CPU time quota specified by CPUQuota= is + measured. + + * A new unit setting ProtectHostname= may be used to prevent services + from modifying hostname information (even if they otherwise would + have privileges to do so). + + * A new unit setting NetworkNamespacePath= may be used to specify a + namespace for service or socket units through a path referring to a + Linux network namespace pseudo-file. + + * The PrivateNetwork= setting and JoinsNamespaceOf= dependencies now + have an effect on .socket units: when used the listening socket is + created within the configured network namespace instead of the host + namespace. + + * ExecStart= command lines in unit files may now be prefixed with ':' + in which case environment variable substitution is + disabled. (Supported for the other ExecXYZ= settings, too.) + + * .timer units gained two new boolean settings OnClockChange= and + OnTimezoneChange= which may be used to also trigger a unit when the + system clock is changed or the local timezone is + modified. systemd-run has been updated to make these options easily + accessible from the command line for transient timers. + + * Two new conditions for units have been added: ConditionMemory= may be + used to conditionalize a unit based on installed system + RAM. ConditionCPUs= may be used to conditionalize a unit based on + installed CPU cores. + + * The @default system call filter group understood by SystemCallFilter= + has been updated to include the new rseq() system call introduced in + kernel 4.15. + + * A new time-set.target has been added that indicates that the system + time has been set from a local source (possibly imprecise). The + existing time-sync.target is stronger and indicates that the time has + been synchronized with a precise external source. Services where + approximate time is sufficient should use the new target. + + * "systemctl start" (and related commands) learnt a new + --show-transaction option. If specified brief information about all + jobs queued because of the requested operation is shown. + + * systemd-networkd recognizes a new operation state 'enslaved', used + (instead of 'degraded' or 'carrier') for interfaces which form a + bridge, bond, or similar, and an new 'degraded-carrier' operational + state used for the bond or bridge master interface when one of the + enslaved devices is not operational. + + * .network files learnt the new IgnoreCarrierLoss= option for leaving + networks configured even if the carrier is lost. + + * The RequiredForOnline= setting in .network files may now specify a + minimum operational state required for the interface to be considered + "online" by systemd-networkd-wait-online. Related to this + systemd-networkd-wait-online gained a new option --operational-state= + to configure the same, and its --interface= option was updated to + optionally also take an operational state specific for an interface. + + * systemd-networkd-wait-online gained a new setting --any for waiting + for only one of the requested interfaces instead of all of them. + + * systemd-networkd now implements L2TP tunnels. + + * Two new .network settings UseAutonomousPrefix= and UseOnLinkPrefix= + may be used to cause autonomous and onlink prefixes received in IPv6 + Router Advertisements to be ignored. + + * New MulticastFlood=, NeighborSuppression=, and Learning= .network + file settings may be used to tweak bridge behaviour. + + * The new TripleSampling= option in .network files may be used to + configure CAN triple sampling. + + * A new .netdev settings PrivateKeyFile= and PresharedKeyFile= may be + used to point to private or preshared key for a WireGuard interface. + + * /etc/crypttab now supports the same-cpu-crypt and + submit-from-crypt-cpus options to tweak encryption work scheduling + details. + + * systemd-tmpfiles will now take a BSD file lock before operating on a + contents of directory. This may be used to temporarily exclude + directories from aging by taking the same lock (useful for example + when extracting a tarball into /tmp or /var/tmp as a privileged user, + which might create files with really old timestamps, which + nevertheless should not be deleted). For further details, see: + + https://systemd.io/TEMPORARY_DIRECTORIES + + * systemd-tmpfiles' h line type gained support for the + FS_PROJINHERIT_FL ('P') file attribute (introduced in kernel 4.5), + controlling project quota inheritance. + + * sd-boot and bootctl now implement support for an Extended Boot Loader + (XBOOTLDR) partition, that is intended to be mounted to /boot, in + addition to the ESP partition mounted to /efi or /boot/efi. + Configuration file fragments, kernels, initrds and other EFI images + to boot will be loaded from both the ESP and XBOOTLDR partitions. + The XBOOTLDR partition was previously described by the Boot Loader + Specification, but implementation was missing in sd-boot. Support for + this concept allows using the sd-boot boot loader in more + conservative scenarios where the boot loader itself is placed in the + ESP but the kernels to boot (and their metadata) in a separate + partition. + + * A system may now be booted with systemd.volatile=overlay on the + kernel command line, which causes the root file system to be set up + an overlayfs mount combining the root-only root directory with a + writable tmpfs. In this setup, the underlying root device is not + modified, and any changes are lost at reboot. + + * Similar, systemd-nspawn can now boot containers with a volatile + overlayfs root with the new --volatile=overlay switch. + + * systemd-nspawn can now consume OCI runtime bundles using a new + --oci-bundle= option. This implementation is fully usable, with most + features in the specification implemented, but since this a lot of + new code and functionality, this feature should most likely not + be used in production yet. + + * systemd-nspawn now supports various options described by the OCI + runtime specification on the command-line and in .nspawn files: + --inaccessible=/Inaccessible= may be used to mask parts of the file + system tree, --console=/--pipe may be used to configure how standard + input, output, and error are set up. + + * busctl learned the `emit` verb to generate D-Bus signals. + + * systemd-analyze cat-config may be used to gather and display + configuration spread over multiple files, for example system and user + presets, tmpfiles.d, sysusers.d, udev rules, etc. + + * systemd-analyze calendar now takes an optional new parameter + --iterations= which may be used to show a maximum number of iterations + the specified expression will elapse next. + + * The sd-bus C API gained support for naming method parameters in the + introspection data. + + * systemd-logind gained D-Bus APIs to specify the "reboot parameter" + the reboot() system call expects. + + * journalctl learnt a new --cursor-file= option that points to a file + from which a cursor should be loaded in the beginning and to which + the updated cursor should be stored at the end. + + * ACRN hypervisor and Windows Subsystem for Linux (WSL) are now + detected by systemd-detect-virt (and may also be used in + ConditionVirtualization=). + + * The behaviour of systemd-logind may now be modified with environment + variables $SYSTEMD_REBOOT_TO_FIRMWARE_SETUP, + $SYSTEMD_REBOOT_TO_BOOT_LOADER_MENU, and + $SYSTEMD_REBOOT_TO_BOOT_LOADER_ENTRY. They cause logind to either + skip the relevant operation completely (when set to false), or to + create a flag file in /run/systemd (when set to true), instead of + actually commencing the real operation when requested. The presence + of /run/systemd/reboot-to-firmware-setup, + /run/systemd/reboot-to-boot-loader-menu, and + /run/systemd/reboot-to-boot-loader-entry, may be used by alternative + boot loader implementations to replace some steps logind performs + during reboot with their own operations. + + * systemctl can be used to request a reboot into the boot loader menu + or a specific boot loader entry with the new --boot-load-menu= and + --boot-loader-entry= options to a reboot command. (This requires a + boot loader that supports this, for example sd-boot.) + + * kernel-install will no longer unconditionally create the output + directory (e.g. /efi//) for boot loader + snippets, but will do only if the machine-specific parent directory + (i.e. /efi//) already exists. bootctl has been modified + to create this parent directory during sd-boot installation. + + This makes it easier to use kernel-install with plugins which support + a different layout of the bootloader partitions (for example grub2). + + * During package installation (with `ninja install`), we would create + symlinks for getty@tty1.service, systemd-networkd.service, + systemd-networkd.socket, systemd-resolved.service, + remote-cryptsetup.target, remote-fs.target, + systemd-networkd-wait-online.service, and systemd-timesyncd.service + in /etc, as if `systemctl enable` was called for those units, to make + the system usable immediately after installation. Now this is not + done anymore, and instead calling `systemctl preset-all` is + recommended after the first installation of systemd. + + * A new boolean sandboxing option RestrictSUIDSGID= has been added that + is built on seccomp. When turned on creation of SUID/SGID files is + prohibited. + + * The NoNewPrivileges= and the new RestrictSUIDSGID= options are now + implied if DynamicUser= is turned on for a service. This hardens + these services, so that they neither can benefit from nor create + SUID/SGID executables. This is a minor compatibility breakage, given + that when DynamicUser= was first introduced SUID/SGID behaviour was + unaffected. However, the security benefit of these two options is + substantial, and the setting is still relatively new, hence we opted + to make it mandatory for services with dynamic users. + + Contributions from: Adam Jackson, Alexander Tsoy, Andrey Yashkin, + Andrzej Pietrasiewicz, Anita Zhang, Balint Reczey, Beniamino Galvani, + Ben Iofel, Benjamin Berg, Benjamin Dahlhoff, Chris, Chris Morin, + Christopher Wong, Claudius Ellsel, Clemens Gruber, dana, Daniel Black, + Davide Cavalca, David Michael, David Rheinsberg, emersion, Evgeny + Vereshchagin, Filipe Brandenburger, Franck Bui, Frantisek Sumsal, + Giacinto Cifelli, Hans de Goede, Hugo Kindel, Ignat Korchagin, Insun + Pyo, Jan Engelhardt, Jonas Dorel, Jonathan Lebon, Jonathon Kowalski, + Jörg Sommer, Jörg Thalheim, Jussi Pakkanen, Kai-Heng Feng, Lennart + Poettering, Lubomir Rintel, Luís Ferreira, Martin Pitt, Matthias + Klumpp, Michael Biebl, Michael Niewöhner, Michael Olbrich, Michal + Sekletar, Mike Lothian, Paul Menzel, Piotr Drąg, Riccardo Schirone, + Robin Elvedi, Roman Kulikov, Ronald Tschalär, Ross Burton, Ryan + Gonzalez, Sebastian Krzyszkowiak, Stephane Chazelas, StKob, Susant + Sahani, Sylvain Plantefève, Szabolcs Fruhwald, Taro Yamada, Theo + Ouzhinski, Thomas Haller, Tobias Jungel, Tom Yan, Tony Asleson, Topi + Miettinen, unixsysadmin, Van Laser, Vesa Jääskeläinen, Yu, Li-Yu, + Yu Watanabe, Zbigniew Jędrzejewski-Szmek + + — Warsaw, 2019-04-11 + +CHANGES WITH 241: * The default locale can now be configured at compile time. Otherwise, a suitable default will be selected automatically (one of C.UTF-8, @@ -22,13 +392,90 @@ CHANGES WITH 241 in spe: * $DBUS_SESSION_BUS_ADDRESS environment variable is set by pam_systemd again. - * kernel-install script now optionally takes a path to initrd file, and - it is passed to all plugins. - - * -fPIE is dropped from compiler and linker option. Please specify - -Db_pie=true option to meson if you whant to build position-independent + * A new network device NamePolicy "keep" is implemented for link files, + and used by default in 99-default.link (the fallback configuration + provided by systemd). With this policy, if the network device name + was already set by userspace, the device will not be renamed again. + This matches the naming scheme that was implemented before + systemd-240. If naming-scheme < 240 is specified, the "keep" policy + is also enabled by default, even if not specified. Effectively, this + means that if naming-scheme >= 240 is specified, network devices will + be renamed according to the configuration, even if they have been + renamed already, if "keep" is not specified as the naming policy in + the .link file. The 99-default.link file provided by systemd includes + "keep" for backwards compatibility, but it is recommended for user + installed .link files to *not* include it. + + The "kernel" policy, which keeps kernel names declared to be + "persistent", now works again as documented. + + * kernel-install script now optionally takes the paths to one or more + initrd files, and passes them to all plugins. + + * The mincore() system call has been dropped from the @system-service + system call filter group, as it is pretty exotic and may potentially + used for side-channel attacks. + + * -fPIE is dropped from compiler and linker options. Please specify + -Db_pie=true option to meson to build position-independent executables. Note that the meson option is supported since meson-0.49. + * The fs.protected_regular and fs.protected_fifos sysctls, which were + added in Linux 4.19 to make some data spoofing attacks harder, are + now enabled by default. While this will hopefully improve the + security of most installations, it is technically a backwards + incompatible change; to disable these sysctls again, place the + following lines in /etc/sysctl.d/60-protected.conf or a similar file: + + fs.protected_regular = 0 + fs.protected_fifos = 0 + + Note that the similar hardlink and symlink protection has been + enabled since v199, and may be disabled likewise. + + * The files read from the EnvironmentFile= setting in unit files now + parse backslashes inside quotes literally, matching the behaviour of + POSIX shells. + + * udevadm trigger, udevadm control, udevadm settle and udevadm monitor + now automatically become NOPs when run in a chroot() environment. + + * The tmpfiles.d/ "C" line type will now copy directory trees not only + when the destination is so far missing, but also if it already exists + as a directory and is empty. This is useful to cater for systems + where directory trees are put together from multiple separate mount + points but otherwise empty. + + * A new function sd_bus_close_unref() (and the associated + sd_bus_close_unrefp()) has been added to libsystemd, that combines + sd_bus_close() and sd_bus_unref() in one. + + * udevadm control learnt a new option for --ping for testing whether a + systemd-udevd instance is running and reacting. + + * udevadm trigger learnt a new option for --wait-daemon for waiting + systemd-udevd daemon to be initialized. + + Contributions from: Aaron Plattner, Alberts Muktupāvels, Alex Mayer, + Ayman Bagabas, Beniamino Galvani, Burt P, Chris Down, Chris Lamb, Chris + Morin, Christian Hesse, Claudius Ellsel, dana, Daniel Axtens, Daniele + Medri, Dave Reisner, David Santamaría Rogado, Diego Canuhe, Dimitri + John Ledkov, Evgeny Vereshchagin, Fabrice Fontaine, Filipe + Brandenburger, Franck Bui, Frantisek Sumsal, govwin, Hans de Goede, + James Hilliard, Jan Engelhardt, Jani Uusitalo, Jan Janssen, Jan + Synacek, Jonathan McDowell, Jonathan Roemer, Jonathon Kowalski, Joost + Heitbrink, Jörg Thalheim, Lance, Lennart Poettering, Louis Taylor, + Lucas Werkmeister, Mantas Mikulėnas, Marc-Antoine Perennou, + marvelousblack, Michael Biebl, Michael Sloan, Michal Sekletar, Mike + Auty, Mike Gilbert, Mikhail Kasimov, Neil Brown, Niklas Hambüchen, + Patrick Williams, Paul Seyfert, Peter Hutterer, Philip Withnall, Roger + James, Ronnie P. Thomas, Ryan Gonzalez, Sam Morris, Stephan Edel, + Stephan Gerhold, Susant Sahani, Taro Yamada, Thomas Haller, Topi + Miettinen, YiFei Zhu, YmrDtnJu, YunQiang Su, Yu Watanabe, Zbigniew + Jędrzejewski-Szmek, zsergeant77, Дамјан Георгиевски + + — Berlin, 2019-02-14 + CHANGES WITH 240: * NoNewPrivileges=yes has been set for all long-running services @@ -131,7 +578,7 @@ CHANGES WITH 240: file descriptors currently enforced (fs.file-max, fs.nr_open, RLIMIT_NOFILE hard, RLIMIT_NOFILE soft) we turn off the first two, and keep only the latter two. A set of build-time options - (-Dbump-proc-sys-fs-file-max=no and -Dbump-proc-sys-fs-nr-open=no) + (-Dbump-proc-sys-fs-file-max=false and -Dbump-proc-sys-fs-nr-open=false) has been added to revert this change in behaviour, which might be an option for systems that turn off memcg in the kernel. @@ -391,7 +838,7 @@ CHANGES WITH 240: * Journal messages that are generated whenever a unit enters the failed state are now tagged with a unique MESSAGE_ID. Similarly, messages generated whenever a service process exits are now made recognizable, - too. A taged message is also emitted whenever a unit enters the + too. A tagged message is also emitted whenever a unit enters the "dead" state on success. * systemd-run gained a new switch --working-directory= for configuring @@ -492,6 +939,11 @@ CHANGES WITH 240: * $DBUS_SESSION_BUS_ADDRESS environment variable is not set by pam_systemd anymore. + * The naming scheme for network devices was changed to always rename + devices, even if they were already renamed by userspace. The "kernel" + policy was changed to only apply as a fallback, if no other naming + policy took effect. + * The requirements to build systemd is bumped to meson-0.46 and python-3.5. @@ -628,7 +1080,7 @@ CHANGES WITH 239: not created by systemd-sysusers anymore. NOTE: This has a chance of breaking nss-ldap and similar NSS modules - that embedd a network facing module into any process using getpwuid() + that embed a network facing module into any process using getpwuid() or related call: the dynamic allocation of the user ID for systemd-resolved.service means the service manager has to check NSS if the user name is already taken when forking off the service. Since @@ -897,7 +1349,7 @@ CHANGES WITH 239: PrivateDevices=, ProtectSystem=, …) are used. This option is hence primarily useful for services that do not use any of the other file system namespacing options. One such service is systemd-udevd.service - wher this is now used by default. + where this is now used by default. * ConditionSecurity= gained a new value "uefi-secureboot" that is true when the system is booted in UEFI "secure mode". @@ -908,6 +1360,8 @@ CHANGES WITH 239: allows ordering services before the service that executes the actual update process in a generic way. + * Systemd now emits warnings whenever .include syntax is used. + Contributions from: Adam Duskett, Alan Jenkins, Alessandro Casale, Alexander Kurtz, Alex Gartrell, Anssi Hannula, Arnaud Rebillout, Brian J. Murrell, Bruno Vernay, Chris Lamb, Chris Lesiak, Christian Brauner, @@ -1873,12 +2327,14 @@ CHANGES WITH 234: systemd-logind to be safe. See https://cgit.freedesktop.org/xorg/xserver/commit/?id=dc48bd653c7e101.) - * All kernel install plugins are called with the environment variable + * All kernel-install plugins are called with the environment variable KERNEL_INSTALL_MACHINE_ID which is set to the machine ID given by - /etc/machine-id. If the file is missing or empty, the variable is - empty and BOOT_DIR_ABS is the path of a temporary directory which is - removed after all the plugins exit. So, if KERNEL_INSTALL_MACHINE_ID - is empty, all plugins should not put anything in BOOT_DIR_ABS. + /etc/machine-id. If the machine ID could not be determined, + $KERNEL_INSTALL_MACHINE_ID will be empty. Plugins should not put + anything in the entry directory (passed as the second argument) if + $KERNEL_INSTALL_MACHINE_ID is empty. For backwards compatibility, a + temporary directory is passed as the entry directory and removed + after all the plugins exit. Contributions from: Adrian Heine né Lang, Aggelos Avgerinos, Alexander Kurtz, Alexandros Frantzis, Alexey Brodkin, Alex Lu, Amir Pakdel, Amir @@ -5604,7 +6060,7 @@ CHANGES WITH 214: * We temporarily dropped the "-l" switch for fsck invocations, since they collide with the flock() logic above. util-linux upstream has been changed already to avoid this conflict, - and we will readd "-l" as soon as util-linux with this + and we will re-add "-l" as soon as util-linux with this change has been released. * The dependency on libattr has been removed. Since a long @@ -5662,7 +6118,7 @@ CHANGES WITH 214: * Socket units gained a new Symlinks= setting. It takes a list of symlinks to create to file system sockets or FIFOs created by the specific Unix sockets. This is useful to - manage symlinks to socket nodes with the same life-cycle as + manage symlinks to socket nodes with the same lifecycle as the socket itself. * The /dev/log socket and /dev/initctl FIFO have been moved to @@ -5890,7 +6346,7 @@ CHANGES WITH 213: where the local administrator's configuration in /etc always overrides any other settings. - Contributions fron: Ali H. Caliskan, Alison Chaiken, Bas van + Contributions from: Ali H. Caliskan, Alison Chaiken, Bas van den Berg, Brandon Philips, Cristian Rodríguez, Daniel Buch, Dan Kilman, Dave Reisner, David Härdeman, David Herrmann, David Strauss, Dimitris Spingos, Djalal Harouni, Eelco @@ -5970,7 +6426,7 @@ CHANGES WITH 212: users who are logged out cannot continue to consume IPC resources. This covers SysV memory, semaphores and message queues as well as POSIX shared memory and message - queues. Traditionally, SysV and POSIX IPC had no life-cycle + queues. Traditionally, SysV and POSIX IPC had no lifecycle limits. With this functionality, that is corrected. This may be turned off by using the RemoveIPC= switch of logind.conf. @@ -6120,7 +6576,7 @@ CHANGES WITH 211: systemd-networkd. * The sd-bus.h bus API gained a new sd_bus_track object for - tracking the life-cycle of bus peers. Note that sd-bus.h is + tracking the lifecycle of bus peers. Note that sd-bus.h is still not a public API though (unless you specify --enable-kdbus on the configure command line, which however voids your warranty and you get no API stability guarantee). @@ -6277,6 +6733,9 @@ CHANGES WITH 210: IFUNC. Please make sure to use --enable-compat-libs only during a transitional period! + * The .include syntax has been deprecated and is not documented + anymore. Drop-in files in .d directories should be used instead. + Contributions from: Andreas Fuchs, Armin K., Colin Walters, Daniel Mack, Dave Reisner, David Herrmann, Djalal Harouni, Holger Schurig, Jason A. Donenfeld, Jason St. John, Jasper