X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=NEWS;h=c0a8ed395f330726b4f7036fa7206f629e3229a6;hb=fccf5419e8b0001240a7342b812eeaffbd55b10d;hp=540f4231a132d57f8dc2204d6f742ab2a6e4f4a5;hpb=6b3d378331fe714c7bf2263eaa9a8b33fc878e7c;p=thirdparty%2Fsystemd.git diff --git a/NEWS b/NEWS index 540f4231a13..c0a8ed395f3 100644 --- a/NEWS +++ b/NEWS @@ -1,11 +1,409 @@ systemd System and Service Manager -CHANGES WITH 233 in spe +CHANGES WITH 235: + + * A new modprobe.d drop-in is now shipped by default that sets the + bonding module option max_bonds=0. This overrides the kernel default, + to avoid conflicts and ambiguity as to whether or not bond0 should be + managed by systemd-networkd or not. This resolves multiple issues + with bond0 properties not being applied, when bond0 is configured + with systemd-networkd. Distributors may choose to not package this, + however in that case users will be prevented from correctly managing + bond0 interface using systemd-networkd. + + * systemd-analyze gained new verbs "get-log-level" and "get-log-target" + which print the logging level and target of the system manager, + respectively. They complement the existing "set-log-level" and + "set-log-target" verbs, which can be used to change those values. + + * systemd-networkd .network DHCP setting UseMTU default has changed + from false to true. Meaning, DHCP server advertised MTU setting is + now applied by default. This resolves networking issues on low-mtu + networks. + + * journald.conf gained a new boolean setting ReadKMsg= which defaults + to on. If turned off kernel log messages will not be read by + systemd-journald and not be included in the logs. It also gained a + new setting LineMax= for configuring the maximum line length to allow + when converting STDOUT/STDERR log streams into individual log + records. The new default for this value is 48K, up from the previous + hardcoded 4K. + + * A new setting RuntimeDirectoryPreserve= for units has been added, + which allows more detailed control of what to do with a runtime + directory configured with RuntimeDirectory= (i.e. a directory below + /run or $XDG_RUNTIME_DIR) after a unit is stopped. + + * The RuntimeDirectory= setting for units gained support for creating + deeper subdirectories below /run or $XDG_RUNTIME_DIR, instead of just + one top-level directory. + + * Units gained new options StateDirectory=, CacheDirectory=, + LogsDirectory= and ConfigurationDirectory= which are closely related + to RuntimeDirectory= but manage per-service directories below + /var/lib, /var/cache, /var/log and /etc. By making use of this it is + possible to write unit files which when activated automatically gain + properly owned service specific directories in these locations, thus + making unit files self-contained and increasing compatibility with + stateless systems and factory reset where /etc or /var are + unpopulated at boot. Matching these new settings there's also + StateDirectoryMode=, CacheDirectoryMode=, LogsDirectoryMode=, + ConfigurationDirectoryMode= for configuring the access mode of these + directories. + + * Automake support has been removed from this release. systemd is now + Meson-only. + + * systemd-journald will now aggressively cache client metadata during + runtime, speeding up log write performance under pressure. This comes + at a small price though: as much of the metadata is read + asynchronously from /proc/ (and isn't implicitly attached to log + datagrams by the kernel, like UID/GID/PID/SELinux are) this means the + metadata stored alongside a log entry might be slightly + out-of-date. Previously it could only be slightly newer than the log + message. The time window is small however, and given that the kernel + is unlikely to be improved anytime soon in this regard, this appears + acceptable to us. + + * nss-myhostname/systemd-resolved will now by default synthesize an + A/AAAA resource record for the "_gateway" hostname, pointing to the + current default IP gateway. Previously it did that for the "gateway" + name, hampering adoption, as some distributions wanted to leave that + host name open for local use. The old behaviour may still be + requested at build time. + + * systemd-networkd's [Address] section in .network files gained a new + Scope= setting for configuring the IP address scope. The [Network] + section gained a new boolean setting ConfigureWithoutCarrier= that + tells systemd-networkd to ignore link sensing when configuring the + device. The [DHCP] section gained a new Anonymize= boolean option for + turning on a number of options suggested in RFC 7844. A new + [RoutingPolicyRule] section has been added for configuring the IP + routing policy. The [Route] section has gained support for a new + Type= setting which permits configuring + blackhole/unreachable/prohibit routes. + + * The [VRF] section in .netdev files gained a new Table= setting for + configuring the routing table to use. The [Tunnel] section gained a + new Independent= boolean field for configuring tunnels independent of + an underlying network interface. The [Bridge] section gained a new + GroupForwardMask= option for configuration of propagation of link + local frames between bridge ports. + + * The WakeOnLan= setting in .link files gained support for a number of + new modes. A new TCP6SegmentationOffload= setting has been added for + configuring TCP/IPv6 hardware segmentation offload. + + * The IPv6 RA sender implementation may now optionally send out RDNSS + and RDNSSL records for supplying DNS configuration to peers. + + * systemd-nspawn gained support for a new --system-call-filter= command + line option for adding/removing entries in the default system call + filter it applies. Moreover systemd-nspawn has been changed to + implement a system call whitelist instead of a blacklist. + + * systemd-run gained support for a new --pipe command line option. If + used the STDIN/STDOUT/STDERR file descriptors passed to systemd-run + are directly passed on to the activated transient service + binary. This allows invoking arbitrary processes as systemd services + (for example to take benefit of dependency management, accounting + management, resource management or log management that is done + automatically for services) — while still allowing them to be + integrated in a classic UNIX shell pipeline. + + * When a service sends RELOAD=1 via sd_notify() and reload propagation + using ReloadPropagationTo= is configured, a reload is now propagated + to configured units. (Previously this was only done on explicitly + requested reloads, using "systemctl reload" or an equivalent + command.) + + * For each service unit a restart counter is now kept: it is increased + each time the service is restarted due to Restart=, and may be + queried using "systemctl show -p NRestarts …". + + * New system call filter groups @setuid, @credentials, @memlock, + @signal and @timer have been added, for usage with SystemCallFilter= + in unit files and the new --system-call-filter= command line option + of systemd-nspawn (see above). + + * ExecStart= lines in unit files gained two new modifiers: when a + command line is prefixed with "!" the command will be executed as + configured, except for the credentials applied by + setuid()/setgid()/setgroups(). It is very similar to the pre-existing + "+", but does still apply namespacing options unlike "+". There's + also "!!" now, which is mostly identical, but becomes a NOP on + systems that support ambient capabilities. This is useful to write + unit files that work with ambient capabilities where possible but + automatically fall back to traditional privilege dropping mechanisms + on systems where this is not supported. + + * ListenNetlink= settings in socket units now support RDMA netlink + sockets. + + * A new unit file setting LockPersonality= has been added which permits + locking down the chosen execution domain ("personality") of a service + during runtime. + + * A new special target "getty-pre.target" has been added, which is + ordered before all text logins, and may be used to order services + before, that shall run before these textual logins acquire access to + the console. + + * systemd will now attempt to load the virtio-rng.ko kernel module very + early on if a VM environment supporting this is detected. This should + improve entropy during early boot in virtualized environments. + + * A _netdev option is now supported in /etc/crypttab that operates in a + similar way as the same option in /etc/fstab: it permits configuring + encrypted devices that need to be ordered after the network coming + up. Following this logic, two new special targets + remote-cryptsetup-pre.target and remote-cryptsetup.target have been + added that are to cryptsetup.target what + remote-fs.target/remote-fs-pre.target are to local-fs.target. + + * Service units gained a new UnsetEnvironment= setting which permits + unsetting specific environment variables for specific services that + are normally passed to it (for example in order to mask out locale + settings for specific services that can't deal with it). + + * Units acquired a new boolean option IPAccounting=. When turned on, IP + traffic accounting (packet count as well as byte count) is done for + the service, and shown as part of "systemctl status" or "systemd-run + --wait". + + * Service units acquired two new options IPAddressAllow= and + IPAddressDeny=, taking a list of IPv4 or IPv6 addresses and masks, + for configuring a simple IP access control list for all sockets of + the unit. These options are available also on .slice and .socket + units, permitting flexible access list configuration for individual + services as well as groups of services (as defined by a slice unit), + including system-wide. Note that IP ACLs configured this way are + enforced on every single IPv4 and IPv6 socket created by any process + of the service unit, and apply to ingress as well as egress traffic. + + * If CPUAccounting= or IPAccounting= is turned on for a unit a new, + recognizable log message is generated each time the unit is stopped, + containing information about the consumed resources of this + invocation. + + * A new setting KeyringMode= has been added to unit files, which may be + used to control how the kernel keyring is set up for executed + processes. + + * .timer units now accept calendar specifications in other timezones + than UTC or the local timezone. + + Contributions from: Abdó Roig-Maranges, Alan Jenkins, Alexander + Kuleshov, Andreas Rammhold, Andrew Jeddeloh, Andrew Soutar, Ansgar + Burchardt, b1tninja, bengal, Benjamin Berg, Benjamin Robin, Charles + Huber, Christian Hesse, Daniel Berrange, Daniel Mack, Daniel Rusek, + dasj19, Davide Cavalca, Dimitri John Ledkov, Diogo Pereira, Djalal + Harouni, dkg, dmig, Dmitry Torokhov, ettavolt, Evgeny Vereshchagin, + Fabio Kung, Felipe Sateler, Franck Bui, g0tar, Hans de Goede, Harald + Hoyer, Insun Pyo, Ivan Kurnosov, Ivan Shapovalov, Jakub Wilk, Jan + Synacek, Jason Gunthorpe, Jeremy Bicha, Jérémy Rosen, John Lin, + jonasBoss, Jonathan Lebon, Jonathan Teh, Jon Ringle, Jörg Thalheim, + Jouke Witteveen, juga0, Justin Michaud, Kai-Heng Feng, Lennart + Poettering, Lion Yang, Luca Bruno, Lucas Werkmeister, Lukáš Nykrýn, + Marcel Hollerbach, Marcus Lundblad, Martin Pitt, Michael Biebl, Michael + Grzeschik, Michal Sekletar, Mike Gilbert, Neil Brown, Nicolas Iooss, + Patrik Flykt, pEJipE, Russell Stuart, S. Fan, Shengyao Xue, Stefan + Pietsch, Susant Sahani, Tejun Heo, Thomas Miller, Thomas Sailer, Tobias + Hunger, Tom Gundersen, Tommi Rantala, Topi Miettinen, Torstein Husebø, + userwithuid, Vito Caputo, vliaskov, WaLyong Cho, William Douglas, Xiang + Fan, Yu Watanabe, Zbigniew Jędrzejewski-Szmek + + — Berlin, 2017-09-XX + +CHANGES WITH 234: + + * Meson is now supported as build system in addition to Automake. It is + our plan to remove Automake in one of our next releases, so that + Meson becomes our exclusive build system. Hence, please start using + the Meson build system in your downstream packaging. There's plenty + of documentation around how to use Meson, the extremely brief + summary: + + ./autogen.sh && ./configure && make && sudo make install + + becomes: + + meson build && ninja -C build && sudo ninja -C build install + + * Unit files gained support for a new JobRunningTimeoutUSec= setting, + which permits configuring a timeout on the time a job is + running. This is particularly useful for setting timeouts on jobs for + .device units. + + * Unit files gained two new options ConditionUser= and ConditionGroup= + for conditionalizing units based on the identity of the user/group + running a systemd user instance. + + * systemd-networkd now understands a new FlowLabel= setting in the + [VXLAN] section of .network files, as well as a Priority= in + [Bridge], GVRP= + MVRP= + LooseBinding= + ReorderHeader= in [VLAN] + and GatewayOnlink= + IPv6Preference= + Protocol= in [Route]. It also + gained support for configuration of GENEVE links, and IPv6 address + labels. The [Network] section gained the new IPv6ProxyNDP= setting. + + * .link files now understand a new Port= setting. + + * systemd-networkd's DHCP support gained support for DHCP option 119 + (domain search list). + + * systemd-networkd gained support for serving IPv6 address ranges using + the Router Advertisment protocol. The new .network configuration + section [IPv6Prefix] may be used to configure the ranges to + serve. This is implemented based on a new, minimal, native server + implementation of RA. + + * journalctl's --output= switch gained support for a new parameter + "short-iso-precise" for a mode where timestamps are shown as precise + ISO date values. + + * systemd-udevd's "net_id" builtin may now generate stable network + interface names from IBM PowerVM VIO devices as well as ACPI platform + devices. + + * MulticastDNS support in systemd-resolved may now be explicitly + enabled/disabled using the new MulticastDNS= configuration file + option. + + * systemd-resolved may now optionally use libidn2 instead of the libidn + for processing internationalized domain names. Support for libidn2 + should be considered experimental and should not be enabled by + default yet. + + * "machinectl pull-tar" and related call may now do verification of + downloaded images using SUSE-style .sha256 checksum files in addition + to the already existing support for validating using Ubuntu-style + SHA256SUMS files. + + * sd-bus gained support for a new sd_bus_message_appendv() call which + is va_list equivalent of sd_bus_message_append(). + + * sd-boot gained support for validating images using SHIM/MOK. + + * The SMACK code learnt support for "onlycap". + + * systemd-mount --umount is now much smarter in figuring out how to + properly unmount a device given its mount or device path. + + * The code to call libnss_dns as a fallback from libnss_resolve when + the communication with systemd-resolved fails was removed. This + fallback was redundant and interfered with the [!UNAVAIL=return] + suffix. See nss-resolve(8) for the recommended configuration. + + * systemd-logind may now be restarted without losing state. It stores + the file descriptors for devices it manages in the system manager + using the FDSTORE= mechanism. Please note that further changes in + other components may be required to make use of this (for example + Xorg has code to listen for stops of systemd-logind and terminate + itself when logind is stopped or restarted, in order to avoid using + stale file descriptors for graphical devices, which is now + counterproductive and must be reverted in order for restarts of + systemd-logind to be safe. See + https://cgit.freedesktop.org/xorg/xserver/commit/?id=dc48bd653c7e101.) + + * All kernel install plugins are called with the environment variable + KERNEL_INSTALL_MACHINE_ID which is set to the machine ID given by + /etc/machine-id. If the file is missing or empty, the variable is + empty and BOOT_DIR_ABS is the path of a temporary directory which is + removed after all the plugins exit. So, if KERNEL_INSTALL_MACHINE_ID + is empty, all plugins should not put anything in BOOT_DIR_ABS. + + Contributions from: Adrian Heine né Lang, Aggelos Avgerinos, Alexander + Kurtz, Alexandros Frantzis, Alexey Brodkin, Alex Lu, Amir Pakdel, Amir + Yalon, Anchor Cat, Anthony Parsons, Bastien Nocera, Benjamin Gilbert, + Benjamin Robin, Boucman, Charles Plessy, Chris Chiu, Chris Lamb, + Christian Brauner, Christian Hesse, Colin Walters, Daniel Drake, + Danielle Church, Daniel Molkentin, Daniel Rusek, Daniel Wang, Davide + Cavalca, David Herrmann, David Michael, Dax Kelson, Dimitri John + Ledkov, Djalal Harouni, Dušan Kazik, Elias Probst, Evgeny Vereshchagin, + Federico Di Pierro, Felipe Sateler, Felix Zhang, Franck Bui, Gary + Tierney, George McCollister, Giedrius Statkevičius, Hans de Goede, + hecke, Hendrik Westerberg, Hristo Venev, Ian Wienand, Insun Pyo, Ivan + Shapovalov, James Cowgill, James Hemsing, Janne Heß, Jan Synacek, Jason + Reeder, João Paulo Rechi Vita, John Paul Adrian Glaubitz, Jörg + Thalheim, Josef Andersson, Josef Gajdusek, Julian Mehne, Kai Krakow, + Krzysztof Jackiewicz, Lars Karlitski, Lennart Poettering, Lluís Gili, + Lucas Werkmeister, Lukáš Nykrýn, Łukasz Stelmach, Mantas Mikulėnas, + Marcin Bachry, Marcus Cooper, Mark Stosberg, Martin Pitt, Matija Skala, + Matt Clarkson, Matthew Garrett, Matthias Greiner, Matthijs van Duin, + Max Resch, Michael Biebl, Michal Koutný, Michal Sekletar, Michal + Soltys, Michal Suchanek, Mike Gilbert, Nate Clark, Nathaniel R. Lewis, + Neil Brown, Nikolai Kondrashov, Pascal S. de Kloe, Pat Riehecky, Patrik + Flykt, Paul Kocialkowski, Peter Hutterer, Philip Withnall, Piotr + Szydełko, Rafael Fontenelle, Ray Strode, Richard Maw, Roelf Wichertjes, + Ronny Chevalier, Sarang S. Dalal, Sjoerd Simons, slodki, Stefan + Schweter, Susant Sahani, Ted Wood, Thomas Blume, Thomas Haller, Thomas + H. P. Andersen, Timothée Ravier, Tobias Jungel, Tobias Stoeckmann, Tom + Gundersen, Tom Yan, Torstein Husebø, Umut Tezduyar Lindskog, + userwithuid, Vito Caputo, Waldemar Brodkorb, WaLyong Cho, Yu, Li-Yu, + Yusuke Nojima, Yu Watanabe, Zbigniew Jędrzejewski-Szmek, Дамјан + Георгиевски + + — Berlin, 2017-07-12 + +CHANGES WITH 233: + + * The "hybrid" control group mode has been modified to improve + compatibility with "legacy" cgroups-v1 setups. Specifically, the + "hybrid" setup of /sys/fs/cgroup is now pretty much identical to + "legacy" (including /sys/fs/cgroup/systemd as "name=systemd" named + cgroups-v1 hierarchy), the only externally visible change being that + the cgroups-v2 hierarchy is also mounted, to + /sys/fs/cgroup/unified. This should provide a large degree of + compatibility with "legacy" cgroups-v1, while taking benefit of the + better management capabilities of cgroups-v2. + + * The default control group setup mode may be selected both a boot-time + via a set of kernel command line parameters (specifically: + systemd.unified_cgroup_hierarchy= and + systemd.legacy_systemd_cgroup_controller=), as well as a compile-time + default selected on the configure command line + (--with-default-hierarchy=). The upstream default is "hybrid" + (i.e. the cgroups-v1 + cgroups-v2 mixture discussed above) now, but + this will change in a future systemd version to be "unified" (pure + cgroups-v2 mode). The third option for the compile time option is + "legacy", to enter pure cgroups-v1 mode. We recommend downstream + distributions to default to "hybrid" mode for release distributions, + starting with v233. We recommend "unified" for development + distributions (specifically: distributions such as Fedora's rawhide) + as that's where things are headed in the long run. Use "legacy" for + greatest stability and compatibility only. + + * Note one current limitation of "unified" and "hybrid" control group + setup modes: the kernel currently does not permit the systemd --user + instance (i.e. unprivileged code) to migrate processes between two + disconnected cgroup subtrees, even if both are managed and owned by + the user. This effectively means "systemd-run --user --scope" doesn't + work when invoked from outside of any "systemd --user" service or + scope. Specifically, it is not supported from session scopes. We are + working on fixing this in a future systemd version. (See #3388 for + further details about this.) * DBus policy files are now installed into /usr rather than /etc. Make sure your system has dbus >= 1.9.18 running before upgrading to this version, or override the install path with --with-dbuspolicydir= . + * All python scripts shipped with systemd (specifically: the various + tests written in Python) now require Python 3. + + * systemd unit tests can now run standalone (without the source or + build directories), and can be installed into /usr/lib/systemd/tests/ + with 'make install-tests'. + + * Note that from this version on, CONFIG_CRYPTO_USER_API_HASH, + CONFIG_CRYPTO_HMAC and CONFIG_CRYPTO_SHA256 need to be enabled in the + kernel. + + * Support for the %c, %r, %R specifiers in unit files has been + removed. Specifiers are not supposed to be dependent on configuration + in the unit file itself (so that they resolve the same regardless + where used in the unit files), but these specifiers were influenced + by the Slice= option. + * The shell invoked by debug-shell.service now defaults to /bin/sh in all cases. If distributions want to use a different shell for this purpose (for example Fedora's /sbin/sushell) they need to specify @@ -26,12 +424,349 @@ CHANGES WITH 233 in spe The 'n' choice for the confirmation spawn prompt has been removed, because its meaning was confusing. + The prompt may now also be redirected to an alternative console by + specifying the console as parameter to systemd.confirm_spawn=. + * Services of Type=notify require a READY=1 notification to be sent during startup. If no such message is sent, the service now fails, even if the main process exited with a successful exit code. + * Services that fail to start up correctly now always have their + ExecStopPost= commands executed. Previously, they'd enter "failed" + state directly, without executing these commands. + + * The option MulticastDNS= of network configuration files has acquired + an actual implementation. With MulticastDNS=yes a host can resolve + names of remote hosts and reply to mDNS A and AAAA requests. + + * When units are about to be started an additional check is now done to + ensure that all dependencies of type BindsTo= (when used in + combination with After=) have been started. + + * systemd-analyze gained a new verb "syscall-filter" which shows which + system call groups are defined for the SystemCallFilter= unit file + setting, and which system calls they contain. + + * A new system call filter group "@filesystem" has been added, + consisting of various file system related system calls. Group + "@reboot" has been added, covering reboot, kexec and shutdown related + calls. Finally, group "@swap" has been added covering swap + configuration related calls. + + * A new unit file option RestrictNamespaces= has been added that may be + used to restrict access to the various process namespace types the + Linux kernel provides. Specifically, it may be used to take away the + right for a service unit to create additional file system, network, + user, and other namespaces. This sandboxing option is particularly + relevant due to the high amount of recently discovered namespacing + related vulnerabilities in the kernel. + + * systemd-udev's .link files gained support for a new AutoNegotiation= + setting for configuring Ethernet auto-negotiation. + + * systemd-networkd's .network files gained support for a new + ListenPort= setting in the [DHCP] section to explicitly configure the + UDP client port the DHCP client shall listen on. + + * .network files gained a new Unmanaged= boolean setting for explicitly + excluding one or more interfaces from management by systemd-networkd. + + * The systemd-networkd ProxyARP= option has been renamed to + IPV4ProxyARP=. Similarly, VXLAN-specific option ARPProxy= has been + renamed to ReduceARPProxy=. The old names continue to be available + for compatibility. + + * systemd-networkd gained support for configuring IPv6 Proxy NDP + addresses via the new IPv6ProxyNDPAddress= .network file setting. + + * systemd-networkd's bonding device support gained support for two new + configuration options ActiveSlave= and PrimarySlave=. + + * The various options in the [Match] section of .network files gained + support for negative matching. + + * New systemd-specific mount options are now understood in /etc/fstab: + + x-systemd.mount-timeout= may be used to configure the maximum + permitted runtime of the mount command. + + x-systemd.device-bound may be set to bind a mount point to its + backing device unit, in order to automatically remove a mount point + if its backing device is unplugged. This option may also be + configured through the new SYSTEMD_MOUNT_DEVICE_BOUND udev property + on the block device, which is now automatically set for all CDROM + drives, so that mounted CDs are automatically unmounted when they are + removed from the drive. + + x-systemd.after= and x-systemd.before= may be used to explicitly + order a mount after or before another unit or mount point. + + * Enqueued start jobs for device units are now automatically garbage + collected if there are no jobs waiting for them anymore. + + * systemctl list-jobs gained two new switches: with --after, for every + queued job the jobs it's waiting for are shown; with --before the + jobs which it's blocking are shown. + + * systemd-nspawn gained support for ephemeral boots from disk images + (or in other words: --ephemeral and --image= may now be + combined). Moreover, ephemeral boots are now supported for normal + directories, even if the backing file system is not btrfs. Of course, + if the file system does not support file system snapshots or + reflinks, the initial copy operation will be relatively expensive, but + this should still be suitable for many use cases. + + * Calendar time specifications in .timer units now support + specifications relative to the end of a month by using "~" instead of + "-" as separator between month and day. For example, "*-02~03" means + "the third last day in February". In addition a new syntax for + repeated events has been added using the "/" character. For example, + "9..17/2:00" means "every two hours from 9am to 5pm". + + * systemd-socket-proxyd gained a new parameter --connections-max= for + configuring the maximum number of concurrent connections. + + * sd-id128 gained a new API for generating unique IDs for the host in a + way that does not leak the machine ID. Specifically, + sd_id128_get_machine_app_specific() derives an ID based on the + machine ID a in well-defined, non-reversible, stable way. This is + useful whenever an identifier for the host is needed but where the + identifier shall not be useful to identify the system beyond the + scope of the application itself. (Internally this uses HMAC-SHA256 as + keyed hash function using the machine ID as input.) + + * NotifyAccess= gained a new supported value "exec". When set + notifications are accepted from all processes systemd itself invoked, + including all control processes. + + * .nspawn files gained support for defining overlay mounts using the + Overlay= and OverlayReadOnly= options. Previously this functionality + was only available on the systemd-nspawn command line. + + * systemd-nspawn's --bind= and --overlay= options gained support for + bind/overlay mounts whose source lies within the container tree by + prefixing the source path with "+". + + * systemd-nspawn's --bind= and --overlay= options gained support for + automatically allocating a temporary source directory in /var/tmp + that is removed when the container dies. Specifically, if the source + directory is specified as empty string this mechanism is selected. An + example usage is --overlay=+/var::/var, which creates an overlay + mount based on the original /var contained in the image, overlayed + with a temporary directory in the host's /var/tmp. This way changes + to /var are automatically flushed when the container shuts down. + + * systemd-nspawn --image= option does now permit raw file system block + devices (in addition to images containing partition tables, as + before). + + * The disk image dissection logic in systemd-nspawn gained support for + automatically setting up LUKS encrypted as well as Verity protected + partitions. When a container is booted from an encrypted image the + passphrase is queried at start-up time. When a container with Verity + data is started, the root hash is search in a ".roothash" file + accompanying the disk image (alternatively, pass the root hash via + the new --root-hash= command line option). + + * A new tool /usr/lib/systemd/systemd-dissect has been added that may + be used to dissect disk images the same way as systemd-nspawn does + it, following the Bootable Partition Specification. It may even be + used to mount disk images with complex partition setups (including + LUKS and Verity partitions) to a local host directory, in order to + inspect them. This tool is not considered public API (yet), and is + thus not installed into /usr/bin. Please do not rely on its + existence, since it might go away or be changed in later systemd + versions. + + * A new generator "systemd-verity-generator" has been added, similar in + style to "systemd-cryptsetup-generator", permitting automatic setup of + Verity root partitions when systemd boots up. In order to make use of + this your partition setup should follow the Discoverable Partitions + Specification, and the GPT partition ID of the root file system + partition should be identical to the upper 128bit of the Verity root + hash. The GPT partition ID of the Verity partition protecting it + should be the lower 128bit of the Verity root hash. If the partition + image follows this model it is sufficient to specify a single + "roothash=" kernel command line argument to both configure which root + image and verity partition to use as well as the root hash for + it. Note that systemd-nspawn's Verity support follows the same + semantics, meaning that disk images with proper Verity data in place + may be booted in containers with systemd-nspawn as well as on + physical systems via the verity generator. Also note that the "mkosi" + tool available at https://github.com/systemd/mkosi has been updated + to generate Verity protected disk images following this scheme. In + fact, it has been updated to generate disk images that optionally + implement a complete UEFI SecureBoot trust chain, involving a signed + kernel and initrd image that incorporates such a root hash as well as + a Verity-enabled root partition. + + * The hardware database (hwdb) udev supports has been updated to carry + accelerometer quirks. + + * All system services are now run with a fresh kernel keyring set up + for them. The invocation ID is stored by default in it, thus + providing a safe, non-overridable way to determine the invocation + ID of each service. + + * Service unit files gained new BindPaths= and BindReadOnlyPaths= + options for bind mounting arbitrary paths in a service-specific + way. When these options are used, arbitrary host or service files and + directories may be mounted to arbitrary locations in the service's + view. + + * Documentation has been added that lists all of systemd's low-level + environment variables: + + https://github.com/systemd/systemd/blob/master/ENVIRONMENT.md + + * sd-daemon gained a new API sd_is_socket_sockaddr() for determining + whether a specific socket file descriptor matches a specified socket + address. + + * systemd-firstboot has been updated to check for the + systemd.firstboot= kernel command line option. It accepts a boolean + and when set to false the first boot questions are skipped. + + * systemd-fstab-generator has been updated to check for the + systemd.volatile= kernel command line option, which either takes an + optional boolean parameter or the special value "state". If used the + system may be booted in a "volatile" boot mode. Specifically, + "systemd.volatile" is used, the root directory will be mounted as + tmpfs, and only /usr is mounted from the actual root file system. If + "systemd.volatile=state" is used, the root directory will be mounted + as usual, but /var is mounted as tmpfs. This concept provides similar + functionality as systemd-nspawn's --volatile= option, but provides it + on physical boots. Use this option for implementing stateless + systems, or testing systems with all state and/or configuration reset + to the defaults. (Note though that many distributions are not + prepared to boot up without a populated /etc or /var, though.) + + * systemd-gpt-auto-generator gained support for LUKS encrypted root + partitions. Previously it only supported LUKS encrypted partitions + for all other uses, except for the root partition itself. + + * Socket units gained support for listening on AF_VSOCK sockets for + communication in virtualized QEMU environments. + + * The "configure" script gained a new option --with-fallback-hostname= + for specifying the fallback hostname to use if none is configured in + /etc/hostname. For example, by specifying + --with-fallback-hostname=fedora it is possible to default to a + hostname of "fedora" on pristine installations. + + * systemd-cgls gained support for a new --unit= switch for listing only + the control groups of a specific unit. Similar --user-unit= has been + added for listing only the control groups of a specific user unit. + + * systemd-mount gained a new --umount switch for unmounting a mount or + automount point (and all mount/automount points below it). + + * systemd will now refuse full configuration reloads (via systemctl + daemon-reload and related calls) unless at least 16MiB of free space + are available in /run. This is a safety precaution in order to ensure + that generators can safely operate after the reload completed. + + * A new unit file option RootImage= has been added, which has a similar + effect as RootDirectory= but mounts the service's root directory from + a disk image instead of plain directory. This logic reuses the same + image dissection and mount logic that systemd-nspawn already uses, + and hence supports any disk images systemd-nspawn supports, including + those following the Discoverable Partition Specification, as well as + Verity enabled images. This option enables systemd to run system + services directly off disk images acting as resource bundles, + possibly even including full integrity data. + + * A new MountAPIVFS= unit file option has been added, taking a boolean + argument. If enabled /proc, /sys and /dev (collectively called the + "API VFS") will be mounted for the service. This is only relevant if + RootDirectory= or RootImage= is used for the service, as these mounts + are of course in place in the host mount namespace anyway. + + * systemd-nspawn gained support for a new --pivot-root= switch. If + specified the root directory within the container image is pivoted to + the specified mount point, while the original root disk is moved to a + different place. This option enables booting of ostree images + directly with systemd-nspawn. + + * The systemd build scripts will no longer complain if the NTP server + addresses are not changed from the defaults. Google now supports + these NTP servers officially. We still recommend downstreams to + properly register an NTP pool with the NTP pool project though. + + * coredumpctl gained a new "--reverse" option for printing the list + of coredumps in reverse order. + + * coredumpctl will now show additional information about truncated and + inaccessible coredumps, as well as coredumps that are still being + processed. It also gained a new --quiet switch for suppressing + additional informational message in its output. + + * coredumpctl gained support for only showing coredumps newer and/or + older than specific timestamps, using the new --since= and --until= + options, reminiscent of journalctl's options by the same name. + + * The systemd-coredump logic has been improved so that it may be reused + to collect backtraces in non-compiled languages, for example in + scripting languages such as Python. + + * machinectl will now show the UID shift of local containers, if user + namespacing is enabled for them. + + * systemd will now optionally run "environment generator" binaries at + configuration load time. They may be used to add environment + variables to the environment block passed to services invoked. One + user environment generator is shipped by default that sets up + environment variables based on files dropped into /etc/environment.d + and ~/.config/environment.d/. + + * systemd-resolved now includes the new, recently published 2017 DNSSEC + root key (KSK). + + * hostnamed has been updated to report a new chassis type of + "convertible" to cover "foldable" laptops that can both act as a + tablet and as a laptop, such as various Lenovo Yoga devices. + + Contributions from: Adrián López, Alexander Galanin, Alexander + Kochetkov, Alexandros Frantzis, Andrey Ulanov, Antoine Eiche, Baruch + Siach, Bastien Nocera, Benjamin Robin, Björn, Brandon Philips, Cédric + Schieli, Charles (Chas) Williams, Christian Hesse, Daniele Medri, + Daniel Drake, Daniel Rusek, Daniel Wagner, Dan Streetman, Dave Reisner, + David Glasser, David Herrmann, David Michael, Djalal Harouni, Dmitry + Khlebnikov, Dmitry Rozhkov, Dongsu Park, Douglas Christman, Earnestly, + Emil Soleyman, Eric Cook, Evgeny Vereshchagin, Felipe Sateler, Fionn + Cleary, Florian Klink, Francesco Brozzu, Franck Bui, Gabriel Rauter, + Gianluca Boiano, Giedrius Statkevičius, Graeme Lawes, Hans de Goede, + Harald Hoyer, Ian Kelling, Ivan Shapovalov, Jakub Wilk, Janne Heß, Jan + Synacek, Jason Reeder, Jonathan Boulle, Jörg Thalheim, Jouke Witteveen, + Karl Kraus, Kees Cook, Keith Busch, Kieran Colford, kilian-k, Lennart + Poettering, Lubomir Rintel, Lucas Werkmeister, Lukas Rusak, Maarten de + Vries, Maks Naumov, Mantas Mikulėnas, Marc-Andre Lureau, Marcin Bachry, + Mark Stosberg, Martin Ejdestig, Martin Pitt, Mauricio Faria de + Oliveira, micah, Michael Biebl, Michael Shields, Michal Schmidt, Michal + Sekletar, Michel Kraus, Mike Gilbert, Mikko Ylinen, Mirza Krak, + Namhyung Kim, nikolaof, peoronoob, Peter Hutterer, Peter Körner, Philip + Withnall, Piotr Drąg, Ray Strode, Reverend Homer, Rike-Benjamin + Schuppner, Robert Kreuzer, Ronny Chevalier, Ruslan Bilovol, sammynx, + Sergey Ptashnick, Sergiusz Urbaniak, Stefan Berger, Stefan Hajnoczi, + Stefan Schweter, Stuart McLaren, Susant Sahani, Sylvain Plantefève, + Taylor Smock, Tejun Heo, Thomas Blume, Thomas H. P. Andersen, Tibor + Nagy, Tobias Stoeckmann, Tom Gundersen, Torstein Husebø, Viktar + Vaŭčkievič, Viktor Mihajlovski, Vitaly Sulimov, Waldemar Brodkorb, + Walter Garcia-Fontes, Wim de With, Yassine Imounachen, Yi EungJun, + YunQiang Su, Yu Watanabe, Zbigniew Jędrzejewski-Szmek, Александр + Тихонов + + — Berlin, 2017-03-01 + CHANGES WITH 232: + * udev now runs with MemoryDenyWriteExecute=, RestrictRealtime= and + RestrictAddressFamilies= enabled. These sandboxing options should + generally be compatible with the various external udev call-out + binaries we are aware of, however there may be exceptions, in + particular when exotic languages for these call-outs are used. In + this case, consider turning off these settings locally. + * The new RemoveIPC= option can be used to remove IPC objects owned by the user or group of a service when that service exits. @@ -1883,7 +2618,7 @@ CHANGES WITH 220: gudev from the Gnome project instead. gudev is still included in systemd, for now. It will be removed soon, though. Please also see the announcement-thread on systemd-devel: - http://lists.freedesktop.org/archives/systemd-devel/2015-May/032070.html + https://lists.freedesktop.org/archives/systemd-devel/2015-May/032070.html * systemd now exposes a CPUUsageNSec= property for each service unit on the bus, that contains the overall consumed @@ -2925,7 +3660,7 @@ CHANGES WITH 216: like Cockpit which register web clients as PAM sessions. * timer units with at least one OnCalendar= setting will now - be started only after timer-sync.target has been + be started only after time-sync.target has been reached. This way they will not elapse before the system clock has been corrected by a local NTP client or similar. This is particular useful on RTC-less embedded @@ -3786,7 +4521,7 @@ CHANGES WITH 211: also supports LUKS-encrypted partitions now. With this in place, automatic discovery of partitions to mount following the Discoverable Partitions Specification - (http://www.freedesktop.org/wiki/Specifications/DiscoverablePartitionsSpec) + (https://www.freedesktop.org/wiki/Specifications/DiscoverablePartitionsSpec) is now a lot more complete. This allows booting without /etc/fstab and without root= on the kernel command line on systems prepared appropriately. @@ -5138,7 +5873,7 @@ CHANGES WITH 199: * A new libsystemd-bus module has been added that implements a pretty complete D-Bus client library. For details see: - http://lists.freedesktop.org/archives/systemd-devel/2013-March/009797.html + https://lists.freedesktop.org/archives/systemd-devel/2013-March/009797.html * journald will now explicitly flush the journal files to disk at the latest 5min after each write. The file will then also @@ -5288,7 +6023,7 @@ CHANGES WITH 198: only in conjunction with Gummiboot, but could be supported by other boot loaders too. For details see: - http://www.freedesktop.org/wiki/Software/systemd/BootLoaderInterface + https://www.freedesktop.org/wiki/Software/systemd/BootLoaderInterface * A new generator has been added that automatically mounts the EFI System Partition (ESP) to /boot, if that directory @@ -5364,7 +6099,7 @@ CHANGES WITH 198: * A new tool kernel-install has been added that can install kernel images according to the Boot Loader Specification: - http://www.freedesktop.org/wiki/Specifications/BootLoaderSpec + https://www.freedesktop.org/wiki/Specifications/BootLoaderSpec * Boot time console output has been improved to provide animated boot time output for hanging jobs. @@ -5454,7 +6189,7 @@ CHANGES WITH 197: of these policies is now the default. Please see this wiki document for details: - http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames + https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames * Auke Kok's bootchart implementation has been added to the systemd tree. It is an optional component that can graph the @@ -5602,7 +6337,7 @@ CHANGES WITH 196: indexed database to link up additional information with journal entries. For further details please check: - http://www.freedesktop.org/wiki/Software/systemd/catalog + https://www.freedesktop.org/wiki/Software/systemd/catalog The indexed message catalog database also needs to be rebuilt after installation of message catalog files. Use @@ -6454,7 +7189,7 @@ CHANGES WITH 183: * A framework for implementing offline system updates is now integrated, for details see: - http://freedesktop.org/wiki/Software/systemd/SystemUpdates + https://www.freedesktop.org/wiki/Software/systemd/SystemUpdates * A new service type Type=idle is available now which helps us avoiding ugly interleaving of getty output and boot status @@ -6735,7 +7470,7 @@ CHANGES WITH 39: * New unit file option ControlGroupPersistent= to make cgroups persistent, following the mechanisms outlined in - http://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups + https://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups * Support multiple local RTCs in a sane way @@ -6822,7 +7557,7 @@ CHANGES WITH 38: * Processes with '@' in argv[0][0] are now excluded from the final shut-down killing spree, following the logic explained in: - http://www.freedesktop.org/wiki/Software/systemd/RootStorageDaemons + https://www.freedesktop.org/wiki/Software/systemd/RootStorageDaemons * All processes remaining in a service cgroup when we enter the START or START_PRE states are now killed with