1 systemd System and Service Manager
3 CHANGES WITH 256 in spe:
5 Announcements of Future Feature Removals and Incompatible Changes:
7 * Support for flushing of the nscd user/group database caches will be
8 dropped in a future release.
10 * Support for cgroup v1 ('legacy' and 'hybrid' hierarchies) is now
11 considered obsolete and systemd by default will refuse to boot under
12 it. To forcibly reenable cgroup v1 support,
13 SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 must be set on kernel command
14 line. The meson option 'default-hierarchy=' is also deprecated, i.e.
15 only cgroup v2 ('unified' hierarchy) can be selected as build-time
18 * Previously, systemd-networkd did not explicitly remove any bridge
19 VLAN IDs assigned on bridge master and ports. Since version 256, if a
20 .network file for an interface has at least one valid setting in the
21 [BridgeVLAN] section, then all assigned VLAN IDs on the interface
22 that are not configured in the .network file are removed.
24 * systemd-gpt-auto-generator will stop generating units for ESP or
25 XBOOTLDR partitions if it finds mount entries in the /boot/ or /efi/
26 hierarchies in fstab. This is to prevent the generator from
27 interfering with systems where ESP is explicitly configured to be
28 mounted at some path, for example /boot/efi/ (this type of setup is
29 obsolete but still commonly found).
31 * The behavior of systemd-sleep and systemd-homed has been updated to
32 freeze user sessions when entering the various sleep modes or when
33 locking a homed-managed home area. This is known to cause issues with
34 the proprietary NVIDIA drivers. Packagers of the NVIDIA proprietary
35 drivers may want to add drop-in configuration files that set
36 SYSTEMD_SLEEP_FREEZE_USER_SESSION=false for systemd-suspend.service
37 and related services, and SYSTEMD_HOME_LOCK_FREEZE_SESSION=false for
38 systemd-homed.service.
40 * systemd-tmpfiles and systemd-sysusers, when given a relative path
41 (with at least one directory separator '/'), will open the file
42 directly, instead of searching for the given partial path in the
43 standard locations. The old mode wasn't useful because tmpfiles.d and
44 sysusers.d configuration has a flat structure with no subdirectories
45 under the standard locations and this change makes it easier to work
46 with local files with those tools.
48 * systemd-tmpfiles now properly applies nested configuration to 'R' and
49 'D' stanzas. For example, with 'R /foo; x /foo/bar', /foo/bar will
50 now be excluded from removal.
52 General Changes and New Features:
54 * Various programs will load the main configuration from under
55 /usr/lib/, /usr/local/lib/, and /run/, not just from under /etc/. For
56 example, systemd-logind will look for /etc/systemd/logind.conf,
57 /run/systemd/logind.conf, /usr/local/lib/systemd/logind.conf, and
58 /usr/lib/systemd/logind.conf, and use the first file that is found.
59 This means that the location logic for the main config file and for
60 drop-ins is now the same.
62 ukify will look for the config files in /usr/lib/kernel/ and the
63 other locations, and now also supports drop-ins.
65 systemd-udevd now supports drop-ins for udev.conf.
67 * A new 'systemd-vpick' binary has been added. It implements the new
68 vpick protocol, where a .v directory may contain multiple files with
69 a version, following the UAPI version format specification, embedded
70 in the file name. The files are ordered by version and the newest one
73 systemd-nspawn, systemd-dissect, and the RootDirectory=, RootImage=,
74 ExtensionImages=, and ExtensionDirectories= settings for units now
75 support the vpick protocol and allow the latest version to be
76 selected automatically if a "*.v/" directory is specified as the
79 * Credentials can now be made accessible to and used by unprivileged
80 users. 'systemd-creds --user --uid=<user>' will encrypt or decrypt a
81 credential for a specific user.
83 * With systemd-homed, it is now possible to log in and activate an
84 encrypted home area over SSH.
86 homectl is now installed as a multi-call binary. When invoked as
87 systemd-home-fallback-shell it can be used as a temporary shell which
88 allows the home area to interactively unlocked. When the home area
89 becomes available, the temporary shell executes the normal one.
91 systemd-homed gained new methods
92 org.freedesktop.home1.Manager.RefHomeUnrestricted,
93 org.freedesktop.home1.Home.RefUnrestricted,
94 org.freedesktop.home1.Manager.ActivateHomeIfReferenced, and
95 org.freedesktop.home1.Home.ActivateIfReferenced to allow logging in
96 without activating the home area and then activating the home area
99 * JSON User Records have been extended with a separate storage area
100 called "User Record Blob Directories". This is intended to store the
101 user's background image, avatar picture, and other similar items
102 which are too large to fit into the User Record itself.
104 systemd-homed, userdbctl, and homectl gained support for blob
107 * New command-line tool 'importctl' to download, import, and export
108 disk images via systemd-importd is added with the following verbs:
109 pull-tar, pull-raw, import-tar, import-raw, import-fs, export-tar,
110 export-raw, list-transfers, cancel-transfer.
114 * New manager setting ProtectSystem= has been added. It is analogous to
115 the unit setting, but applies to the whole system. It is enabled by
116 default in the initrd.
118 * New unit setting WantsMountsFor= has been added. It is analogous to
119 RequiresMountsFor=, but with a Wants= dependency instead of
120 Requires=. This new logic is used in various places where mounts were
121 added as dependencies for other settings (WorkingDirectory=-…,
122 PrivateTmp=yes, cryptsetup lines with 'nofail').
124 * New unit setting MemoryZSwapWriteback= can be used to control the new
125 memory.zswap.writeback cgroup knob added in kernel 6.8.
127 * The manager gained a org.freedesktop.systemd1.StartAuxiliaryScope()
128 method to devolve some processes from a service into a new scope.
129 This new scope will remain even if the original service unit is
130 restarted. Cgroup properties of the new scope are copied from the
131 service, so various limits are retained.
133 * Units now expose properties EffectiveMemoryMax=,
134 EffectiveMemoryHigh=, and EffectiveTasksMax=, which report the
135 most stringent limit systemd is aware of for the given unit.
137 * A new specifier %D expands to $XDG_DATA_HOME.
139 * AllowedCPUs= now supports specifier expansion.
141 * What= setting in .mount and .swap units now accepts fstab-style
142 identifiers, for example UUID=… or LABEL=….
144 * RestrictNetworkInterfaces= now supports alternative network interface
147 * PAMName= now implies SetLoginEnvironment=yes.
149 * homectl gained a new verb 'firstboot', and a new
150 systemd-homed-firstboot.service unit uses this verb to create users
151 in a first boot environment, either from credentials or by querying
154 * systemd.firstboot=no can be used on the kernel command-line to
155 disable interactive queries, but allow other first boot configuration
156 to happen based on credentials.
158 * A new kernel command-line option systemd.default_debug_tty= can be
159 used to specify the TTY for the debug shell, independently of
160 enabling or disabling it.
162 * Systemd hostname can be configured via the systemd.hostname
167 * systemd-journald can now forward journal entries to a socket
168 (AF_INET, AF_INET6, AF_UNIX, or AF_VSOCK). The socket can be
169 specified in journald.conf via a new option ForwardAddress= or via
170 the 'journald.forward_address' credential.
172 * systemd-journal-remote now also accepts AF_VSOCK and AF_UNIX sockets
173 (so it can be used to receive entries forwarded by systemd-journald).
175 * systemd-vmspawn gained a new --forward-journal= option to forward the
176 virtual machine's journal entries to the host. This is done over a
177 AF_VSOCK socket, i.e. it does not require networking in the guest.
179 * journalctl gained option '-i' as a shortcut for --file=.
181 * journalctl gained a new -T/--exclude-identifier= option to filter
182 out certain syslog identifiers.
184 * journalctl gained a new --list-namespaces option.
186 * systemd-journal-gatewayd allows restricting the time range of
187 retrieved entries with realtime=[<since>]:[<until>].
191 * Udev now creates symlinks that combine by-path and by-{label,uuid}
193 /dev/disk/by-path/<path>/by-<label|uuid|…>/<label|uuid|…>.
194 This allows distinguishing partitions with identical contents on
195 multiple storage devices. This is useful, for example, when copying
196 raw disk contents between devices.
198 * Udev now creates persistent /dev/media/by-path symlinks for media
199 controllers. For example, the uvcvideo driver may create /dev/media0
200 which will be linked as
201 /dev/media/by-path/pci-0000:04:00.3-usb-0:1:1.0-media-controller.
203 * An allowlist/denylist may be specified to filter which sysfs
204 attributes are used when crafting network interface names. Those
205 lists are stored as HWDB entries
206 ID_NET_NAME_ALLOW_<sysfsattr>=0|1
208 ID_NET_NAME_ALLOW=0|1.
209 The goal is to avoid unexpected changes to interface names when the
210 kernel is updated and new sysfs attributes become visible.
212 * A new unit tpm2.target has been added to provide a synchronization
213 point for units which expect the TPM hardware to be available.
215 * systemd-backlight now properly supports numbered devices which the
216 kernel creates to avoid collisions in the leds subsystem.
218 * systemd-hwdb update operation can be disabled with environment
219 variable SYSTEMD_HWDB_UPDATE_BYPASS=1.
221 * systemd-logind gained a new org.freedesktop.login1.Manager.Sleep()
222 method that automatically redirects to SuspendThenHibernate(),
223 Suspend(), HybridSleep(), or Hibernate(), depending on what is
224 supported and configured, a new configuration setting SleepOperation=,
225 and an accompanying helper method
226 org.freedesktop.login1.Manager.CanSleep() and property
227 org.freedesktop.login1.Manager.SleepOperation.
229 'systemctl sleep' calls the new method to automatically put the
230 machine to sleep in the most appropriate way.
232 * systemd-hostnamed now exposes the machine ID and boot ID via D-Bus.
234 * systemd-hostnamed now provides a Varlink interface.
236 * systemd-hostnamed exports the data in os-release(5) and
237 machine-info(5) via D-Bus and Varlink.
241 * systemd-networkd now provides a Varlink interface.
243 * systemd-networkd's proxy support gained a new option to configure
244 a private VLAN variant of the proxy ARP supported by the kernel
245 under the name IPv4ProxyARPPrivateVLAN=.
247 * systemd-networkd now exports the NamespaceId and NamespaceNSID
248 properties via D-Bus and Varlink.
250 * systemd-networkd now supports IPv6RetransmissionTimeSec= and
251 UseRetransmissionTime= settings in .network files to configure
252 retransmission time for IPv6 neighbor solicitation messages.
254 * networkctl gained new verbs 'mask' and 'unmask'.
256 * 'networkctl edit --runtime' allows editing volatile configuration
257 under /run/systemd/network/.
259 * The implementation behind TTLPropagate= network setting has been
260 removed and the setting is now ignored.
262 * systemd-network-generator will now pick up .netdev/.link/.network
263 configuration from credentials.
265 * systemd-networkd will now pick up wireguard configuration from
268 * systemd-ssh-proxy is a new SSH client plugin that allows connecting
269 to AF_SOCK or AF_UNIX sockets.
271 * systemd-nspawn now provides a /run/systemd/nspawn/unix-export/
272 directory where the container payload can expose AF_UNIX sockets to
273 allow them them to be accessed from outside.
275 * systemd-nspawn will tint the background for container output.
276 This can be controller with the new --backgroup= option.
278 * systemd-nspawn gained support for the 'owneridmap' option for bind
279 mounts to map the target directory owner from inside the container to
280 the owner of the directory bound from the host filesystem.
282 * An sshd config drop-in to allow ssh keys acquired via userdbctl to be
283 used for authorization.
285 * New generator systemd-ssh-generator can be used to bind a
286 socket-activated SSH instance to a local AF_SOCK or AF_UNIX socket.
287 This generator will automatically bind /run/host/unix-export/ssh.
289 * systemd-resolved now implements RFC 8914 EDE error codes.
291 * systemd-resolved and resolvectl now support RFC 9460 SVCB and HTTPS
294 * resolvectl gained a new option --relax-single-label= to allow
295 querying single-label hostnames via DNS.
297 Systemd-boot and systemd-stub and Related Tools:
299 * TPM 1.2 PCR measurement support has been removed from systemd-stub.
300 TPM 1.2 is obsolete and – due to the (by today's standards) weak
301 cryptographic algorithms it only supports – does not actually provide
302 the security benefits it's supposed to provide. Given that the rest
303 of systemd's codebase never supported TPM 1.2, the support has now
304 been removed from systemd-stub as well.
306 * Confexts are loaded by systemd-stub from the ESP as well.
308 * The pcrlock policy is saved in an unencrypted credential file
309 "pcrlock.<entry-token>.cred" under XBOOTLDR/ESP in the
310 /loader/credentials/ directory. It will be picked up at boot by
311 systemd-stub and passed to the initrd, where it can be used to unlock
312 the root file system.
314 * kernel-install gained support for --root= for the 'list' verb.
316 * systemd-pcrlock gained an --entry-token= option to configure the
319 * systemd-pcrlock now provides a Varlink interface and can be
320 run as a daemon via a template unit.
322 * bootctl now provides a Varlink interface and can be run as a daemon
325 * ukify gained support for signing of PCR signatures via OpenSSL's
326 engines and providers.
328 * ukify now supports zboot kernels.
332 * systemd-run is now a multi-call binary. When invoked as 'uid0', it
333 provides as interface similar to 'sudo', with all arguments starting
334 at the first non-option parameter being treated the command to
335 invoke as root. Unlike 'sudo' and similar tools, it does not make use
336 of setuid binaries or other privilege escalation methods, but instead
337 runs the specified command as a transient unit, which is started by
338 the system service manager, so privileges are dropped, rather than
339 gained, thus implementing a much more robust and safe security model.
341 * systemd-run gained a new option '--ignore-failure' to suppress
344 * systemd-creds gained new options --user/--uid=.
346 * 'systemctl edit --stdin' allows creation of unit files and drop-ins
347 with contents supplied via standard input. This is useful when creating
348 configuration programmatically; the tool takes care of figuring out
349 the file name, creating any directories, and reloading the manager
352 * 'systemctl disable --now' and 'systemctl mask --now' now work
353 correctly with template units.
355 * 'systemd-analyze architectures' lists known CPU architectures.
357 * 'systemd-analyze --json=…' is supported for 'architectures',
358 'capability', 'exit-status'.
360 * 'systemd-tmpfiles --purge' will purge (remove) all files and
361 directories created via tmpfiles.d configuration.
363 * systemd-id128 gained new options --no-pager, --no-legend, and
366 * hostnamectl gained '-j' as shortcut for '--json=pretty' or
369 * loginctl now supports -j/--json=.
371 * resolvectl now supports -j/--json= for --type=.
373 * systemd-vmspawn gained a new --firmware= option to configure or list
374 firmware definitions for Qemu, a new --tpm= option to enable or
375 disable the use of a software TPM, a new --linux= option to specify a
376 kernel binary for direct kernel boot, a new --initrd= option to
377 specify an initrd for direct kernel boot, a new -D/--directory option
378 to use a plain directory as the root file system, a new
379 --private-users option similar to the one in systemd-nspawn, new
380 options --bind= and --bind-ro= to bind part of the host's file system
381 hierarchy into the guest, a new --extra-drive= option to attach
382 additional storage, and -n/--network-tap/--network-user-mode to
383 configure networking.
385 * A new systemd-vmspawn@.service can be used to launch systemd-vmspawn
388 * varlinkctl gained support for the "ssh:" transport. This requires
389 OpenSSH 9.4 or newer.
391 * varlinkctl gained a new --collect switch to collect all responses of
392 a method call emitted in JSON_SEQ mode and turn them into normal
395 * systemd-sysext gained support for mutable system extensions, where a
396 writeable upperdir is stored under /var/lib/extensions.mutable/, and
397 a new --mutable option to configure this behaviour.
399 * systemd-dissect gained a new --make-archive-option to generate an
400 archive file from a disk image.
402 * systemd-repart gained new options --generate-fstab= and
403 --generate-crypttab= to write the fstab and crypttab files.
405 * systemd-repart gained a new option --private-key-source= to allow
406 using OpenSSL's "engines" or "providers" as the signing mechanism to
407 use when creating verity signature partitions.
409 * systemd-measure gained new options --certificate=, --private-key=,
410 and --private-key-source= to allow using OpenSSL's "engines" or
411 "providers" as the signing mechanism to use when creating signed
412 TPM2 PCR measurement values.
414 * systemd-tmpfiles gained a new option --dry-run to print what would be
415 done without actually taking action.
417 * systemd-bsod gained a new option --tty= to specify the output TTY
419 * timedatectl and machinectl gained option '-P', an alias for
420 '--value --property=…'.
422 * Various tools that pretty-print config files will now highlight
423 configuration directives.
427 * libsystemd gained new call sd_bus_creds_new_from_pidfd to get a
428 credentials object for a pidfd and sd_bus_creds_get_pidfd_dup() to
429 retrieve the pidfd from a credentials object.
431 * RPM macro %_kernel_install_dir has been added with the path
432 to the directory for kernel-install plugins.
436 * systemd-logind now supports a new "background-light" session class
437 which does not pull in the user@.service unit. This is intended in
438 particular for cron jobs.
440 systemd-logind now also supports a new "user-incomplete" session
441 class for a user session that does not have a running user manager,
442 but may be upgraded to a full "user" session later on. This has
443 been hooked into the PAM stack to appropriately classify sessions
444 while they are being started.
446 systemd-logind gained a new org.freedesktop.login1.Session.SetClass()
447 method to change the session class.
449 systemd-logind will not allow background, background-light, manager,
450 and manager-early session types to take control of devices or change
453 * systemd-logind gained a new
454 org.freedesktop.login1.Manager.ListSessionsEx() method that provides
455 additional metadata compared to ListSessions(). loginctl makes use of
456 this to list additional fields in list-sessions.
458 * systemd-cryptenroll can now enroll directly with a PKCS11 public key
459 (instead of a certificate).
461 * Core dumps are now retained for two weeks by default.
463 * systemd-cryptsetup gained support for crypttab option
464 link-volume-key= to enter the volume key into the kernel keyring when
465 the volume is opened.
467 * portablectl --copy= parameter gained a new 'mixed' argument, that will
468 result in resources owned by the OS (e.g.: portable profiles) to be linked
469 but resources owned by the portable image (e.g.: the unit files and the
470 images themselves) to be copied.
472 * The remaining documentation that was on
473 https://freedesktop.org/wiki/Software/systemd/ has been moved to
479 Announcements of Future Feature Removals and Incompatible Changes:
481 * Support for split-usr (/usr/ mounted separately during late boot,
482 instead of being mounted by the initrd before switching to the rootfs)
483 and unmerged-usr (parallel directories /bin/ and /usr/bin/, /lib/ and
484 /usr/lib/, …) has been removed. For more details, see:
485 https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html
487 * We intend to remove cgroup v1 support from a systemd release after
488 the end of 2023. If you run services that make explicit use of
489 cgroup v1 features (i.e. the "legacy hierarchy" with separate
490 hierarchies for each controller), please implement compatibility with
491 cgroup v2 (i.e. the "unified hierarchy") sooner rather than later.
492 Most of Linux userspace has been ported over already.
494 * Support for System V service scripts is now deprecated and will be
495 removed in a future release. Please make sure to update your software
496 *now* to include a native systemd unit file instead of a legacy
497 System V script to retain compatibility with future systemd releases.
499 * Support for the SystemdOptions EFI variable is deprecated.
500 'bootctl systemd-efi-options' will emit a warning when used. It seems
501 that this feature is little-used and it is better to use alternative
502 approaches like credentials and confexts. The plan is to drop support
503 altogether at a later point, but this might be revisited based on
506 * systemd-run's switch --expand-environment= which currently is disabled
507 by default when combined with --scope, will be changed in a future
508 release to be enabled by default.
510 * "systemctl switch-root" is now restricted to initrd transitions only.
512 Transitions between real systems should be done with
513 "systemctl soft-reboot" instead.
515 * The "ip=off" and "ip=none" kernel command line options interpreted by
516 systemd-network-generator will now result in IPv6RA + link-local
517 addressing being disabled, too. Previously DHCP was turned off, but
518 IPv6RA and IPv6 link-local addressing was left enabled.
520 * The NAMING_BRIDGE_MULTIFUNCTION_SLOT naming scheme has been deprecated
523 * SuspendMode=, HibernateState= and HybridSleepState= in the [Sleep]
524 section of systemd-sleep.conf are now deprecated and have no effect.
525 They did not (and could not) take any value other than the respective
526 default. HybridSleepMode= is also deprecated, and will now always use
527 the 'suspend' disk mode.
531 * The way services are spawned has been overhauled. Previously, a
532 process was forked that shared all of the manager's memory (via
533 copy-on-write) while doing all the required setup (e.g.: mount
534 namespaces, CGroup configuration, etc.) before exec'ing the target
535 executable. This was problematic for various reasons: several glibc
536 APIs were called that are not supposed to be used after a fork but
537 before an exec, copy-on-write meant that if either process (the
538 manager or the child) touched a memory page a copy was triggered, and
539 also the memory footprint of the child process was that of the
540 manager, but with the memory limits of the service. From this version
541 onward, the new process is spawned using CLONE_VM and CLONE_VFORK
542 semantics via posix_spawn(3), and it immediately execs a new internal
543 binary, systemd-executor, that receives the configuration to apply
544 via memfd, and sets up the process before exec'ing the target
545 executable. The systemd-executor binary is pinned by file descriptor
546 by each manager instance (system and users), and the reference is
547 updated on daemon-reexec - it is thus important to reexec all running
548 manager instances when the systemd-executor and/or libsystemd*
549 libraries are updated on the filesystem.
551 * Most of the internal process tracking is being changed to use PIDFDs
552 instead of PIDs when the kernel supports it, to improve robustness
555 * A new option SurviveFinalKillSignal= can be used to configure the
556 unit to be skipped in the final SIGTERM/SIGKILL spree on shutdown.
557 This is part of the required configuration to let a unit's processes
558 survive a soft-reboot operation.
560 * System extension images (sysext) can now set
561 EXTENSION_RELOAD_MANAGER=1 in their extension-release files to
562 automatically reload the service manager (PID 1) when
563 merging/refreshing/unmerging on boot. Generally, while this can be
564 used to ship services in system extension images it's recommended to
565 do that via portable services instead.
567 * The ExtensionImages= and ExtensionDirectories= options now support
568 confexts images/directories.
570 * A new option NFTSet= provides a method for integrating dynamic cgroup
571 IDs into firewall rules with NFT sets. The benefit of using this
572 setting is to be able to use control group as a selector in firewall
573 rules easily and this in turn allows more fine grained filtering.
574 Also, NFT rules for cgroup matching use numeric cgroup IDs, which
575 change every time a service is restarted, making them hard to use in
578 * A new option CoredumpReceive= can be set for service and scope units,
579 together with Delegate=yes, to make systemd-coredump on the host
580 forward core files from processes crashing inside the delegated
581 CGroup subtree to systemd-coredump running in the container. This new
582 option is by default used by systemd-nspawn containers that use the
585 * A new ConditionSecurity=measured-uki option is now available, to ensure
586 a unit can only run when the system has been booted from a measured UKI.
588 * MemoryAvailable= now considers physical memory if there are no CGroup
589 memory limits set anywhere in the tree.
591 * The $USER environment variable is now always set for services, while
592 previously it was only set if User= was specified. A new option
593 SetLoginEnvironment= is now supported to determine whether to also set
594 $HOME, $LOGNAME, and $SHELL.
596 * Socket units now support a new pair of
597 PollLimitBurst=/PollLimitInterval= options to configure a limit on
598 how often polling events on the file descriptors backing this unit
599 will be considered within a time window.
601 * Scope units can now be created using PIDFDs instead of PIDs to select
602 the processes they should include.
604 * Sending SIGRTMIN+18 with 0x500 as sigqueue() value will now cause the
605 manager to dump the list of currently pending jobs.
607 * If the kernel supports MOVE_MOUNT_BENEATH, the systemctl and
608 machinectl bind and mount-image verbs will now cause the new mount to
609 replace the old mount (if any), instead of overmounting it.
611 * Units now have MemoryPeak, MemorySwapPeak, MemorySwapCurrent and
612 MemoryZSwapCurrent properties, which respectively contain the values
613 of the cgroup v2's memory.peak, memory.swap.peak, memory.swap.current
614 and memory.zswap.current properties. This information is also shown in
615 "systemctl status" output, if available.
617 TPM2 Support + Disk Encryption & Authentication:
619 * systemd-cryptenroll now allows specifying a PCR bank and explicit hash
620 value in the --tpm2-pcrs= option.
622 * systemd-cryptenroll now allows specifying a TPM2 key handle (nv
623 index) to be used instead of the default SRK via the new
624 --tpm2-seal-key-handle= option.
626 * systemd-cryptenroll now allows TPM2 enrollment using only a TPM2
627 public key (in TPM2B_PUBLIC format) – without access to the TPM2
628 device itself – which enables offline sealing of LUKS images for a
629 specific TPM2 chip, as long as the SRK public key is known. Pass the
630 public to the tool via the new --tpm2-device-key= switch.
632 * systemd-cryptsetup is now installed in /usr/bin/ and is no longer an
633 internal-only executable.
635 * The TPM2 Storage Root Key will now be set up, if not already present,
636 by a new systemd-tpm2-setup.service early boot service. The SRK will
637 be stored in PEM format and TPM2_PUBLIC format (the latter is useful
638 for systemd-cryptenroll --tpm2-device-key=, as mentioned above) for
639 easier access. A new "srk" verb has been added to systemd-analyze to
640 allow extracting it on demand if it is already set up.
642 * The internal systemd-pcrphase executable has been renamed to
645 * The systemd-pcrextend tool gained a new --pcr= switch to override
646 which PCR to measure into.
648 * systemd-pcrextend now exposes a Varlink interface at
649 io.systemd.PCRExtend that can be used to do measurements and event
652 * TPM measurements are now also written to an event log at
653 /run/log/systemd/tpm2-measure.log, using a derivative of the TCG
654 Canonical Event Log format. Previously we'd only log them to the
655 journal, where they however were subject to rotation and similar.
657 * A new component "systemd-pcrlock" has been added that allows managing
658 local TPM2 PCR policies for PCRs 0-7 and similar, which are hard to
659 predict by the OS vendor because of the inherently local nature of
660 what measurements they contain, such as firmware versions of the
661 system and extension cards and suchlike. pcrlock can predict PCR
662 measurements ahead of time based on various inputs, such as the local
663 TPM2 event log, GPT partition tables, PE binaries, UKI kernels, and
664 various other things. It can then pre-calculate a TPM2 policy from
665 this, which it stores in an TPM2 NV index. TPM2 objects (such as disk
666 encryption keys) can be locked against this NV index, so that they
667 are locked against a specific combination of system firmware and
668 state. Alternatives for each component are supported to allowlist
669 multiple kernel versions or boot loader version simultaneously
670 without losing access to the disk encryption keys. The tool can also
671 be used to analyze and validate the local TPM2 event log.
672 systemd-cryptsetup, systemd-cryptenroll, systemd-repart have all been
673 updated to support such policies. There's currently no support for
674 locking the system's root disk against a pcrlock policy, this will be
675 added soon. Moreover, it is currently not possible to combine a
676 pcrlock policy with a signed PCR policy. This component is
677 experimental and its public interface is subject to change.
679 systemd-boot, systemd-stub, ukify, bootctl, kernel-install:
681 * bootctl will now show whether the system was booted from a UKI in its
684 * systemd-boot and systemd-stub now use different project keys in their
685 respective SBAT sections, so that they can be revoked individually if
688 * systemd-boot will no longer load unverified Devicetree blobs when UEFI
689 SecureBoot is enabled. For more details see:
690 https://github.com/systemd/systemd/security/advisories/GHSA-6m6p-rjcq-334c
692 * systemd-boot gained new hotkeys to reboot and power off the system
693 from the boot menu ("B" and "O"). If the "auto-poweroff" and
694 "auto-reboot" options in loader.conf are set these entries are also
695 shown as menu items (which is useful on devices lacking a regular
698 * systemd-boot gained a new configuration value "menu-disabled" for the
699 set-timeout option, to allow completely disabling the boot menu,
700 including the hotkey.
702 * systemd-boot will now measure the content of loader.conf in TPM2
705 * systemd-stub will now concatenate the content of all kernel
706 command-line addons before measuring them in TPM2 PCR 12, in a single
707 measurement, instead of measuring them individually.
709 * systemd-stub will now measure and load Devicetree Blob addons, which
710 are searched and loaded following the same model as the existing
711 kernel command-line addons.
713 * systemd-stub will now ignore unauthenticated kernel command line options
714 passed from systemd-boot when running inside Confidential VMs with UEFI
717 * systemd-stub will now load a Devicetree blob even if the firmware did
718 not load any beforehand (e.g.: for ACPI systems).
720 * ukify is no longer considered experimental, and now ships in /usr/bin/.
722 * ukify gained a new verb inspect to describe the sections of a UKI and
723 print the contents of the well-known sections.
725 * ukify gained a new verb genkey to generate a set of key pairs for
726 signing UKIs and their PCR data.
728 * The 90-loaderentry kernel-install hook now supports installing device
731 * kernel-install now supports the --json=, --root=, --image=, and
732 --image-policy= options for the inspect verb.
734 * kernel-install now supports new list and add-all verbs. The former
735 lists all installed kernel images (if those are available in
736 /usr/lib/modules/). The latter will install all the kernels it can
741 * A new option --copy-from= has been added that synthesizes partition
742 definitions from the given image, which are then applied by the
743 systemd-repart algorithm.
745 * A new option --copy-source= has been added, which can be used to specify
746 a directory to which CopyFiles= is considered relative to.
748 * New --make-ddi=confext, --make-ddi=sysext, and --make-ddi=portable
749 options have been added to make it easier to generate these types of
750 DDIs, without having to provide repart.d definitions for them.
752 * The dm-verity salt and UUID will now be derived from the specified
755 * New VerityDataBlockSizeBytes= and VerityHashBlockSizeBytes= can now be
756 configured in repart.d/ configuration files.
758 * A new Subvolumes= setting is now supported in repart.d/ configuration
759 files, to indicate which directories in the target partition should be
762 * A new --tpm2-device-key= option can be used to lock a disk against a
763 specific TPM2 public key. This matches the same switch the
764 systemd-cryptenroll tool now supports (see above).
768 * The journalctl --lines= parameter now accepts +N to show the oldest N
769 entries instead of the newest.
771 * journald now ensures that sealing happens once per epoch, and sets a
772 new compatibility flag to distinguish old journal files that were
773 created before this change, for backward compatibility.
777 * udev will now create symlinks to loopback block devices in the
778 /dev/disk/by-loop-ref/ directory that are based on the .lo_file_name
779 string field selected during allocation. The systemd-dissect tool and
780 the util-linux losetup command now supports a complementing new switch
781 --loop-ref= for selecting the string. This means a loopback block
782 device may now be allocated under a caller-chosen reference and can
783 subsequently be referenced without first having to look up the block
784 device name the caller ended up with.
786 * udev also creates symlinks to loopback block devices in the
787 /dev/disk/by-loop-inode/ directory based on the .st_dev/st_ino fields
788 of the inode attached to the loopback block device. This means that
789 attaching a file to a loopback device will implicitly make a handle
790 available to be found via that file's inode information.
792 * udevadm info gained support for JSON output via a new --json= flag, and
793 for filtering output using the same mechanism that udevadm trigger
796 * The predictable network interface naming logic is extended to include
797 the SR-IOV-R "representor" information in network interface names.
798 This feature was intended for v254, but even though the code was
799 merged, the part that actually enabled the feature was forgotten.
800 It is now enabled by default and is part of the new "v255" naming
803 * A new hwdb/rules file has been added that sets the
804 ID_NET_AUTO_LINK_LOCAL_ONLY=1 udev property on all network interfaces
805 that should usually only be configured with link-local addressing
806 (IPv4LL + IPv6LL), i.e. for PC-to-PC cables ("laplink") or
807 Thunderbolt networking. systemd-networkd and NetworkManager (soon)
808 will make use of this information to apply an appropriate network
809 configuration by default.
811 * The ID_NET_DRIVER property on network interfaces is now set
812 relatively early in the udev rule set so that other rules may rely on
813 its use. This is implemented in a new "net-driver" udev built-in.
817 * The "duid-only" option for DHCPv4 client's ClientIdentifier= setting
818 is now dropped, as it never worked, hence it should not be used by
821 * The 'prefixstable' ipv6 address generation mode now considers the SSID
822 when generating stable addresses, so that a different stable address
823 is used when roaming between wireless networks. If you already use
824 'prefixstable' addresses with wireless networks, the stable address
825 will be changed by the update.
827 * The DHCPv4 client gained a RapidCommit option, true by default, which
828 enables RFC4039 Rapid Commit behavior to obtain a lease in a
829 simplified 2-message exchange instead of the typical 4-message
830 exchange, if also supported by the DHCP server.
832 * The DHCPv4 client gained new InitialCongestionWindow= and
833 InitialAdvertisedReceiveWindow= options for route configurations.
835 * The DHCPv4 client gained a new RequestAddress= option that allows
836 to send a preferred IP address in the initial DHCPDISCOVER message.
838 * The DHCPv4 server and client gained support for IPv6-only mode
841 * The SendHostname= and Hostname= options are now available for the
842 DHCPv6 client, independently of the DHCPv4= option, so that these
843 configuration values can be set independently for each client.
845 * The DHCPv4 and DHCPv6 client state can now be queried via D-Bus,
846 including lease information.
848 * The DHCPv6 client can now be configured to use a custom DUID type.
850 * .network files gained a new IPv4ReversePathFilter= setting in the
851 [Network] section, to control sysctl's rp_filter setting.
853 * .network files gaiend a new HopLimit= setting in the [Route] section,
854 to configure a per-route hop limit.
856 * .network files gained a new TCPRetransmissionTimeoutSec= setting in
857 the [Route] section, to configure a per-route TCP retransmission
860 * A new directive NFTSet= provides a method for integrating network
861 configuration into firewall rules with NFT sets. The benefit of using
862 this setting is that static network configuration or dynamically
863 obtained network addresses can be used in firewall rules with the
864 indirection of NFT set types.
866 * The [IPv6AcceptRA] section supports the following new options:
867 UsePREF64=, UseHopLimit=, UseICMP6RateLimit=, and NFTSet=.
869 * The [IPv6SendRA] section supports the following new options:
870 RetransmitSec=, HopLimit=, HomeAgent=, HomeAgentLifetimeSec=, and
871 HomeAgentPreference=.
873 * A new [IPv6PREF64Prefix] set of options, containing Prefix= and
874 LifetimeSec=, has been introduced to append pref64 options in router
875 advertisements (RFC8781).
877 * The network generator now configures the interfaces with only
878 link-local addressing if "ip=link-local" is specified on the kernel
881 * The prefix of the configuration files generated by the network
882 generator from the kernel command line is now prefixed with '70-',
883 to make them have higher precedence over the default configuration
886 * Added a new -Ddefault-network=BOOL meson option, that causes more
887 .network files to be installed as enabled by default. These configuration
888 files will which match generic setups, e.g. 89-ethernet.network matches
889 all Ethernet interfaces and enables both DHCPv4 and DHCPv6 clients.
891 * If a ID_NET_MANAGED_BY= udev property is set on a network device and
892 it is any other string than "io.systemd.Network" then networkd will
893 not manage this device. This may be used to allow multiple network
894 management services to run in parallel and assign ownership of
895 specific devices explicitly. NetworkManager will soon implement a
900 * systemctl is-failed now checks the system state if no unit is
903 * systemctl will now automatically soft-reboot if a new root file system
904 is found under /run/nextroot/ when a reboot operation is invoked.
908 * Wall messages now work even when utmp support is disabled, using
909 systemd-logind to query the necessary information.
911 * systemd-logind now sends a new PrepareForShutdownWithMetadata D-Bus
912 signal before shutdown/reboot/soft-reboot that includes additional
913 information compared to the PrepareForShutdown signal. Currently the
914 additional information is the type of operation that is about to be
917 Hibernation & Suspend:
919 * The kernel and OS versions will no longer be checked on resume from
922 * Hibernation into swap files backed by btrfs are now
923 supported. (Previously this was supported only for other file
928 * A new systemd-vmspawn tool has been added, that aims to provide for VMs
929 the same interfaces and functionality that systemd-nspawn provides for
930 containers. For now it supports QEMU as a backend, and exposes some of
931 its options to the user. This component is experimental and its public
932 interface is subject to change.
934 * "systemd-analyze plot" has gained tooltips on each unit name with
935 related-unit information in its svg output, such as Before=,
936 Requires=, and similar properties.
938 * A new varlinkctl tool has been added to allow interfacing with
939 Varlink services, and introspection has been added to all such
940 services. This component is experimental and its public interface is
943 * systemd-sysext and systemd-confext now expose a Varlink service
944 at io.systemd.sysext.
946 * portable services now accept confexts as extensions.
948 * systemd-sysupdate now accepts directories in the MatchPattern= option.
950 * systemd-run will now output the invocation ID of the launched
951 transient unit and its peak memory usage.
953 * systemd-analyze, systemd-tmpfiles, systemd-sysusers, systemd-sysctl,
954 and systemd-binfmt gained a new --tldr option that can be used instead
955 of --cat-config to suppress uninteresting configuration lines, such as
956 comments and whitespace.
958 * resolvectl gained a new "show-server-state" command that shows
959 current statistics of the resolver. This is backed by a new
960 DumpStatistics() Varlink method provided by systemd-resolved.
962 * systemd-timesyncd will now emit a D-Bus signal when the LinkNTPServers
965 * vconsole now supports KEYMAP=@kernel for preserving the kernel keymap
968 * seccomp now supports the LoongArch64 architecture.
970 * seccomp may now be enabled for services running as a non-root User=
971 without NoNewPrivileges=yes.
973 * systemd-id128 now supports a new -P option to show only values. The
974 combination of -P and --app options is also supported.
976 * A new pam_systemd_loadkey.so PAM module is now available, which will
977 automatically fetch the passphrase used by cryptsetup to unlock the
978 root file system and set it as the PAM authtok. This enables, among
979 other things, configuring auto-unlock of the GNOME Keyring / KDE
980 Wallet when autologin is configured.
982 * Many meson options now use the 'feature' type, which means they
983 take enabled/disabled/auto as values.
985 * A new meson option -Dconfigfiledir= can be used to change where
986 configuration files with default values are installed to.
988 * Options and verbs in man pages are now tagged with the version they
989 were first introduced in.
991 * A new component "systemd-storagetm" has been added, which exposes all
992 local block devices as NVMe-TCP devices, fully automatically. It's
993 hooked into a new target unit storage-target-mode.target that is
994 suppsoed to be booted into via
995 rd.systemd.unit=storage-target-mode.target on the kernel command
996 line. This is intended to be used for installers and debugging to
997 quickly get access to the local disk. It's inspired by MacOS "target
998 disk mode". This component is experimental and its public interface is
1001 * A new component "systemd-bsod" has been added, which can show logged
1002 error messages full screen, if they have a log level of LOG_EMERG log
1003 level. This component is experimental and its public interface is
1006 * The systemd-dissect tool's --with command will now set the
1007 $SYSTEMD_DISSECT_DEVICE environment variable to the block device it
1008 operates on for the invoked process.
1010 * The systemd-mount tool gained a new --tmpfs switch for mounting a new
1011 'tmpfs' instance. This is useful since it does so via .mount units
1012 and thus can be executed remotely or in containers.
1014 * The various tools in systemd that take "verbs" (such as systemctl,
1015 loginctl, machinectl, …) now will suggest a close verb name in case
1016 the user specified an unrecognized one.
1018 * libsystemd now exports a new function sd_id128_get_app_specific()
1019 that generates "app-specific" 128bit IDs from any ID. It's similar to
1020 sd_id128_get_machine_app_specific() and
1021 sd_id128_get_boot_app_specific() but takes the ID to base calculation
1022 on as input. This new functionality is also exposed in the
1023 "systemd-id128" tool where you can now combine --app= with `show`.
1025 * All tools that parse timestamps now can also parse RFC3339 style
1026 timestamps that include the "T" and Z" characters.
1028 * New documentation has been added:
1030 https://systemd.io/FILE_DESCRIPTOR_STORE
1031 https://systemd.io/TPM2_PCR_MEASUREMENTS
1032 https://systemd.io/MOUNT_REQUIREMENTS
1034 * The codebase now recognizes the suffix .confext.raw and .sysext.raw
1035 as alternative to the .raw suffix generally accepted for DDIs. It is
1036 recommended to name configuration extensions and system extensions
1037 with such suffixes, to indicate their purpose in the name.
1039 * The sd-device API gained a new function
1040 sd_device_enumerator_add_match_property_required() which allows
1041 configuring matches on properties that are strictly required. This is
1042 different from the existing sd_device_enumerator_add_match_property()
1043 matches of which one one needs to apply.
1045 * The MAC address the veth side of an nspawn container shall get
1046 assigned may now be controlled via the $SYSTEMD_NSPAWN_NETWORK_MAC
1047 environment variable.
1049 * The libiptc dependency is now implemented via dlopen(), so that tools
1050 such as networkd and nspawn no longer have a hard dependency on the
1051 shared library when compiled with support for libiptc.
1053 * New rpm macros have been added: %systemd_user_daemon_reexec does
1054 daemon-reexec for all user managers, and %systemd_postun_with_reload
1055 and %systemd_user_postun_with_reload do a reload for system and user
1058 * coredumpctl now propagates SIGTERM to the debugger process.
1060 Contributions from: 김인수, Abderrahim Kitouni, Adam Goldman,
1061 Adam Williamson, Alexandre Peixoto Ferreira, Alex Hudspith,
1062 Alvin Alvarado, André Paiusco, Antonio Alvarez Feijoo,
1063 Anton Lundin, Arian van Putten, Arseny Maslennikov, Arthur Shau,
1064 Balázs Úr, beh_10257, Benjamin Peterson, Bertrand Jacquin,
1065 Brian Norris, Charles Lee, Cheng-Chia Tseng, Chris Patterson,
1066 Christian Hergert, Christian Hesse, Christian Kirbach,
1067 Clayton Craft, commondservice, cunshunxia, Curtis Klein, cvlc12,
1068 Daan De Meyer, Daniele Medri, Daniel P. Berrangé, Daniel Rusek,
1069 Daniel Thompson, Dan Nicholson, Dan Streetman, David Rheinsberg,
1070 David Santamaría Rogado, David Tardon, dependabot[bot],
1071 Diego Viola, Dmitry V. Levin, Emanuele Giuseppe Esposito,
1072 Emil Renner Berthing, Emil Velikov, Etienne Dechamps, Fabian Vogt,
1073 felixdoerre, Felix Dörre, Florian Schmaus, Franck Bui,
1074 Frantisek Sumsal, G2-Games, Gioele Barabucci, Hugo Carvalho,
1075 huyubiao, Iago López Galeiras, IllusionMan1212, Jade Lovelace,
1076 janana, Jan Janssen, Jan Kuparinen, Jan Macku, Jeremy Fleischman,
1077 Jin Liu, jjimbo137, Joerg Behrmann, Johannes Segitz, Jordan Rome,
1078 Jordan Williams, Julien Malka, Juno Computers, Khem Raj, khm,
1079 Kingbom Dou, Kiran Vemula, Krzesimir Nowak, Laszlo Gombos,
1080 Lennart Poettering, linuxlion, Luca Boccassi, Lucas Adriano Salles,
1081 Lukas, Lukáš Nykrýn, Maanya Goenka, Maarten, Malte Poll,
1082 Marc Pervaz Boocha, Martin Beneš, Martin Joerg, Martin Wilck,
1083 Mathieu Tortuyaux, Matthias Schiffer, Maxim Mikityanskiy,
1084 Max Kellermann, Michael A Cassaniti, Michael Biebl, Michael Kuhn,
1085 Michael Vasseur, Michal Koutný, Michal Sekletár, Mike Yuan,
1086 Milton D. Miller II, mordner, msizanoen, NAHO, Nandakumar Raghavan,
1087 Neil Wilson, Nick Rosbrook, Nils K, NRK, Oğuz Ersen,
1088 Omojola Joshua, onenowy, Paul Meyer, Paymon MARANDI, pelaufer,
1089 Peter Hutterer, PhylLu, Pierre GRASSER, Piotr Drąg, Priit Laes,
1090 Rahil Bhimjiani, Raito Bezarius, Raul Cheleguini, Reto Schneider,
1091 Richard Maw, Robby Red, RoepLuke, Roland Hieber, Roland Singer,
1092 Ronan Pigott, Sam James, Sam Leonard, Sergey A, Susant Sahani,
1093 Sven Joachim, Tad Fisher, Takashi Sakamoto, Thorsten Kukuk, Tj,
1094 Tomasz Świątek, Topi Miettinen, Valentin David,
1095 Valentin Lefebvre, Victor Westerhuis, Vincent Haupert,
1096 Vishal Chillara Srinivas, Vito Caputo, Warren, Weblate,
1097 Xiaotian Wu, xinpeng wang, Yaron Shahrabani, Yo-Jung Lin,
1098 Yu Watanabe, Zbigniew Jędrzejewski-Szmek, zeroskyx,
1099 Дамјан Георгиевски, наб
1101 — Edinburgh, 2023-12-06
1105 Announcements of Future Feature Removals and Incompatible Changes:
1107 * The next release (v255) will remove support for split-usr (/usr/
1108 mounted separately during late boot, instead of being mounted by the
1109 initrd before switching to the rootfs) and unmerged-usr (parallel
1110 directories /bin/ and /usr/bin/, /lib/ and /usr/lib/, …). For more
1112 https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html
1114 * We intend to remove cgroup v1 support from a systemd release after
1115 the end of 2023. If you run services that make explicit use of
1116 cgroup v1 features (i.e. the "legacy hierarchy" with separate
1117 hierarchies for each controller), please implement compatibility with
1118 cgroup v2 (i.e. the "unified hierarchy") sooner rather than later.
1119 Most of Linux userspace has been ported over already.
1121 * Support for System V service scripts is now deprecated and will be
1122 removed in a future release. Please make sure to update your software
1123 *now* to include a native systemd unit file instead of a legacy
1124 System V script to retain compatibility with future systemd releases.
1126 * Support for the SystemdOptions EFI variable is deprecated.
1127 'bootctl systemd-efi-options' will emit a warning when used. It seems
1128 that this feature is little-used and it is better to use alternative
1129 approaches like credentials and confexts. The plan is to drop support
1130 altogether at a later point, but this might be revisited based on
1133 * EnvironmentFile= now treats the line following a comment line
1134 trailing with escape as a non comment line. For details, see:
1135 https://github.com/systemd/systemd/issues/27975
1137 * PrivateNetwork=yes and NetworkNamespacePath= now imply
1138 PrivateMounts=yes unless PrivateMounts=no is explicitly specified.
1140 * Behaviour of sandboxing options for the per-user service manager
1141 units has changed. They now imply PrivateUsers=yes, which means user
1142 namespaces will be implicitly enabled when a sandboxing option is
1143 enabled in a user unit. Enabling user namespaces has the drawback
1144 that system users will no longer be visible (and processes/files will
1145 appear as owned by 'nobody') in the user unit.
1147 By definition a sandboxed user unit should run with reduced
1148 privileges, so impact should be small. This will remove a great
1149 source of confusion that has been reported by users over the years,
1150 due to how these options require an extra setting to be manually
1151 enabled when used in the per-user service manager, which is not
1152 needed in the system service manager. For more details, see:
1153 https://lists.freedesktop.org/archives/systemd-devel/2022-December/048682.html
1155 * systemd-run's switch --expand-environment= which currently is disabled
1156 by default when combined with --scope, will be changed in a future
1157 release to be enabled by default.
1159 Security Relevant Changes:
1161 * pam_systemd will now by default pass the CAP_WAKE_ALARM ambient
1162 process capability to invoked session processes of regular users on
1163 local seats (as well as to systemd --user), unless configured
1164 otherwise via data from JSON user records, or via the PAM module's
1165 parameter list. This is useful in order allow desktop tools such as
1166 GNOME's Alarm Clock application to set a timer for
1167 CLOCK_REALTIME_ALARM that wakes up the system when it elapses. A
1168 per-user service unit file may thus use AmbientCapability= to pass
1169 the capability to invoked processes. Note that this capability is
1170 relatively narrow in focus (in particular compared to other process
1171 capabilities such as CAP_SYS_ADMIN) and we already — by default —
1172 permit more impactful operations such as system suspend to local
1177 * Memory limits that apply while the unit is activating are now
1178 supported. Previously IO and CPU settings were already supported via
1179 StartupCPUWeight= and similar. The same logic has been added for the
1180 various manager and unit memory settings (DefaultStartupMemoryLow=,
1181 StartupMemoryLow=, StartupMemoryHigh=, StartupMemoryMax=,
1182 StartupMemorySwapMax=, StartupMemoryZSwapMax=).
1184 * The service manager gained support for enqueuing POSIX signals to
1185 services that carry an additional integer value, exposing the
1186 sigqueue() system call. This is accessible via new D-Bus calls
1187 org.freedesktop.systemd1.Manager.QueueSignalUnit() and
1188 org.freedesktop.systemd1.Unit.QueueSignal(), as well as in systemctl
1189 via the new --kill-value= option.
1191 * systemctl gained a new "list-paths" verb, which shows all currently
1192 active .path units, similarly to how "systemctl list-timers" shows
1193 active timers, and "systemctl list-sockets" shows active sockets.
1195 * systemctl gained a new --when= switch which is honoured by the various
1196 forms of shutdown (i.e. reboot, kexec, poweroff, halt) and allows
1197 scheduling these operations by time, similar in fashion to how this
1198 has been supported by SysV shutdown.
1200 * If MemoryDenyWriteExecute= is enabled for a service and the kernel
1201 supports the new PR_SET_MDWE prctl() call, it is used instead of the
1202 seccomp()-based system call filter to achieve the same effect.
1204 * A new set of kernel command line options is now understood:
1205 systemd.tty.term.<name>=, systemd.tty.rows.<name>=,
1206 systemd.tty.columns.<name>= allow configuring the TTY type and
1207 dimensions for the tty specified via <name>. When systemd invokes a
1208 service on a tty (via TTYName=) it will look for these and configure
1209 the TTY accordingly. This is particularly useful in VM environments
1210 to propagate host terminal settings into the appropriate TTYs of the
1213 * A new RootEphemeral= setting is now understood in service units. It
1214 takes a boolean argument. If enabled for services that use RootImage=
1215 or RootDirectory= an ephemeral copy of the disk image or directory
1216 tree is made when the service is started. It is removed automatically
1217 when the service is stopped. That ephemeral copy is made using
1218 btrfs/xfs reflinks or btrfs snapshots, if available.
1220 * The service activation logic gained new settings RestartSteps= and
1221 RestartMaxDelaySec= which allow exponentially-growing restart
1222 intervals for Restart=.
1224 * The service activation logic gained a new setting RestartMode= which
1225 can be set to 'direct' to skip the inactive/failed states when
1226 restarting, so that dependent units are not notified until the service
1227 converges to a final (successful or failed) state. For example, this
1228 means that OnSuccess=/OnFailure= units will not be triggered until the
1229 service state has converged.
1231 * PID 1 will now automatically load the virtio_console kernel module
1232 during early initialization if running in a suitable VM. This is done
1233 so that early-boot logging can be written to the console if available.
1235 * Similarly, virtio-vsock support is loaded early in suitable VM
1236 environments. PID 1 will send sd_notify() notifications via AF_VSOCK
1237 to the VMM if configured, thus loading this early is beneficial.
1239 * A new verb "fdstore" has been added to systemd-analyze to show the
1240 current contents of the file descriptor store of a unit. This is
1241 backed by a new D-Bus call DumpUnitFileDescriptorStore() provided by
1242 the service manager.
1244 * The service manager will now set a new $FDSTORE environment variable
1245 when invoking processes for services that have the file descriptor
1248 * A new service option FileDescriptorStorePreserve= has been added that
1249 allows tuning the lifecycle of the per-service file descriptor store.
1250 If set to "yes", the entries in the fd store are retained even after
1251 the service has been fully stopped.
1253 * The "systemctl clean" command may now be used to clear the fdstore of
1256 * Unit *.preset files gained a new directive "ignore", in addition to
1257 the existing "enable" and "disable". As the name suggests, matching
1258 units are left unchanged, i.e. neither enabled nor disabled.
1260 * Service units gained a new setting DelegateSubgroup=. It takes the
1261 name of a sub-cgroup to place any processes the service manager forks
1262 off in. Previously, the service manager would place all service
1263 processes directly in the top-level cgroup it created for the
1264 service. This usually meant that main process in a service with
1265 delegation enabled would first have to create a subgroup and move
1266 itself down into it, in order to not conflict with the "no processes
1267 in inner cgroups" rule of cgroup v2. With this option, this step is
1268 now handled by PID 1.
1270 * The service manager will now look for .upholds/ directories,
1271 similarly to the existing support for .wants/ and .requires/
1272 directories. Symlinks in this directory result in Upholds=
1275 The [Install] section of unit files gained support for a new
1276 UpheldBy= directive to generate .upholds/ symlinks automatically when
1279 * The service manager now supports a new kernel command line option
1280 systemd.default_device_timeout_sec=, which may be used to override
1281 the default timeout for .device units.
1283 * A new "soft-reboot" mechanism has been added to the service manager.
1284 A "soft reboot" is similar to a regular reboot, except that it
1285 affects userspace only: the service manager shuts down any running
1286 services and other units, then optionally switches into a new root
1287 file system (mounted to /run/nextroot/), and then passes control to a
1288 systemd instance in the new file system which then starts the system
1289 up again. The kernel is not rebooted and neither is the hardware,
1290 firmware or boot loader. This provides a fast, lightweight mechanism
1291 to quickly reset or update userspace, without the latency that a full
1292 system reset involves. Moreover, open file descriptors may be passed
1293 across the soft reboot into the new system where they will be passed
1294 back to the originating services. This allows pinning resources
1295 across the reboot, thus minimizing grey-out time further. This new
1296 reboot mechanism is accessible via the new "systemctl soft-reboot"
1299 * Services using RootDirectory= or RootImage= will now have read-only
1300 access to a copy of the host's os-release file under
1301 /run/host/os-release, which will be kept up-to-date on 'soft-reboot'.
1302 This was already the case for Portable Services, and the feature has
1303 now been extended to all services that do not run off the host's
1306 * A new service setting MemoryKSM= has been added to enable kernel
1307 same-page merging individually for services.
1309 * A new service setting ImportCredentials= has been added that augments
1310 LoadCredential= and LoadCredentialEncrypted= and searches for
1311 credentials to import from the system, and supports globbing.
1313 * A new job mode "restart-dependencies" has been added to the service
1314 manager (exposed via systemctl --job-mode=). It is only valid when
1315 used with "start" jobs, and has the effect that the "start" job will
1316 be propagated as "restart" jobs to currently running units that have
1317 a BindsTo= or Requires= dependency on the started unit.
1319 * A new verb "whoami" has been added to "systemctl" which determines as
1320 part of which unit the command is being invoked. It writes the unit
1321 name to standard output. If one or more PIDs are specified reports
1322 the unit names the processes referenced by the PIDs belong to.
1324 * The system and service credential logic has been improved: there's
1325 now a clearly defined place where system provisioning tools running
1326 in the initrd can place credentials that will be imported into the
1327 system's set of credentials during the initrd → host transition: the
1328 /run/credentials/@initrd/ directory. Once the credentials placed
1329 there are imported into the system credential set they are deleted
1330 from this directory, and the directory itself is deleted afterwards
1333 * A new kernel command line option systemd.set_credential_binary= has
1334 been added, that is similar to the pre-existing
1335 systemd.set_credential= but accepts arbitrary binary credential data,
1336 encoded in Base64. Note that the kernel command line is not a
1337 recommend way to transfer credentials into a system, since it is
1338 world-readable from userspace.
1340 * The default machine ID to use may now be configured via the
1341 system.machine_id system credential. It will only be used if no
1342 machine ID was set yet on the host.
1344 * On Linux kernel 6.4 and newer system and service credentials will now
1345 be placed in a tmpfs instance that has the "noswap" mount option
1346 set. Previously, a "ramfs" instance was used. By switching to tmpfs
1347 ACL support and overall size limits can now be enforced, without
1348 compromising on security, as the memory is never paged out either
1351 * The service manager now can detect when it is running in a
1352 'Confidential Virtual Machine', and a corresponding 'cvm' value is now
1353 accepted by ConditionSecurity= for units that want to conditionalize
1354 themselves on this. systemd-detect-virt gained new 'cvm' and
1355 '--list-cvm' switches to respectively perform the detection or list
1356 all known flavours of confidential VM, depending on the vendor. The
1357 manager will publish a 'ConfidentialVirtualization' D-Bus property,
1358 and will also set a SYSTEMD_CONFIDENTIAL_VIRTUALIZATION= environment
1359 variable for unit generators. Finally, udev rules can match on a new
1360 'cvm' key that will be set when in a confidential VM.
1361 Additionally, when running in a 'Confidential Virtual Machine', SMBIOS
1362 strings and QEMU's fw_cfg protocol will not be used to import
1363 credentials and kernel command line parameters by the system manager,
1364 systemd-boot and systemd-stub, because the hypervisor is considered
1365 untrusted in this particular setting.
1369 * The sd-journal API gained a new call sd_journal_get_seqnum() to
1370 retrieve the current log record's sequence number and sequence number
1371 ID, which allows applications to order records the same way as
1372 journal does internally. The sequence number is now also exported in
1373 the JSON and "export" output of the journal.
1375 * journalctl gained a new switch --truncate-newline. If specified
1376 multi-line log records will be truncated at the first newline,
1377 i.e. only the first line of each log message will be shown.
1379 * systemd-journal-upload gained support for --namespace=, similar to
1380 the switch of the same name of journalctl.
1384 * systemd-repart's drop-in files gained a new ExcludeFiles= option which
1385 may be used to exclude certain files from the effect of CopyFiles=.
1387 * systemd-repart's Verity support now implements the Minimize= setting
1388 to minimize the size of the resulting partition.
1390 * systemd-repart gained a new --offline= switch, which may be used to
1391 control whether images shall be built "online" or "offline",
1392 i.e. whether to make use of kernel facilities such as loopback block
1393 devices and device mapper or not.
1395 * If systemd-repart is told to populate a newly created ESP or XBOOTLDR
1396 partition with some files, it will now default to VFAT rather than
1399 * systemd-repart gained a new --architecture= switch. If specified, the
1400 per-architecture GPT partition types (i.e. the root and /usr/
1401 partitions) configured in the partition drop-in files are
1402 automatically adjusted to match the specified CPU architecture, in
1403 order to simplify cross-architecture DDI building.
1405 * systemd-repart will now default to a minimum size of 300MB for XFS
1406 filesystems if no size parameter is specified. This matches what the
1407 XFS tools (xfsprogs) can support.
1409 systemd-boot, systemd-stub, ukify, bootctl, kernel-install:
1411 * gnu-efi is no longer required to build systemd-boot and systemd-stub.
1412 Instead, pyelftools is now needed, and it will be used to perform the
1413 ELF -> PE relocations at build time.
1415 * bootctl gained a new switch --print-root-device/-R that prints the
1416 block device the root file system is backed by. If specified twice,
1417 it returns the whole disk block device (as opposed to partition block
1418 device) the root file system is on. It's useful for invocations such
1419 as "cfdisk $(bootctl -RR)" to quickly show the partition table of the
1422 * systemd-stub will now look for the SMBIOS Type 1 field
1423 "io.systemd.stub.kernel-cmdline-extra" and append its value to the
1424 kernel command line it invokes. This is useful for VMMs such as qemu
1425 to pass additional kernel command lines into the system even when
1426 booting via full UEFI. The contents of the field are measured into
1429 * The KERNEL_INSTALL_LAYOUT= setting for kernel-install gained a new
1430 value "auto". With this value, a kernel will be automatically
1431 analyzed, and if it qualifies as UKI, it will be installed as if the
1432 setting was to set to "uki", otherwise as "bls".
1434 * systemd-stub can now optionally load UEFI PE "add-on" images that may
1435 contain additional kernel command line information. These "add-ons"
1436 superficially look like a regular UEFI executable, and are expected
1437 to be signed via SecureBoot/shim. However, they do not actually
1438 contain code, but instead a subset of the PE sections that UKIs
1439 support. They are supposed to provide a way to extend UKIs with
1440 additional resources in a secure and authenticated way. Currently,
1441 only the .cmdline PE section may be used in add-ons, in which case
1442 any specified string is appended to the command line embedded into
1443 the UKI itself. A new 'addon<EFI-ARCH>.efi.stub' is now provided that
1444 can be used to trivially create addons, via 'ukify' or 'objcopy'. In
1445 the future we expect other sections to be made extensible like this as
1448 * ukify has been updated to allow building these UEFI PE "add-on"
1449 images, using the new 'addon<EFI-ARCH>.efi.stub'.
1451 * ukify now accepts SBAT information to place in the .sbat PE section
1452 of UKIs and addons. If a UKI is built the SBAT information from the
1453 inner kernel is merged with any SBAT information associated with
1454 systemd-stub and the SBAT data specified on the ukify command line.
1456 * The kernel-install script has been rewritten in C, and reuses much of
1457 the infrastructure of existing tools such as bootctl. It also gained
1458 --esp-path= and --boot-path= options to override the path to the ESP,
1459 and the $BOOT partition. Options --make-entry-directory= and
1460 --entry-token= have been added as well, similar to bootctl's options
1463 * A new kernel-install plugin 60-ukify has been added which will
1464 combine kernel/initrd locally into a UKI and optionally sign them
1465 with a local key. This may be used to switch to UKI mode even on
1466 systems where a local kernel or initrd is used. (Typically UKIs are
1467 built and signed by the vendor.)
1469 * The ukify tool now supports "pesign" in addition to the pre-existing
1470 "sbsign" for signing UKIs.
1472 * systemd-measure and systemd-stub now look for the .uname PE section
1473 that should contain the kernel's "uname -r" string.
1475 * systemd-measure and ukify now calculate expected PCR hashes for a UKI
1476 "offline", i.e. without access to a TPM (physical or
1479 Memory Pressure & Control:
1481 * The sd-event API gained new calls sd_event_add_memory_pressure(),
1482 sd_event_source_set_memory_pressure_type(),
1483 sd_event_source_set_memory_pressure_period() to create and configure
1484 an event source that is called whenever the OS signals memory
1485 pressure. Another call sd_event_trim_memory() is provided that
1486 compacts the process' memory use by releasing allocated but unused
1487 malloc() memory back to the kernel. Services can also provide their
1488 own custom callback to do memory trimming. This should improve system
1489 behaviour under memory pressure, as on Linux traditionally provided
1490 no mechanism to return process memory back to the kernel if the
1491 kernel was under memory pressure. This makes use of the kernel's PSI
1492 interface. Most long-running services in systemd have been hooked up
1493 with this, and in particular systems with low memory should benefit
1496 * Service units gained new settings MemoryPressureWatch= and
1497 MemoryPressureThresholdSec= to configure the PSI memory pressure
1498 logic individually. If these options are used, the
1499 $MEMORY_PRESSURE_WATCH and $MEMORY_PRESSURE_WRITE environment
1500 variables will be set for the invoked processes to inform them about
1501 the requested memory pressure behaviour. (This is used by the
1502 aforementioned sd-events API additions, if set.)
1504 * systemd-analyze gained a new "malloc" verb that shows the output
1505 generated by glibc's malloc_info() on services that support it. Right
1506 now, only the service manager has been updated accordingly. This
1507 call requires privileges.
1509 User & Session Management:
1511 * The sd-login API gained a new call sd_session_get_username() to
1512 return the user name of the owner of a login session. It also gained
1513 a new call sd_session_get_start_time() to retrieve the time the login
1514 session started. A new call sd_session_get_leader() has been added to
1515 return the PID of the "leader" process of a session. A new call
1516 sd_uid_get_login_time() returns the time since the specified user has
1517 most recently been continuously logged in with at least one session.
1519 * JSON user records gained a new set of fields capabilityAmbientSet and
1520 capabilityBoundingSet which contain a list of POSIX capabilities to
1521 set for the logged in users in the ambient and bounding sets,
1522 respectively. homectl gained the ability to configure these two sets
1523 for users via --capability-bounding-set=/--capability-ambient-set=.
1525 * pam_systemd learnt two new module options
1526 default-capability-bounding-set= and default-capability-ambient-set=,
1527 which configure the default bounding sets for users as they are
1528 logging in, if the JSON user record doesn't specify this explicitly
1529 (see above). The built-in default for the ambient set now contains
1530 the CAP_WAKE_ALARM, thus allowing regular users who may log in
1531 locally to resume from a system suspend via a timer.
1533 * The Session D-Bus objects systemd-logind gained a new SetTTY() method
1534 call to update the TTY of a session after it has been allocated. This
1535 is useful for SSH sessions which are typically allocated first, and
1536 for which a TTY is added later.
1538 * The sd-login API gained a new call sd_pid_notifyf_with_fds() which
1539 combines the various other sd_pid_notify() flavours into one: takes a
1540 format string, an overriding PID, and a set of file descriptors to
1541 send. It also gained a new call sd_pid_notify_barrier() call which is
1542 equivalent to sd_notify_barrier() but allows the originating PID to
1545 * "loginctl list-users" and "loginctl list-sessions" will now show the
1546 state of each logged in user/session in their tabular output. It will
1547 also show the current idle state of sessions.
1551 * systemd-dissect will now show the intended CPU architecture of an
1554 * systemd-dissect will now install itself as mount helper for the "ddi"
1555 pseudo-file system type. This means you may now mount DDIs directly
1556 via /bin/mount or /etc/fstab, making full use of embedded Verity
1557 information and all other DDI features.
1559 Example: mount -t ddi myimage.raw /some/where
1561 * The systemd-dissect tool gained the new switches --attach/--detach to
1562 attach/detach a DDI to a loopback block device without mounting it.
1563 It will automatically derive the right sector size from the image
1564 and set up Verity and similar, but not mount the file systems in it.
1566 * When systemd-gpt-auto-generator or the DDI mounting logic mount an
1567 ESP or XBOOTLDR partition the MS_NOSYMFOLLOW mount option is now
1568 implied. Given that these file systems are typically untrusted, this
1569 should make mounting them automatically have less of a security
1572 * All tools that parse DDIs (such as systemd-nspawn, systemd-dissect,
1573 systemd-tmpfiles, …) now understand a new switch --image-policy= which
1574 takes a string encoding image dissection policy. With this mechanism
1575 automatic discovery and use of specific partition types and the
1576 cryptographic requirements on the partitions (Verity, LUKS, …) can be
1577 restricted, permitting better control of the exposed attack surfaces
1578 when mounting disk images. systemd-gpt-auto-generator will honour such
1579 an image policy too, configurable via the systemd.image_policy= kernel
1580 command line option. Unit files gained the RootImagePolicy=,
1581 MountImagePolicy= and ExtensionImagePolicy= to configure the same for
1582 disk images a service runs off.
1584 * systemd-analyze gained a new verb "image-policy" to validate and
1585 parse image policy strings.
1587 * systemd-dissect gained support for a new --validate switch to
1588 superficially validate DDI structure, and check whether a specific
1589 image policy allows the DDI.
1591 * systemd-dissect gained support for a new --mtree-hash switch to
1592 optionally disable calculating mtree hashes, which can be slow on
1595 * systemd-dissect --copy-to, --copy-from, --list and --mtree switches
1596 are now able to operate on directories too, other than images.
1600 * networkd's GENEVE support as gained a new .network option
1601 InheritInnerProtocol=.
1603 * The [Tunnel] section in .netdev files has gained a new setting
1604 IgnoreDontFragment for controlling the IPv4 "DF" flag of datagrams.
1606 * A new global IPv6PrivacyExtensions= setting has been added that
1607 selects the default value of the per-network setting of the same
1610 * The predictable network interface naming logic was extended to
1611 include SR-IOV-R "representor" information in network interface
1612 names. Unfortunately, this feature was not enabled by default and can
1613 only be enabled at compilation time by setting
1614 -Ddefault-net-naming-scheme=v254.
1616 * The DHCPv4 + DHCPv6 + IPv6 RA logic in networkd gained support for
1617 the RFC8910 captive portal option.
1621 * udevadm gained the new "verify" verb for validating udev rules files
1624 * udev gained a new tool "iocost" that can be used to configure QoS IO
1625 cost data based on hwdb information onto suitable block devices. Also
1626 see https://github.com/iocost-benchmark/iocost-benchmarks.
1628 TPM2 Support + Disk Encryption & Authentication:
1630 * systemd-cryptenroll/systemd-cryptsetup will now install a TPM2 SRK
1631 ("Storage Root Key") as first step in the TPM2, and then use that
1632 for binding FDE to, if TPM2 support is used. This matches
1633 recommendations of TCG (see
1634 https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-v2.0-Provisioning-Guidance-Published-v1r1.pdf)
1636 * systemd-cryptenroll and other tools that take TPM2 PCR parameters now
1637 understand textual identifiers for these PCRs.
1639 * systemd-veritysetup + /etc/veritytab gained support for a series of
1640 new options: hash-offset=, superblock=, format=, data-block-size=,
1641 hash-block-size=, data-blocks=, salt=, uuid=, hash=, fec-device=,
1642 fec-offset=, fec-roots= to configure various aspects of a Verity
1645 * systemd-cryptsetup + /etc/crypttab gained support for a new
1646 veracrypt-pim= option for setting the Personal Iteration Multiplier
1647 of veracrypt volumes.
1649 * systemd-integritysetup + /etc/integritytab gained support for a new
1650 mode= setting for controlling the dm-integrity mode (journal, bitmap,
1651 direct) for the volume.
1653 * systemd-analyze gained a new verb "pcrs" that shows the known TPM PCR
1654 registers, their symbolic names and current values.
1658 * The ACL support in tmpfiles.d/ has been updated: if an uppercase "X"
1659 access right is specified this is equivalent to "x" but only if the
1660 inode in question already has the executable bit set for at least
1661 some user/group. Otherwise the "x" bit will be turned off.
1663 * tmpfiles.d/'s C line type now understands a new modifier "+": a line
1664 with C+ will result in a "merge" copy, i.e. all files of the source
1665 tree are copied into the target tree, even if that tree already
1666 exists, resulting in a combined tree of files already present in the
1667 target tree and those copied in.
1669 * systemd-tmpfiles gained a new --graceful switch. If specified lines
1670 with unknown users/groups will silently be skipped.
1674 * systemd-notify gained two new options --fd= and --fdname= for sending
1675 arbitrary file descriptors to the service manager (while specifying an
1676 explicit name for it).
1678 * systemd-notify gained a new --exec switch, which makes it execute the
1679 specified command line after sending the requested messages. This is
1680 useful for sending out READY=1 first, and then continuing invocation
1681 without changing process ID, so that the tool can be nicely used
1682 within an ExecStart= line of a unit file that uses Type=notify.
1684 sd-event + sd-bus APIs:
1686 * The sd-event API gained a new call sd_event_source_leave_ratelimit()
1687 which may be used to explicitly end a rate-limit state an event
1688 source might be in, resetting all rate limiting counters.
1690 * When the sd-bus library is used to make connections to AF_UNIX D-Bus
1691 sockets, it will now encode the "description" set via
1692 sd_bus_set_description() into the source socket address. It will also
1693 look for this information when accepting a connection. This is useful
1694 to track individual D-Bus connections on a D-Bus broker for debug
1699 * systemd-resolved gained a new resolved.conf setting
1700 StateRetentionSec= which may be used to retain cached DNS records
1701 even after their nominal TTL, and use them in case upstream DNS
1702 servers cannot be reached. This can be used to make name resolution
1703 more resilient in case of network problems.
1705 * resolvectl gained a new verb "show-cache" to show the current cache
1706 contents of systemd-resolved. This verb communicates with the
1707 systemd-resolved daemon and requires privileges.
1711 * Meson >= 0.60.0 is now required to build systemd.
1713 * The default keymap to apply may now be chosen at build-time via the
1714 new -Ddefault-keymap= meson option.
1716 * Most of systemd's long-running services now have a generic handler of
1717 the SIGRTMIN+18 signal handler which executes various operations
1718 depending on the sigqueue() parameter sent along. For example, values
1719 0x100…0x107 allow changing the maximum log level of such
1720 services. 0x200…0x203 allow changing the log target of such
1721 services. 0x300 make the services trim their memory similarly to the
1722 automatic PSI-triggered action, see above. 0x301 make the services
1723 output their malloc_info() data to the logs.
1725 * machinectl gained new "edit" and "cat" verbs for editing .nspawn
1726 files, inspired by systemctl's verbs of the same name which edit unit
1727 files. Similarly, networkctl gained the same verbs for editing
1728 .network, .netdev, .link files.
1730 * A new syscall filter group "@sandbox" has been added that contains
1731 syscalls for sandboxing system calls such as those for seccomp and
1734 * New documentation has been added:
1736 https://systemd.io/COREDUMP
1737 https://systemd.io/MEMORY_PRESSURE
1740 * systemd-firstboot gained a new --reset option. If specified, the
1741 settings in /etc/ it knows how to initialize are reset.
1743 * systemd-sysext is now a multi-call binary and is also installed under
1744 the systemd-confext alias name (via a symlink). When invoked that way
1745 it will operate on /etc/ instead of /usr/ + /opt/. It thus becomes a
1746 powerful, atomic, secure configuration management of sorts, that
1747 locally can merge configuration from multiple confext configuration
1748 images into a single immutable tree.
1750 * The --network-macvlan=, --network-ipvlan=, --network-interface=
1751 switches of systemd-nspawn may now optionally take the intended
1752 network interface inside the container.
1754 * All our programs will now send an sd_notify() message with their exit
1755 status in the EXIT_STATUS= field when exiting, using the usual
1756 protocol, including PID 1. This is useful for VMMs and container
1757 managers to collect an exit status from a system as it shuts down, as
1758 set via "systemctl exit …". This is particularly useful in test cases
1759 and similar, as invocations via a VM can now nicely propagate an exit
1760 status to the host, similar to local processes.
1762 * systemd-run gained a new switch --expand-environment=no to disable
1763 server-side environment variable expansion in specified command
1764 lines. Expansion defaults to enabled for all execution types except
1765 --scope, where it defaults to off (and prints a warning) for backward
1766 compatibility reasons. --scope will be flipped to enabled by default
1767 too in a future release. If you are using --scope and passing a '$'
1768 character in the payload you should start explicitly using
1769 --expand-environment=yes/no according to the use case.
1771 * The systemd-system-update-generator has been updated to also look for
1772 the special flag file /etc/system-update in addition to the existing
1773 support for /system-update to decide whether to enter system update
1776 * The /dev/hugepages/ file system is now mounted with nosuid + nodev
1777 mount options by default.
1779 * systemd-fstab-generator now understands two new kernel command line
1780 options systemd.mount-extra= and systemd.swap-extra=, which configure
1781 additional mounts or swaps in a format similar to /etc/fstab. 'fsck'
1782 will be ran on these block devices, like it already happens for
1783 'root='. It also now supports the new fstab.extra and
1784 fstab.extra.initrd credentials that may contain additional /etc/fstab
1785 lines to apply at boot.
1787 * systemd-getty-generator now understands two new credentials
1788 getty.ttys.container and getty.ttys.serial. These credentials may
1789 contain a list of TTY devices – one per line – to instantiate
1790 container-getty@.service and serial-getty@.service on.
1792 * The getty/serial-getty/container-getty units now import the 'agetty.*'
1793 and 'login.*' credentials, which are consumed by the 'login' and
1794 'agetty' programs starting from util-linux v2.40.
1796 * systemd-sysupdate's sysupdate.d/ drop-ins gained a new setting
1797 PathRelativeTo=, which can be set to "esp", "xbootldr", "boot", in
1798 which case the Path= setting is taken relative to the ESP or XBOOTLDR
1799 partitions, rather than the system's root directory /. The relevant
1800 directories are automatically discovered.
1802 * The systemd-ac-power tool gained a new switch --low, which reports
1803 whether the battery charge is considered "low", similar to how the
1804 s2h suspend logic checks this state to decide whether to enter system
1805 suspend or hibernation.
1807 * The /etc/os-release file can now have two new optional fields
1808 VENDOR_NAME= and VENDOR_URL= to carry information about the vendor of
1811 * When the system hibernates, information about the device and offset
1812 used is now written to a non-volatile EFI variable. On next boot the
1813 system will attempt to resume from the location indicated in this EFI
1814 variable. This should make hibernation a lot more robust, while
1815 requiring no manual configuration of the resume location.
1817 * The $XDG_STATE_HOME environment variable (added in more recent
1818 versions of the XDG basedir specification) is now honoured to
1819 implement the StateDirectory= setting in user services.
1821 * A new component "systemd-battery-check" has been added. It may run
1822 during early boot (usually in the initrd), and checks the battery
1823 charge level of the system. In case the charge level is very low the
1824 user is notified (graphically via Plymouth – if available – as well
1825 as in text form on the console), and the system is turned off after a
1826 10s delay. The feature can be disabled by passing
1827 systemd.battery_check=0 through the kernel command line.
1829 * The 'passwdqc' library is now supported as an alternative to the
1830 'pwquality' library and can be selected at build time.
1832 Contributions from: 김인수, 07416, Addison Snelling, Adrian Vovk,
1833 Aidan Dang, Alexander Krabler, Alfred Klomp, Anatoli Babenia,
1834 Andrei Stepanov, Andrew Baxter, Antonio Alvarez Feijoo,
1835 Arian van Putten, Arthur Shau, A S Alam,
1836 Asier Sarasua Garmendia, Balló György, Bastien Nocera,
1837 Benjamin Herrenschmidt, Benjamin Raison, Bill Peterson,
1838 Brad Fitzpatrick, Brett Holman, bri, Chen Qi, Chitoku,
1839 Christian Hesse, Christoph Anton Mitterer, Christopher Gurnee,
1840 Colin Walters, Cornelius Hoffmann, Cristian Rodríguez, cunshunxia,
1841 cvlc12, Cyril Roelandt, Daan De Meyer, Daniele Medri,
1842 Daniel P. Berrangé, Daniel Rusek, Dan Streetman, David Edmundson,
1843 David Schroeder, David Tardon, dependabot[bot],
1844 Dimitri John Ledkov, Dmitrii Fomchenkov, Dmitry V. Levin, dmkUK,
1845 Dominique Martinet, don bright, drosdeck, Edson Juliano Drosdeck,
1846 Egor Ignatov, EinBaum, Emanuele Giuseppe Esposito, Eric Curtin,
1847 Erik Sjölund, Evgeny Vereshchagin, Florian Klink, Franck Bui,
1848 François Rigault, Fran Diéguez, Franklin Yu, Frantisek Sumsal,
1849 Fuminobu TAKEYAMA, Gaël PORTAY, Gerd Hoffmann, Gertalitec,
1850 Gibeom Gwon, Gustavo Noronha Silva, Hannu Lounento,
1851 Hans de Goede, Haochen Tong, HATAYAMA Daisuke, Henrik Holst,
1852 Hoe Hao Cheng, Igor Tsiglyar, Ivan Vecera, James Hilliard,
1853 Jan Engelhardt, Jan Janssen, Jan Luebbe, Jan Macku, Janne Sirén,
1854 jcg, Jeidnx, Joan Bruguera, Joerg Behrmann, jonathanmetzman,
1855 Jordan Rome, Josef Miegl, Joshua Goins, Joyce, Joyce Brum,
1856 Juno Computers, Kai Lueke, Kevin P. Fleming, Kiran Vemula, Klaus,
1857 Klaus Zipfel, Lawrence Thorpe, Lennart Poettering, licunlong,
1858 Lily Foster, Luca Boccassi, Ludwig Nussel, Luna Jernberg,
1859 maanyagoenka, Maanya Goenka, Maksim Kliazovich, Malte Poll,
1860 Marko Korhonen, Masatake YAMATO, Mateusz Poliwczak, Matt Johnston,
1861 Miao Wang, Micah Abbott, Michael A Cassaniti, Michal Koutný,
1862 Michal Sekletár, Mike Yuan, mooo, Morten Linderud, msizanoen,
1863 Nick Rosbrook, nikstur, Olivier Gayot, Omojola Joshua,
1864 Paolo Velati, Paul Barker, Pavel Borecki, Petr Menšík,
1865 Philipp Kern, Philip Withnall, Piotr Drąg, Quintin Hill,
1866 Rene Hollander, Richard Phibel, Robert Meijers, Robert Scheck,
1867 Roger Gammans, Romain Geissler, Ronan Pigott, Russell Harmon,
1868 saikat0511, Samanta Navarro, Sam James, Sam Morris,
1869 Simon Braunschmidt, Sjoerd Simons, Sorah Fukumori,
1870 Stanislaw Gruszka, Stefan Roesch, Steven Luo, Steve Ramage,
1871 Susant Sahani, taniishkaaa, Tanishka, Temuri Doghonadze,
1872 Thierry Martin, Thomas Blume, Thomas Genty, Thomas Weißschuh,
1873 Thorsten Kukuk, Times-Z, Tobias Powalowski, tofylion,
1874 Topi Miettinen, Uwe Kleine-König, Velislav Ivanov,
1875 Vitaly Kuznetsov, Vít Zikmund, Weblate, Will Fancher,
1876 William Roberts, Winterhuman, Wolfgang Müller, Xeonacid,
1877 Xiaotian Wu, Xi Ruoyao, Yuri Chornoivan, Yu Watanabe, Yuxiang Zhu,
1878 Zbigniew Jędrzejewski-Szmek, zhmylove, ZjYwMj,
1879 Дамјан Георгиевски, наб
1881 — Edinburgh, 2023-07-28
1885 Announcements of Future Feature Removals and Incompatible Changes:
1887 * We intend to remove cgroup v1 support from systemd release after the
1888 end of 2023. If you run services that make explicit use of cgroup v1
1889 features (i.e. the "legacy hierarchy" with separate hierarchies for
1890 each controller), please implement compatibility with cgroup v2 (i.e.
1891 the "unified hierarchy") sooner rather than later. Most of Linux
1892 userspace has been ported over already.
1894 * We intend to remove support for split-usr (/usr mounted separately
1895 during boot) and unmerged-usr (parallel directories /bin and
1896 /usr/bin, /lib and /usr/lib, etc). This will happen in the second
1897 half of 2023, in the first release that falls into that time window.
1898 For more details, see:
1899 https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html
1901 * We intend to change behaviour w.r.t. units of the per-user service
1902 manager and sandboxing options, so that they work without having to
1903 manually enable PrivateUsers= as well, which is not required for
1904 system units. To make this work, we will implicitly enable user
1905 namespaces (PrivateUsers=yes) when a sandboxing option is enabled in a
1906 user unit. The drawback is that system users will no longer be visible
1907 (and appear as 'nobody') to the user unit when a sandboxing option is
1908 enabled. By definition a sandboxed user unit should run with reduced
1909 privileges, so impact should be small. This will remove a great source
1910 of confusion that has been reported by users over the years, due to
1911 how these options require an extra setting to be manually enabled when
1912 used in the per-user service manager, as opposed as to the system
1913 service manager. We plan to enable this change in the next release
1914 later this year. For more details, see:
1915 https://lists.freedesktop.org/archives/systemd-devel/2022-December/048682.html
1917 Deprecations and incompatible changes:
1919 * systemctl will now warn when invoked without /proc/ mounted
1920 (e.g. when invoked after chroot() into an directory tree without the
1921 API mount points like /proc/ being set up.) Operation in such an
1922 environment is not fully supported.
1924 * The return value of 'systemctl is-active|is-enabled|is-failed' for
1925 unknown units is changed: previously 1 or 3 were returned, but now 4
1926 (EXIT_PROGRAM_OR_SERVICES_STATUS_UNKNOWN) is used as documented.
1928 * 'udevadm hwdb' subcommand is deprecated and will emit a warning.
1929 systemd-hwdb (added in 2014) should be used instead.
1931 * 'bootctl --json' now outputs a single JSON array, instead of a stream
1932 of newline-separated JSON objects.
1934 * Udev rules in 60-evdev.rules have been changed to load hwdb
1935 properties for all modalias patterns. Previously only the first
1936 matching pattern was used. This could change what properties are
1937 assigned if the user has more and less specific patterns that could
1938 match the same device, but it is expected that the change will have
1939 no effect for most users.
1941 * systemd-networkd-wait-online exits successfully when all interfaces
1942 are ready or unmanaged. Previously, if neither '--any' nor
1943 '--interface=' options were used, at least one interface had to be in
1944 configured state. This change allows the case where systemd-networkd
1945 is enabled, but no interfaces are configured, to be handled
1946 gracefully. It may occur in particular when a different network
1947 manager is also enabled and used.
1949 * Some compatibility helpers were dropped: EmergencyAction= in the user
1950 manager, as well as measuring kernel command line into PCR 8 in
1951 systemd-stub, along with the -Defi-tpm-pcr-compat compile-time
1954 * The '-Dupdate-helper-user-timeout=' build-time option has been
1955 renamed to '-Dupdate-helper-user-timeout-sec=', and now takes an
1956 integer as parameter instead of a string.
1958 * The DDI image dissection logic (which backs RootImage= in service
1959 unit files, the --image= switch in various tools such as
1960 systemd-nspawn, as well as systemd-dissect) will now only mount file
1961 systems of types btrfs, ext4, xfs, erofs, squashfs, vfat. This list
1962 can be overridden via the $SYSTEMD_DISSECT_FILE_SYSTEMS environment
1963 variable. These file systems are fairly well supported and maintained
1964 in current kernels, while others are usually more niche, exotic or
1965 legacy and thus typically do not receive the same level of security
1968 * The default per-link multicast DNS mode is changed to "yes"
1969 (that was previously "no"). As the default global multicast DNS mode
1970 has been "yes" (but can be changed by the build option), now the
1971 multicast DNS is enabled on all links by default. You can disable the
1972 multicast DNS on all links by setting MulticastDNS= in resolved.conf,
1973 or on an interface by calling "resolvectl mdns INTERFACE no".
1977 * A tool 'ukify' tool to build, measure, and sign Unified Kernel Images
1978 (UKIs) has been added. This replaces functionality provided by
1979 'dracut --uefi' and extends it with automatic calculation of PE file
1980 offsets, insertion of signed PCR policies generated by
1981 systemd-measure, support for initrd concatenation, signing of the
1982 embedded Linux image and the combined image with sbsign, and
1983 heuristics to autodetect the kernel uname and verify the splash
1986 Changes in systemd and units:
1988 * A new service type Type=notify-reload is defined. When such a unit is
1989 reloaded a UNIX process signal (typically SIGHUP) is sent to the main
1990 service process. The manager will then wait until it receives a
1991 "RELOADING=1" followed by a "READY=1" notification from the unit as
1992 response (via sd_notify()). Otherwise, this type is the same as
1993 Type=notify. A new setting ReloadSignal= may be used to change the
1994 signal to send from the default of SIGHUP.
1996 user@.service, systemd-networkd.service, systemd-udevd.service, and
1997 systemd-logind have been updated to this type.
1999 * Initrd environments which are not on a pure memory file system (e.g.
2000 overlayfs combination as opposed to tmpfs) are now supported. With
2001 this change, during the initrd → host transition ("switch root")
2002 systemd will erase all files of the initrd only when the initrd is
2003 backed by a memory file system such as tmpfs.
2005 * New per-unit MemoryZSwapMax= option has been added to configure
2006 memory.zswap.max cgroup properties (the maximum amount of zswap
2009 * A new LogFilterPatterns= option has been added for units. It may be
2010 used to specify accept/deny regular expressions for log messages
2011 generated by the unit, that shall be enforced by systemd-journald.
2012 Rejected messages are neither stored in the journal nor forwarded.
2013 This option may be used to suppress noisy or uninteresting messages
2016 * The manager has a new
2017 org.freedesktop.systemd1.Manager.GetUnitByPIDFD() D-Bus method to
2018 query process ownership via a PIDFD, which is more resilient against
2019 PID recycling issues.
2021 * Scope units now support OOMPolicy=. Login session scopes default to
2022 OOMPolicy=continue, allowing login scopes to survive the OOM killer
2023 terminating some processes in the scope.
2025 * systemd-fstab-generator now supports x-systemd.makefs option for
2026 /sysroot/ (in the initrd).
2028 * The maximum rate at which daemon reloads are executed can now be
2029 limited with the new ReloadLimitIntervalSec=/ReloadLimitBurst=
2030 options. (Or the equivalent on the kernel command line:
2031 systemd.reload_limit_interval_sec=/systemd.reload_limit_burst=). In
2032 addition, systemd now logs the originating unit and PID when a reload
2033 request is received over D-Bus.
2035 * When enabling a swap device systemd will now reinitialize the device
2036 when the page size of the swap space does not match the page size of
2037 the running kernel. Note that this requires the 'swapon' utility to
2038 provide the '--fixpgsz' option, as implemented by util-linux, and it
2039 is not supported by busybox at the time of writing.
2041 * systemd now executes generator programs in a mount namespace
2042 "sandbox" with most of the file system read-only and write access
2043 restricted to the output directories, and with a temporary /tmp/
2044 mount provided. This provides a safeguard against programming errors
2045 in the generators, but also fixes here-docs in shells, which
2046 previously didn't work in early boot when /tmp/ wasn't available
2047 yet. (This feature has no security implications, because the code is
2048 still privileged and can trivially exit the sandbox.)
2050 * The system manager will now parse a new "vmm.notify_socket"
2051 system credential, which may be supplied to a VM via SMBIOS. If
2052 found, the manager will send a "READY=1" notification on the
2053 specified socket after boot is complete. This allows readiness
2054 notification to be sent from a VM guest to the VM host over a VSOCK
2057 * The sample PAM configuration file for systemd-user@.service now
2058 includes a call to pam_namespace. This puts children of user@.service
2059 in the expected namespace. (Many distributions replace their file
2060 with something custom, so this change has limited effect.)
2062 * A new environment variable $SYSTEMD_DEFAULT_MOUNT_RATE_LIMIT_BURST
2063 can be used to override the mount units burst late limit for
2064 parsing '/proc/self/mountinfo', which was introduced in v249.
2067 * Drop-ins for init.scope changing control group resource limits are
2068 now applied, while they were previously ignored.
2070 * New build-time configuration options '-Ddefault-timeout-sec=' and
2071 '-Ddefault-user-timeout-sec=' have been added, to let distributions
2072 choose the default timeout for starting/stopping/aborting system and
2073 user units respectively.
2075 * Service units gained a new setting OpenFile= which may be used to
2076 open arbitrary files in the file system (or connect to arbitrary
2077 AF_UNIX sockets in the file system), and pass the open file
2078 descriptor to the invoked process via the usual file descriptor
2079 passing protocol. This is useful to give unprivileged services access
2080 to select files which have restrictive access modes that would
2081 normally not allow this. It's also useful in case RootDirectory= or
2082 RootImage= is used to allow access to files from the host environment
2083 (which is after all not visible from the service if these two options
2088 * The new net naming scheme "v253" has been introduced. In the new
2089 scheme, ID_NET_NAME_PATH is also set for USB devices not connected via
2090 a PCI bus. This extends the coverage of predictable interface names
2091 in some embedded systems.
2093 The "amba" bus path is now included in ID_NET_NAME_PATH, resulting in
2094 a more informative path on some embedded systems.
2096 * Partition block devices will now also get symlinks in
2097 /dev/disk/by-diskseq/<seq>-part<n>, which may be used to reference
2098 block device nodes via the kernel's "diskseq" value. Previously those
2099 symlinks were only created for the main block device.
2101 * A new operator '-=' is supported for SYMLINK variables. This allows
2102 symlinks to be unconfigured even if an earlier rule added them.
2104 * 'udevadm --trigger --settle' now also works for network devices
2105 that are being renamed.
2107 Changes in sd-boot, bootctl, and the Boot Loader Specification:
2109 * systemd-boot now passes its random seed directly to the kernel's RNG
2110 via the LINUX_EFI_RANDOM_SEED_TABLE_GUID configuration table, which
2111 means the RNG gets seeded very early in boot before userspace has
2114 * systemd-boot will pass a disk-backed random seed – even when secure
2115 boot is enabled – if it can additionally get a random seed from EFI
2116 itself (via EFI's RNG protocol), or a prior seed in
2117 LINUX_EFI_RANDOM_SEED_TABLE_GUID from a preceding bootloader.
2119 * systemd-boot-system-token.service was renamed to
2120 systemd-boot-random-seed.service and extended to always save a random
2121 seed to ESP on every boot when a compatible boot loader is used. This
2122 allows a refreshed random seed to be used in the boot loader.
2124 * systemd-boot handles various seed inputs using a domain- and
2125 field-separated hashing scheme.
2127 * systemd-boot's 'random-seed-mode' option has been removed. A system
2128 token is now always required to be present for random seeds to be
2131 * systemd-boot now supports being loaded from other locations than the
2132 ESP, for example for direct kernel boot under QEMU or when embedded
2135 * systemd-boot now parses SMBIOS information to detect
2136 virtualization. This information is used to skip some warnings which
2137 are not useful in a VM and to conditionalize other aspects of
2140 * systemd-boot now supports a new 'if-safe' mode that will perform UEFI
2141 Secure Boot automated certificate enrollment from the ESP only if it
2142 is considered 'safe' to do so. At the moment 'safe' means running in
2145 * systemd-stub now processes random seeds in the same way as
2146 systemd-boot already does, in case a unified kernel image is being
2147 used from a different bootloader than systemd-boot, or without any
2150 * bootctl will now generate a system token on all EFI systems, even
2151 virtualized ones, and is activated in the case that the system token
2152 is missing from either sd-boot and sd-stub booted systems.
2154 * bootctl now implements two new verbs: 'kernel-identify' prints the
2155 type of a kernel image file, and 'kernel-inspect' provides
2156 information about the embedded command line and kernel version of
2159 * bootctl now honours $KERNEL_INSTALL_CONF_ROOT with the same meaning
2160 as for kernel-install.
2162 * The JSON output of "bootctl list" will now contain two more fields:
2163 isDefault and isSelected are boolean fields set to true on the
2164 default and currently booted boot menu entries.
2166 * bootctl gained a new verb "unlink" for removing a boot loader entry
2167 type #1 file from disk in a safe and robust way.
2169 * bootctl also gained a new verb "cleanup" that automatically removes
2170 all files from the ESP's and XBOOTLDR's "entry-token" directory, that
2171 is not referenced anymore by any installed Type #1 boot loader
2172 specification entry. This is particularly useful in environments where
2173 a large number of entries reference the same or partly the same
2174 resources (for example, for snapshot-based setups).
2176 Changes in kernel-install:
2178 * A new "installation layout" can be configured as layout=uki. With
2179 this setting, a Boot Loader Specification Type#1 entry will not be
2180 created. Instead, a new kernel-install plugin 90-uki-copy.install
2181 will copy any .efi files from the staging area into the boot
2182 partition. A plugin to generate the UKI .efi file must be provided
2185 Changes in systemctl:
2187 * 'systemctl reboot' has dropped support for accepting a positional
2188 argument as the argument to the reboot(2) syscall. Please use the
2189 --reboot-argument= option instead.
2191 * 'systemctl disable' will now warn when called on units without
2192 install information. A new --no-warn option has been added that
2193 silences this warning.
2195 * New option '--drop-in=' can be used to tell 'systemctl edit' the name
2196 of the drop-in to edit. (Previously, 'override.conf' was always
2199 * 'systemctl list-dependencies' now respects --type= and --state=.
2201 * 'systemctl kexec' now supports XEN VMM environments.
2203 * 'systemctl edit' will now tell the invoked editor to jump into the
2204 first line with actual unit file data, skipping over synthesized
2207 Changes in systemd-networkd and related tools:
2209 * The [DHCPv4] section in .network file gained new SocketPriority=
2210 setting that assigns the Linux socket priority used by the DHCPv4 raw
2211 socket. This may be used in conjunction with the
2212 EgressQOSMaps=setting in [VLAN] section of .netdev file to send the
2213 desired ethernet 802.1Q frame priority for DHCPv4 initial
2214 packets. This cannot be achieved with netfilter mangle tables because
2215 of the raw socket bypass.
2217 * The [DHCPv4] and [IPv6AcceptRA] sections in .network file gained a
2218 new QuickAck= boolean setting that enables the TCP quick ACK mode for
2219 the routes configured by the acquired DHCPv4 lease or received router
2220 advertisements (RAs).
2222 * The RouteMetric= option (for DHCPv4, DHCPv6, and IPv6 advertised
2223 routes) now accepts three values, for high, medium, and low preference
2224 of the router (which can be set with the RouterPreference=) setting.
2226 * systemd-networkd-wait-online now supports matching via alternative
2229 * The [DHCPv6] section in .network file gained new SendRelease=
2230 setting which enables the DHCPv6 client to send release when
2231 it stops. This is the analog of the [DHCPv4] SendRelease= setting.
2232 It is enabled by default.
2234 * If the Address= setting in [Network] or [Address] sections in .network
2235 specified without its prefix length, then now systemd-networkd assumes
2236 /32 for IPv4 or /128 for IPv6 addresses.
2238 * networkctl shows network and link file dropins in status output.
2240 Changes in systemd-dissect:
2242 * systemd-dissect gained a new option --list, to print the paths of
2243 all files and directories in a DDI.
2245 * systemd-dissect gained a new option --mtree, to generate a file
2246 manifest compatible with BSD mtree(5) of a DDI
2248 * systemd-dissect gained a new option --with, to execute a command with
2249 the specified DDI temporarily mounted and used as working
2250 directory. This is for example useful to convert a DDI to "tar"
2251 simply by running it within a "systemd-dissect --with" invocation.
2253 * systemd-dissect gained a new option --discover, to search for
2254 Discoverable Disk Images (DDIs) in well-known directories of the
2255 system. This will list machine, portable service and system extension
2258 * systemd-dissect now understands 2nd stage initrd images stored as a
2259 Discoverable Disk Image (DDI).
2261 * systemd-dissect will now display the main UUID of GPT DDIs (i.e. the
2262 disk UUID stored in the GPT header) among the other data it can show.
2264 * systemd-dissect gained a new --in-memory switch to operate on an
2265 in-memory copy of the specified DDI file. This is useful to access a
2266 DDI with write access without persisting any changes. It's also
2267 useful for accessing a DDI without keeping the originating file
2270 * The DDI dissection logic will now automatically detect the intended
2271 sector size of disk images stored in files, based on the GPT
2272 partition table arrangement. Loopback block devices for such DDIs
2273 will then be configured automatically for the right sector size. This
2274 is useful to make dealing with modern 4K sector size DDIs fully
2275 automatic. The systemd-dissect tool will now show the detected sector
2276 size among the other DDI information in its output.
2278 Changes in systemd-repart:
2280 * systemd-repart gained new options --include-partitions= and
2281 --exclude-partitions= to filter operation on partitions by type UUID.
2282 This allows systemd-repart to be used to build images in which the
2283 type of one partition is set based on the contents of another
2284 partition (for example when the boot partition shall include a verity
2285 hash of the root partition).
2287 * systemd-repart also gained a --defer-partitions= option that is
2288 similar to --exclude-partitions=, but the size of the partition is
2289 still taken into account when sizing partitions, but without
2292 * systemd-repart gained a new --sector-size= option to specify what
2293 sector size should be used when an image is created.
2295 * systemd-repart now supports generating erofs file systems via
2296 CopyFiles= (a read-only file system similar to squashfs).
2298 * The Minimize= option was extended to accept "best" (which means the
2299 most minimal image possible, but may require multiple attempts) and
2300 "guess" (which means a reasonably small image).
2302 * The systemd-growfs binary now comes with a regular unit file template
2303 systemd-growfs@.service which can be instantiated directly for any
2304 desired file system. (Previously, the unit was generated dynamically
2305 by various generators, but no regular unit file template was
2308 Changes in journal tools:
2310 * Various systemd tools will append extra fields to log messages when
2311 in debug mode, or when SYSTEMD_ENABLE_LOG_CONTEXT=1 is set. Currently
2312 this includes information about D-Bus messages when sd-bus is used,
2313 e.g. DBUS_SENDER=, DBUS_DESTINATION=, and DBUS_PATH=, and information
2314 about devices when sd-device is used, e.g. DEVNAME= and DRIVER=.
2315 Details of what is logged and when are subject to change.
2317 * The systemd-journald-audit.socket can now be disabled via the usual
2318 "systemctl disable" mechanism to stop collection of audit
2319 messages. Please note that it is not enabled statically anymore and
2320 must be handled by the preset/enablement logic in package
2321 installation scripts.
2323 * New options MaxUse=, KeepFree=, MaxFileSize=, and MaxFiles= can
2324 be used to curtail disk use by systemd-journal-remote. This is
2325 similar to the options supported by systemd-journald.
2327 Changes in systemd-cryptenroll, systemd-cryptsetup, and related
2330 * When enrolling new keys systemd-cryptenroll now supports unlocking
2331 via FIDO2 tokens (option --unlock-fido2-device=). Previously, a
2332 password was strictly required to be specified.
2334 * systemd-cryptsetup now supports pre-flight requests for FIDO2 tokens
2335 (except for tokens with user verification, UV) to identify tokens
2336 before authentication. Multiple FIDO2 tokens can now be enrolled at
2337 the same time, and systemd-cryptsetup will automatically select one
2338 that corresponds to one of the available LUKS key slots.
2340 * systemd-cryptsetup now supports new options tpm2-measure-bank= and
2341 tpm2-measure-pcr= in crypttab(5). These allow specifying the TPM2 PCR
2342 bank and number into which the volume key should be measured. This is
2343 automatically enabled for the encrypted root volume discovered and
2344 activated by systemd-gpt-auto-generator.
2346 * systemd-gpt-auto-generator mounts the ESP and XBOOTLDR partitions with
2347 "noexec,nosuid,nodev".
2349 * systemd-gpt-auto-generator will now honour the rootfstype= and
2350 rootflags= kernel command line switches for root file systems it
2351 discovers, to match behaviour in case an explicit root fs is
2352 specified via root=.
2354 * systemd-pcrphase gained new options --machine-id and --file-system=
2355 to measure the machine-id and mount point information into PCR 15.
2356 New service unit files systemd-pcrmachine.service and
2357 systemd-pcrfs@.service have been added that invoke the tool with
2358 these switches during early boot.
2360 * systemd-pcrphase gained a --graceful switch will make it exit cleanly
2361 with a success exit code even if no TPM device is detected.
2363 * systemd-cryptenroll now stores the user-supplied PIN with a salt,
2364 making it harder to brute-force.
2366 Changes in other tools:
2368 * systemd-homed gained support for luksPbkdfForceIterations (the
2369 intended number of iterations for the PBKDF operation on LUKS).
2371 * Environment variables $SYSTEMD_HOME_MKFS_OPTIONS_BTRFS,
2372 $SYSTEMD_HOME_MKFS_OPTIONS_EXT4, and $SYSTEMD_HOME_MKFS_OPTIONS_XFS
2373 may now be used to specify additional arguments for mkfs when
2374 systemd-homed formats a file system.
2376 * systemd-hostnamed now exports the contents of
2377 /sys/class/dmi/id/bios_vendor and /sys/class/dmi/id/bios_date via two
2378 new D-Bus properties: FirmwareVendor and FirmwareDate. This allows
2379 unprivileged code to access those values.
2381 systemd-hostnamed also exports the SUPPORT_END= field from
2382 os-release(5) as OperatingSystemSupportEnd. hostnamectl make uses of
2383 this to show the status of the installed system.
2385 * systemd-measure gained an --append= option to sign multiple phase
2386 paths with different signing keys. This allows secrets to be
2387 accessible only in certain parts of the boot sequence. Note that
2388 'ukify' provides similar functionality in a more accessible form.
2390 * systemd-timesyncd will now write a structured log message with
2391 MESSAGE_ID set to SD_MESSAGE_TIME_BUMP when it bumps the clock based
2392 on a on-disk timestamp, similarly to what it did when reaching
2393 synchronization via NTP.
2395 * systemd-timesyncd will now update the on-disk timestamp file on each
2396 boot at least once, making it more likely that the system time
2397 increases in subsequent boots.
2399 * systemd-vconsole-setup gained support for system/service credentials:
2400 vconsole.keymap/vconsole.keymap_toggle and
2401 vconsole.font/vconsole.font_map/vconsole.font_unimap are analogous
2402 the similarly-named options in vconsole.conf.
2404 * systemd-localed will now save the XKB keyboard configuration to
2405 /etc/vconsole.conf, and also read it from there with a higher
2406 preference than the /etc/X11/xorg.conf.d/00-keyboard.conf config
2407 file. Previously, this information was stored in the former file in
2408 converted form, and only in latter file in the original form. Tools
2409 which want to access keyboard configuration can now do so from a
2412 * systemd-resolved gained support for configuring the nameservers and
2413 search domains via kernel command line (nameserver=, domain=) and
2414 credentials (network.dns, network.search_domains).
2416 * systemd-resolved will now synthesize host names for the DNS stub
2417 addresses it supports. Specifically when "_localdnsstub" is resolved,
2418 127.0.0.53 is returned, and if "_localdnsproxy" is resolved
2419 127.0.0.54 is returned.
2421 * systemd-notify will now send a "RELOADING=1" notification when called
2422 with --reloading, and "STOPPING=1" when called with --stopping. This
2423 can be used to implement notifications from units where it's easier
2424 to call a program than to use the sd-daemon library.
2426 * systemd-analyze's 'plot' command can now output its information in
2427 JSON, controlled via the --json= switch. Also, new --table, and
2428 --no-legend options have been added.
2430 * 'machinectl enable' will now automatically enable machines.target
2431 unit in addition to adding the machine unit to the target.
2433 Similarly, 'machinectl start|stop' gained a --now option to enable or
2434 disable the machine unit when starting or stopping it.
2436 * systemd-sysusers will now create /etc/ if it is missing.
2438 * systemd-sleep 'HibernateDelaySec=' setting is changed back to
2439 pre-v252's behaviour, and a new 'SuspendEstimationSec=' setting is
2440 added to provide the new initial value for the new automated battery
2441 estimation functionality. If 'HibernateDelaySec=' is set to any value,
2442 the automated estimate (and thus the automated hibernation on low
2443 battery to avoid data loss) functionality will be disabled.
2445 * Default tmpfiles.d/ configuration will now automatically create
2446 credentials storage directory '/etc/credstore/' with the appropriate,
2447 secure permissions. If '/run/credstore/' exists, its permissions will
2448 be fixed too in case they are not correct.
2450 Changes in libsystemd and shared code:
2452 * sd-bus gained new convenience functions sd_bus_emit_signal_to(),
2453 sd_bus_emit_signal_tov(), and sd_bus_message_new_signal_to().
2455 * sd-id128 functions now return -EUCLEAN (instead of -EIO) when the
2456 128-bit ID in files such as /etc/machine-id has an invalid
2457 format. They also accept NULL as output parameter in more places,
2458 which is useful when the caller only wants to validate the inputs and
2459 does not need the output value.
2461 * sd-login gained new functions sd_pidfd_get_session(),
2462 sd_pidfd_get_owner_uid(), sd_pidfd_get_unit(),
2463 sd_pidfd_get_user_unit(), sd_pidfd_get_slice(),
2464 sd_pidfd_get_user_slice(), sd_pidfd_get_machine_name(), and
2465 sd_pidfd_get_cgroup(), that are analogous to sd_pid_get_*(),
2466 but accept a PIDFD instead of a PID.
2468 * sd-path (and systemd-path) now export four new paths:
2469 SD_PATH_SYSTEMD_SYSTEM_ENVIRONMENT_GENERATOR,
2470 SD_PATH_SYSTEMD_USER_ENVIRONMENT_GENERATOR,
2471 SD_PATH_SYSTEMD_SEARCH_SYSTEM_ENVIRONMENT_GENERATOR, and
2472 SD_PATH_SYSTEMD_SEARCH_USER_ENVIRONMENT_GENERATOR,
2474 * sd_notify() now supports AF_VSOCK as transport for notification
2475 messages (in addition to the existing AF_UNIX support). This is
2476 enabled if $NOTIFY_SOCKET is set in a "vsock:CID:port" format.
2478 * Detection of chroot() environments now works if /proc/ is not
2479 mounted. This affects systemd-detect-virt --chroot, but also means
2480 that systemd tools will silently skip various operations in such an
2483 * "Lockheed Martin Hardened Security for Intel Processors" (HS SRE)
2484 virtualization is now detected.
2486 Changes in the build system:
2488 * Standalone variants of systemd-repart and systemd-shutdown may now be
2489 built (if -Dstandalone=true).
2491 * systemd-ac-power has been moved from /usr/lib/ to /usr/bin/, to, for
2492 example, allow scripts to conditionalize execution on AC power
2495 * The libp11kit library is now loaded through dlopen(3).
2497 Changes in the documentation:
2499 * Specifications that are not closely tied to systemd have moved to
2500 https://uapi-group.org/specifications/: the Boot Loader Specification
2501 and the Discoverable Partitions Specification.
2503 Contributions from: 김인수, 13r0ck, Aidan Dang, Alberto Planas,
2504 Alvin Šipraga, Andika Triwidada, AndyChi, angus-p, Anita Zhang,
2505 Antonio Alvarez Feijoo, Arsen Arsenović, asavah, Benjamin Fogle,
2506 Benjamin Tissoires, berenddeschouwer, BerndAdameit,
2507 Bernd Steinhauser, blutch112, cake03, Callum Farmer, Carlo Teubner,
2508 Charles Hardin, chris, Christian Brauner, Christian Göttsche,
2509 Cristian Rodríguez, Daan De Meyer, Dan Streetman, DaPigGuy,
2510 Darrell Kavanagh, David Tardon, dependabot[bot], Dirk Su,
2511 Dmitry V. Levin, drosdeck, Edson Juliano Drosdeck, edupont,
2512 Eric DeVolder, Erik Moqvist, Evgeny Vereshchagin, Fabian Gurtner,
2513 Felix Riemann, Franck Bui, Frantisek Sumsal, Geert Lorang,
2514 Gerd Hoffmann, Gio, Hannoskaj, Hans de Goede, Hugo Carvalho,
2515 igo95862, Ilya Leoshkevich, Ivan Shapovalov, Jacek Migacz,
2516 Jade Lovelace, Jan Engelhardt, Jan Janssen, Jan Macku, January,
2517 Jason A. Donenfeld, jcg, Jean-Tiare Le Bigot, Jelle van der Waa,
2518 Jeremy Linton, Jian Zhang, Jiayi Chen, Jia Zhang, Joerg Behrmann,
2519 Jörg Thalheim, Joshua Goins, joshuazivkovic, Joshua Zivkovic,
2520 Kai-Chuan Hsieh, Khem Raj, Koba Ko, Lennart Poettering, lichao,
2521 Li kunyu, Luca Boccassi, Luca BRUNO, Ludwig Nussel,
2522 Łukasz Stelmach, Lycowolf, marcel151, Marcus Schäfer, Marek Vasut,
2523 Mark Laws, Michael Biebl, Michał Kotyla, Michal Koutný,
2524 Michal Sekletár, Mike Gilbert, Mike Yuan, MkfsSion, ml,
2525 msizanoen1, mvzlb, MVZ Ludwigsburg, Neil Moore, Nick Rosbrook,
2526 noodlejetski, Pasha Vorobyev, Peter Cai, p-fpv, Phaedrus Leeds,
2527 Philipp Jungkamp, Quentin Deslandes, Raul Tambre, Ray Strode,
2528 reuben olinsky, Richard E. van der Luit, Richard Phibel,
2529 Ricky Tigg, Robin Humble, rogg, Rudi Heitbaum, Sam James,
2530 Samuel Cabrero, Samuel Thibault, Siddhesh Poyarekar, Simon Brand,
2531 Space Meyer, Spindle Security, Steve Ramage, Takashi Sakamoto,
2532 Thomas Haller, Tonći Galić, Topi Miettinen, Torsten Hilbrich,
2533 Tuetuopay, uerdogan, Ulrich Ölmann, Valentin David,
2534 Vitaly Kuznetsov, Vito Caputo, Waltibaba, Will Fancher,
2535 William Roberts, wouter bolsterlee, Youfu Zhang, Yu Watanabe,
2536 Zbigniew Jędrzejewski-Szmek, Дамјан Георгиевски,
2539 — Warsaw, 2023-02-15
2543 Announcements of Future Feature Removals:
2545 * We intend to remove cgroup v1 support from systemd release after the
2546 end of 2023. If you run services that make explicit use of cgroup v1
2547 features (i.e. the "legacy hierarchy" with separate hierarchies for
2548 each controller), please implement compatibility with cgroup v2 (i.e.
2549 the "unified hierarchy") sooner rather than later. Most of Linux
2550 userspace has been ported over already.
2552 * We intend to remove support for split-usr (/usr mounted separately
2553 during boot) and unmerged-usr (parallel directories /bin and
2554 /usr/bin, /lib and /usr/lib, etc). This will happen in the second
2555 half of 2023, in the first release that falls into that time window.
2556 For more details, see:
2557 https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html
2559 Compatibility Breaks:
2561 * ConditionKernelVersion= checks that use the '=' or '!=' operators
2562 will now do simple string comparisons (instead of version comparisons
2563 à la stverscmp()). Version comparisons are still done for the
2564 ordering operators '<', '>', '<=', '>='. Moreover, if no operator is
2565 specified, a shell-style glob match is now done. This creates a minor
2566 incompatibility compared to older systemd versions when the '*', '?',
2567 '[', ']' characters are used, as these will now match as shell globs
2568 instead of literally. Given that kernel version strings typically do
2569 not include these characters we expect little breakage through this
2572 * The service manager will now read the SELinux label used for SELinux
2573 access checks from the unit file at the time it loads the file.
2574 Previously, the label would be read at the moment of the access
2575 check, which was problematic since at that time the unit file might
2576 already have been updated or removed.
2580 * systemd-measure is a new tool for calculating and signing expected
2581 TPM2 PCR values for a given unified kernel image (UKI) booted via
2582 sd-stub. The public key used for the signature and the signed
2583 expected PCR information can be embedded inside the UKI. This
2584 information can be extracted from the UKI by external tools and code
2585 in the image itself and is made available to userspace in the booted
2588 systemd-cryptsetup, systemd-cryptenroll, and systemd-creds have been
2589 updated to make use of this information if available in the booted
2590 kernel: when locking an encrypted volume/credential to the TPM
2591 systemd-cryptenroll/systemd-creds will use the public key to bind the
2592 volume/credential to any kernel that carries PCR information signed
2593 by the same key pair. When unlocking such volumes/credentials
2594 systemd-cryptsetup/systemd-creds will use the signature embedded in
2595 the booted UKI to gain access.
2597 Binding TPM-based disk encryption to public keys/signatures of PCR
2598 values — instead of literal PCR values — addresses the inherent
2599 "brittleness" of traditional PCR-bound TPM disk encryption schemes:
2600 disks remain accessible even if the UKI is updated, without any TPM
2601 specific preparation during the OS update — as long as each UKI
2602 carries the necessary PCR signature information.
2604 Net effect: if you boot a properly prepared kernel, TPM-bound disk
2605 encryption now defaults to be locked to kernels which carry PCR
2606 signatures from the same key pair. Example: if a hypothetical distro
2607 FooOS prepares its UKIs like this, TPM-based disk encryption is now –
2608 by default – bound to only FooOS kernels, and encrypted volumes bound
2609 to the TPM cannot be unlocked on kernels from other sources. (But do
2610 note this behaviour requires preparation/enabling in the UKI, and of
2611 course users can always enroll non-TPM ways to unlock the volume.)
2613 * systemd-pcrphase is a new tool that is invoked at six places during
2614 system runtime, and measures additional words into TPM2 PCR 11, to
2615 mark milestones of the boot process. This allows binding access to
2616 specific TPM2-encrypted secrets to specific phases of the boot
2617 process. (Example: LUKS2 disk encryption key only accessible in the
2618 initrd, but not later.)
2620 Changes in systemd itself, i.e. the manager and units
2622 * The cpu controller is delegated to user manager units by default, and
2623 CPUWeight= settings are applied to the top-level user slice units
2624 (app.slice, background.slice, session.slice). This provides a degree
2625 of resource isolation between different user services competing for
2628 * Systemd can optionally do a full preset in the "first boot" condition
2629 (instead of just enable-only). This behaviour is controlled by the
2630 compile-time option -Dfirst-boot-full-preset. Right now it defaults
2631 to 'false', but the plan is to switch it to 'true' for the subsequent
2634 * Drop-ins are now allowed for transient units too.
2636 * Systemd will set the taint flag 'support-ended' if it detects that
2637 the OS image is past its end-of-support date. This date is declared
2638 in a new /etc/os-release field SUPPORT_END= described below.
2640 * Two new settings ConditionCredential= and AssertCredential= can be
2641 used to skip or fail units if a certain system credential is not
2644 * ConditionMemory= accepts size suffixes (K, M, G, T, …).
2646 * DefaultSmackProcessLabel= can be used in system.conf and user.conf to
2647 specify the SMACK security label to use when not specified in a unit
2650 * DefaultDeviceTimeoutSec= can be used in system.conf and user.conf to
2651 specify the default timeout when waiting for device units to
2654 * C.UTF-8 is used as the default locale if nothing else has been
2657 * [Condition|Assert]Firmware= have been extended to support certain
2658 SMBIOS fields. For example
2660 ConditionFirmware=smbios-field(board_name = "Custom Board")
2662 conditionalizes the unit to run only when
2663 /sys/class/dmi/id/board_name contains "Custom Board" (without the
2666 * ConditionFirstBoot= now correctly evaluates as true only during the
2667 boot phase of the first boot. A unit executed later, after booting
2668 has completed, will no longer evaluate this condition as true.
2670 * Socket units will now create sockets in the SELinuxContext= of the
2671 associated service unit, if any.
2673 * Boot phase transitions (start initrd → exit initrd → boot complete →
2674 shutdown) will be measured into TPM2 PCR 11, so that secrets can be
2675 bound to a specific runtime phase. E.g.: a LUKS encryption key can be
2676 unsealed only in the initrd.
2678 * Service credentials (i.e. SetCredential=/LoadCredential=/…) will now
2679 also be provided to ExecStartPre= processes.
2681 * Various units are now correctly ordered against
2682 initrd-switch-root.target where previously a conflict without
2683 ordering was configured. A stop job for those units would be queued,
2684 but without the ordering it could be executed only after
2685 initrd-switch-root.service, leading to units not being restarted in
2686 the host system as expected.
2688 * In order to fully support the IPMI watchdog driver, which has not yet
2689 been ported to the new common watchdog device interface,
2690 /dev/watchdog0 will be tried first and systemd will silently fallback
2691 to /dev/watchdog if it is not found.
2693 * New watchdog-related D-Bus properties are now published by systemd:
2694 WatchdogDevice, WatchdogLastPingTimestamp,
2695 WatchdogLastPingTimestampMonotonic.
2697 * At shutdown, API virtual files systems (proc, sys, etc.) will be
2700 * At shutdown, systemd will now log about processes blocking unmounting
2703 * A new meson build option 'clock-valid-range-usec-max' was added to
2704 allow disabling system time correction if RTC returns a timestamp far
2707 * Propagated restart jobs will no longer be discarded while a unit is
2710 * PID 1 will now import system credentials from SMBIOS Type 11 fields
2711 ("OEM vendor strings"), in addition to qemu_fwcfg. This provides a
2712 simple, fast and generic path for supplying credentials to a VM,
2713 without involving external tools such as cloud-init/ignition.
2715 * The CPUWeight= setting of unit files now accepts a new special value
2716 "idle", which configures "idle" level scheduling for the unit.
2718 * Service processes that are activated due to a .timer or .path unit
2719 triggering will now receive information about this via environment
2720 variables. Note that this is information is lossy, as activation
2721 might be coalesced and only one of the activating triggers will be
2722 reported. This is hence more suited for debugging or tracing rather
2723 than for behaviour decisions.
2725 * The riscv_flush_icache(2) system call has been added to the list of
2726 system calls allowed by default when SystemCallFilter= is used.
2728 * The selinux context derived from the target executable, instead of
2729 'init_t' used for the manager itself, is now used when creating
2730 listening sockets for units that specify SELinuxContextFromNet=yes.
2732 Changes in sd-boot, bootctl, and the Boot Loader Specification:
2734 * The Boot Loader Specification has been cleaned up and clarified.
2735 Various corner cases in version string comparisons have been fixed
2736 (e.g. comparisons for empty strings). Boot counting is now part of
2737 the main specification.
2739 * New PCRs measurements are performed during boot: PCR 11 for the
2740 kernel+initrd combo, PCR 13 for any sysext images. If a measurement
2741 took place this is now reported to userspace via the new
2742 StubPcrKernelImage and StubPcrInitRDSysExts EFI variables.
2744 * As before, systemd-stub will measure kernel parameters and system
2745 credentials into PCR 12. It will now report this fact via the
2746 StubPcrKernelParameters EFI variable to userspace.
2748 * The UEFI monotonic boot counter is now included in the updated random
2749 seed file maintained by sd-boot, providing some additional entropy.
2751 * sd-stub will use LoadImage/StartImage to execute the kernel, instead
2752 of arranging the image manually and jumping to the kernel entry
2753 point. sd-stub also installs a temporary UEFI SecurityOverride to
2754 allow the (unsigned) nested image to be booted. This is safe because
2755 the outer (signed) stub+kernel binary must have been verified before
2756 the stub was executed.
2758 * Booting in EFI mixed mode (a 64-bit kernel over 32-bit UEFI firmware)
2759 is now supported by sd-boot.
2761 * bootctl gained a bunch of new options: --all-architectures to install
2762 binaries for all supported EFI architectures, --root= and --image=
2763 options to operate on a directory or disk image, and
2764 --install-source= to specify the source for binaries to install,
2765 --efi-boot-option-description= to control the name of the boot entry.
2767 * The sd-boot stub exports a StubFeatures flag, which is used by
2768 bootctl to show features supported by the stub that was used to boot.
2770 * The PE section offsets that are used by tools that assemble unified
2771 kernel images have historically been hard-coded. This may lead to
2772 overlapping PE sections which may break on boot. The UKI will now try
2773 to detect and warn about this.
2775 Any tools that assemble UKIs must update to calculate these offsets
2776 dynamically. Future sd-stub versions may use offsets that will not
2777 work with the currently used set of hard-coded offsets!
2779 * sd-stub now accepts (and passes to the initrd and then to the full
2780 OS) new PE sections '.pcrsig' and '.pcrkey' that can be used to embed
2781 signatures of expected PCR values, to allow sealing secrets via the
2782 TPM2 against pre-calculated PCR measurements.
2784 Changes in the hardware database:
2786 * 'systemd-hwdb query' now supports the --root= option.
2788 Changes in systemctl:
2790 * systemctl now supports --state= and --type= options for the 'show'
2793 * systemctl gained a new verb 'list-automounts' to list automount
2796 * systemctl gained support for a new --image= switch to be able to
2797 operate on the specified disk image (similar to the existing --root=
2798 which operates relative to some directory).
2800 Changes in systemd-networkd:
2802 * networkd can set Linux NetLabel labels for integration with the
2803 network control in security modules via a new NetLabel= option.
2805 * The RapidCommit= is (re-)introduced to enable faster configuration
2806 via DHCPv6 (RFC 3315).
2808 * networkd gained a new option TCPCongestionControlAlgorithm= that
2809 allows setting a per-route TCP algorithm.
2811 * networkd gained a new option KeepFileDescriptor= to allow keeping a
2812 reference (file descriptor) open on TUN/TAP interfaces, which is
2813 useful to avoid link flaps while the underlying service providing the
2814 interface is being serviced.
2816 * RouteTable= now also accepts route table names.
2818 Changes in systemd-nspawn:
2820 * The --bind= and --overlay= options now support relative paths.
2822 * The --bind= option now supports a 'rootidmap' value, which will
2823 use id-mapped mounts to map the root user inside the container to the
2824 owner of the mounted directory on the host.
2826 Changes in systemd-resolved:
2828 * systemd-resolved now persists DNSOverTLS in its state file too. This
2829 fixes a problem when used in combination with NetworkManager, which
2830 sends the setting only once, causing it to be lost if resolved was
2831 restarted at any point.
2833 * systemd-resolved now exposes a Varlink socket at
2834 /run/systemd/resolve/io.systemd.Resolve.Monitor, accessible only for
2835 root. Processed DNS requests in a JSON format will be published to
2836 any clients connected to this socket.
2838 resolvectl gained a 'monitor' verb to make use of this.
2840 * systemd-resolved now treats unsupported DNSSEC algorithms as INSECURE
2841 instead of returning SERVFAIL, as per RFC:
2842 https://datatracker.ietf.org/doc/html/rfc6840#section-5.2
2844 * OpenSSL is the default crypto backend for systemd-resolved. (gnutls
2845 is still supported.)
2847 Changes in libsystemd and other libraries:
2849 * libsystemd now exports sd_bus_error_setfv() (a convenience function
2850 for setting bus errors), sd_id128_string_equal (a convenience
2851 function for 128-bit ID string comparisons), and
2852 sd_bus_message_read_strv_extend() (a function to incrementally read
2855 * libsystemd now exports sd_device_get_child_first()/_next() as a
2856 high-level interface for enumerating child devices. It also supports
2857 sd_device_new_child() for opening a child device given a device
2860 * libsystemd now exports sd_device_monitor_set()/get_description()
2861 which allow setting a custom description that will be used in log
2862 messages by sd_device_monitor*.
2864 * Private shared libraries (libsystemd-shared-nnn.so,
2865 libsystemd-core-nnn.so) are now installed into arch-specific
2866 directories to allow multi-arch installs.
2868 * A new sd-gpt.h header is now published, listing GUIDs from the
2869 Discoverable Partitions specification. For more details see:
2870 https://systemd.io/DISCOVERABLE_PARTITIONS/
2872 * A new function sd_hwdb_new_from_path() has been added to open a hwdb
2873 database given an explicit path to the file.
2875 * The signal number argument to sd_event_add_signal() now can now be
2876 ORed with the SD_EVENT_SIGNAL_PROCMASK flag, causing sigprocmask() to
2877 be automatically invoked to block the specified signal. This is
2878 useful to simplify invocations as the caller doesn't have to do this
2881 * A new convenience call sd_event_set_signal_exit() has been added to
2882 sd-event to set up signal handling so that the event loop
2883 automatically terminates cleanly on SIGTERM/SIGINT.
2885 Changes in other components:
2887 * systemd-sysusers, systemd-tmpfiles, and systemd-sysctl configuration
2888 can now be provided via the credential mechanism.
2890 * systemd-analyze gained a new verb 'compare-versions' that implements
2891 comparisons for versions strings (similarly to 'rpmdev-vercmp' and
2892 'dpkg --compare-versions').
2894 * 'systemd-analyze dump' is extended to accept glob patterns for unit
2895 names to limit the output to matching units.
2897 * tmpfiles.d/ lines can read file contents to write from a credential.
2898 The new modifier char '^' is used to specify that the argument is a
2899 credential name. This mechanism is used to automatically populate
2900 /etc/motd, /etc/issue, and /etc/hosts from credentials.
2902 * tmpfiles.d/ may now be configured to avoid changing uid/gid/mode of
2903 an inode if the specification is prefixed with ':' and the inode
2906 * Default tmpfiles.d/ configuration now carries a line to automatically
2907 use an 'ssh.authorized_keys.root' credential if provided to set up
2908 the SSH authorized_keys file for the root user.
2910 * systemd-tmpfiles will now gracefully handle absent source of "C" copy
2913 * tmpfiles.d/ F/w lines now optionally permit encoding of the payload
2914 in base64. This is useful to write arbitrary binary data into files.
2916 * The pkgconfig and rpm macros files now export the directory for user
2917 units as 'user_tmpfiles_dir' and '%_user_tmpfilesdir'.
2919 * Detection of Apple Virtualization and detection of Parallels and
2920 KubeVirt virtualization on non-x86 archs have been added.
2922 * os-release gained a new field SUPPORT_END=YYYY-MM-DD to inform the
2923 user when their system will become unsupported.
2925 * When performing suspend-then-hibernate, the system will estimate the
2926 discharge rate and use that to set the delay until hibernation and
2927 hibernate immediately instead of suspending when running from a
2928 battery and the capacity is below 5%.
2930 * systemd-sysctl gained a --strict option to fail when a sysctl
2931 setting is unknown to the kernel.
2933 * machinectl supports --force for the 'copy-to' and 'copy-from'
2936 * coredumpctl gained the --root and --image options to look for journal
2937 files under the specified root directory, image, or block device.
2939 * 'journalctl -o' and similar commands now implement a new output mode
2940 "short-delta". It is similar to "short-monotonic", but also shows the
2941 time delta between subsequent messages.
2943 * journalctl now respects the --quiet flag when verifying consistency
2946 * Journal log messages gained a new implicit field _RUNTIME_SCOPE= that
2947 will indicate whether a message was logged in the 'initrd' phase or
2948 in the 'system' phase of the boot process.
2950 * Journal files gained a new compatibility flag
2951 'HEADER_INCOMPATIBLE_COMPACT'. Files with this flag implement changes
2952 to the storage format that allow reducing size on disk. As with other
2953 compatibility flags, older journalctl versions will not be able to
2954 read journal files using this new format. The environment variable
2955 'SYSTEMD_JOURNAL_COMPACT=0' can be passed to systemd-journald to
2956 disable this functionality. It is enabled by default.
2958 * systemd-run's --working-directory= switch now works when used in
2959 combination with --scope.
2961 * portablectl gained a --force flag to skip certain sanity checks. This
2962 is implemented using new flags accepted by systemd-portabled for the
2963 *WithExtensions() D-Bus methods: SD_SYSTEMD_PORTABLE_FORCE_ATTACH
2964 flag now means that the attach/detach checks whether the units are
2965 already present and running will be skipped. Similarly,
2966 SD_SYSTEMD_PORTABLE_FORCE_SYSEXT flag means that the check whether
2967 image name matches the name declared inside of the image will be
2968 skipped. Callers must be sure to do those checks themselves if
2971 * systemd-portabled will now use the original filename to check
2972 extension-release.NAME for correctness, in case it is passed a
2975 * systemd-portabled now uses PrivateTmp=yes in the 'trusted' profile
2978 * sysext's extension-release files now support '_any' as a special
2979 value for the ID= field, to allow distribution-independent extensions
2980 (e.g.: fully statically compiled binaries, scripts). It also gained
2981 support for a new ARCHITECTURE= field that may be used to explicitly
2982 restrict an image to hosts of a specific architecture.
2984 * systemd-repart now supports creating squashfs partitions. This
2985 requires mksquashfs from squashfs-tools.
2987 * systemd-repart gained a --split flag to also generate split
2988 artifacts, i.e. a separate file for each partition. This is useful in
2989 conjunction with systemd-sysupdate or other tools, or to generate
2990 split dm-verity artifacts.
2992 * systemd-repart is now able to generate dm-verity partitions, including
2995 * systemd-repart can now set a partition UUID to zero, allowing it to
2996 be filled in later, such as when using verity partitions.
2998 * systemd-repart now supports drop-ins for its configuration files.
3000 * Package metadata logged by systemd-coredump in the system journal is
3003 * xdg-autostart-service now expands 'tilde' characters in Exec lines.
3005 * systemd-oomd now automatically links against libatomic, if available.
3007 * systemd-oomd now sends out a 'Killed' D-Bus signal when a cgroup is
3010 * scope units now also provide oom-kill status.
3012 * systemd-pstore will now try to load only the efi_pstore kernel module
3013 before running, ensuring that pstore can be used.
3015 * systemd-logind gained a new StopIdleSessionSec= option to stop an idle
3016 session after a preconfigure timeout.
3018 * systemd-homed will now wait up to 30 seconds for workers to terminate,
3019 rather than indefinitely.
3021 * homectl gained a new '--luks-sector-size=' flag that allows users to
3022 select the preferred LUKS sector size. Must be a power of 2 between 512
3023 and 4096. systemd-userdbd records gained a corresponding field.
3025 * systemd-sysusers will now respect the 'SOURCE_DATE_EPOCH' environment
3026 variable when generating the 'sp_lstchg' field, to ensure an image
3027 build can be reproducible.
3029 * 'udevadm wait' will now listen to kernel uevents too when called with
3032 * When naming network devices udev will now consult the Devicetree
3033 "alias" fields for the device.
3035 * systemd-udev will now create infiniband/by-path and
3036 infiniband/by-ibdev links for Infiniband verbs devices.
3038 * systemd-udev-trigger.service will now also prioritize input devices.
3040 * ConditionACPower= and systemd-ac-power will now assume the system is
3041 running on AC power if no battery can be found.
3043 * All features and tools using the TPM2 will now communicate with it
3044 using a bind key. Beforehand, the tpm2 support used encrypted sessions
3045 by creating a primary key that was used to encrypt traffic. This
3046 creates a problem as the key created for encrypting the traffic could
3047 be faked by an active interposer on the bus. In cases when a pin is
3048 used, a bind key will be used. The pin is used as the auth value for
3049 the seal key, aka the disk encryption key, and that auth value will be
3050 used in the session establishment. An attacker would need the pin
3051 value to create the secure session and thus an active interposer
3052 without the pin cannot interpose on TPM2 traffic.
3054 * systemd-growfs no longer requires udev to run.
3056 * systemd-backlight now will better support systems with multiple
3059 * systemd-cryptsetup's keyfile-timeout= option now also works when a
3060 device is used as a keyfile.
3062 * systemd-cryptenroll gained a new --unlock-key-file= option to get the
3063 unlocking key from a key file (instead of prompting the user). Note
3064 that this is the key for unlocking the volume in order to be able to
3065 enroll a new key, but it is not the key that is enrolled.
3067 * systemd-dissect gained a new --umount switch that will safely and
3068 synchronously unmount all partitions of an image previously mounted
3069 with 'systemd-dissect --mount'.
3071 * When using gcrypt, all systemd tools and services will now configure
3072 it to prefer the OS random number generator if present.
3074 * All example code shipped with documentation has been relicensed from CC0
3077 * Unit tests will no longer fail when running on a system without
3080 Experimental features:
3082 * BPF programs can now be compiled with bpf-gcc (requires libbpf >= 1.0
3083 and bpftool >= 7.0).
3085 * sd-boot can automatically enroll SecureBoot keys from files found on
3086 the ESP. This enrollment can be either automatic ('force' mode) or
3087 controlled by the user ('manual' mode). It is sufficient to place the
3088 SecureBoot keys in the right place in the ESP and they will be picked
3089 up by sd-boot and shown in the boot menu.
3091 * The mkosi config in systemd gained support for automatically
3092 compiling a kernel with the configuration appropriate for testing
3093 systemd. This may be useful when developing or testing systemd in
3094 tandem with the kernel.
3096 Contributions from: 김인수, Adam Williamson, adrian5, Aidan Dang,
3097 Akihiko Odaki, Alban Bedel, Albert Mikaelyan, Aleksey Vasenev,
3098 Alexander Graf, Alexander Shopov, Alexander Wilson,
3099 Alper Nebi Yasak, anarcat, Anders Jonsson, Andre Kalb,
3100 Andrew Stone, Andrey Albershteyn, Anita Zhang, Ansgar Burchardt,
3101 Antonio Alvarez Feijoo, Arnaud Ferraris, Aryan singh, asavah,
3102 Avamander, Avram Lubkin, Balázs Meskó, Bastien Nocera,
3103 Benjamin Franzke, BerndAdameit, bin456789, Celeste Liu,
3104 Chih-Hsuan Yen, Christian Brauner, Christian Göttsche,
3105 Christian Hesse, Clyde Byrd III, codefiles, Colin Walters,
3106 Cristian Rodríguez, Daan De Meyer, Daniel Braunwarth,
3107 Daniel Rusek, Dan Streetman, Darsey Litzenberger, David Edmundson,
3108 David Jaša, David Rheinsberg, David Seifert, David Tardon,
3109 dependabot[bot], Devendra Tewari, Dominique Martinet, drosdeck,
3110 Edson Juliano Drosdeck, Eduard Tolosa, eggfly, Einsler Lee,
3111 Elias Probst, Eli Schwartz, Evgeny Vereshchagin, exploide, Fei Li,
3112 Foster Snowhill, Franck Bui, Frank Dana, Frantisek Sumsal,
3113 Gerd Hoffmann, Gio, Goffredo Baroncelli, gtwang01,
3114 Guillaume W. Bres, H A, Hans de Goede, Heinrich Schuchardt,
3115 Hugo Carvalho, i-do-cpp, igo95862, j00512545, Jacek Migacz,
3116 Jade Bilkey, James Hilliard, Jan B, Janis Goldschmidt,
3117 Jan Janssen, Jan Kuparinen, Jan Luebbe, Jan Macku,
3118 Jason A. Donenfeld, Javkhlanbayar Khongorzul, Jeremy Soller,
3119 JeroenHD, jiangchuangang, João Loureiro,
3120 Joaquín Ignacio Aramendía, Jochen Sprickerhof,
3121 Johannes Schauer Marin Rodrigues, Jonas Kümmerlin,
3122 Jonas Witschel, Jonathan Kang, Jonathan Lebon, Joost Heitbrink,
3123 Jörg Thalheim, josh-gordon-fb, Joyce, Kai Lueke, lastkrick,
3124 Lennart Poettering, Leon M. George, licunlong, Li kunyu,
3125 LockBlock-dev, Loïc Collignon, Lubomir Rintel, Luca Boccassi,
3126 Luca BRUNO, Ludwig Nussel, Łukasz Stelmach, Maccraft123,
3127 Marc Kleine-Budde, Marius Vollmer, Martin Wilck, matoro,
3128 Matthias Lisin, Max Gautier, Maxim Mikityanskiy, Michael Biebl,
3129 Michal Koutný, Michal Sekletár, Michal Stanke, Mike Gilbert,
3130 Mitchell Freiderich, msizanoen1, Nick Rosbrook, nl6720, Oğuz Ersen,
3131 Oleg Solovyov, Olga Smirnova, Pablo Ceballos, Pavel Zhukov,
3132 Phaedrus Leeds, Philipp Gortan, Piotr Drąg, Pyfisch,
3133 Quentin Deslandes, Rahil Bhimjiani, Rene Hollander, Richard Huang,
3134 Richard Phibel, Rudi Heitbaum, Sam James, Sarah Brofeldt,
3135 Sean Anderson, Sebastian Scheibner, Shreenidhi Shedi,
3136 Sonali Srivastava, Steve Ramage, Suraj Krishnan, Swapnil Devesh,
3137 Takashi Sakamoto, Ted X. Toth, Temuri Doghonadze, Thomas Blume,
3138 Thomas Haller, Thomas Hebb, Tomáš Hnyk, Tomasz Paweł Gajc,
3139 Topi Miettinen, Ulrich Ölmann, undef, Uriel Corfa,
3140 Victor Westerhuis, Vincent Dagonneau, Vishal Chillara Srinivas,
3141 Vito Caputo, Weblate, Wenchao Hao, William Roberts, williamsumendap,
3142 wineway, xiaoyang, Yuri Chornoivan, Yu Watanabe,
3143 Zbigniew Jędrzejewski-Szmek, Zhaofeng Li, наб
3145 – The Great Beyond, 2022-10-31 👻
3149 Backwards-incompatible changes:
3151 * The minimum kernel version required has been bumped from 3.13 to 4.15,
3152 and CLOCK_BOOTTIME is now assumed to always exist.
3154 * C11 with GNU extensions (aka "gnu11") is now used to build our
3155 components. Public API headers are still restricted to ISO C89.
3157 * In v250, a systemd-networkd feature that automatically configures
3158 routes to addresses specified in AllowedIPs= was added and enabled by
3159 default. However, this causes network connectivity issues in many
3160 existing setups. Hence, it has been disabled by default since
3161 systemd-stable 250.3. The feature can still be used by explicitly
3162 configuring RouteTable= setting in .netdev files.
3164 * Jobs started via StartUnitWithFlags() will no longer return 'skipped'
3165 when a Condition*= check does not succeed, restoring the JobRemoved
3166 signal to the behaviour it had before v250.
3168 * The org.freedesktop.portable1 methods GetMetadataWithExtensions() and
3169 GetImageMetadataWithExtensions() have been fixed to provide an extra
3170 return parameter, containing the actual extension release metadata.
3171 The current implementation was judged to be broken and unusable, and
3172 thus the usual procedure of adding a new set of methods was skipped,
3173 and backward compatibility broken instead on the assumption that
3174 nobody can be affected given the current state of this interface.
3176 * All kernels supported by systemd mix bytes returned by RDRAND (or
3177 similar) into the entropy pool at early boot. This means that on
3178 those systems, even if /dev/urandom is not yet initialized, it still
3179 returns bytes that are of at least RDRAND quality. For that reason,
3180 we no longer have reason to invoke RDRAND from systemd itself, which
3181 has historically been a source of bugs. Furthermore, kernels ≥5.6
3182 provide the getrandom(GRND_INSECURE) interface for returning random
3183 bytes before the entropy pool is initialized without warning into
3184 kmsg, which is what we attempt to use if available. systemd's direct
3185 usage of RDRAND has been removed. x86 systems ≥Broadwell that are
3186 running an older kernel may experience kmsg warnings that were not
3187 seen with 250. For newer kernels, non-x86 systems, or older x86
3188 systems, there should be no visible changes.
3190 * sd-boot will now measure the kernel command line into TPM PCR 12
3191 rather than PCR 8. This improves usefulness of the measurements on
3192 systems where sd-boot is chainloaded from Grub. Grub measures all
3193 commands its executes into PCR 8, which makes it very hard to use
3194 reasonably, hence separate ourselves from that and use PCR 12
3195 instead, which is what certain Ubuntu editions already do. To retain
3196 compatibility with systems running older systemd systems a new meson
3197 option 'efi-tpm-pcr-compat' has been added (which defaults to false).
3198 If enabled, the measurement is done twice: into the new-style PCR 12
3199 *and* the old-style PCR 8. It's strongly advised to migrate all users
3200 to PCR 12 for this purpose in the long run, as we intend to remove
3201 this compatibility feature in two years' time.
3203 * busctl capture now writes output in the newer pcapng format instead
3206 * A udev rule that imported hwdb matches for USB devices with lowercase
3207 hexadecimal vendor/product ID digits was added in systemd 250. This
3208 has been reverted, since uppercase hexadecimal digits are supposed to
3209 be used, and we already had a rule with the appropriate match.
3211 Users might need to adjust their local hwdb entries.
3213 * arch_prctl(2) has been moved to the @default set in the syscall filters
3214 (as exposed via the SystemCallFilter= setting in service unit files).
3215 It is apparently used by the linker now.
3217 * The tmpfiles entries that create the /run/systemd/netif directory and
3218 its subdirectories were moved from tmpfiles.d/systemd.conf to
3219 tmpfiles.d/systemd-network.conf.
3221 Users might need to adjust their files that override tmpfiles.d/systemd.conf
3222 to account for this change.
3224 * The requirement for Portable Services images to contain a well-formed
3225 os-release file (i.e.: contain at least an ID field) is now enforced.
3226 This applies to base images and extensions, and also to systemd-sysext.
3228 Changes in the Boot Loader Specification, kernel-install and sd-boot:
3230 * kernel-install's and bootctl's Boot Loader Specification Type #1
3231 entry generation logic has been reworked. The user may now pick
3232 explicitly by which "token" string to name the installation's boot
3233 entries, via the new /etc/kernel/entry-token file or the new
3234 --entry-token= switch to bootctl. By default — as before — the
3235 entries are named after the local machine ID. However, in "golden
3236 image" environments, where the machine ID shall be initialized on
3237 first boot (as opposed to at installation time before first boot) the
3238 machine ID will not be available at build time. In this case the
3239 --entry-token= switch to bootctl (or the /etc/kernel/entry-token
3240 file) may be used to override the "token" for the entries, for
3241 example the IMAGE_ID= or ID= fields from /etc/os-release. This will
3242 make the OS images independent of any machine ID, and ensure that the
3243 images will not carry any identifiable information before first boot,
3244 but on the other hand means that multiple parallel installations of
3245 the very same image on the same disk cannot be supported.
3247 Summary: if you are building golden images that shall acquire
3248 identity information exclusively on first boot, make sure to both
3249 remove /etc/machine-id *and* to write /etc/kernel/entry-token to the
3250 value of the IMAGE_ID= or ID= field of /etc/os-release or another
3251 suitable identifier before deploying the image.
3253 * The Boot Loader Specification has been extended with
3254 /loader/entries.srel file located in the EFI System Partition (ESP)
3255 that disambiguates the format of the entries in the /loader/entries/
3256 directory (in order to discern them from incompatible uses of this
3257 directory by other projects). For entries that follow the
3258 Specification, the string "type1" is stored in this file.
3260 bootctl will now write this file automatically when installing the
3261 systemd-boot boot loader.
3263 * kernel-install supports a new initrd_generator= setting in
3264 /etc/kernel/install.conf, that is exported as
3265 $KERNEL_INSTALL_INITRD_GENERATOR to kernel-install plugins. This
3266 allows choosing different initrd generators.
3268 * kernel-install will now create a "staging area" (an initially-empty
3269 directory to gather files for a Boot Loader Specification Type #1
3270 entry). The path to this directory is exported as
3271 $KERNEL_INSTALL_STAGING_AREA to kernel-install plugins, which should
3272 drop files there instead of writing them directly to the final
3273 location. kernel-install will move them when all files have been
3274 prepared successfully.
3276 * New option sort-key= has been added to the Boot Loader Specification
3277 to override the sorting order of the entries in the boot menu. It is
3278 read by sd-boot and bootctl, and will be written by kernel-install,
3279 with the default value of IMAGE_ID= or ID= fields from
3280 os-release. Together, this means that on multiboot installations,
3281 entries should be grouped and sorted in a predictable way.
3283 * The sort order of boot entries has been updated: entries which have
3284 the new field sort-key= are sorted by it first, and all entries
3285 without it are ordered later. After that, entries are sorted by
3286 version so that newest entries are towards the beginning of the list.
3288 * The kernel-install tool gained a new 'inspect' verb which shows the
3289 paths and other settings used.
3291 * sd-boot can now optionally beep when the menu is shown and menu
3292 entries are selected, which can be useful on machines without a
3293 working display. (Controllable via a loader.conf setting.)
3295 * The --make-machine-id-directory= switch to bootctl has been replaced
3296 by --make-entry-directory=, given that the entry directory is not
3297 necessarily named after the machine ID, but after some other suitable
3298 ID as selected via --entry-token= described above. The old name of
3299 the option is still understood to maximize compatibility.
3301 * 'bootctl list' gained support for a new --json= switch to output boot
3302 menu entries in JSON format.
3304 * 'bootctl is-installed' now supports the --graceful, and various verbs
3305 omit output with the new option --quiet.
3307 Changes in systemd-homed:
3309 * Starting with v250 systemd-homed uses UID/GID mapping on the mounts
3310 of activated home directories it manages (if the kernel and selected
3311 file systems support it). So far it mapped three UID ranges: the
3312 range from 0…60000, the user's own UID, and the range 60514…65534,
3313 leaving everything else unmapped (in other words, the 16-bit UID range
3314 is mapped almost fully, with the exception of the UID subrange used
3315 for systemd-homed users, with one exception: the user's own UID).
3316 Unmapped UIDs may not be used for file ownership in the home
3317 directory — any chown() attempts with them will fail. With this
3318 release a fourth range is added to these mappings:
3319 524288…1879048191. This range is the UID range intended for container
3322 https://systemd.io/UIDS-GIDS
3324 This range may be used for container managers that place container OS
3325 trees in the home directory (which is a questionable approach, for
3326 quota, permission, SUID handling and network file system
3327 compatibility reasons, but nonetheless apparently commonplace). Note
3328 that this mapping is mapped 1:1 in a pass-through fashion, i.e. the
3329 UID assignments from the range are not managed or mapped by
3330 `systemd-homed`, and must be managed with other mechanisms, in the
3331 context of the local system.
3333 Typically, a better approach to user namespacing in relevant
3334 container managers would be to leave container OS trees on disk at
3335 UID offset 0, but then map them to a dynamically allocated runtime
3336 UID range via another UID mount map at container invocation
3337 time. That way user namespace UID ranges become strictly a runtime
3338 concept, and do not leak into persistent file systems, persistent
3339 user databases or persistent configuration, thus greatly simplifying
3340 handling, and improving compatibility with home directories intended
3341 to be portable like the ones managed by systemd-homed.
3343 Changes in shared libraries:
3345 * A new libsystemd-core-<version>.so private shared library is
3346 installed under /usr/lib/systemd/system, mirroring the existing
3347 libsystemd-shared-<version>.so library. This allows the total
3348 installation size to be reduced by binary code reuse.
3350 * The <version> tag used in the name of libsystemd-shared.so and
3351 libsystemd-core.so can be configured via the meson option
3352 'shared-lib-tag'. Distributions may build subsequent versions of the
3353 systemd package with unique tags (e.g. the full package version),
3354 thus allowing multiple installations of those shared libraries to be
3355 available at the same time. This is intended to fix an issue where
3356 programs that link to those libraries would fail to execute because
3357 they were installed earlier or later than the appropriate version of
3360 * The sd-id128 API gained a new call sd_id128_to_uuid_string() that is
3361 similar to sd_id128_to_string() but formats the ID in RFC 4122 UUID
3362 format instead of as a simple series of hex characters.
3364 * The sd-device API gained two new calls sd_device_new_from_devname()
3365 and sd_device_new_from_path() which permit allocating an sd_device
3366 object from a device node name or file system path.
3368 * sd-device also gained a new call sd_device_open() which will open the
3369 device node associated with a device for which an sd_device object
3370 has been allocated. The call is supposed to address races around
3371 device nodes being removed/recycled due to hotplug events, or media
3372 change events: the call checks internally whether the major/minor of
3373 the device node and the "diskseq" (in case of block devices) match
3374 with the metadata loaded in the sd_device object, thus ensuring that
3375 the device once opened really matches the provided sd_device object.
3377 Changes in PID1, systemctl, and systemd-oomd:
3379 * A new set of service monitor environment variables will be passed to
3380 OnFailure=/OnSuccess= handlers, but only if exactly one unit lists the
3381 handler unit as OnFailure=/OnSuccess=. The variables are:
3382 $MONITOR_SERVICE_RESULT, $MONITOR_EXIT_CODE, $MONITOR_EXIT_STATUS,
3383 $MONITOR_INVOCATION_ID and $MONITOR_UNIT. For cases when a single
3384 handler needs to watch multiple units, use a templated handler.
3386 * A new ExtensionDirectories= setting in service unit files allows
3387 system extensions to be loaded from a directory. (It is similar to
3388 ExtensionImages=, but takes paths to directories, instead of
3391 'portablectl attach --extension=' now also accepts directory paths.
3393 * The user.delegate and user.invocation_id extended attributes on
3394 cgroups are used in addition to trusted.delegate and
3395 trusted.invocation_id. The latter pair requires privileges to set,
3396 but the former doesn't and can be also set by the unprivileged user
3399 (Only supported on kernels ≥5.6.)
3401 * Units that were killed by systemd-oomd will now have a service result
3402 of 'oom-kill'. The number of times a service was killed is tallied
3403 in the 'user.oomd_ooms' extended attribute.
3405 The OOMPolicy= unit file setting is now also honoured by
3408 * In unit files the new %y/%Y specifiers can be used to refer to
3409 normalized unit file path, which is particularly useful for symlinked
3412 The new %q specifier resolves to the pretty hostname
3413 (i.e. PRETTY_HOSTNAME= from /etc/machine-info).
3415 The new %d specifier resolves to the credentials directory of a
3416 service (same as $CREDENTIALS_DIRECTORY).
3418 * The RootDirectory=, MountAPIVFS=, ExtensionDirectories=,
3419 *Capabilities*=, ProtectHome=, *Directory=, TemporaryFileSystem=,
3420 PrivateTmp=, PrivateDevices=, PrivateNetwork=, NetworkNamespacePath=,
3421 PrivateIPC=, IPCNamespacePath=, PrivateUsers=, ProtectClock=,
3422 ProtectKernelTunables=, ProtectKernelModules=, ProtectKernelLogs=,
3423 MountFlags= service settings now also work in unprivileged user
3424 services, i.e. those run by the user's --user service manager, as long
3425 as user namespaces are enabled on the system.
3427 * Services with Restart=always and a failing ExecCondition= will no
3428 longer be restarted, to bring ExecCondition= behaviour in line with
3429 Condition*= settings.
3431 * LoadCredential= now accepts a directory as the argument; all files
3432 from the directory will be loaded as credentials.
3434 * A new D-Bus property ControlGroupId is now exposed on service units,
3435 that encapsulates the service's numeric cgroup ID that newer kernels
3436 assign to each cgroup.
3438 * PID 1 gained support for configuring the "pre-timeout" of watchdog
3439 devices and the associated governor, via the new
3440 RuntimeWatchdogPreSec= and RuntimeWatchdogPreGovernor= configuration
3441 options in /etc/systemd/system.conf.
3443 * systemctl's --timestamp= option gained a new choice "unix", to show
3444 timestamp as unix times, i.e. seconds since 1970, Jan 1st.
3446 * A new "taint" flag named "old-kernel" is introduced which is set when
3447 the kernel systemd runs on is older then the current baseline version
3448 (see above). The flag is shown in "systemctl status" output.
3450 * Two additional taint flags "short-uid-range" and "short-gid-range"
3451 have been added as well, which are set when systemd notices it is run
3452 within a userns namespace that does not define the full 0…65535 UID
3455 * A new "unmerged-usr" taint flag has been added that is set whenever
3456 running on systems where /bin/ + /sbin/ are *not* symlinks to their
3457 counterparts in /usr/, i.e. on systems where the /usr/-merge has not
3460 * Generators invoked by PID 1 will now have a couple of useful
3461 environment variables set describing the execution context a
3462 bit. $SYSTEMD_SCOPE encodes whether the generator is called from the
3463 system service manager, or from the per-user service
3464 manager. $SYSTEMD_IN_INITRD encodes whether the generator is invoked
3465 in initrd context or on the host. $SYSTEMD_FIRST_BOOT encodes whether
3466 systemd considers the current boot to be a "first"
3467 boot. $SYSTEMD_VIRTUALIZATION encode whether virtualization is
3468 detected and which type of hypervisor/container
3469 manager. $SYSTEMD_ARCHITECTURE indicates which architecture the
3470 kernel is built for.
3472 * PID 1 will now automatically pick up system credentials from qemu's
3473 fw_cfg interface, thus allowing passing arbitrary data into VM
3474 systems similar to how this is already supported for passing them
3475 into `systemd-nspawn` containers. Credentials may now also be passed
3476 in via the new kernel command line option `systemd.set_credential=`
3477 (note that kernel command line options are world-readable during
3478 runtime, and only useful for credentials that require no
3479 confidentiality). The credentials that can be passed to unified
3480 kernels that use the `systemd-stub` UEFI stub are now similarly
3481 picked up automatically. Automatic importing of system credentials
3482 this way can be turned off via the new
3483 `systemd.import_credentials=no` kernel command line option.
3485 * LoadCredential= will now automatically look for credentials in the
3486 /etc/credstore/, /run/credstore/, /usr/lib/credstore/ directories if
3487 the argument is not an absolute path. Similarly,
3488 LoadCredentialEncrypted= will check the same directories plus
3489 /etc/credstore.encrypted/, /run/credstore.encrypted/ and
3490 /usr/lib/credstore.encrypted/. The idea is to use those directories
3491 as the system-wide location for credentials that services should pick
3494 * System and service credentials are described in great detail in a new
3497 https://systemd.io/CREDENTIALS
3499 Changes in systemd-journald:
3501 * The journal JSON export format has been added to listed of stable
3502 interfaces (https://systemd.io/PORTABILITY_AND_STABILITY/).
3504 * journalctl --list-boots now supports JSON output and the --reverse option.
3506 * Under docs/: JOURNAL_EXPORT_FORMATS was imported from the wiki and
3507 updated, BUILDING_IMAGES is new:
3509 https://systemd.io/JOURNAL_EXPORT_FORMATS
3510 https://systemd.io/BUILDING_IMAGES
3514 * Two new hwdb files have been added. One lists "handhelds" (PDAs,
3515 calculators, etc.), the other AV production devices (DJ tables,
3516 keypads, etc.) that should accessible to the seat owner user by
3519 * udevadm trigger gained a new --prioritized-subsystem= option to
3520 process certain subsystems (and all their parent devices) earlier.
3522 systemd-udev-trigger.service now uses this new option to trigger
3523 block and TPM devices first, hopefully making the boot a bit faster.
3525 * udevadm trigger now implements --type=all, --initialized-match,
3526 --initialized-nomatch to trigger both subsystems and devices, only
3527 already-initialized devices, and only devices which haven't been
3528 initialized yet, respectively.
3530 * udevadm gained a new "wait" command for safely waiting for a specific
3531 device to show up in the udev device database. This is useful in
3532 scripts that asynchronously allocate a block device (e.g. through
3533 repartitioning, or allocating a loopback device or similar) and need
3534 to synchronize on the creation to complete.
3536 * udevadm gained a new "lock" command for locking one or more block
3537 devices while formatting it or writing a partition table to it. It is
3538 an implementation of https://systemd.io/BLOCK_DEVICE_LOCKING and
3539 usable in scripts dealing with block devices.
3541 * udevadm info will show a couple of additional device fields in its
3542 output, and will not apply a limited set of coloring to line types.
3544 * udevadm info --tree will now show a tree of objects (i.e. devices and
3545 suchlike) in the /sys/ hierarchy.
3547 * Block devices will now get a new set of device symlinks in
3548 /dev/disk/by-diskseq/<nr>, which may be used to reference block
3549 device nodes via the kernel's "diskseq" value. Note that this does
3550 not guarantee that opening a device by a symlink like this will
3551 guarantee that the opened device actually matches the specified
3552 diskseq value. To be safe against races, the actual diskseq value of
3553 the opened device (BLKGETDISKSEQ ioctl()) must still be compred with
3554 the one in the symlink path.
3556 * .link files gained support for setting MDI/MID-X on a link.
3558 * .link files gained support for [Match] Firmware= setting to match on
3559 the device firmware description string. By mistake, it was previously
3560 only supported in .network files.
3562 * .link files gained support for [Link] SR-IOVVirtualFunctions= setting
3563 and [SR-IOV] section to configure SR-IOV virtual functions.
3565 Changes in systemd-networkd:
3567 * The default scope for unicast routes configured through [Route]
3568 section is changed to "link", to make the behavior consistent with
3569 "ip route" command. The manual configuration of [Route] Scope= is
3572 * A new unit systemd-networkd-wait-online@<interface>.service has been
3573 added that can be used to wait for a specific network interface to be
3576 * systemd-networkd gained a new [Bridge] Isolated=true|false setting
3577 that configures the eponymous kernel attribute on the bridge.
3579 * .netdev files now can be used to create virtual WLAN devices, and
3580 configure various settings on them, via the [WLAN] section.
3582 * .link/.network files gained support for [Match] Kind= setting to match
3583 on device kind ("bond", "bridge", "gre", "tun", "veth", etc.)
3585 This value is also shown by 'networkctl status'.
3587 * The Local= setting in .netdev files for various virtual network
3588 devices gained support for specifying, in addition to the network
3589 address, the name of a local interface which must have the specified
3592 * systemd-networkd gained a new [Tunnel] External= setting in .netdev
3593 files, to configure tunnels in external mode (a.k.a. collect metadata
3596 * [Network] L2TP= setting was removed. Please use interface specifier in
3597 Local= setting in .netdev files of corresponding L2TP interface.
3599 * New [DHCPServer] BootServerName=, BootServerAddress=, and
3600 BootFilename= settings can be used to configure the server address,
3601 server name, and file name sent in the DHCP packet (e.g. to configure
3604 Changes in systemd-resolved:
3606 * systemd-resolved is started earlier (in sysinit.target), so it
3607 available earlier and will also be started in the initrd if installed
3610 Changes in disk encryption:
3612 * systemd-cryptenroll can now control whether to require the user to
3613 enter a PIN when using TPM-based unlocking of a volume via the new
3614 --tpm2-with-pin= option.
3616 Option tpm2-pin= can be used in /etc/crypttab.
3618 * When unlocking devices via TPM, TPM2 parameter encryption is now
3619 used, to ensure that communication between CPU and discrete TPM chips
3620 cannot be eavesdropped to acquire disk encryption keys.
3622 * A new switch --fido2-credential-algorithm= has been added to
3623 systemd-cryptenroll allowing selection of the credential algorithm to
3624 use when binding encryption to FIDO2 tokens.
3626 Changes in systemd-hostnamed:
3628 * HARDWARE_VENDOR= and HARDWARE_MODEL= can be set in /etc/machine-info
3629 to override the values gleaned from the hwdb.
3631 * A ID_CHASSIS property can be set in the hwdb (for the DMI device
3632 /sys/class/dmi/id) to override the chassis that is reported by
3635 * hostnamed's D-Bus interface gained a new method GetHardwareSerial()
3636 for reading the hardware serial number, as reportd by DMI. It also
3637 exposes a new method D-Bus property FirmwareVersion that encode the
3638 firmware version of the system.
3640 Changes in other components:
3642 * /etc/locale.conf is now populated through tmpfiles.d factory /etc/
3643 handling with the values that were configured during systemd build
3644 (if /etc/locale.conf has not been created through some other
3645 mechanism). This means that /etc/locale.conf should always have
3646 reasonable contents and we avoid a potential mismatch in defaults.
3648 * The userdbctl tool will now show UID range information as part of the
3649 list of known users.
3651 * A new build-time configuration setting default-user-shell= can be
3652 used to set the default shell for user records and nspawn shell
3653 invocations (instead of the default /bin/bash).
3655 * systemd-timesyncd now provides a D-Bus API for receiving NTP server
3656 information dynamically at runtime via IPC.
3658 * The systemd-creds tool gained a new "has-tpm2" verb, which reports
3659 whether a functioning TPM2 infrastructure is available, i.e. if
3660 firmware, kernel driver and systemd all have TPM2 support enabled and
3663 * The systemd-creds tool gained support for generating encrypted
3664 credentials that are using an empty encryption key. While this
3665 provides no integrity nor confidentiality it's useful to implement
3666 codeflows that work the same on TPM-ful and TPM2-less systems. The
3667 service manager will only accept credentials "encrypted" that way if
3668 a TPM2 device cannot be detected, to ensure that credentials
3669 "encrypted" like that cannot be used to trick TPM2 systems.
3671 * When deciding whether to colorize output, all systemd programs now
3672 also check $COLORTERM (in addition to $NO_COLOR, $SYSTEMD_COLORS, and
3675 * Meson's new install_tag feature is now in use for several components,
3676 allowing to build and install select binaries only: pam, nss, devel
3677 (pkg-config files), systemd-boot, libsystemd, libudev. Example:
3678 $ meson build systemd-boot
3679 $ meson install --tags systemd-boot --no-rebuild
3680 https://mesonbuild.com/Installing.html#installation-tags
3682 * A new build configuration option has been added, to allow selecting the
3683 default compression algorithm used by systemd-journald and systemd-coredump.
3684 This allows to build-in support for decompressing all supported formats,
3685 but choose a specific one for compression. E.g.:
3686 $ meson -Ddefault-compression=xz
3688 Experimental features:
3690 * sd-boot gained a new *experimental* setting "reboot-for-bitlocker" in
3691 loader.conf that implements booting Microsoft Windows from the
3692 sd-boot in a way that first reboots the system, to reset the TPM
3693 PCRs. This improves compatibility with BitLocker's TPM use, as the
3694 PCRs will only record the Windows boot process, and not sd-boot
3695 itself, thus retaining the PCR measurements not involving sd-boot.
3696 Note that this feature is experimental for now, and is likely going
3697 to be generalized and renamed in a future release, without retaining
3698 compatibility with the current implementation.
3700 * A new systemd-sysupdate component has been added that automatically
3701 discovers, downloads, and installs A/B-style updates for the host
3702 installation itself, or container images, portable service images,
3703 and other assets. See the new systemd-sysupdate man page for updates.
3705 Contributions from: 4piu, Adam Williamson, adrian5, Albert Brox,
3706 AlexCatze, Alex Henrie, Alfonso Sánchez-Beato, Alice S,
3707 Alvin Šipraga, amarjargal, Amarjargal, Andrea Pappacoda,
3708 Andreas Rammhold, Andy Chi, Anita Zhang, Antonio Alvarez Feijoo,
3709 Arfrever Frehtes Taifersar Arahesis, ash, Bastien Nocera, Be,
3710 bearhoney, Ben Efros, Benjamin Berg, Benjamin Franzke,
3711 Brett Holman, Christian Brauner, Clyde Byrd III, Curtis Klein,
3712 Daan De Meyer, Daniele Medri, Daniel Mack, Danilo Krummrich,
3713 David, David Bond, Davide Cavalca, David Tardon, davijosw,
3714 dependabot[bot], Donald Chan, Dorian Clay, Eduard Tolosa,
3715 Elias Probst, Eli Schwartz, Erik Sjölund, Evgeny Vereshchagin,
3716 Federico Ceratto, Franck Bui, Frantisek Sumsal, Gaël PORTAY,
3717 Georges Basile Stavracas Neto, Gibeom Gwon, Goffredo Baroncelli,
3718 Grigori Goronzy, Hans de Goede, Heiko Becker, Hugo Carvalho,
3719 Jakob Lell, James Hilliard, Jan Janssen, Jason A. Donenfeld,
3720 Joan Bruguera, Joerie de Gram, Josh Triplett, Julia Kartseva,
3721 Kazuo Moriwaka, Khem Raj, ksa678491784, Lance, Lan Tian,
3722 Laura Barcziova, Lennart Poettering, Leviticoh, licunlong,
3723 Lidong Zhong, lincoln auster, Lubomir Rintel, Luca Boccassi,
3724 Luca BRUNO, lucagoc, Ludwig Nussel, Marcel Hellwig, march1993,
3725 Marco Scardovi, Mario Limonciello, Mariusz Tkaczyk,
3726 Markus Weippert, Martin, Martin Liska, Martin Wilck, Matija Skala,
3727 Matthew Blythe, Matthias Lisin, Matthijs van Duin, Matt Walton,
3728 Max Gautier, Michael Biebl, Michael Olbrich, Michal Koutný,
3729 Michal Sekletár, Mike Gilbert, MkfsSion, Morten Linderud,
3730 Nick Rosbrook, Nikolai Grigoriev, Nikolai Kostrigin,
3731 Nishal Kulkarni, Noel Kuntze, Pablo Ceballos, Peter Hutterer,
3732 Peter Morrow, Pigmy-penguin, Piotr Drąg, prumian, Richard Neill,
3733 Rike-Benjamin Schuppner, rodin-ia, Romain Naour, Ruben Kerkhof,
3734 Ryan Hendrickson, Santa Wiryaman, Sebastian Pucilowski, Seth Falco,
3735 Simon Ellmann, Sonali Srivastava, Stefan Seering,
3736 Stephen Hemminger, tawefogo, techtino, Temuri Doghonadze,
3737 Thomas Batten, Thomas Haller, Thomas Weißschuh, Tobias Stoeckmann,
3738 Tomasz Pala, Tyson Whitehead, Vishal Chillara Srinivas,
3739 Vivien Didelot, w30023233, wangyuhang, Weblate, Xiaotian Wu,
3740 yangmingtai, YmrDtnJu, Yonathan Randolph, Yutsuten, Yu Watanabe,
3741 Zbigniew Jędrzejewski-Szmek, наб
3743 — Edinburgh, 2022-05-21
3747 * Support for encrypted and authenticated credentials has been added.
3748 This extends the credential logic introduced with v247 to support
3749 non-interactive symmetric encryption and authentication, based on a
3750 key that is stored on the /var/ file system or in the TPM2 chip (if
3751 available), or the combination of both (by default if a TPM2 chip
3752 exists the combination is used, otherwise the /var/ key only). The
3753 credentials are automatically decrypted at the moment a service is
3754 started, and are made accessible to the service itself in unencrypted
3755 form. A new tool 'systemd-creds' encrypts credentials for this
3756 purpose, and two new service file settings LoadCredentialEncrypted=
3757 and SetCredentialEncrypted= configure such credentials.
3759 This feature is useful to store sensitive material such as SSL
3760 certificates, passwords and similar securely at rest and only decrypt
3761 them when needed, and in a way that is tied to the local OS
3762 installation or hardware.
3764 * systemd-gpt-auto-generator can now automatically set up discoverable
3765 LUKS2 encrypted swap partitions.
3767 * The GPT Discoverable Partitions Specification has been substantially
3768 extended with support for root and /usr/ partitions for the majority
3769 of architectures systemd supports. This includes platforms that do
3770 not natively support UEFI, because even though GPT is specified under
3771 UEFI umbrella, it is useful on other systems too. Specifically,
3772 systemd-nspawn, systemd-sysext, systemd-gpt-auto-generator and
3773 Portable Services use the concept without requiring UEFI.
3775 * The GPT Discoverable Partitions Specifications has been extended with
3776 a new set of partitions that may carry PKCS#7 signatures for Verity
3777 partitions, encoded in a simple JSON format. This implements a simple
3778 mechanism for building disk images that are fully authenticated and
3779 can be tested against a set of cryptographic certificates. This is
3780 now implemented for the various systemd tools that can operate with
3781 disk images, such as systemd-nspawn, systemd-sysext, systemd-dissect,
3782 Portable services/RootImage=, systemd-tmpfiles, and systemd-sysusers.
3783 The PKCS#7 signatures are passed to the kernel (where they are
3784 checked against certificates from the kernel keyring), or can be
3785 verified against certificates provided in userspace (via a simple
3786 drop-in file mechanism).
3788 * systemd-dissect's inspection logic will now report for which uses a
3789 disk image is intended. Specifically, it will display whether an
3790 image is suitable for booting on UEFI or in a container (using
3791 systemd-nspawn's --image= switch), whether it can be used as portable
3792 service, or attached as system extension.
3794 * The system-extension.d/ drop-in files now support a new field
3795 SYSEXT_SCOPE= that may encode which purpose a system extension image
3796 is for: one of "initrd", "system" or "portable". This is useful to
3797 make images more self-descriptive, and to ensure system extensions
3798 cannot be attached in the wrong contexts.
3800 * The os-release file learnt a new PORTABLE_PREFIXES= field which may
3801 be used in portable service images to indicate which unit prefixes
3804 * The GPT image dissection logic in systemd-nspawn/systemd-dissect/…
3805 now is able to decode images for non-native architectures as well.
3806 This allows systemd-nspawn to boot images of non-native architectures
3807 if the corresponding user mode emulator is installed and
3808 systemd-binfmtd is running.
3810 * systemd-logind gained new settings HandlePowerKeyLongPress=,
3811 HandleRebootKeyLongPress=, HandleSuspendKeyLongPress= and
3812 HandleHibernateKeyLongPress= which may be used to configure actions
3813 when the relevant keys are pressed for more than 5s. This is useful
3814 on devices that only have hardware for a subset of these keys. By
3815 default, if the reboot key is pressed long the poweroff operation is
3816 now triggered, and when the suspend key is pressed long the hibernate
3817 operation is triggered. Long pressing the other two keys currently
3818 does not trigger any operation by default.
3820 * When showing unit status updates on the console during boot and
3821 shutdown, and a service is slow to start so that the cylon animation
3822 is shown, the most recent sd_notify() STATUS= text is now shown as
3823 well. Services may use this to make the boot/shutdown output easier
3824 to understand, and to indicate what precisely a service that is slow
3825 to start or stop is waiting for. In particular, the per-user service
3826 manager instance now reports what it is doing and which service it is
3827 waiting for this way to the system service manager.
3829 * The service manager will now re-execute on reception of the
3830 SIGRTMIN+25 signal. It previously already did that on SIGTERM — but
3831 only when running as PID 1. There was no signal to request this when
3832 running as per-user service manager, i.e. as any other PID than 1.
3833 SIGRTMIN+25 works for both system and user managers.
3835 * The hardware watchdog logic in PID 1 gained support for operating
3836 with the default timeout configured in the hardware, instead of
3837 insisting on re-configuring it. Set RuntimeWatchdogSec=default to
3838 request this behavior.
3840 * A new kernel command line option systemd.watchdog_sec= is now
3841 understood which may be used to override the hardware watchdog
3842 time-out for the boot.
3844 * A new setting DefaultOOMScoreAdjust= is now supported in
3845 /etc/systemd/system.conf and /etc/systemd/user.conf. It may be used
3846 to set the default process OOM score adjustment value for processes
3847 started by the service manager. For per-user service managers this
3848 now defaults to 100, but for per-system service managers is left as
3849 is. This means that by default now services forked off the user
3850 service manager are more likely to be killed by the OOM killer than
3851 system services or the managers themselves.
3853 * A new per-service setting RestrictFileSystems= as been added that
3854 restricts the file systems a service has access to by their type.
3855 This is based on the new BPF LSM of the Linux kernel. It provides an
3856 effective way to make certain API file systems unavailable to
3857 services (and thus minimizing attack surface). A new command
3858 "systemd-analyze filesystems" has been added that lists all known
3859 file system types (and how they are grouped together under useful
3862 * Services now support a new setting RestrictNetworkInterfaces= for
3863 restricting access to specific network interfaces.
3865 * Service unit files gained new settings StartupAllowedCPUs= and
3866 StartupAllowedMemoryNodes=. These are similar to their counterparts
3867 without the "Startup" prefix and apply during the boot process
3868 only. This is useful to improve boot-time behavior of the system and
3869 assign resources differently during boot than during regular
3870 runtime. This is similar to the preexisting StartupCPUWeight=
3873 * Related to this: the various StartupXYZ= settings
3874 (i.e. StartupCPUWeight=, StartupAllowedCPUs=, …) are now also applied
3875 during shutdown. The settings not prefixed with "Startup" hence apply
3876 during regular runtime, and those that are prefixed like that apply
3877 during boot and shutdown.
3879 * A new per-unit set of conditions/asserts
3880 [Condition|Assert][Memory|CPU|IO]Pressure= have been added to make a
3881 unit skip/fail activation if the system's (or a slice's) memory/cpu/io
3882 pressure is above the configured threshold, using the kernel PSI
3883 feature. For more details see systemd.unit(5) and
3884 https://docs.kernel.org/accounting/psi.html
3886 * The combination of ProcSubset=pid and ProtectKernelTunables=yes and/or
3887 ProtectKernelLogs=yes can now be used.
3889 * The default maximum numbers of inodes have been raised from 64k to 1M
3890 for /dev/, and from 400k to 1M for /tmp/.
3892 * The per-user service manager learnt support for communicating with
3893 systemd-oomd to acquire OOM kill information.
3895 * A new service setting ExecSearchPath= has been added that allows
3896 changing the search path for executables for services. It affects
3897 where we look for the binaries specified in ExecStart= and similar,
3898 and the specified directories are also added the $PATH environment
3899 variable passed to invoked processes.
3901 * A new setting RuntimeRandomizedExtraSec= has been added for service
3902 and scope units that allows extending the runtime time-out as
3903 configured by RuntimeMaxSec= with a randomized amount.
3905 * The syntax of the service unit settings RuntimeDirectory=,
3906 StateDirectory=, CacheDirectory=, LogsDirectory= has been extended:
3907 if the specified value is now suffixed with a colon, followed by
3908 another filename, the latter will be created as symbolic link to the
3909 specified directory. This allows creating these service directories
3910 together with alias symlinks to make them available under multiple
3913 * Service unit files gained two new settings TTYRows=/TTYColumns= for
3914 configuring rows/columns of the TTY device passed to
3915 stdin/stdout/stderr of the service. This is useful to propagate TTY
3916 dimensions to a virtual machine.
3918 * A new service unit file setting ExitType= has been added that
3919 specifies when to assume a service has exited. By default systemd
3920 only watches the main process of a service. By setting
3921 ExitType=cgroup it can be told to wait for the last process in a
3924 * Automount unit files gained a new setting ExtraOptions= that can be
3925 used to configure additional mount options to pass to the kernel when
3926 mounting the autofs instance.
3928 * "Urlification" (generation of ESC sequences that generate clickable
3929 hyperlinks in modern terminals) may now be turned off altogether
3932 * Path units gained new TriggerLimitBurst= and TriggerLimitIntervalSec=
3933 settings that default to 200 and 2 s respectively. The ratelimit
3934 ensures that a path unit cannot cause PID1 to busy-loop when it is
3935 trying to trigger a service that is skipped because of a Condition*=
3936 not being satisfied. This matches the configuration and behaviour of
3939 * The TPM2/FIDO2/PKCS11 support in systemd-cryptsetup is now also built
3940 as a plug-in for cryptsetup. This means the plain cryptsetup command
3941 may now be used to unlock volumes set up this way.
3943 * The TPM2 logic in cryptsetup will now automatically detect systems
3944 where the TPM2 chip advertises SHA256 PCR banks but the firmware only
3945 updates the SHA1 banks. In such a case PCR policies will be
3946 automatically bound to the latter, not the former. This makes the PCR
3947 policies reliable, but of course do not provide the same level of
3948 trust as SHA256 banks.
3950 * The TPM2 logic in systemd-cryptsetup/systemd-cryptsetup now supports
3951 RSA primary keys in addition to ECC, improving compatibility with
3952 TPM2 chips that do not support ECC. RSA keys are much slower to use
3953 than ECC, and hence are only used if ECC is not available.
3955 * /etc/crypttab gained support for a new token-timeout= setting for
3956 encrypted volumes that allows configuration of the maximum time to
3957 wait for PKCS#11/FIDO2 tokens to be plugged in. If the time elapses
3958 the logic will query the user for a regular passphrase/recovery key
3961 * Support for activating dm-integrity volumes at boot via a new file
3962 /etc/integritytab and the tool systemd-integritysetup have been
3963 added. This is similar to /etc/crypttab and /etc/veritytab, but deals
3964 with dm-integrity instead of dm-crypt/dm-verity.
3966 * The systemd-veritysetup-generator now understands a new usrhash=
3967 kernel command line option for specifying the Verity root hash for
3968 the partition backing the /usr/ file system. A matching set of
3969 systemd.verity_usr_* kernel command line options has been added as
3970 well. These all work similar to the corresponding options for the
3973 * The sd-device API gained a new API call sd_device_get_diskseq() to
3974 return the DISKSEQ property of a device structure. The "disk
3975 sequence" concept is a new feature recently introduced to the Linux
3976 kernel that allows detecting reuse cycles of block devices, i.e. can
3977 be used to recognize when loopback block devices are reused for a
3978 different purpose or CD-ROM drives get their media changed.
3980 * A new unit systemd-boot-update.service has been added. If enabled
3981 (the default) and the sd-boot loader is detected to be installed, it
3982 is automatically updated to the newest version when out of date. This
3983 is useful to ensure the boot loader remains up-to-date, and updates
3984 automatically propagate from the OS tree in /usr/.
3986 * sd-boot will now build with SBAT by default in order to facilitate
3987 working with recent versions of Shim that require it to be present.
3989 * sd-boot can now parse Microsoft Windows' Boot Configuration Data.
3990 This is used to robustly generate boot entry titles for Windows.
3992 * A new generic target unit factory-reset.target has been added. It is
3993 hooked into systemd-logind similar in fashion to
3994 reboot/poweroff/suspend/hibernate, and is supposed to be used to
3995 initiate a factory reset operation. What precisely this operation
3996 entails is up for the implementer to decide, the primary goal of the
3997 new unit is provide a framework where to plug in the implementation
3998 and how to trigger it.
4000 * A new meson build-time option 'clock-valid-range-usec-max' has been
4001 added which takes a time in µs and defaults to 15 years. If the RTC
4002 time is noticed to be more than the specified time ahead of the
4003 built-in epoch of systemd (which by default is the release timestamp
4004 of systemd) it is assumed that the RTC is not working correctly, and
4005 the RTC is reset to the epoch. (It already is reset to the epoch when
4006 noticed to be before it.) This should increase the chance that time
4007 doesn't accidentally jump too far ahead due to faulty hardware or
4010 * A new setting SaveIntervalSec= has been added to systemd-timesyncd,
4011 which may be used to automatically save the current system time to
4012 disk in regular intervals. This is useful to maintain a roughly
4013 monotonic clock even without RTC hardware and with some robustness
4014 against abnormal system shutdown.
4016 * systemd-analyze verify gained support for a pair of new --image= +
4017 --root= switches for verifying units below a specific root
4018 directory/image instead of on the host.
4020 * systemd-analyze verify gained support for verifying unit files under
4021 an explicitly specified unit name, independently of what the filename
4024 * systemd-analyze verify gained a new switch --recursive-errors= which
4025 controls whether to only fail on errors found in the specified units
4026 or recursively any dependent units.
4028 * systemd-analyze security now supports a new --offline mode for
4029 analyzing unit files stored on disk instead of loaded units. It may
4030 be combined with --root=/--image to analyze unit files under a root
4031 directory or disk image. It also learnt a new --threshold= parameter
4032 for specifying an exposure level threshold: if the exposure level
4033 exceeds the specified value the call will fail. It also gained a new
4034 --security-policy= switch for configuring security policies to
4035 enforce on the units. A policy is a JSON file that lists which tests
4036 shall be weighted how much to determine the overall exposure
4037 level. Altogether these new features are useful for fully automatic
4038 analysis and enforcement of security policies on unit files.
4040 * systemd-analyze security gain a new --json= switch for JSON output.
4042 * systemd-analyze learnt a new --quiet switch for reducing
4043 non-essential output. It's honored by the "dot", "syscall-filter",
4044 "filesystems" commands.
4046 * systemd-analyze security gained a --profile= option that can be used
4047 to take into account a portable profile when analyzing portable
4048 services, since a lot of the security-related settings are enabled
4051 * systemd-analyze learnt a new inspect-elf verb that parses ELF core
4052 files, binaries and executables and prints metadata information,
4053 including the build-id and other info described on:
4054 https://systemd.io/COREDUMP_PACKAGE_METADATA/
4056 * .network files gained a new UplinkInterface= in the [IPv6SendRA]
4057 section, for automatically propagating DNS settings from other
4060 * The static lease DHCP server logic in systemd-networkd may now serve
4061 IP addresses outside of the configured IP pool range for the server.
4063 * CAN support in systemd-networkd gained four new settings Loopback=,
4064 OneShot=, PresumeAck=, ClassicDataLengthCode= for tweaking CAN
4065 control modes. It gained a number of further settings for tweaking
4068 * The [CAN] section in .network file gained new TimeQuantaNSec=,
4069 PropagationSegment=, PhaseBufferSegment1=, PhaseBufferSegment2=,
4070 SyncJumpWidth=, DataTimeQuantaNSec=, DataPropagationSegment=,
4071 DataPhaseBufferSegment1=, DataPhaseBufferSegment2=, and
4072 DataSyncJumpWidth= settings to control bit-timing processed by the
4075 * DHCPv4 client support in systemd-networkd learnt a new Label= option
4076 for configuring the address label to apply to configure IPv4
4079 * The [IPv6AcceptRA] section of .network files gained support for a new
4080 UseMTU= setting that may be used to control whether to apply the
4081 announced MTU settings to the local interface.
4083 * The [DHCPv4] section in .network file gained a new Use6RD= boolean
4084 setting to control whether the DHCPv4 client request and process the
4087 * The [DHCPv6PrefixDelegation] section in .network file is renamed to
4088 [DHCPPrefixDelegation], as now the prefix delegation is also supported
4089 with DHCPv4 protocol by enabling the Use6RD= setting.
4091 * The [DHCPPrefixDelegation] section in .network file gained a new
4092 setting UplinkInterface= to specify the upstream interface.
4094 * The [DHCPv6] section in .network file gained a new setting
4095 UseDelegatedPrefix= to control whether the delegated prefixes will be
4096 propagated to the downstream interfaces.
4098 * The [IPv6AcceptRA] section of .network files now understands two new
4099 settings UseGateway=/UseRoutePrefix= for explicitly configuring
4100 whether to use the relevant fields from the IPv6 Router Advertisement
4103 * The ForceDHCPv6PDOtherInformation= setting in the [DHCPv6] section
4104 has been removed. Please use the WithoutRA= and UseDelegatedPrefix=
4105 settings in the [DHCPv6] section and the DHCPv6Client= setting in the
4106 [IPv6AcceptRA] section to control when the DHCPv6 client is started
4107 and how the delegated prefixes are handled by the DHCPv6 client.
4109 * The IPv6Token= section in the [Network] section is deprecated, and
4110 the [IPv6AcceptRA] section gained the Token= setting for its
4111 replacement. The [IPv6Prefix] section also gained the Token= setting.
4112 The Token= setting gained 'eui64' mode to explicitly configure an
4113 address with the EUI64 algorithm based on the interface MAC address.
4114 The 'prefixstable' mode can now optionally take a secret key. The
4115 Token= setting in the [DHCPPrefixDelegation] section now supports all
4116 algorithms supported by the same settings in the other sections.
4118 * The [RoutingPolicyRule] section of .network file gained a new
4119 SuppressInterfaceGroup= setting.
4121 * The IgnoreCarrierLoss= setting in the [Network] section of .network
4122 files now allows a duration to be specified, controlling how long to
4123 wait before reacting to carrier loss.
4125 * The [DHCPServer] section of .network file gained a new Router=
4126 setting to specify the router address.
4128 * The [CAKE] section of .network files gained various new settings
4129 AutoRateIngress=, CompensationMode=, FlowIsolationMode=, NAT=,
4130 MPUBytes=, PriorityQueueingPreset=, FirewallMark=, Wash=, SplitGSO=,
4131 and UseRawPacketSize= for configuring CAKE.
4133 * systemd-networkd now ships with new default .network files:
4134 80-container-vb.network which matches host-side network bridge device
4135 created by systemd-nspawn's --network-bridge or --network-zone
4136 switch, and 80-6rd-tunnel.network which matches automatically created
4137 sit tunnel with 6rd prefix when the DHCP 6RD option is received.
4139 * systemd-networkd's handling of Endpoint= resolution for WireGuard
4140 interfaces has been improved.
4142 * systemd-networkd will now automatically configure routes to addresses
4143 specified in AllowedIPs=. This feature can be controlled via
4144 RouteTable= and RouteMetric= settings in [WireGuard] or
4145 [WireGuardPeer] sections.
4147 * systemd-networkd will now once again automatically generate persistent
4148 MAC addresses for batadv and bridge interfaces. Users can disable this
4149 by using MACAddress=none in .netdev files.
4151 * systemd-networkd and systemd-udevd now support IP over InfiniBand
4152 interfaces. The Kind= setting in .netdev file accepts "ipoib". And
4153 systemd.netdev files gained the [IPoIB] section.
4155 * systemd-networkd and systemd-udevd now support net.ifname_policy=
4156 option on the kernel command-line. This is implemented through the
4157 systemd-network-generator service that automatically generates
4158 appropriate .link, .network, and .netdev files.
4160 * The various systemd-udevd "ethtool" buffer settings now understand
4161 the special value "max" to configure the buffers to the maximum the
4164 * systemd-udevd's .link files may now configure a large variety of
4165 NIC coalescing settings, plus more hardware offload settings.
4167 * .link files gained a new WakeOnLanPassword= setting in the [Link]
4168 section that allows to specify a WoL "SecureOn" password on hardware
4171 * systemd-nspawn's --setenv= switch now supports an additional syntax:
4172 if only a variable name is specified (i.e. without being suffixed by
4173 a '=' character and a value) the current value of the environment
4174 variable is propagated to the container. e.g. --setenv=FOO will
4175 lookup the current value of $FOO in the environment, and pass it down
4176 to the container. Similar behavior has been added to homectl's,
4177 machinectl's and systemd-run's --setenv= switch.
4179 * systemd-nspawn gained a new switch --suppress-sync= which may be used
4180 to optionally suppress the effect of the sync()/fsync()/fdatasync()
4181 system calls for the container payload. This is useful for build
4182 system environments where safety against abnormal system shutdown is
4183 not essential as all build artifacts can be regenerated any time, but
4184 the performance win is beneficial.
4186 * systemd-nspawn will now raise the RLIMIT_NOFILE hard limit to the
4187 same value that PID 1 uses for most forked off processes.
4189 * systemd-nspawn's --bind=/--bind-ro= switches now optionally take
4190 uidmap/nouidmap options as last parameter. If "uidmap" is used the
4191 bind mounts are created with UID mapping taking place that ensures
4192 the host's file ownerships are mapped 1:1 to container file
4193 ownerships, even if user namespacing is used. This way
4194 files/directories bound into containers will no longer show up as
4195 owned by the nobody user as they typically did if no special care was
4196 taken to shift them manually.
4198 * When discovering Windows installations sd-boot will now attempt to
4199 show the Windows version.
4201 * The color scheme to use in sd-boot may now be configured at
4204 * sd-boot gained the ability to change screen resolution during
4205 boot-time, by hitting the "r" key. This will cycle through available
4206 resolutions and save the last selection.
4208 * sd-boot learnt a new hotkey "f". When pressed the system will enter
4209 firmware setup. This is useful in environments where it is difficult
4210 to hit the right keys early enough to enter the firmware, and works
4211 on any firmware regardless which key it natively uses.
4213 * sd-boot gained support for automatically booting into the menu item
4214 selected on the last boot (using the "@saved" identifier for menu
4217 * sd-boot gained support for automatically loading all EFI drivers
4218 placed in the /EFI/systemd/drivers/ subdirectory of the EFI System
4219 Partition (ESP). These drivers are loaded before the menu entries are
4220 loaded. This is useful e.g. to load additional file system drivers
4221 for the XBOOTLDR partition.
4223 * systemd-boot will now paint the input cursor on its own instead of
4224 relying on the firmware to do so, increasing compatibility with broken
4225 firmware that doesn't make the cursor reasonably visible.
4227 * sd-boot now embeds a .osrel PE section like we expect from Boot
4228 Loader Specification Type #2 Unified Kernels. This means sd-boot
4229 itself may be used in place of a Type #2 Unified Kernel. This is
4230 useful for debugging purposes as it allows chain-loading one a
4231 (development) sd-boot instance from another.
4233 * sd-boot now supports a new "devicetree" field in Boot Loader
4234 Specification Type #1 entries: if configured the specified device
4235 tree file is installed before the kernel is invoked. This is useful
4236 for installing/applying new devicetree files without updating the
4239 * Similarly, sd-stub now can read devicetree data from a PE section
4240 ".dtb" and apply it before invoking the kernel.
4242 * sd-stub (the EFI stub that can be glued in front of a Linux kernel)
4243 gained the ability to pick up credentials and sysext files, wrap them
4244 in a cpio archive, and pass as an additional initrd to the invoked
4245 Linux kernel, in effect placing those files in the /.extra/ directory
4246 of the initrd environment. This is useful to implement trusted initrd
4247 environments which are fully authenticated but still can be extended
4248 (via sysexts) and parameterized (via encrypted/authenticated
4249 credentials, see above).
4251 Credentials can be located next to the kernel image file (credentials
4252 specific to a single boot entry), or in one of the shared directories
4253 (credentials applicable to multiple boot entries).
4255 * sd-stub now comes with a full man page, that explains its feature set
4256 and how to combine a kernel image, an initrd and the stub to build a
4257 complete EFI unified kernel image, implementing Boot Loader
4258 Specification Type #2.
4260 * sd-stub may now provide the initrd to the executed kernel via the
4261 LINUX_EFI_INITRD_MEDIA_GUID EFI protocol, adding compatibility for
4262 non-x86 architectures.
4264 * bootctl learnt new set-timeout and set-timeout-oneshot commands that
4265 may be used to set the boot menu time-out of the boot loader (for all
4266 or just the subsequent boot).
4268 * bootctl and kernel-install will now read variables
4269 KERNEL_INSTALL_LAYOUT= from /etc/machine-info and layout= from
4270 /etc/kernel/install.conf. When set, it specifies the layout to use
4271 for installation directories on the boot partition, so that tools
4272 don't need to guess it based on the already-existing directories. The
4273 only value that is defined natively is "bls", corresponding to the
4275 https://systemd.io/BOOT_LOADER_SPECIFICATION/. Plugins for
4276 kernel-install that implement a different layout can declare other
4277 values for this variable.
4279 'bootctl install' will now write KERNEL_INSTALL_LAYOUT=bls, on the
4280 assumption that if the user installed sd-boot to the ESP, they intend
4281 to use the entry layout understood by sd-boot. It'll also write
4282 KERNEL_INSTALL_MACHINE_ID= if it creates any directories using the ID
4283 (and it wasn't specified in the config file yet). Similarly,
4284 kernel-install will now write KERNEL_INSTALL_MACHINE_ID= (if it
4285 wasn't specified in the config file yet). Effectively, those changes
4286 mean that the machine-id used for boot loader entry installation is
4287 "frozen" upon first use and becomes independent of the actual
4290 Configuring KERNEL_INSTALL_MACHINE_ID fixes the following problem:
4291 images created for distribution ("golden images") are built with no
4292 machine-id, so that a unique machine-id can be created on the first
4293 boot. But those images may contain boot loader entries with the
4294 machine-id used during build included in paths. Using a "frozen"
4295 value allows unambiguously identifying entries that match the
4296 specific installation, while still permitting parallel installations
4299 Configuring KERNEL_INSTALL_LAYOUT obviates the need for
4300 kernel-install to guess the installation layout. This fixes the
4301 problem where a (possibly empty) directory in the boot partition is
4302 created from a different layout causing kernel-install plugins to
4303 assume the wrong layout. A particular example of how this may happen
4304 is the grub2 package in Fedora which includes directories under /boot
4305 directly in its file list. Various other packages pull in grub2 as a
4306 dependency, so it may be installed even if unused, breaking
4307 installations that use the bls layout.
4309 * bootctl and systemd-bless-boot can now be linked statically.
4311 * systemd-sysext now optionally doesn't insist on extension-release.d/
4312 files being placed in the image under the image's file name. If the
4313 file system xattr user.extension-release.strict is set on the
4314 extension release file, it is accepted regardless of its name. This
4315 relaxes security restrictions a bit, as system extension may be
4316 attached under a wrong name this way.
4318 * udevadm's test-builtin command learnt a new --action= switch for
4319 testing the built-in with the specified action (in place of the
4322 * udevadm info gained new switches --property=/--value for showing only
4323 specific udev properties/values instead of all.
4325 * A new hwdb database has been added that contains matches for various
4326 types of signal analyzers (protocol analyzers, logic analyzers,
4327 oscilloscopes, multimeters, bench power supplies, etc.) that should
4328 be accessible to regular users.
4330 * A new hwdb database entry has been added that carries information
4331 about types of cameras (regular or infrared), and in which direction
4332 they point (front or back).
4334 * A new rule to allow console users access to rfkill by default has been
4337 * Device nodes for the Software Guard eXtension enclaves (sgx_vepc) are
4338 now also owned by the system group "sgx".
4340 * A new build-time meson option "extra-net-naming-schemes=" has been
4341 added to define additional naming schemes for udev's network
4342 interface naming logic. This is useful for enterprise distributions
4343 and similar which want to pin the schemes of certain distribution
4344 releases under a specific name and previously had to patch the
4345 sources to introduce new named schemes.
4347 * The predictable naming logic for network interfaces has been extended
4348 to generate stable names from Xen netfront device information.
4350 * hostnamed's chassis property can now be sourced from chassis-type
4351 field encoded in devicetree (in addition to the existing DMI
4354 * systemd-cgls now optionally displays cgroup IDs and extended
4355 attributes for each cgroup. (Controllable via the new --xattr= +
4356 --cgroup-id= switches.)
4358 * coredumpctl gained a new --all switch for operating on all
4359 Journal files instead of just the local ones.
4361 * systemd-coredump will now use libdw/libelf via dlopen() rather than
4362 directly linking, allowing users to easily opt-out of backtrace/metadata
4363 analysis of core files, and reduce image sizes when this is not needed.
4365 * systemd-coredump will now analyze core files with libdw/libelf in a
4366 forked, sandboxed process.
4368 * systemd-homed will now try to unmount an activate home area in
4369 regular intervals once the user logged out fully. Previously this was
4370 attempted exactly once but if the home directory was busy for some
4371 reason it was not tried again.
4373 * systemd-homed's LUKS2 home area backend will now create a BSD file
4374 system lock on the image file while the home area is active
4375 (i.e. mounted). If a home area is found to be locked, logins are
4376 politely refused. This should improve behavior when using home areas
4377 images that are accessible via the network from multiple clients, and
4378 reduce the chance of accidental file system corruption in that case.
4380 * Optionally, systemd-homed will now drop the kernel buffer cache once
4381 a user has fully logged out, configurable via the new --drop-caches=
4384 * systemd-homed now makes use of UID mapped mounts for the home areas.
4385 If the kernel and used file system support it, files are now
4386 internally owned by the "nobody" user (i.e. the user typically used
4387 for indicating "this ownership is not mapped"), and dynamically
4388 mapped to the UID used locally on the system via the UID mapping
4389 mount logic of recent kernels. This makes migrating home areas
4390 between different systems cheaper because recursively chown()ing file
4391 system trees is no longer necessary.
4393 * systemd-homed's CIFS backend now optionally supports CIFS service
4394 names with a directory suffix, in order to place home directories in
4395 a subdirectory of a CIFS share, instead of the top-level directory.
4397 * systemd-homed's CIFS backend gained support for specifying additional
4398 mount options in the JSON user record (cifsExtraMountOptions field,
4399 and --cifs-extra-mount-options= homectl switch). This is for example
4400 useful for configuring mount options such as "noserverino" that some
4401 SMB3 services require (use that to run a homed home directory from a
4402 FritzBox SMB3 share this way).
4404 * systemd-homed will now default to btrfs' zstd compression for home
4405 areas. This is inspired by Fedora's recent decision to switch to zstd
4408 * Additional mount options to use when mounting the file system of
4409 LUKS2 volumes in systemd-homed has been added. Via the
4410 $SYSTEMD_HOME_MOUNT_OPTIONS_BTRFS, $SYSTEMD_HOME_MOUNT_OPTIONS_EXT4,
4411 $SYSTEMD_HOME_MOUNT_OPTIONS_XFS environment variables to
4412 systemd-homed or via the luksExtraMountOptions user record JSON
4413 property. (Exposed via homectl --luks-extra-mount-options)
4415 * homectl's resize command now takes the special size specifications
4416 "min" and "max" to shrink/grow the home area to the minimum/maximum
4417 size possible, taking disk usage/space constraints and file system
4418 limitations into account. Resizing is now generally graceful: the
4419 logic will try to get as close to the specified size as possible, but
4420 not consider it a failure if the request couldn't be fulfilled
4423 * systemd-homed gained the ability to automatically shrink home areas
4424 on logout to their minimal size and grow them again on next
4425 login. This ensures that while inactive, a home area only takes up
4426 the minimal space necessary, but once activated, it provides
4427 sufficient space for the user's needs. This behavior is only
4428 supported if btrfs is used as file system inside the home area
4429 (because only for btrfs online growing/shrinking is implemented in
4430 the kernel). This behavior is now enabled by default, but may be
4431 controlled via the new --auto-resize-mode= setting of homectl.
4433 * systemd-homed gained support for automatically re-balancing free disk
4434 space among active home areas, in case the LUKS2 backends are used,
4435 and no explicit disk size was requested. This way disk space is
4436 automatically managed and home areas resized in regular intervals and
4437 manual resizing when disk space becomes scarce should not be
4438 necessary anymore. This behavior is only supported if btrfs is used
4439 within the home areas (as only then online shrinking and growing is
4440 supported), and may be configured via the new rebalanceWeight JSON
4441 user record field (as exposed via the new --rebalance-weight= homectl
4442 setting). Re-balancing is mostly automatic, but can also be requested
4443 explicitly via "homectl rebalance", which is synchronous, and thus
4444 may be used to wait until the rebalance run is complete.
4446 * userdbctl gained a --json= switch for configured the JSON formatting
4447 to use when outputting user or group records.
4449 * userdbctl gained a new --multiplexer= switch for explicitly
4450 configuring whether to use the systemd-userdbd server side user
4451 record resolution logic.
4453 * userdbctl's ssh-authorized-keys command learnt a new --chain switch,
4454 for chaining up another command to execute after completing the
4455 look-up. Since the OpenSSH's AuthorizedKeysCommand only allows
4456 configuration of a single command to invoke, this maybe used to
4457 invoke multiple: first userdbctl's own implementation, and then any
4458 other also configured in the command line.
4460 * The sd-event API gained a new function sd_event_add_inotify_fd() that
4461 is similar to sd_event_add_inotify() but accepts a file descriptor
4462 instead of a path in the file system for referencing the inode to
4465 * The sd-event API gained a new function
4466 sd_event_source_set_ratelimit_expire_callback() that may be used to
4467 define a callback function that is called whenever an event source
4468 leaves the rate limiting phase.
4470 * New documentation has been added explaining which steps are necessary
4471 to port systemd to a new architecture:
4473 https://systemd.io/PORTING_TO_NEW_ARCHITECTURES
4475 * The x-systemd.makefs option in /etc/fstab now explicitly supports
4476 ext2, ext3, and f2fs file systems.
4478 * Mount units and units generated from /etc/fstab entries with 'noauto'
4479 are now ordered the same as other units. Effectively, they will be
4480 started earlier (if something actually pulled them in) and stopped
4481 later, similarly to normal mount units that are part of
4482 fs-local.target. This change should be invisible to users, but
4483 should prevent those units from being stopped too early during
4486 * The systemd-getty-generator now honors a new kernel command line
4487 argument systemd.getty_auto= and a new environment variable
4488 $SYSTEMD_GETTY_AUTO that allows turning it off at boot. This is for
4489 example useful to turn off gettys inside of containers or similar
4492 * systemd-resolved now listens on a second DNS stub address: 127.0.0.54
4493 (in addition to 127.0.0.53, as before). If DNS requests are sent to
4494 this address they are propagated in "bypass" mode only, i.e. are
4495 almost not processed locally, but mostly forwarded as-is to the
4496 current upstream DNS servers. This provides a stable DNS server
4497 address that proxies all requests dynamically to the right upstream
4498 DNS servers even if these dynamically change. This stub does not do
4499 mDNS/LLMNR resolution. However, it will translate look-ups to
4500 DNS-over-TLS if necessary. This new stub is particularly useful in
4501 container/VM environments, or for tethering setups: use DNAT to
4502 redirect traffic to any IP address to this stub.
4504 * systemd-importd now honors new environment variables
4505 $SYSTEMD_IMPORT_BTRFS_SUBVOL, $SYSTEMD_IMPORT_BTRFS_QUOTA,
4506 $SYSTEMD_IMPORT_SYNC, which may be used disable btrfs subvolume
4507 generation, btrfs quota setup and disk synchronization.
4509 * systemd-importd and systemd-resolved can now be optionally built with
4510 OpenSSL instead of libgcrypt.
4512 * systemd-repart no longer requires OpenSSL.
4514 * systemd-sysusers will no longer create the redundant 'nobody' group
4515 by default, as the 'nobody' user is already created with an
4516 appropriate primary group.
4518 * If a unit uses RuntimeMaxSec, systemctl show will now display it.
4520 * systemctl show-environment gained support for --output=json.
4522 * pam_systemd will now first try to use the X11 abstract socket, and
4523 fallback to the socket file in /tmp/.X11-unix/ only if that does not
4526 * systemd-journald will no longer go back to volatile storage
4527 regardless of configuration when its unit is restarted.
4529 * Initial support for the LoongArch architecture has been added (system
4530 call lists, GPT partition table UUIDs, etc).
4532 * systemd-journald's own logging messages are now also logged to the
4533 journal itself when systemd-journald logs to /dev/kmsg.
4535 * systemd-journald now re-enables COW for archived journal files on
4536 filesystems that support COW. One benefit of this change is that
4537 archived journal files will now get compressed on btrfs filesystems
4538 that have compression enabled.
4540 * systemd-journald now deduplicates fields in a single log message
4541 before adding it to the journal. In archived journal files, it will
4542 also punch holes for unused parts and truncate the file as
4543 appropriate, leading to reductions in disk usage.
4545 * journalctl --verify was extended with more informative error
4548 * More of sd-journal's functions are now resistant against journal file
4551 * The shutdown command learnt a new option --show, to display the
4554 * A LICENSES/ directory is now included in the git tree. It contains a
4555 README.md file that explains the licenses used by source files in
4556 this repository. It also contains the text of all applicable
4557 licenses as they appear on spdx.org.
4559 Contributions from: Aakash Singh, acsfer, Adolfo Jayme Barrientos,
4560 Adrian Vovk, Albert Brox, Alberto Mardegan, Alexander Kanavin,
4561 alexlzhu, Alfonso Sánchez-Beato, Alvin Šipraga, Alyssa Ross,
4562 Amir Omidi, Anatol Pomozov, Andika Triwidada, Andreas Rammhold,
4563 Andreas Valder, Andrej Lajovic, Andrew Soutar, Andrew Stone, Andy Chi,
4564 Anita Zhang, Anssi Hannula, Antonio Alvarez Feijoo,
4565 Antony Deepak Thomas, Arnaud Ferraris, Arvid E. Picciani,
4566 Bastien Nocera, Benjamin Berg, Benjamin Herrenschmidt, Ben Stockett,
4567 Bogdan Seniuc, Boqun Feng, Carl Lei, chlorophyll-zz, Chris Packham,
4568 Christian Brauner, Christian Göttsche, Christian Wehrli,
4569 Christoph Anton Mitterer, Cristian Rodríguez, Daan De Meyer,
4570 Daniel Maixner, Dann Frazier, Dan Streetman, Davide Cavalca,
4571 David Seifert, David Tardon, dependabot[bot], Dimitri John Ledkov,
4572 Dimitri Papadopoulos, Dimitry Ishenko, Dmitry Khlebnikov,
4573 Dominique Martinet, duament, Egor, Egor Ignatov, Emil Renner Berthing,
4574 Emily Gonyer, Ettore Atalan, Evgeny Vereshchagin, Florian Klink,
4575 Franck Bui, Frantisek Sumsal, Geass-LL, Gibeom Gwon, GnunuX,
4576 Gogo Gogsi, gregzuro, Greg Zuro, Gustavo Costa, Hans de Goede,
4577 Hela Basa, Henri Chain, hikigaya58, Hugo Carvalho,
4578 Hugo Osvaldo Barrera, Iago Lopez Galeiras, Iago López Galeiras,
4579 I-dont-need-name, igo95862, Jack Dähn, James Hilliard, Jan Janssen,
4580 Jan Kuparinen, Jan Macku, Jan Palus, Jarkko Sakkinen, Jayce Fayne,
4581 jiangchuangang, jlempen, John Lindgren, Jonas Dreßler, Jonas Jelten,
4582 Jonas Witschel, Joris Hartog, José Expósito, Julia Kartseva,
4583 Kai-Heng Feng, Kai Wohlfahrt, Kay Siver Bø, KennthStailey,
4584 Kevin Kuehler, Kevin Orr, Khem Raj, Kristian Klausen, Kyle Laker,
4585 lainahai, LaserEyess, Lennart Poettering, Lia Lenckowski, longpanda,
4586 Luca Boccassi, Luca BRUNO, Ludwig Nussel, Lukas Senionis,
4587 Maanya Goenka, Maciek Borzecki, Marcel Menzel, Marco Scardovi,
4588 Marcus Harrison, Mark Boudreau, Matthijs van Duin, Mauricio Vásquez,
4589 Maxime de Roucy, Max Resch, MertsA, Michael Biebl, Michael Catanzaro,
4590 Michal Koutný, Michal Sekletár, Miika Karanki, Mike Gilbert,
4591 Milo Turner, ml, monosans, Nacho Barrientos, nassir90, Nishal Kulkarni,
4592 nl6720, Ondrej Kozina, Paulo Neves, Pavel Březina, pedro martelletto,
4593 Peter Hutterer, Peter Morrow, Piotr Drąg, Rasmus Villemoes, ratijas,
4594 Raul Tambre, rene, Riccardo Schirone, Robert-L-Turner, Robert Scheck,
4595 Ross Jennings, saikat0511, Scott Lamb, Scott Worley,
4596 Sergei Trofimovich, Sho Iizuka, Slava Bacherikov, Slimane Selyan Amiri,
4597 StefanBruens, Steven Siloti, svonohr, Taiki Sugawara, Takashi Sakamoto,
4598 Takuro Onoue, Thomas Blume, Thomas Haller, Thomas Mühlbacher,
4599 Tianlu Shao, Toke Høiland-Jørgensen, Tom Yan, Tony Asleson,
4600 Topi Miettinen, Ulrich Ölmann, Urs Ritzmann, Vincent Bernat,
4601 Vito Caputo, Vladimir Panteleev, WANG Xuerui, Wind/owZ, Wu Xiaotian,
4602 xdavidwu, Xiaotian Wu, xujing, yangmingtai, Yao Wei, Yao Wei (魏銘廷),
4603 Yegor Alexeyev, Yu Watanabe, Zbigniew Jędrzejewski-Szmek,
4604 Дамјан Георгиевски, наб
4606 — Warsaw, 2021-12-23
4610 * When operating on disk images via the --image= switch of various
4611 tools (such as systemd-nspawn or systemd-dissect), or when udev finds
4612 no 'root=' parameter on the kernel command line, and multiple
4613 suitable root or /usr/ partitions exist in the image, then a simple
4614 comparison inspired by strverscmp() is done on the GPT partition
4615 label, and the newest partition is picked. This permits a simple and
4616 generic whole-file-system A/B update logic where new operating system
4617 versions are dropped into partitions whose label is then updated with
4618 a matching version identifier.
4620 * systemd-sysusers now supports querying the passwords to set for the
4621 users it creates via the "credentials" logic introduced in v247: the
4622 passwd.hashed-password.<user> and passwd.plaintext-password.<user>
4623 credentials are consulted for the password to use (either in UNIX
4624 hashed form, or literally). By default these credentials are inherited
4625 down from PID1 (which in turn imports it from a container manager if
4626 there is one). This permits easy configuration of user passwords
4627 during first boot. Example:
4629 # systemd-nspawn -i foo.raw --volatile=yes --set-credential=passwd.plaintext-password.root:foo
4631 Note that systemd-sysusers operates in purely additive mode: it
4632 executes no operation if the declared users already exist, and hence
4633 doesn't set any passwords as effect of the command line above if the
4634 specified root user exists already in the image. (Note that
4635 --volatile=yes ensures it doesn't, though.)
4637 * systemd-firstboot now also supports querying various system
4638 parameters via the credential subsystems. Thus, as above this may be
4639 used to initialize important system parameters on first boot of
4640 previously unprovisioned images (i.e. images with a mostly empty
4643 * PID 1 may now show both the unit name and the unit description
4644 strings in its status output during boot. This may be configured with
4645 StatusUnitFormat=combined in system.conf or
4646 systemd.status-unit-format=combined on the kernel command line.
4648 * The systemd-machine-id-setup tool now supports a --image= switch for
4649 provisioning a machine ID file into an OS disk image, similar to how
4650 --root= operates on an OS file tree. This matches the existing switch
4651 of the same name for systemd-tmpfiles, systemd-firstboot, and
4652 systemd-sysusers tools.
4654 * Similarly, systemd-repart gained support for the --image= switch too.
4655 In combination with the existing --size= option, this makes the tool
4656 particularly useful for easily growing disk images in a single
4657 invocation, following the declarative rules included in the image
4660 * systemd-repart's partition configuration files gained support for a
4661 new switch MakeDirectories= which may be used to create arbitrary
4662 directories inside file systems that are created, before registering
4663 them in the partition table. This is useful in particular for root
4664 partitions to create mount point directories for other partitions
4665 included in the image. For example, a disk image that contains a
4666 root, /home/, and /var/ partitions, may set MakeDirectories=yes to
4667 create /home/ and /var/ as empty directories in the root file system
4668 on its creation, so that the resulting image can be mounted
4669 immediately, even in read-only mode.
4671 * systemd-repart's CopyBlocks= setting gained support for the special
4672 value "auto". If used, a suitable matching partition on the booted OS
4673 is found as source to copy blocks from. This is useful when
4674 implementing replicating installers, that are booted from one medium
4675 and then stream their own root partition onto the target medium.
4677 * systemd-repart's partition configuration files gained support for a
4678 Flags=, a ReadOnly= and a NoAuto= setting, allowing control of these
4679 GPT partition flags for the created partitions: this is useful for
4680 marking newly created partitions as read-only, or as not being
4681 subject for automatic mounting from creation on.
4683 * The /etc/os-release file has been extended with two new (optional)
4684 variables IMAGE_VERSION= and IMAGE_ID=, carrying identity and version
4685 information for OS images that are updated comprehensively and
4686 atomically as one image. Two new specifiers %M, %A now resolve to
4687 these two fields in the various configuration options that resolve
4690 * portablectl gained a new switch --extension= for enabling portable
4691 service images with extensions that follow the extension image
4692 concept introduced with v248, and thus allows layering multiple
4693 images when setting up the root filesystem of the service.
4695 * systemd-coredump will now extract ELF build-id information from
4696 processes dumping core and include it in the coredump report.
4697 Moreover, it will look for ELF .note.package sections with
4698 distribution packaging meta-information about the crashing process.
4699 This is useful to directly embed the rpm or deb (or any other)
4700 package name and version in ELF files, making it easy to match
4701 coredump reports with the specific package for which the software was
4702 compiled. This is particularly useful on environments with ELF files
4703 from multiple vendors, different distributions and versions, as is
4704 common today in our containerized and sand-boxed world. For further
4707 https://systemd.io/COREDUMP_PACKAGE_METADATA
4709 * A new udev hardware database has been added for FireWire devices
4712 * The "net_id" built-in of udev has been updated with three
4713 backwards-incompatible changes:
4715 - PCI hotplug slot names on s390 systems are now parsed as
4716 hexadecimal numbers. They were incorrectly parsed as decimal
4717 previously, or ignored if the name was not a valid decimal
4720 - PCI onboard indices up to 65535 are allowed. Previously, numbers
4721 above 16383 were rejected. This primarily impacts s390 systems,
4722 where values up to 65535 are used.
4724 - Invalid characters in interface names are replaced with "_".
4726 The new version of the net naming scheme is "v249". The previous
4727 scheme can be selected via the "net.naming_scheme=v247" kernel
4728 command line parameter.
4730 * sd-bus' sd_bus_is_ready() and sd_bus_is_open() calls now accept a
4731 NULL bus object, for which they will return false. Or in other words,
4732 an unallocated bus connection is neither ready nor open.
4734 * The sd-device API acquired a new API function
4735 sd_device_get_usec_initialized() that returns the monotonic time when
4736 the udev device first appeared in the database.
4738 * sd-device gained a new APIs sd_device_trigger_with_uuid() and
4739 sd_device_get_trigger_uuid(). The former is similar to
4740 sd_device_trigger() but returns a randomly generated UUID that is
4741 associated with the synthetic uevent generated by the call. This UUID
4742 may be read from the sd_device object a monitor eventually receives,
4743 via the sd_device_get_trigger_uuid(). This interface requires kernel
4744 4.13 or above to work, and allows tracking a synthetic uevent through
4745 the entire device management stack. The "udevadm trigger --settle"
4746 logic has been updated to make use of this concept if available to
4747 wait precisely for the uevents it generates. "udevadm trigger" also
4748 gained a new parameter --uuid that prints the UUID for each generated
4751 * sd-device also gained new APIs sd_device_new_from_ifname() and
4752 sd_device_new_from_ifindex() for allocating an sd-device object for
4753 the specified network interface. The former accepts an interface name
4754 (either a primary or an alternative name), the latter an interface
4757 * The native Journal protocol has been documented. Clients may talk
4758 this as alternative to the classic BSD syslog protocol for locally
4759 delivering log records to the Journal. The protocol has been stable
4760 for a long time and in fact been implemented already in a variety
4761 of alternative client libraries. This documentation makes the support
4764 https://systemd.io/JOURNAL_NATIVE_PROTOCOL
4766 * A new BPFProgram= setting has been added to service files. It may be
4767 set to a path to a loaded kernel BPF program, i.e. a path to a bpffs
4768 file, or a bind mount or symlink to one. This may be used to upload
4769 and manage BPF programs externally and then hook arbitrary systemd
4772 * The "home.arpa" domain that has been officially declared as the
4773 choice for domain for local home networks per RFC 8375 has been added
4774 to the default NTA list of resolved, since DNSSEC is generally not
4775 available on private domains.
4777 * The CPUAffinity= setting of unit files now resolves "%" specifiers.
4779 * A new ManageForeignRoutingPolicyRules= setting has been added to
4780 .network files which may be used to exclude foreign-created routing
4781 policy rules from systemd-networkd management.
4783 * systemd-network-wait-online gained two new switches -4 and -6 that
4784 may be used to tweak whether to wait for only IPv4 or only IPv6
4787 * .network files gained a new RequiredFamilyForOnline= setting to
4788 fine-tune whether to require an IPv4 or IPv6 address in order to
4789 consider an interface "online".
4791 * networkctl will now show an over-all "online" state in the per-link
4794 * In .network files a new OutgoingInterface= setting has been added to
4795 specify the output interface in bridge FDB setups.
4797 * In .network files the Multipath group ID may now be configured for
4798 [NextHop] entries, via the new Group= setting.
4800 * The DHCP server logic configured in .network files gained a new
4801 setting RelayTarget= that turns the server into a DHCP server relay.
4802 The RelayAgentCircuitId= and RelayAgentRemoteId= settings may be used
4803 to further tweak the DHCP relay behaviour.
4805 * The DHCP server logic also gained a new ServerAddress= setting in
4806 .network files that explicitly specifies the server IP address to
4807 use. If not specified, the address is determined automatically, as
4810 * The DHCP server logic in systemd-networkd gained support for static
4811 DHCP leases, configurable via the [DHCPServerStaticLease]
4812 section. This allows explicitly mapping specific MAC addresses to
4813 fixed IP addresses and vice versa.
4815 * The RestrictAddressFamilies= setting in service files now supports a
4816 new special value "none". If specified sockets of all address
4817 families will be made unavailable to services configured that way.
4819 * systemd-fstab-generator and systemd-repart have been updated to
4820 support booting from disks that carry only a /usr/ partition but no
4821 root partition yet, and where systemd-repart can add it in on the
4822 first boot. This is useful for implementing systems that ship with a
4823 single /usr/ file system, and whose root file system shall be set up
4824 and formatted on a LUKS-encrypted volume whose key is generated
4825 locally (and possibly enrolled in the TPM) during the first boot.
4827 * The [Address] section of .network files now accepts a new
4828 RouteMetric= setting that configures the routing metric to use for
4829 the prefix route created as effect of the address configuration.
4830 Similarly, the [DHCPv6PrefixDelegation] and [IPv6Prefix] sections
4831 gained matching settings for their prefix routes. (The option of the
4832 same name in the [DHCPv6] section is moved to [IPv6AcceptRA], since
4833 it conceptually belongs there; the old option is still understood for
4836 * The DHCPv6 IAID and DUID are now explicitly configurable in .network
4839 * A new udev property ID_NET_DHCP_BROADCAST on network interface
4840 devices is now honoured by systemd-networkd, controlling whether to
4841 issue DHCP offers via broadcasting. This is used to ensure that s390
4842 layer 3 network interfaces work out-of-the-box with systemd-networkd.
4844 * nss-myhostname and systemd-resolved will now synthesize address
4845 records for a new special hostname "_outbound". The name will always
4846 resolve to the local IP addresses most likely used for outbound
4847 connections towards the default routes. On multi-homed hosts this is
4848 useful to have a stable handle referring to "the" local IP address
4849 that matters most, to the point where this is defined.
4851 * The Discoverable Partition Specification has been updated with a new
4852 GPT partition flag "grow-file-system" defined for its partition
4853 types. Whenever partitions with this flag set are automatically
4854 mounted (i.e. via systemd-gpt-auto-generator or the --image= switch
4855 of systemd-nspawn or other tools; and as opposed to explicit mounting
4856 via /etc/fstab), the file system within the partition is
4857 automatically grown to the full size of the partition. If the file
4858 system size already matches the partition size this flag has no
4859 effect. Previously, this functionality has been available via the
4860 explicit x-systemd.growfs mount option, and this new flag extends
4861 this to automatically discovered mounts. A new GrowFileSystem=
4862 setting has been added to systemd-repart drop-in files that allows
4863 configuring this partition flag. This new flag defaults to on for
4864 partitions automatically created by systemd-repart, except if they
4865 are marked read-only. See the specification for further details:
4867 https://systemd.io/DISCOVERABLE_PARTITIONS
4869 * .network files gained a new setting RoutesToNTP= in the [DHCPv4]
4870 section. If enabled (which is the default), and an NTP server address
4871 is acquired through a DHCP lease on this interface an explicit route
4872 to this address is created on this interface to ensure that NTP
4873 traffic to the NTP server acquired on an interface is also routed
4874 through that interface. The pre-existing RoutesToDNS= setting that
4875 implements the same for DNS servers is now enabled by default.
4877 * A pair of service settings SocketBindAllow= + SocketBindDeny= have
4878 been added that may be used to restrict the network interfaces
4879 sockets created by the service may be bound to. This is implemented
4882 * A new ConditionFirmware= setting has been added to unit files to
4883 conditionalize on certain firmware features. At the moment it may
4884 check whether running on a UEFI system, a device.tree system, or if
4885 the system is compatible with some specified device-tree feature.
4887 * A new ConditionOSRelease= setting has been added to unit files to
4888 check os-release(5) fields. The "=", "!=", "<", "<=", ">=", ">"
4889 operators may be used to check if some field has some specific value
4890 or do an alphanumerical comparison. Equality comparisons are useful
4891 for fields like ID, but relative comparisons for fields like
4892 VERSION_ID or IMAGE_VERSION.
4894 * hostnamed gained a new Describe() D-Bus method that returns a JSON
4895 serialization of the host data it exposes. This is exposed via
4896 "hostnamectl --json=" to acquire a host identity description in JSON.
4897 It's our intention to add a similar features to most services and
4898 objects systemd manages, in order to simplify integration with
4899 program code that can consume JSON.
4901 * Similarly, networkd gained a Describe() method on its Manager and
4902 Link bus objects. This is exposed via "networkctl --json=".
4904 * hostnamectl's various "get-xyz"/"set-xyz" verb pairs
4905 (e.g. "hostnamectl get-hostname", "hostnamectl "set-hostname") have
4906 been replaced by a single "xyz" verb (e.g. "hostnamectl hostname")
4907 that is used both to get the value (when no argument is given), and
4908 to set the value (when an argument is specified). The old names
4909 continue to be supported for compatibility.
4911 * systemd-detect-virt and ConditionVirtualization= are now able to
4912 correctly identify Amazon EC2 environments.
4914 * The LogLevelMax= setting of unit files now applies not only to log
4915 messages generated *by* the service, but also to log messages
4916 generated *about* the service by PID 1. To suppress logs concerning a
4917 specific service comprehensively, set this option to a high log
4920 * bootctl gained support for a new --make-machine-id-directory= switch
4921 that allows precise control on whether to create the top-level
4922 per-machine directory in the boot partition that typically contains
4923 Type 1 boot loader entries.
4925 * During build SBAT data to include in the systemd-boot EFI PE binaries
4926 may be specified now.
4928 * /etc/crypttab learnt a new option "headless". If specified any
4929 requests to query the user interactively for passwords or PINs will
4930 be skipped. This is useful on systems that are headless, i.e. where
4931 an interactive user is generally not present.
4933 * /etc/crypttab also learnt a new option "password-echo=" that allows
4934 configuring whether the encryption password prompt shall echo the
4935 typed password and if so, do so literally or via asterisks. (The
4936 default is the same behaviour as before: provide echo feedback via
4939 * FIDO2 support in systemd-cryptenroll/systemd-cryptsetup and
4940 systemd-homed has been updated to allow explicit configuration of the
4941 "user presence" and "user verification" checks, as well as whether a
4942 PIN is required for authentication, via the new switches
4943 --fido2-with-user-presence=, --fido2-with-user-verification=,
4944 --fido2-with-client-pin= to systemd-cryptenroll and homectl. Which
4945 features are available, and may be enabled or disabled depends on the
4948 * systemd-nspawn's --private-user= switch now accepts the special value
4949 "identity" which configures a user namespacing environment with an
4950 identity mapping of 65535 UIDs. This means the container UID 0 is
4951 mapped to the host UID 0, and the UID 1 to host UID 1. On first look
4952 this doesn't appear to be useful, however it does reduce the attack
4953 surface a bit, since the resulting container will possess process
4954 capabilities only within its namespace and not on the host.
4956 * systemd-nspawn's --private-user-chown switch has been replaced by a
4957 more generic --private-user-ownership= switch that accepts one of
4958 three values: "chown" is equivalent to the old --private-user-chown,
4959 and "off" is equivalent to the absence of the old switch. The value
4960 "map" uses the new UID mapping mounts of Linux 5.12 to map ownership
4961 of files and directories of the underlying image to the chosen UID
4962 range for the container. "auto" is equivalent to "map" if UID mapping
4963 mount are supported, otherwise it is equivalent to "chown". The short
4964 -U switch systemd-nspawn now implies --private-user-ownership=auto
4965 instead of the old --private-user-chown. Effectively this means: if
4966 the backing file system supports UID mapping mounts the feature is
4967 now used by default if -U is used. Generally, it's a good idea to use
4968 UID mapping mounts instead of recursive chown()ing, since it allows
4969 running containers off immutable images (since no modifications of
4970 the images need to take place), and share images between multiple
4971 instances. Moreover, the recursive chown()ing operation is slow and
4972 can be avoided. Conceptually it's also a good thing if transient UID
4973 range uses do not leak into persistent file ownership anymore. TLDR:
4974 finally, the last major drawback of user namespacing has been
4975 removed, and -U should always be used (unless you use btrfs, where
4976 UID mapped mounts do not exist; or your container actually needs
4977 privileges on the host).
4979 * nss-systemd now synthesizes user and group shadow records in addition
4980 to the main user and group records. Thus, hashed passwords managed by
4981 systemd-homed are now accessible via the shadow database.
4983 * The userdb logic (and thus nss-systemd, and so on) now read
4984 additional user/group definitions in JSON format from the drop-in
4985 directories /etc/userdb/, /run/userdb/, /run/host/userdb/ and
4986 /usr/lib/userdb/. This is a simple and powerful mechanism for making
4987 additional users available to the system, with full integration into
4988 NSS including the shadow databases. Since the full JSON user/group
4989 record format is supported this may also be used to define users with
4990 resource management settings and other runtime settings that
4991 pam_systemd and systemd-logind enforce at login.
4993 * The userdbctl tool gained two new switches --with-dropin= and
4994 --with-varlink= which can be used to fine-tune the sources used for
4995 user database lookups.
4997 * systemd-nspawn gained a new switch --bind-user= for binding a host
4998 user account into the container. This does three things: the user's
4999 home directory is bind mounted from the host into the container,
5000 below the /run/userdb/home/ hierarchy. A free UID is picked in the
5001 container, and a user namespacing UID mapping to the host user's UID
5002 installed. And finally, a minimal JSON user and group record (along
5003 with its hashed password) is dropped into /run/host/userdb/. These
5004 records are picked up automatically by the userdb drop-in logic
5005 describe above, and allow the user to login with the same password as
5006 on the host. Effectively this means: if host and container run new
5007 enough systemd versions making a host user available to the container
5008 is trivially simple.
5010 * systemd-journal-gatewayd now supports the switches --user, --system,
5011 --merge, --file= that are equivalent to the same switches of
5012 journalctl, and permit exposing only the specified subset of the
5015 * The OnFailure= dependency between units is now augmented with a
5016 implicit reverse dependency OnFailureOf= (this new dependency cannot
5017 be configured directly it's only created as effect of an OnFailure=
5018 dependency in the reverse order — it's visible in "systemctl show"
5019 however). Similar, Slice= now has an reverse dependency SliceOf=,
5020 that is also not configurable directly, but useful to determine all
5021 units that are members of a slice.
5023 * A pair of new dependency types between units PropagatesStopTo= +
5024 StopPropagatedFrom= has been added, that allows propagation of unit
5025 stop events between two units. It operates similar to the existing
5026 PropagatesReloadTo= + ReloadPropagatedFrom= dependencies.
5028 * A new dependency type OnSuccess= has been added (plus the reverse
5029 dependency OnSuccessOf=, which cannot be configured directly, but
5030 exists only as effect of the reverse OnSuccess=). It is similar to
5031 OnFailure=, but triggers in the opposite case: when a service exits
5032 cleanly. This allows "chaining up" of services where one or more
5033 services are started once another service has successfully completed.
5035 * A new dependency type Upholds= has been added (plus the reverse
5036 dependency UpheldBy=, which cannot be configured directly, but exists
5037 only as effect of Upholds=). This dependency type is a stronger form
5038 of Wants=: if a unit has an UpHolds= dependency on some other unit
5039 and the former is active then the latter is started whenever it is
5040 found inactive (and no job is queued for it). This is an alternative
5041 to Restart= inside service units, but less configurable, and the
5042 request to uphold a unit is not encoded in the unit itself but in
5043 another unit that intends to uphold it.
5045 * The systemd-ask-password tool now also supports reading passwords
5046 from the credentials subsystem, via the new --credential= switch.
5048 * The systemd-ask-password tool learnt a new switch --emoji= which may
5049 be used to explicit control whether the lock and key emoji (🔐) is
5050 shown in the password prompt on suitable TTYs.
5052 * The --echo switch of systemd-ask-password now optionally takes a
5053 parameter that controls character echo. It may either show asterisks
5054 (default, as before), turn echo off entirely, or echo the typed
5055 characters literally.
5057 * The systemd-ask-password tool also gained a new -n switch for
5058 suppressing output of a trailing newline character when writing the
5059 acquired password to standard output, similar to /bin/echo's -n
5062 * New documentation has been added that describes the organization of
5063 the systemd source code tree:
5065 https://systemd.io/ARCHITECTURE
5067 * Units using ConditionNeedsUpdate= will no longer be activated in
5070 * It is now possible to list a template unit in the WantedBy= or
5071 RequiredBy= settings of the [Install] section of another template
5072 unit, which will be instantiated using the same instance name.
5074 * A new MemoryAvailable property is available for units. If the unit,
5075 or the slices it is part of, have a memory limit set via MemoryMax=/
5076 MemoryHigh=, MemoryAvailable will indicate how much more memory the
5077 unit can claim before hitting the limits.
5079 * systemd-coredump will now try to stay below the cgroup memory limit
5080 placed on itself or one of the slices it runs under, if the storage
5081 area for core files (/var/lib/systemd/coredump/) is placed on a tmpfs,
5082 since files written on such filesystems count toward the cgroup memory
5083 limit. If there is not enough available memory in such cases to store
5084 the core file uncompressed, systemd-coredump will skip to compressed
5085 storage directly (if enabled) and it will avoid analyzing the core file
5086 to print backtrace and metadata in the journal.
5088 * tmpfiles.d/ drop-ins gained a new '=' modifier to check if the type
5089 of a path matches the configured expectations, and remove it if not.
5091 * tmpfiles.d/'s 'Age' now accepts an 'age-by' argument, which allows to
5092 specify which of the several available filesystem timestamps (access
5093 time, birth time, change time, modification time) to look at when
5094 deciding whether a path has aged enough to be cleaned.
5096 * A new IPv6StableSecretAddress= setting has been added to .network
5097 files, which takes an IPv6 address to use as secret for IPv6 address
5100 * The [DHCPServer] logic in .network files gained support for a new
5101 UplinkInterface= setting that permits configuration of the uplink
5102 interface name to propagate DHCP lease information from.
5104 * The WakeOnLan= setting in .link files now accepts a list of flags
5105 instead of a single one, to configure multiple wake-on-LAN policies.
5107 * User-space defined tracepoints (USDT) have been added to udev at
5108 strategic locations. This is useful for tracing udev behaviour and
5109 performance with bpftrace and similar tools.
5111 * systemd-journald-upload gained a new NetworkTimeoutSec= option for
5112 setting a network timeout time.
5114 * If a system service is running in a new mount namespace (RootDirectory=
5115 and friends), all file systems will be mounted with MS_NOSUID by
5116 default, unless the system is running with SELinux enabled.
5118 * When enumerating time zones the timedatectl tool will now consult the
5119 'tzdata.zi' file shipped by the IANA time zone database package, in
5120 addition to 'zone1970.tab', as before. This makes sure time zone
5121 aliases are now correctly supported. Some distributions so far did
5122 not install this additional file, most do however. If you
5123 distribution does not install it yet, it might make sense to change
5126 * Intel HID rfkill event is no longer masked, since it's the only
5127 source of rfkill event on newer HP laptops. To have both backward and
5128 forward compatibility, userspace daemon needs to debounce duplicated
5129 events in a short time window.
5131 Contributions from: Aakash Singh, adrian5, Albert Brox,
5132 Alexander Sverdlin, Alexander Tsoy, Alexey Rubtsov, alexlzhu,
5133 Allen Webb, Alvin Šipraga, Alyssa Ross, Anders Wenhaug,
5134 Andrea Pappacoda, Anita Zhang, asavah, Balint Reczey, Bertrand Jacquin,
5135 borna-blazevic, caoxia2008cxx, Carlo Teubner, Christian Göttsche,
5136 Christian Hesse, Daniel Schaefer, Dan Streetman,
5137 David Santamaría Rogado, David Tardon, Deepak Rawat, dgcampea,
5138 Dimitri John Ledkov, ei-ke, Emilio Herrera, Emil Renner Berthing,
5139 Eric Cook, Flos Lonicerae, Franck Bui, Francois Gervais,
5140 Frantisek Sumsal, Gibeom Gwon, gitm0, Hamish Moffatt, Hans de Goede,
5141 Harsh Barsaiyan, Henri Chain, Hristo Venev, Icenowy Zheng, Igor Zhbanov,
5142 imayoda, Jakub Warczarek, James Buren, Jan Janssen, Jan Macku,
5143 Jan Synacek, Jason Francis, Jayanth Ananthapadmanaban, Jeremy Szu,
5144 Jérôme Carretero, Jesse Stricker, jiangchuangang, Joerg Behrmann,
5145 Jóhann B. Guðmundsson, Jörg Deckert, Jörg Thalheim, Juergen Hoetzel,
5146 Julia Kartseva, Kai-Heng Feng, Khem Raj, KoyamaSohei, laineantti,
5147 Lennart Poettering, LetzteInstanz, Luca Adrian L, Luca Boccassi,
5148 Lucas Magasweran, Mantas Mikulėnas, Marco Antonio Mauro, Mark Wielaard,
5149 Masahiro Matsuya, Matt Johnston, Michael Catanzaro, Michal Koutný,
5150 Michal Sekletár, Mike Crowe, Mike Kazantsev, Milan, milaq,
5151 Miroslav Suchý, Morten Linderud, nerdopolis, nl6720, Noah Meyerhans,
5152 Oleg Popov, Olle Lundberg, Ondrej Kozina, Paweł Marciniak, Perry.Yuan,
5153 Peter Hutterer, Peter Kjellerstedt, Peter Morrow, Phaedrus Leeds,
5154 plattrap, qhill, Raul Tambre, Roman Beranek, Roshan Shariff,
5155 Ryan Hendrickson, Samuel BF, scootergrisen, Sebastian Blunt,
5156 Seong-ho Cho, Sergey Bugaev, Sevan Janiyan, Sibo Dong, simmon,
5157 Simon Watts, Srinidhi Kaushik, Štěpán Němec, Steve Bonds, Susant Sahani,
5158 sverdlin, syyhao1994, Takashi Sakamoto, Topi Miettinen, tramsay,
5159 Trent Piepho, Uwe Kleine-König, Viktor Mihajlovski, Vincent Dechenaux,
5160 Vito Caputo, William A. Kennington III, Yangyang Shen, Yegor Alexeyev,
5161 Yi Gao, Yu Watanabe, Zbigniew Jędrzejewski-Szmek, zsien, наб
5163 — Edinburgh, 2021-07-07
5167 * A concept of system extension images is introduced. Such images may
5168 be used to extend the /usr/ and /opt/ directory hierarchies at
5169 runtime with additional files (even if the file system is read-only).
5170 When a system extension image is activated, its /usr/ and /opt/
5171 hierarchies and os-release information are combined via overlayfs
5172 with the file system hierarchy of the host OS.
5174 A new systemd-sysext tool can be used to merge, unmerge, list, and
5175 refresh system extension hierarchies. See
5176 https://www.freedesktop.org/software/systemd/man/systemd-sysext.html.
5178 The systemd-sysext.service automatically merges installed system
5179 extensions during boot (before basic.target, but not in very early
5180 boot, since various file systems have to be mounted first).
5182 The SYSEXT_LEVEL= field in os-release(5) may be used to specify the
5183 supported system extension level.
5185 * A new ExtensionImages= unit setting can be used to apply the same
5186 system extension image concept from systemd-sysext to the namespaced
5187 file hierarchy of specific services, following the same rules and
5190 * Support for a new special "root=tmpfs" kernel command-line option has
5191 been added. When specified, a tmpfs is mounted on /, and mount.usr=
5192 should be used to point to the operating system implementation.
5194 * A new configuration file /etc/veritytab may be used to configure
5195 dm-verity integrity protection for block devices. Each line is in the
5196 format "volume-name data-device hash-device roothash options",
5197 similar to /etc/crypttab.
5199 * A new kernel command-line option systemd.verity.root_options= may be
5200 used to configure dm-verity behaviour for the root device.
5202 * The key file specified in /etc/crypttab (the third field) may now
5203 refer to an AF_UNIX/SOCK_STREAM socket in the file system. The key is
5204 acquired by connecting to that socket and reading from it. This
5205 allows the implementation of a service to provide key information
5206 dynamically, at the moment when it is needed.
5208 * When the hostname is set explicitly to "localhost", systemd-hostnamed
5209 will respect this. Previously such a setting would be mostly silently
5210 ignored. The goal is to honour configuration as specified by the
5213 * The fallback hostname that will be used by the system manager and
5214 systemd-hostnamed can now be configured in two new ways: by setting
5215 DEFAULT_HOSTNAME= in os-release(5), or by setting
5216 $SYSTEMD_DEFAULT_HOSTNAME in the environment block. As before, it can
5217 also be configured during compilation. The environment variable is
5218 intended for testing and local overrides, the os-release(5) field is
5219 intended to allow customization by different variants of a
5220 distribution that share the same compiled packages.
5222 * The environment block of the manager itself may be configured through
5223 a new ManagerEnvironment= setting in system.conf or user.conf. This
5224 complements existing ways to set the environment block (the kernel
5225 command line for the system manager, the inherited environment and
5226 user@.service unit file settings for the user manager).
5228 * systemd-hostnamed now exports the default hostname and the source of
5229 the configured hostname ("static", "transient", or "default") as
5232 * systemd-hostnamed now exports the "HardwareVendor" and
5233 "HardwareModel" D-Bus properties, which are supposed to contain a
5234 pair of cleaned up, human readable strings describing the system's
5235 vendor and model. It's typically sourced from the firmware's DMI
5236 tables, but may be augmented from a new hwdb database. hostnamectl
5237 shows this in the status output.
5239 * Support has been added to systemd-cryptsetup for extracting the
5240 PKCS#11 token URI and encrypted key from the LUKS2 JSON embedded
5241 metadata header. This allows the information how to open the
5242 encrypted device to be embedded directly in the device and obviates
5243 the need for configuration in an external file.
5245 * systemd-cryptsetup gained support for unlocking LUKS2 volumes using
5246 TPM2 hardware, as well as FIDO2 security tokens (in addition to the
5247 pre-existing support for PKCS#11 security tokens).
5249 * systemd-repart may enroll encrypted partitions using TPM2
5250 hardware. This may be useful for example to create an encrypted /var
5251 partition bound to the machine on first boot.
5253 * A new systemd-cryptenroll tool has been added to enroll TPM2, FIDO2
5254 and PKCS#11 security tokens to LUKS volumes, list and destroy
5257 https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html
5259 It also supports enrolling "recovery keys" and regular passphrases.
5261 * The libfido2 dependency is now based on dlopen(), so that the library
5262 is used at runtime when installed, but is not a hard runtime
5265 * systemd-cryptsetup gained support for two new options in
5266 /etc/crypttab: "no-write-workqueue" and "no-read-workqueue" which
5267 request synchronous processing of encryption/decryption IO.
5269 * The manager may be configured at compile time to use the fexecve()
5270 instead of the execve() system call when spawning processes. Using
5271 fexecve() closes a window between checking the security context of an
5272 executable and spawning it, but unfortunately the kernel displays
5273 stale information in the process' "comm" field, which impacts ps
5276 * The configuration option -Dcompat-gateway-hostname has been dropped.
5277 "_gateway" is now the only supported name.
5279 * The ConditionSecurity=tpm2 unit file setting may be used to check if
5280 the system has at least one TPM2 (tpmrm class) device.
5282 * A new ConditionCPUFeature= has been added that may be used to
5283 conditionalize units based on CPU features. For example,
5284 ConditionCPUFeature=rdrand will condition a unit so that it is only
5285 run when the system CPU supports the RDRAND opcode.
5287 * The existing ConditionControlGroupController= setting has been
5288 extended with two new values "v1" and "v2". "v2" means that the
5289 unified v2 cgroup hierarchy is used, and "v1" means that legacy v1
5290 hierarchy or the hybrid hierarchy are used.
5292 * A new PrivateIPC= setting on a unit file allows executed processes to
5293 be moved into a private IPC namespace, with separate System V IPC
5294 identifiers and POSIX message queues.
5296 A new IPCNamespacePath= allows the unit to be joined to an existing
5299 * The tables of system calls in seccomp filters are now automatically
5300 generated from kernel lists exported on
5301 https://fedora.juszkiewicz.com.pl/syscalls.html.
5303 The following architectures should now have complete lists:
5304 alpha, arc, arm64, arm, i386, ia64, m68k, mips64n32, mips64, mipso32,
5305 powerpc, powerpc64, s390, s390x, tilegx, sparc, x86_64, x32.
5307 * The MountAPIVFS= service file setting now additionally mounts a tmpfs
5308 on /run/ if it is not already a mount point. A writable /run/ has
5309 always been a requirement for a functioning system, but this was not
5310 guaranteed when using a read-only image.
5312 Users can always specify BindPaths= or InaccessiblePaths= as
5313 overrides, and they will take precedence. If the host's root mount
5314 point is used, there is no change in behaviour.
5316 * New bind mounts and file system image mounts may be injected into the
5317 mount namespace of a service (without restarting it). This is exposed
5318 respectively as 'systemctl bind <unit> <path>…' and
5319 'systemctl mount-image <unit> <image>…'.
5321 * The StandardOutput= and StandardError= settings can now specify files
5322 to be truncated for output (as "truncate:<path>").
5324 * The ExecPaths= and NoExecPaths= settings may be used to specify
5325 noexec for parts of the file system.
5327 * sd-bus has a new function sd_bus_open_user_machine() to open a
5328 connection to the session bus of a specific user in a local container
5329 or on the local host. This is exposed in the existing -M switch to
5330 systemctl and similar tools:
5332 systemctl --user -M lennart@foobar start foo
5334 This will connect to the user bus of a user "lennart" in container
5335 "foobar". If no container name is specified, the specified user on
5336 the host itself is connected to
5338 systemctl --user -M lennart@ start quux
5340 * sd-bus also gained a convenience function sd_bus_message_send() to
5341 simplify invocations of sd_bus_send(), taking only a single
5342 parameter: the message to send.
5344 * sd-event allows rate limits to be set on event sources, for dealing
5345 with high-priority event sources that might starve out others. See
5346 the new man page sd_event_source_set_ratelimit(3) for details.
5348 * systemd.link files gained a [Link] Promiscuous= switch, which allows
5349 the device to be raised in promiscuous mode.
5351 New [Link] TransmitQueues= and ReceiveQueues= settings allow the
5352 number of TX and RX queues to be configured.
5354 New [Link] TransmitQueueLength= setting allows the size of the TX
5355 queue to be configured.
5357 New [Link] GenericSegmentOffloadMaxBytes= and
5358 GenericSegmentOffloadMaxSegments= allow capping the packet size and
5359 the number of segments accepted in Generic Segment Offload.
5361 * systemd-networkd gained support for the "B.A.T.M.A.N. advanced"
5362 wireless routing protocol that operates on ISO/OSI Layer 2 only and
5363 uses ethernet frames to route/bridge packets. This encompasses a new
5364 "batadv" netdev Type=, a new [BatmanAdvanced] section with a bunch of
5365 new settings in .netdev files, and a new BatmanAdvanced= setting in
5368 * systemd.network files gained a [Network] RouteTable= configuration
5369 switch to select the routing policy table.
5371 systemd.network files gained a [RoutingPolicyRule] Type=
5372 configuration switch (one of "blackhole, "unreachable", "prohibit").
5374 systemd.network files gained a [IPv6AcceptRA] RouteDenyList= and
5375 RouteAllowList= settings to ignore/accept route advertisements from
5376 routers matching specified prefixes. The DenyList= setting has been
5377 renamed to PrefixDenyList= and a new PrefixAllowList= option has been
5380 systemd.network files gained a [DHCPv6] UseAddress= setting to
5381 optionally ignore the address provided in the lease.
5383 systemd.network files gained a [DHCPv6PrefixDelegation]
5384 ManageTemporaryAddress= switch.
5386 systemd.network files gained a new ActivationPolicy= setting which
5387 allows configuring how the UP state of an interface shall be managed,
5388 i.e. whether the interface is always upped, always downed, or may be
5389 upped/downed by the user using "ip link set dev".
5391 * The default for the Broadcast= setting in .network files has slightly
5392 changed: the broadcast address will not be configured for wireguard
5395 * systemd.netdev files gained a [VLAN] Protocol=, IngressQOSMaps=,
5396 EgressQOSMaps=, and [MACVLAN] BroadcastMulticastQueueLength=
5397 configuration options for VLAN packet handling.
5399 * udev rules may now set log_level= option. This allows debug logs to
5400 be enabled for select events, e.g. just for a specific subsystem or
5401 even a single device.
5403 * udev now exports the VOLUME_ID, LOGICAL_VOLUME_ID, VOLUME_SET_ID, and
5404 DATA_PREPARED_ID properties for block devices with ISO9660 file
5407 * udev now exports decoded DMI information about installed memory slots
5408 as device properties under the /sys/class/dmi/id/ pseudo device.
5410 * /dev/ is not mounted noexec anymore. This didn't provide any
5411 significant security benefits and would conflict with the executable
5412 mappings used with /dev/sgx device nodes. The previous behaviour can
5413 be restored for individual services with NoExecPaths=/dev (or by allow-
5414 listing and excluding /dev from ExecPaths=).
5416 * Permissions for /dev/vsock are now set to 0o666, and /dev/vhost-vsock
5417 and /dev/vhost-net are owned by the kvm group.
5419 * The hardware database has been extended with a list of fingerprint
5420 readers that correctly support USB auto-suspend using data from
5423 * systemd-resolved can now answer DNSSEC questions through the stub
5424 resolver interface in a way that allows local clients to do DNSSEC
5425 validation themselves. For a question with DO+CD set, it'll proxy the
5426 DNS query and respond with a mostly unmodified packet received from
5427 the upstream server.
5429 * systemd-resolved learnt a new boolean option CacheFromLocalhost= in
5430 resolved.conf. If true the service will provide caching even for DNS
5431 lookups made to an upstream DNS server on the 127.0.0.1/::1
5432 addresses. By default (and when the option is false) systemd-resolved
5433 will not cache such lookups, in order to avoid duplicate local
5434 caching, under the assumption the local upstream server caches
5437 * systemd-resolved now implements RFC5001 NSID in its local DNS
5438 stub. This may be used by local clients to determine whether they are
5439 talking to the DNS resolver stub or a different DNS server.
5441 * When resolving host names and other records resolvectl will now
5442 report where the data was acquired from (i.e. the local cache, the
5443 network, locally synthesized, …) and whether the network traffic it
5444 effected was encrypted or not. Moreover the tool acquired a number of
5445 new options --cache=, --synthesize=, --network=, --zone=,
5446 --trust-anchor=, --validate= that take booleans and may be used to
5447 tweak a lookup, i.e. whether it may be answered from cached
5448 information, locally synthesized information, information acquired
5449 through the network, the local mDNS/LLMNR zone, the DNSSEC trust
5450 anchor, and whether DNSSEC validation shall be executed for the
5453 * systemd-nspawn gained a new --ambient-capability= setting
5454 (AmbientCapability= in .nspawn files) to configure ambient
5455 capabilities passed to the container payload.
5457 * systemd-nspawn gained the ability to configure the firewall using the
5458 nftables subsystem (in addition to the existing iptables
5459 support). Similarly, systemd-networkd's IPMasquerade= option now
5460 supports nftables as back-end, too. In both cases NAT on IPv6 is now
5461 supported too, in addition to IPv4 (the iptables back-end still is
5464 "IPMasquerade=yes", which was the same as "IPMasquerade=ipv4" before,
5465 retains its meaning, but has been deprecated. Please switch to either
5466 "ivp4" or "both" (if covering IPv6 is desired).
5468 * systemd-importd will now download .verity and .roothash.p7s files
5469 along with the machine image (as exposed via machinectl pull-raw).
5471 * systemd-oomd now gained a new DefaultMemoryPressureDurationSec=
5472 setting to configure the time a unit's cgroup needs to exceed memory
5473 pressure limits before action will be taken, and a new
5474 ManagedOOMPreference=none|avoid|omit setting to avoid killing certain
5477 systemd-oomd is now considered fully supported (the usual
5478 backwards-compatibility promises apply). Swap is not required for
5479 operation, but it is still recommended.
5481 * systemd-timesyncd gained a new ConnectionRetrySec= setting which
5482 configures the retry delay when trying to contact servers.
5484 * systemd-stdio-bridge gained --system/--user options to connect to the
5485 system bus (previous default) or the user session bus.
5487 * systemd-localed may now call locale-gen to generate missing locales
5488 on-demand (UTF-8-only). This improves integration with Debian-based
5489 distributions (Debian/Ubuntu/PureOS/Tanglu/...) and Arch Linux.
5491 * systemctl --check-inhibitors=true may now be used to obey inhibitors
5492 even when invoked non-interactively. The old --ignore-inhibitors
5493 switch is now deprecated and replaced by --check-inhibitors=false.
5495 * systemctl import-environment will now emit a warning when called
5496 without any arguments (i.e. to import the full environment block of
5497 the called program). This command will usually be invoked from a
5498 shell, which means that it'll inherit a bunch of variables which are
5499 specific to that shell, and usually to the TTY the shell is connected
5500 to, and don't have any meaning in the global context of the system or
5501 user service manager. Instead, only specific variables should be
5502 imported into the manager environment block.
5504 Similarly, programs which update the manager environment block by
5505 directly calling the D-Bus API of the manager, should also push
5506 specific variables, and not the full inherited environment.
5508 * systemctl's status output now shows unit state with a more careful
5509 choice of Unicode characters: units in maintenance show a "○" symbol
5510 instead of the usual "●", failed units show "×", and services being
5513 * coredumpctl gained a --debugger-arguments= switch to pass arguments
5514 to the debugger. It also gained support for showing coredump info in
5515 a simple JSON format.
5517 * systemctl/loginctl/machinectl's --signal= option now accept a special
5518 value "list", which may be used to show a brief table with known
5519 process signals and their numbers.
5521 * networkctl now shows the link activation policy in status.
5523 * Various tools gained --pager/--no-pager/--json= switches to
5524 enable/disable the pager and provide JSON output.
5526 * Various tools now accept two new values for the SYSTEMD_COLORS
5527 environment variable: "16" and "256", to configure how many terminal
5528 colors are used in output.
5530 * less 568 or newer is now required for the auto-paging logic of the
5531 various tools. Hyperlink ANSI sequences in terminal output are now
5532 used even if a pager is used, and older versions of less are not able
5533 to display these sequences correctly. SYSTEMD_URLIFY=0 may be used to
5534 disable this output again.
5536 * Builds with support for separate / and /usr/ hierarchies ("split-usr"
5537 builds, non-merged-usr builds) are now officially deprecated. A
5538 warning is emitted during build. Support is slated to be removed in
5539 about a year (when the Debian Bookworm release development starts).
5541 * Systems with the legacy cgroup v1 hierarchy are now marked as
5542 "tainted", to make it clearer that using the legacy hierarchy is not
5545 * systemd-localed will now refuse to configure a keymap which is not
5546 installed in the file system. This is intended as a bug fix, but
5547 could break cases where systemd-localed was used to configure the
5548 keymap in advanced of it being installed. It is necessary to install
5549 the keymap file first.
5551 * The main git development branch has been renamed to 'main'.
5553 * mmcblk[0-9]boot[0-9] devices will no longer be probed automatically
5554 for partitions, as in the vast majority of cases they contain none
5555 and are used internally by the bootloader (eg: uboot).
5557 * systemd will now set the $SYSTEMD_EXEC_PID environment variable for
5558 spawned processes to the PID of the process itself. This may be used
5559 by programs for detecting whether they were forked off by the service
5560 manager itself or are a process forked off further down the tree.
5562 * The sd-device API gained four new calls: sd_device_get_action() to
5563 determine the uevent add/remove/change/… action the device object has
5564 been seen for, sd_device_get_seqno() to determine the uevent sequence
5565 number, sd_device_new_from_stat_rdev() to allocate a new sd_device
5566 object from stat(2) data of a device node, and sd_device_trigger() to
5567 write to the 'uevent' attribute of a device.
5569 * For most tools the --no-legend= switch has been replaced by
5570 --legend=no and --legend=yes, to force whether tables are shown with
5573 * Units acquired a new property "Markers" that takes a list of zero,
5574 one or two of the following strings: "needs-reload" and
5575 "needs-restart". These markers may be set via "systemctl
5576 set-property". Once a marker is set, "systemctl reload-or-restart
5577 --marked" may be invoked to execute the operation the units are
5578 marked for. This is useful for package managers that want to mark
5579 units for restart/reload while updating, but effect the actual
5580 operations at a later step at once.
5582 * The sd_bus_message_read_strv() API call of sd-bus may now also be
5583 used to parse arrays of D-Bus signatures and D-Bus paths, in addition
5586 * bootctl will now report whether the UEFI firmware used a TPM2 device
5587 and measured the boot process into it.
5589 * systemd-tmpfiles learnt support for a new environment variable
5590 $SYSTEMD_TMPFILES_FORCE_SUBVOL which takes a boolean value. If true
5591 the v/q/Q lines in tmpfiles.d/ snippets will create btrfs subvolumes
5592 even if the root fs of the system is not itself a btrfs volume.
5594 * systemd-detect-virt/ConditionVirtualization= will now explicitly
5595 detect Docker/Podman environments where possible. Moreover, they
5596 should be able to generically detect any container manager as long as
5597 it assigns the container a cgroup.
5599 * portablectl gained a new "reattach" verb for detaching/reattaching a
5600 portable service image, useful for updating images on-the-fly.
5602 * Intel SGX enclave device nodes (which expose a security feature of
5603 newer Intel CPUs) will now be owned by a new system group "sgx".
5605 Contributions from: Adam Nielsen, Adrian Vovk, AJ Jordan, Alan Perry,
5606 Alastair Pharo, Alexander Batischev, Ali Abdallah, Andrew Balmos,
5607 Anita Zhang, Annika Wickert, Ansgar Burchardt, Antonio Terceiro,
5608 Antonius Frie, Ardy, Arian van Putten, Ariel Fermani, Arnaud T,
5609 A S Alam, Bastien Nocera, Benjamin Berg, Benjamin Robin, Björn Daase,
5610 caoxia, Carlo Wood, Charles Lee, ChopperRob, chri2, Christian Ehrhardt,
5611 Christian Hesse, Christopher Obbard, clayton craft, corvusnix, cprn,
5612 Daan De Meyer, Daniele Medri, Daniel Rusek, Dan Sanders, Dan Streetman,
5613 Darren Ng, David Edmundson, David Tardon, Deepak Rawat, Devon Pringle,
5614 Dmitry Borodaenko, dropsignal, Einsler Lee, Endre Szabo,
5615 Evgeny Vereshchagin, Fabian Affolter, Fangrui Song, Felipe Borges,
5616 feliperodriguesfr, Felix Stupp, Florian Hülsmann, Florian Klink,
5617 Florian Westphal, Franck Bui, Frantisek Sumsal, Gablegritule,
5618 Gaël PORTAY, Gaurav, Giedrius Statkevičius, Greg Depoire-Ferrer,
5619 Gustavo Costa, Hans de Goede, Hela Basa, heretoenhance, hide,
5620 Iago López Galeiras, igo95862, Ilya Dmitrichenko, Jameer Pathan,
5621 Jan Tojnar, Jiehong, Jinyuan Si, Joerg Behrmann, John Slade,
5622 Jonathan G. Underwood, Jonathan McDowell, Josh Triplett, Joshua Watt,
5623 Julia Cartwright, Julien Humbert, Kairui Song, Karel Zak,
5624 Kevin Backhouse, Kevin P. Fleming, Khem Raj, Konomi, krissgjeng,
5625 l4gfcm, Lajos Veres, Lennart Poettering, Lincoln Ramsay, Luca Boccassi,
5626 Luca BRUNO, Lucas Werkmeister, Luka Kudra, Luna Jernberg,
5627 Marc-André Lureau, Martin Wilck, Matthias Klumpp, Matt Turner,
5628 Michael Gisbers, Michael Marley, Michael Trapp, Michal Fabik,
5629 Michał Kopeć, Michal Koutný, Michal Sekletár, Michele Guerini Rocco,
5630 Mike Gilbert, milovlad, moson-mo, Nick, nihilix-melix, Oğuz Ersen,
5631 Ondrej Mosnacek, pali, Pavel Hrdina, Pavel Sapezhko, Perry Yuan,
5632 Peter Hutterer, Pierre Dubouilh, Piotr Drąg, Pjotr Vertaalt,
5633 Richard Laager, RussianNeuroMancer, Sam Lunt, Sebastiaan van Stijn,
5634 Sergey Bugaev, shenyangyang4, simmon, Simonas Kazlauskas,
5635 Slimane Selyan Amiri, Stefan Agner, Steve Ramage, Susant Sahani,
5636 Sven Mueller, Tad Fisher, Takashi Iwai, Thomas Haller, Tom Shield,
5637 Topi Miettinen, Torsten Hilbrich, tpgxyz, Tyler Hicks, ulf-f,
5638 Ulrich Ölmann, Vincent Pelletier, Vinnie Magro, Vito Caputo, Vlad,
5639 walbit-de, Whired Planck, wouter bolsterlee, Xℹ Ruoyao, Yangyang Shen,
5640 Yuri Chornoivan, Yu Watanabe, Zach Smith, Zbigniew Jędrzejewski-Szmek,
5641 Zmicer Turok, Дамјан Георгиевски
5643 — Berlin, 2021-03-30
5647 * KERNEL API INCOMPATIBILITY: Linux 4.14 introduced two new uevents
5648 "bind" and "unbind" to the Linux device model. When this kernel
5649 change was made, systemd-udevd was only minimally updated to handle
5650 and propagate these new event types. The introduction of these new
5651 uevents (which are typically generated for USB devices and devices
5652 needing a firmware upload before being functional) resulted in a
5653 number of issues which we so far didn't address. We hoped the kernel
5654 maintainers would themselves address these issues in some form, but
5655 that did not happen. To handle them properly, many (if not most) udev
5656 rules files shipped in various packages need updating, and so do many
5657 programs that monitor or enumerate devices with libudev or sd-device,
5658 or otherwise process uevents. Please note that this incompatibility
5659 is not fault of systemd or udev, but caused by an incompatible kernel
5660 change that happened back in Linux 4.14, but is becoming more and
5661 more visible as the new uevents are generated by more kernel drivers.
5663 To minimize issues resulting from this kernel change (but not avoid
5664 them entirely) starting with systemd-udevd 247 the udev "tags"
5665 concept (which is a concept for marking and filtering devices during
5666 enumeration and monitoring) has been reworked: udev tags are now
5667 "sticky", meaning that once a tag is assigned to a device it will not
5668 be removed from the device again until the device itself is removed
5669 (i.e. unplugged). This makes sure that any application monitoring
5670 devices that match a specific tag is guaranteed to both see uevents
5671 where the device starts being relevant, and those where it stops
5672 being relevant (the latter now regularly happening due to the new
5673 "unbind" uevent type). The udev tags concept is hence now a concept
5674 tied to a *device* instead of a device *event* — unlike for example
5675 udev properties whose lifecycle (as before) is generally tied to a
5676 device event, meaning that the previously determined properties are
5677 forgotten whenever a new uevent is processed.
5679 With the newly redefined udev tags concept, sometimes it's necessary
5680 to determine which tags are the ones applied by the most recent
5681 uevent/database update, in order to discern them from those
5682 originating from earlier uevents/database updates of the same
5683 device. To accommodate for this a new automatic property CURRENT_TAGS
5684 has been added that works similar to the existing TAGS property but
5685 only lists tags set by the most recent uevent/database
5686 update. Similarly, the libudev/sd-device API has been updated with
5687 new functions to enumerate these 'current' tags, in addition to the
5688 existing APIs that now enumerate the 'sticky' ones.
5690 To properly handle "bind"/"unbind" on Linux 4.14 and newer it is
5691 essential that all udev rules files and applications are updated to
5692 handle the new events. Specifically:
5694 • All rule files that currently use a header guard similar to
5695 ACTION!="add|change",GOTO="xyz_end" should be updated to use
5696 ACTION=="remove",GOTO="xyz_end" instead, so that the
5697 properties/tags they add are also applied whenever "bind" (or
5698 "unbind") is seen. (This is most important for all physical device
5699 types — those for which "bind" and "unbind" are currently
5700 generated, for all other device types this change is still
5701 recommended but not as important — but certainly prepares for
5702 future kernel uevent type additions).
5704 • Similarly, all code monitoring devices that contains an 'if' branch
5705 discerning the "add" + "change" uevent actions from all other
5706 uevents actions (i.e. considering devices only relevant after "add"
5707 or "change", and irrelevant on all other events) should be reworked
5708 to instead negatively check for "remove" only (i.e. considering
5709 devices relevant after all event types, except for "remove", which
5710 invalidates the device). Note that this also means that devices
5711 should be considered relevant on "unbind", even though conceptually
5712 this — in some form — invalidates the device. Since the precise
5713 effect of "unbind" is not generically defined, devices should be
5714 considered relevant even after "unbind", however I/O errors
5715 accessing the device should then be handled gracefully.
5717 • Any code that uses device tags for deciding whether a device is
5718 relevant or not most likely needs to be updated to use the new
5719 udev_device_has_current_tag() API (or sd_device_has_current_tag()
5720 in case sd-device is used), to check whether the tag is set at the
5721 moment an uevent is seen (as opposed to the existing
5722 udev_device_has_tag() API which checks if the tag ever existed on
5723 the device, following the API concept redefinition explained
5726 We are very sorry for this breakage and the requirement to update
5727 packages using these interfaces. We'd again like to underline that
5728 this is not caused by systemd/udev changes, but result of a kernel
5731 * UPCOMING INCOMPATIBILITY: So far most downstream distribution
5732 packages have not retriggered devices once the udev package (or any
5733 auxiliary package installing additional udev rules) is updated. We
5734 intend to work with major distributions to change this, so that
5735 "udevadm trigger -c change" is issued on such upgrades, ensuring that
5736 the updated ruleset is applied to the devices already discovered, so
5737 that (asynchronously) after the upgrade completed the udev database
5738 is consistent with the updated rule set. This means udev rules must
5739 be ready to be retriggered with a "change" action any time, and
5740 result in correct and complete udev database entries. While the
5741 majority of udev rule files known to us currently get this right,
5742 some don't. Specifically, there are udev rules files included in
5743 various packages that only set udev properties on the "add" action,
5744 but do not handle the "change" action. If a device matching those
5745 rules is retriggered with the "change" action (as is intended here)
5746 it would suddenly lose the relevant properties. This always has been
5747 problematic, but as soon as all udev devices are triggered on relevant
5748 package upgrades this will become particularly so. It is strongly
5749 recommended to fix offending rules so that they can handle a "change"
5750 action at any time, and acquire all necessary udev properties even
5751 then. Or in other words: the header guard mentioned above
5752 (ACTION=="remove",GOTO="xyz_end") is the correct approach to handle
5753 this, as it makes sure rules are rerun on "change" correctly, and
5754 accumulate the correct and complete set of udev properties. udev rule
5755 definitions that cannot handle "change" events being triggered at
5756 arbitrary times should be considered buggy.
5758 * The MountAPIVFS= service file setting now defaults to on if
5759 RootImage= and RootDirectory= are used, which means that with those
5760 two settings /proc/, /sys/ and /dev/ are automatically properly set
5761 up for services. Previous behaviour may be restored by explicitly
5762 setting MountAPIVFS=off.
5764 * Since PAM 1.2.0 (2015) configuration snippets may be placed in
5765 /usr/lib/pam.d/ in addition to /etc/pam.d/. If a file exists in the
5766 latter it takes precedence over the former, similar to how most of
5767 systemd's own configuration is handled. Given that PAM stack
5768 definitions are primarily put together by OS vendors/distributions
5769 (though possibly overridden by users), this systemd release moves its
5770 own PAM stack configuration for the "systemd-user" PAM service (i.e.
5771 for the PAM session invoked by the per-user user@.service instance)
5772 from /etc/pam.d/ to /usr/lib/pam.d/. We recommend moving all
5773 packages' vendor versions of their PAM stack definitions from
5774 /etc/pam.d/ to /usr/lib/pam.d/, but if such OS-wide migration is not
5775 desired the location to which systemd installs its PAM stack
5776 configuration may be changed via the -Dpamconfdir Meson option.
5778 * The runtime dependencies on libqrencode, libpcre2, libidn/libidn2,
5779 libpwquality and libcryptsetup have been changed to be based on
5780 dlopen(): instead of regular dynamic library dependencies declared in
5781 the binary ELF headers, these libraries are now loaded on demand
5782 only, if they are available. If the libraries cannot be found the
5783 relevant operations will fail gracefully, or a suitable fallback
5784 logic is chosen. This is supposed to be useful for general purpose
5785 distributions, as it allows minimizing the list of dependencies the
5786 systemd packages pull in, permitting building of more minimal OS
5787 images, while still making use of these "weak" dependencies should
5788 they be installed. Since many package managers automatically
5789 synthesize package dependencies from ELF shared library dependencies,
5790 some additional manual packaging work has to be done now to replace
5791 those (slightly downgraded from "required" to "recommended" or
5792 whatever is conceptually suitable for the package manager). Note that
5793 this change does not alter build-time behaviour: as before the
5794 build-time dependencies have to be installed during build, even if
5795 they now are optional during runtime.
5797 * sd-event.h gained a new call sd_event_add_time_relative() for
5798 installing timers relative to the current time. This is mostly a
5799 convenience wrapper around the pre-existing sd_event_add_time() call
5800 which installs absolute timers.
5802 * sd-event event sources may now be placed in a new "exit-on-failure"
5803 mode, which may be controlled via the new
5804 sd_event_source_get_exit_on_failure() and
5805 sd_event_source_set_exit_on_failure() functions. If enabled, any
5806 failure returned by the event source handler functions will result in
5807 exiting the event loop (unlike the default behaviour of just
5808 disabling the event source but continuing with the event loop). This
5809 feature is useful to set for all event sources that define "primary"
5810 program behaviour (where failure should be fatal) in contrast to
5811 "auxiliary" behaviour (where failure should remain local).
5813 * Most event source types sd-event supports now accept a NULL handler
5814 function, in which case the event loop is exited once the event
5815 source is to be dispatched, using the userdata pointer — converted to
5816 a signed integer — as exit code of the event loop. Previously this
5817 was supported for IO and signal event sources already. Exit event
5818 sources still do not support this (simply because it makes little
5819 sense there, as the event loop is already exiting when they are
5822 * A new per-unit setting RootImageOptions= has been added which allows
5823 tweaking the mount options for any file system mounted as effect of
5824 the RootImage= setting.
5826 * Another new per-unit setting MountImages= has been added, that allows
5827 mounting additional disk images into the file system tree accessible
5830 * Timer units gained a new FixedRandomDelay= boolean setting. If
5831 enabled, the random delay configured with RandomizedDelaySec= is
5832 selected in a way that is stable on a given system (though still
5833 different for different units).
5835 * Socket units gained a new setting Timestamping= that takes "us", "ns"
5836 or "off". This controls the SO_TIMESTAMP/SO_TIMESTAMPNS socket
5839 * systemd-repart now generates JSON output when requested with the new
5842 * systemd-machined's OpenMachineShell() bus call will now pass
5843 additional policy metadata data fields to the PolicyKit
5844 authentication request.
5846 * systemd-tmpfiles gained a new -E switch, which is equivalent to
5847 --exclude-prefix=/dev --exclude-prefix=/proc --exclude=/run
5848 --exclude=/sys. It's particularly useful in combination with --root=,
5849 when operating on OS trees that do not have any of these four runtime
5850 directories mounted, as this means no files below these subtrees are
5851 created or modified, since those mount points should probably remain
5854 * systemd-tmpfiles gained a new --image= switch which is like --root=,
5855 but takes a disk image instead of a directory as argument. The
5856 specified disk image is mounted inside a temporary mount namespace
5857 and the tmpfiles.d/ drop-ins stored in the image are executed and
5858 applied to the image. systemd-sysusers similarly gained a new
5859 --image= switch, that allows the sysusers.d/ drop-ins stored in the
5860 image to be applied onto the image.
5862 * Similarly, the journalctl command also gained an --image= switch,
5863 which is a quick one-step solution to look at the log data included
5866 * journalctl's --output=cat option (which outputs the log content
5867 without any metadata, just the pure text messages) will now make use
5868 of terminal colors when run on a suitable terminal, similarly to the
5871 * JSON group records now support a "description" string that may be
5872 used to add a human-readable textual description to such groups. This
5873 is supposed to match the user's GECOS field which traditionally
5874 didn't have a counterpart for group records.
5876 * The "systemd-dissect" tool that may be used to inspect OS disk images
5877 and that was previously installed to /usr/lib/systemd/ has now been
5878 moved to /usr/bin/, reflecting its updated status of an officially
5879 supported tool with a stable interface. It gained support for a new
5880 --mkdir switch which when combined with --mount has the effect of
5881 creating the directory to mount the image to if it is missing
5882 first. It also gained two new commands --copy-from and --copy-to for
5883 copying files and directories in and out of an OS image without the
5884 need to manually mount it. It also acquired support for a new option
5885 --json= to generate JSON output when inspecting an OS image.
5887 * The cgroup2 file system is now mounted with the
5888 "memory_recursiveprot" mount option, supported since kernel 5.7. This
5889 means that the MemoryLow= and MemoryMin= unit file settings now apply
5890 recursively to whole subtrees.
5892 * systemd-homed now defaults to using the btrfs file system — if
5893 available — when creating home directories in LUKS volumes. This may
5894 be changed with the DefaultFileSystemType= setting in homed.conf.
5895 It's now the default file system in various major distributions and
5896 has the major benefit for homed that it can be grown and shrunk while
5897 mounted, unlike the other contenders ext4 and xfs, which can both be
5898 grown online, but not shrunk (in fact xfs is the technically most
5899 limited option here, as it cannot be shrunk at all).
5901 * JSON user records managed by systemd-homed gained support for
5902 "recovery keys". These are basically secondary passphrases that can
5903 unlock user accounts/home directories. They are computer-generated
5904 rather than user-chosen, and typically have greater entropy.
5905 homectl's --recovery-key= option may be used to add a recovery key to
5906 a user account. The generated recovery key is displayed as a QR code,
5907 so that it can be scanned to be kept in a safe place. This feature is
5908 particularly useful in combination with systemd-homed's support for
5909 FIDO2 or PKCS#11 authentication, as a secure fallback in case the
5910 security tokens are lost. Recovery keys may be entered wherever the
5911 system asks for a password.
5913 * systemd-homed now maintains a "dirty" flag for each LUKS encrypted
5914 home directory which indicates that a home directory has not been
5915 deactivated cleanly when offline. This flag is useful to identify
5916 home directories for which the offline discard logic did not run when
5917 offlining, and where it would be a good idea to log in again to catch
5920 * systemctl gained a new parameter --timestamp= which may be used to
5921 change the style in which timestamps are output, i.e. whether to show
5922 them in local timezone or UTC, or whether to show µs granularity.
5924 * Alibaba's "pouch" container manager is now detected by
5925 systemd-detect-virt, ConditionVirtualization= and similar
5926 constructs. Similar, they now also recognize IBM PowerVM machine
5929 * systemd-nspawn has been reworked to use the /run/host/incoming/ as
5930 place to use for propagating external mounts into the
5931 container. Similarly /run/host/notify is now used as the socket path
5932 for container payloads to communicate with the container manager
5933 using sd_notify(). The container manager now uses the
5934 /run/host/inaccessible/ directory to place "inaccessible" file nodes
5935 of all relevant types which may be used by the container payload as
5936 bind mount source to over-mount inodes to make them inaccessible.
5937 /run/host/container-manager will now be initialized with the same
5938 string as the $container environment variable passed to the
5939 container's PID 1. /run/host/container-uuid will be initialized with
5940 the same string as $container_uuid. This means the /run/host/
5941 hierarchy is now the primary way to make host resources available to
5942 the container. The Container Interface documents these new files and
5945 https://systemd.io/CONTAINER_INTERFACE
5947 * Support for the "ConditionNull=" unit file condition has been
5948 deprecated and undocumented for 6 years. systemd started to warn
5949 about its use 1.5 years ago. It has now been removed entirely.
5951 * sd-bus.h gained a new API call sd_bus_error_has_names(), which takes
5952 a sd_bus_error struct and a list of error names, and checks if the
5953 error matches one of these names. It's a convenience wrapper that is
5954 useful in cases where multiple errors shall be handled the same way.
5956 * A new system call filter list "@known" has been added, that contains
5957 all system calls known at the time systemd was built.
5959 * Behaviour of system call filter allow lists has changed slightly:
5960 system calls that are contained in @known will result in EPERM by
5961 default, while those not contained in it result in ENOSYS. This
5962 should improve compatibility because known system calls will thus be
5963 communicated as prohibited, while unknown (and thus newer ones) will
5964 be communicated as not implemented, which hopefully has the greatest
5965 chance of triggering the right fallback code paths in client
5968 * "systemd-analyze syscall-filter" will now show two separate sections
5969 at the bottom of the output: system calls known during systemd build
5970 time but not included in any of the filter groups shown above, and
5971 system calls defined on the local kernel but known during systemd
5974 * If the $SYSTEMD_LOG_SECCOMP=1 environment variable is set for
5975 systemd-nspawn all system call filter violations will be logged by
5976 the kernel (audit). This is useful for tracking down system calls
5977 invoked by container payloads that are prohibited by the container's
5978 system call filter policy.
5980 * If the $SYSTEMD_SECCOMP=0 environment variable is set for
5981 systemd-nspawn (and other programs that use seccomp) all seccomp
5982 filtering is turned off.
5984 * Two new unit file settings ProtectProc= and ProcSubset= have been
5985 added that expose the hidepid= and subset= mount options of procfs.
5986 All processes of the unit will only see processes in /proc that are
5987 are owned by the unit's user. This is an important new sandboxing
5988 option that is recommended to be set on all system services. All
5989 long-running system services that are included in systemd itself set
5990 this option now. This option is only supported on kernel 5.8 and
5991 above, since the hidepid= option supported on older kernels was not a
5992 per-mount option but actually applied to the whole PID namespace.
5994 * Socket units gained a new boolean setting FlushPending=. If enabled
5995 all pending socket data/connections are flushed whenever the socket
5996 unit enters the "listening" state, i.e. after the associated service
5999 * The unit file setting NUMAMask= gained a new "all" value: when used,
6000 all existing NUMA nodes are added to the NUMA mask.
6002 * A new "credentials" logic has been added to system services. This is
6003 a simple mechanism to pass privileged data to services in a safe and
6004 secure way. It's supposed to be used to pass per-service secret data
6005 such as passwords or cryptographic keys but also associated less
6006 private information such as user names, certificates, and similar to
6007 system services. Each credential is identified by a short user-chosen
6008 name and may contain arbitrary binary data. Two new unit file
6009 settings have been added: SetCredential= and LoadCredential=. The
6010 former allows setting a credential to a literal string, the latter
6011 sets a credential to the contents of a file (or data read from a
6012 user-chosen AF_UNIX stream socket). Credentials are passed to the
6013 service via a special credentials directory, one file for each
6014 credential. The path to the credentials directory is passed in a new
6015 $CREDENTIALS_DIRECTORY environment variable. Since the credentials
6016 are passed in the file system they may be easily referenced in
6017 ExecStart= command lines too, thus no explicit support for the
6018 credentials logic in daemons is required (though ideally daemons
6019 would look for the bits they need in $CREDENTIALS_DIRECTORY
6020 themselves automatically, if set). The $CREDENTIALS_DIRECTORY is
6021 backed by unswappable memory if privileges allow it, immutable if
6022 privileges allow it, is accessible only to the service's UID, and is
6023 automatically destroyed when the service stops.
6025 * systemd-nspawn supports the same credentials logic. It can both
6026 consume credentials passed to it via the aforementioned
6027 $CREDENTIALS_DIRECTORY protocol as well as pass these credentials on
6028 to its payload. The service manager/PID 1 has been updated to match
6029 this: it can also accept credentials from the container manager that
6030 invokes it (in fact: any process that invokes it), and passes them on
6031 to its services. Thus, credentials can be propagated recursively down
6032 the tree: from a system's service manager to a systemd-nspawn
6033 service, to the service manager that runs as container payload and to
6034 the service it runs below. Credentials may also be added on the
6035 systemd-nspawn command line, using new --set-credential= and
6036 --load-credential= command line switches that match the
6037 aforementioned service settings.
6039 * systemd-repart gained new settings Format=, Encrypt=, CopyFiles= in
6040 the partition drop-ins which may be used to format/LUKS
6041 encrypt/populate any created partitions. The partitions are
6042 encrypted/formatted/populated before they are registered in the
6043 partition table, so that they appear atomically: either the
6044 partitions do not exist yet or they exist fully encrypted, formatted,
6045 and populated — there is no time window where they are
6046 "half-initialized". Thus the system is robust to abrupt shutdown: if
6047 the tool is terminated half-way during its operations on next boot it
6048 will start from the beginning.
6050 * systemd-repart's --size= operation gained a new "auto" value. If
6051 specified, and operating on a loopback file it is automatically sized
6052 to the minimal size the size constraints permit. This is useful to
6053 use "systemd-repart" as an image builder for minimally sized images.
6055 * systemd-resolved now gained a third IPC interface for requesting name
6056 resolution: besides D-Bus and local DNS to 127.0.0.53 a Varlink
6057 interface is now supported. The nss-resolve NSS module has been
6058 modified to use this new interface instead of D-Bus. Using Varlink
6059 has a major benefit over D-Bus: it works without a broker service,
6060 and thus already during earliest boot, before the dbus daemon has
6061 been started. This means name resolution via systemd-resolved now
6062 works at the same time systemd-networkd operates: from earliest boot
6063 on, including in the initrd.
6065 * systemd-resolved gained support for a new DNSStubListenerExtra=
6066 configuration file setting which may be used to specify additional IP
6067 addresses the built-in DNS stub shall listen on, in addition to the
6068 main one on 127.0.0.53:53.
6070 * Name lookups issued via systemd-resolved's D-Bus and Varlink
6071 interfaces (and thus also via glibc NSS if nss-resolve is used) will
6072 now honour a trailing dot in the hostname: if specified the search
6073 path logic is turned off. Thus "resolvectl query foo." is now
6074 equivalent to "resolvectl query --search=off foo.".
6076 * systemd-resolved gained a new D-Bus property "ResolvConfMode" that
6077 exposes how /etc/resolv.conf is currently managed: by resolved (and
6078 in which mode if so) or another subsystem. "resolvctl" will display
6079 this property in its status output.
6081 * The resolv.conf snippets systemd-resolved provides will now set "."
6082 as the search domain if no other search domain is known. This turns
6083 off the derivation of an implicit search domain by nss-dns for the
6084 hostname, when the hostname is set to an FQDN. This change is done to
6085 make nss-dns using resolv.conf provided by systemd-resolved behave
6086 more similarly to nss-resolve.
6088 * systemd-tmpfiles' file "aging" logic (i.e. the automatic clean-up of
6089 /tmp/ and /var/tmp/ based on file timestamps) now looks at the
6090 "birth" time (btime) of a file in addition to the atime, mtime, and
6093 * systemd-analyze gained a new verb "capability" that lists all known
6094 capabilities by the systemd build and by the kernel.
6096 * If a file /usr/lib/clock-epoch exists, PID 1 will read its mtime and
6097 advance the system clock to it at boot if it is noticed to be before
6098 that time. Previously, PID 1 would only advance the time to an epoch
6099 time that is set during build-time. With this new file OS builders
6100 can change this epoch timestamp on individual OS images without
6101 having to rebuild systemd.
6103 * systemd-logind will now listen to the KEY_RESTART key from the Linux
6104 input layer and reboot the system if it is pressed, similarly to how
6105 it already handles KEY_POWER, KEY_SUSPEND or KEY_SLEEP. KEY_RESTART
6106 was originally defined in the Multimedia context (to restart playback
6107 of a song or film), but is now primarily used in various embedded
6108 devices for "Reboot" buttons. Accordingly, systemd-logind will now
6109 honour it as such. This may configured in more detail via the new
6110 HandleRebootKey= and RebootKeyIgnoreInhibited=.
6112 * systemd-nspawn/systemd-machined will now reconstruct hardlinks when
6113 copying OS trees, for example in "systemd-nspawn --ephemeral",
6114 "systemd-nspawn --template=", "machinectl clone" and similar. This is
6115 useful when operating with OSTree images, which use hardlinks heavily
6116 throughout, and where such copies previously resulting in "exploding"
6119 * systemd-nspawn's --console= setting gained support for a new
6120 "autopipe" value, which is identical to "interactive" when invoked on
6121 a TTY, and "pipe" otherwise.
6123 * systemd-networkd's .network files gained support for explicitly
6124 configuring the multicast membership entries of bridge devices in the
6125 [BridgeMDB] section. It also gained support for the PIE queuing
6126 discipline in the [FlowQueuePIE] sections.
6128 * systemd-networkd's .netdev files may now be used to create "BareUDP"
6129 tunnels, configured in the new [BareUDP] setting.
6131 * systemd-networkd's Gateway= setting in .network files now accepts the
6132 special values "_dhcp4" and "_ipv6ra" to configure additional,
6133 locally defined, explicit routes to the gateway acquired via DHCP or
6134 IPv6 Router Advertisements. The old setting "_dhcp" is deprecated,
6135 but still accepted for backwards compatibility.
6137 * systemd-networkd's [IPv6PrefixDelegation] section and
6138 IPv6PrefixDelegation= options have been renamed as [IPv6SendRA] and
6139 IPv6SendRA= (the old names are still accepted for backwards
6142 * systemd-networkd's .network files gained the DHCPv6PrefixDelegation=
6143 boolean setting in [Network] section. If enabled, the delegated prefix
6144 gained by another link will be configured, and an address within the
6145 prefix will be assigned.
6147 * systemd-networkd's .network files gained the Announce= boolean setting
6148 in [DHCPv6PrefixDelegation] section. When enabled, the delegated
6149 prefix will be announced through IPv6 router advertisement (IPv6 RA).
6150 The setting is enabled by default.
6152 * VXLAN tunnels may now be marked as independent of any underlying
6153 network interface via the new Independent= boolean setting.
6155 * systemctl gained support for two new verbs: "service-log-level" and
6156 "service-log-target" may be used on services that implement the
6157 generic org.freedesktop.LogControl1 D-Bus interface to dynamically
6158 adjust the log level and target. All of systemd's long-running
6159 services support this now, but ideally all system services would
6160 implement this interface to make the system more uniformly
6163 * The SystemCallErrorNumber= unit file setting now accepts the new
6164 "kill" and "log" actions, in addition to arbitrary error number
6165 specifications as before. If "kill" the processes are killed on the
6166 event, if "log" the offending system call is audit logged.
6168 * A new SystemCallLog= unit file setting has been added that accepts a
6169 list of system calls that shall be logged about (audit).
6171 * The OS image dissection logic (as used by RootImage= in unit files or
6172 systemd-nspawn's --image= switch) has gained support for identifying
6173 and mounting explicit /usr/ partitions, which are now defined in the
6174 discoverable partition specification. This should be useful for
6175 environments where the root file system is
6176 generated/formatted/populated dynamically on first boot and combined
6177 with an immutable /usr/ tree that is supplied by the vendor.
6179 * In the final phase of shutdown, within the systemd-shutdown binary
6180 we'll now try to detach MD devices (i.e software RAID) in addition to
6181 loopback block devices and DM devices as before. This is supposed to
6182 be a safety net only, in order to increase robustness if things go
6183 wrong. Storage subsystems are expected to properly detach their
6184 storage volumes during regular shutdown already (or in case of
6185 storage backing the root file system: in the initrd hook we return to
6188 * If the SYSTEMD_LOG_TID environment variable is set all systemd tools
6189 will now log the thread ID in their log output. This is useful when
6190 working with heavily threaded programs.
6192 * If the SYSTEMD_RDRAND environment variable is set to "0", systemd will
6193 not use the RDRAND CPU instruction. This is useful in environments
6194 such as replay debuggers where non-deterministic behaviour is not
6197 * The autopaging logic in systemd's various tools (such as systemctl)
6198 has been updated to turn on "secure" mode in "less"
6199 (i.e. $LESSECURE=1) if execution in a "sudo" environment is
6200 detected. This disables invoking external programs from the pager,
6201 via the pipe logic. This behaviour may be overridden via the new
6202 $SYSTEMD_PAGERSECURE environment variable.
6204 * Units which have resource limits (.service, .mount, .swap, .slice,
6205 .socket, and .slice) gained new configuration settings
6206 ManagedOOMSwap=, ManagedOOMMemoryPressure=, and
6207 ManagedOOMMemoryPressureLimitPercent= that specify resource pressure
6208 limits and optional action taken by systemd-oomd.
6210 * A new service systemd-oomd has been added. It monitors resource
6211 contention for selected parts of the unit hierarchy using the PSI
6212 information reported by the kernel, and kills processes when memory
6213 or swap pressure is above configured limits. This service is only
6214 enabled by default in developer mode (see below) and should be
6215 considered a preview in this release. Behaviour details and option
6216 names are subject to change without the usual backwards-compatibility
6219 * A new helper oomctl has been added to introspect systemd-oomd state.
6220 It is only enabled by default in developer mode and should be
6221 considered a preview without the usual backwards-compatibility
6224 * New meson option -Dcompat-mutable-uid-boundaries= has been added. If
6225 enabled, systemd reads the system UID boundaries from /etc/login.defs
6226 at runtime, instead of using the built-in values selected during
6227 build. This is an option to improve compatibility for upgrades from
6228 old systems. It's strongly recommended not to make use of this
6229 functionality on new systems (or even enable it during build), as it
6230 makes something runtime-configurable that is mostly an implementation
6231 detail of the OS, and permits avoidable differences in deployments
6232 that create all kinds of problems in the long run.
6234 * New meson option '-Dmode=developer|release' has been added. When
6235 'developer', additional checks and features are enabled that are
6236 relevant during upstream development, e.g. verification that
6237 semi-automatically-generated documentation has been properly updated
6238 following API changes. Those checks are considered hints for
6239 developers and are not actionable in downstream builds. In addition,
6240 extra features that are not ready for general consumption may be
6241 enabled in developer mode. It is thus recommended to set
6242 '-Dmode=release' in end-user and distro builds.
6244 * systemd-cryptsetup gained support for processing detached LUKS
6245 headers specified on the kernel command line via the header=
6246 parameter of the luks.options= kernel command line option. The same
6247 device/path syntax as for key files is supported for header files
6250 * The "net_id" built-in of udev has been updated to ignore ACPI _SUN
6251 slot index data for devices that are connected through a PCI bridge
6252 where the _SUN index is associated with the bridge instead of the
6253 network device itself. Previously this would create ambiguous device
6254 naming if multiple network interfaces were connected to the same PCI
6255 bridge. Since this is a naming scheme incompatibility on systems that
6256 possess hardware like this it has been introduced as new naming
6257 scheme "v247". The previous scheme can be selected via the
6258 "net.naming_scheme=v245" kernel command line parameter.
6260 * ConditionFirstBoot= semantics have been modified to be safe towards
6261 abnormal system power-off during first boot. Specifically, the
6262 "systemd-machine-id-commit.service" service now acts as boot
6263 milestone indicating when the first boot process is sufficiently
6264 complete in order to not consider the next following boot also a
6265 first boot. If the system is reset before this unit is reached the
6266 first time, the next boot will still be considered a first boot; once
6267 it has been reached, no further boots will be considered a first
6268 boot. The "first-boot-complete.target" unit now acts as official hook
6269 point to order against this. If a service shall be run on every boot
6270 until the first boot fully succeeds it may thus be ordered before
6271 this target unit (and pull it in) and carry ConditionFirstBoot=
6274 * bootctl's set-default and set-oneshot commands now accept the three
6275 special strings "@default", "@oneshot", "@current" in place of a boot
6276 entry id. These strings are resolved to the current default and
6277 oneshot boot loader entry, as well as the currently booted one. Thus
6278 a command "bootctl set-default @current" may be used to make the
6279 currently boot menu item the new default for all subsequent boots.
6281 * "systemctl edit" has been updated to show the original effective unit
6282 contents in commented form in the text editor.
6284 * Units in user mode are now segregated into three new slices:
6285 session.slice (units that form the core of graphical session),
6286 app.slice ("normal" user applications), and background.slice
6287 (low-priority tasks). Unless otherwise configured, user units are
6288 placed in app.slice. The plan is to add resource limits and
6289 protections for the different slices in the future.
6291 * New GPT partition types for RISCV32/64 for the root and /usr
6292 partitions, and their associated Verity partitions have been defined,
6293 and are now understood by systemd-gpt-auto-generator, and the OS
6294 image dissection logic.
6296 Contributions from: Adolfo Jayme Barrientos, afg, Alec Moskvin, Alyssa
6297 Ross, Amitanand Chikorde, Andrew Hangsleben, Anita Zhang, Ansgar
6298 Burchardt, Arian van Putten, Aurelien Jarno, Axel Rasmussen, bauen1,
6299 Beniamino Galvani, Benjamin Berg, Bjørn Mork, brainrom, Chandradeep
6300 Dey, Charles Lee, Chris Down, Christian Göttsche, Christof Efkemann,
6301 Christoph Ruegge, Clemens Gruber, Daan De Meyer, Daniele Medri, Daniel
6302 Mack, Daniel Rusek, Dan Streetman, David Tardon, Dimitri John Ledkov,
6303 Dmitry Borodaenko, Elias Probst, Elisei Roca, ErrantSpore, Etienne
6304 Doms, Fabrice Fontaine, fangxiuning, Felix Riemann, Florian Klink,
6305 Franck Bui, Frantisek Sumsal, fwSmit, George Rawlinson, germanztz,
6306 Gibeom Gwon, Glen Whitney, Gogo Gogsi, Göran Uddeborg, Grant Mathews,
6307 Hans de Goede, Hans Ulrich Niedermann, Haochen Tong, Harald Seiler,
6308 huangyong, Hubert Kario, igo95862, Ikey Doherty, Insun Pyo, Jan Chren,
6309 Jan Schlüter, Jérémy Nouhaud, Jian-Hong Pan, Joerg Behrmann, Jonathan
6310 Lebon, Jörg Thalheim, Josh Brobst, Juergen Hoetzel, Julien Humbert,
6311 Kai-Chuan Hsieh, Kairui Song, Kamil Dudka, Kir Kolyshkin, Kristijan
6312 Gjoshev, Kyle Huey, Kyle Russell, Lee Whalen, Lennart Poettering,
6313 lichangze, Luca Boccassi, Lucas Werkmeister, Luca Weiss, Marc
6314 Kleine-Budde, Marco Wang, Martin Wilck, Marti Raudsepp, masmullin2000,
6315 Máté Pozsgay, Matt Fenwick, Michael Biebl, Michael Scherer, Michal
6316 Koutný, Michal Sekletár, Michal Suchanek, Mikael Szreder, Milo
6317 Casagrande, mirabilos, Mitsuha_QuQ, mog422, Muhammet Kara, Nazar
6318 Vinnichuk, Nicholas Narsing, Nicolas Fella, Njibhu, nl6720, Oğuz Ersen,
6319 Olivier Le Moal, Ondrej Kozina, onlybugreports, Pass Automated Testing
6320 Suite, Pat Coulthard, Pavel Sapezhko, Pedro Ruiz, perry_yuan, Peter
6321 Hutterer, Phaedrus Leeds, PhoenixDiscord, Piotr Drąg, Plan C,
6322 Purushottam choudhary, Rasmus Villemoes, Renaud Métrich, Robert Marko,
6323 Roman Beranek, Ronan Pigott, Roy Chen (陳彥廷), RussianNeuroMancer,
6324 Samanta Navarro, Samuel BF, scootergrisen, Sorin Ionescu, Steve Dodd,
6325 Susant Sahani, Timo Rothenpieler, Tobias Hunger, Tobias Kaufmann, Topi
6326 Miettinen, vanou, Vito Caputo, Weblate, Wen Yang, Whired Planck,
6327 williamvds, Yu, Li-Yu, Yuri Chornoivan, Yu Watanabe, Zbigniew
6328 Jędrzejewski-Szmek, Zmicer Turok, Дамјан Георгиевски
6330 – Warsaw, 2020-11-26
6334 * The service manager gained basic support for cgroup v2 freezer. Units
6335 can now be suspended or resumed either using new systemctl verbs,
6336 freeze and thaw respectively, or via D-Bus.
6338 * PID 1 may now automatically load pre-compiled AppArmor policies from
6339 /etc/apparmor/earlypolicy during early boot.
6341 * The CPUAffinity= setting in service unit files now supports a new
6342 special value "numa" that causes the CPU affinity masked to be set
6343 based on the NUMA mask.
6345 * systemd will now log about all left-over processes remaining in a
6346 unit when the unit is stopped. It will now warn about services using
6347 KillMode=none, as this is generally an unsafe thing to make use of.
6349 * Two new unit file settings
6350 ConditionPathIsEncrypted=/AssertPathIsEncrypted= have been
6351 added. They may be used to check whether a specific file system path
6352 resides on a block device that is encrypted on the block level
6353 (i.e. using dm-crypt/LUKS).
6355 * Another pair of new settings ConditionEnvironment=/AssertEnvironment=
6356 has been added that may be used for simple environment checks. This
6357 is particularly useful when passing in environment variables from a
6358 container manager (or from PAM in case of the systemd --user
6361 * .service unit files now accept a new setting CoredumpFilter= which
6362 allows configuration of the memory sections coredumps of the
6363 service's processes shall include.
6365 * .mount units gained a new ReadWriteOnly= boolean option. If set
6366 it will not be attempted to mount a file system read-only if mounting
6367 in read-write mode doesn't succeed. An option x-systemd.rw-only is
6368 available in /etc/fstab to control the same.
6370 * .socket units gained a new boolean setting PassPacketInfo=. If
6371 enabled, the kernel will attach additional per-packet metadata to all
6372 packets read from the socket, as an ancillary message. This controls
6373 the IP_PKTINFO, IPV6_RECVPKTINFO, NETLINK_PKTINFO socket options,
6374 depending on socket type.
6376 * .service units gained a new setting RootHash= which may be used to
6377 specify the root hash for verity enabled disk images which are
6378 specified in RootImage=. RootVerity= may be used to specify a path to
6379 the Verity data matching a RootImage= file system. (The latter is
6380 only useful for images that do not contain the Verity data embedded
6381 into the same image that carries a GPT partition table following the
6382 Discoverable Partition Specification). Similarly, systemd-nspawn
6383 gained a new switch --verity-data= that takes a path to a file with
6384 the verity data of the disk image supplied in --image=, if the image
6385 doesn't contain the verity data itself.
6387 * .service units gained a new setting RootHashSignature= which takes
6388 either a base64 encoded PKCS#7 signature of the root hash specified
6389 with RootHash=, or a path to a file to read the signature from. This
6390 allows validation of the root hash against public keys available in
6391 the kernel keyring, and is only supported on recent kernels
6392 (>= 5.4)/libcryptsetup (>= 2.30). A similar switch has been added to
6393 systemd-nspawn and systemd-dissect (--root-hash-sig=). Support for
6394 this mechanism has also been added to systemd-veritysetup.
6396 * .service unit files gained two new options
6397 TimeoutStartFailureMode=/TimeoutStopFailureMode= that may be used to
6398 tune behaviour if a start or stop timeout is hit, i.e. whether to
6399 terminate the service with SIGTERM, SIGABRT or SIGKILL.
6401 * Most options in systemd that accept hexadecimal values prefixed with
6402 0x in additional to the usual decimal notation now also support octal
6403 notation when the 0o prefix is used and binary notation if the 0b
6406 * Various command line parameters and configuration file settings that
6407 configure key or certificate files now optionally take paths to
6408 AF_UNIX sockets in the file system. If configured that way a stream
6409 connection is made to the socket and the required data read from
6410 it. This is a simple and natural extension to the existing regular
6411 file logic, and permits other software to provide keys or
6412 certificates via simple IPC services, for example when unencrypted
6413 storage on disk is not desired. Specifically, systemd-networkd's
6414 Wireguard and MACSEC key file settings as well as
6415 systemd-journal-gatewayd's and systemd-journal-remote's PEM
6416 key/certificate parameters support this now.
6418 * Unit files, tmpfiles.d/ snippets, sysusers.d/ snippets and other
6419 configuration files that support specifier expansion learnt six new
6420 specifiers: %a resolves to the current architecture, %o/%w/%B/%W
6421 resolve to the various ID fields from /etc/os-release, %l resolves to
6422 the "short" hostname of the system, i.e. the hostname configured in
6423 the kernel truncated at the first dot.
6425 * Support for the .include syntax in unit files has been removed. The
6426 concept has been obsolete for 6 years and we started warning about
6427 its pending removal 2 years ago (also see NEWS file below). It's
6430 * StandardError= and StandardOutput= in unit files no longer support
6431 the "syslog" and "syslog-console" switches. They were long removed
6432 from the documentation, but will now result in warnings when used,
6433 and be converted to "journal" and "journal+console" automatically.
6435 * If the service setting User= is set to the "nobody" user, a warning
6436 message is now written to the logs (but the value is nonetheless
6437 accepted). Setting User=nobody is unsafe, since the primary purpose
6438 of the "nobody" user is to own all files whose owner cannot be mapped
6439 locally. It's in particular used by the NFS subsystem and in user
6440 namespacing. By running a service under this user's UID it might get
6441 read and even write access to all these otherwise unmappable files,
6442 which is quite likely a major security problem.
6444 * tmpfs mounts automatically created by systemd (/tmp, /run, /dev/shm,
6445 and others) now have a size and inode limits applied (50% of RAM for
6446 /tmp and /dev/shm, 10% of RAM for other mounts, etc.). Please note
6447 that the implicit kernel default is 50% too, so there is no change
6448 in the size limit for /tmp and /dev/shm.
6450 * nss-mymachines lost support for resolution of users and groups, and
6451 now only does resolution of hostnames. This functionality is now
6452 provided by nss-systemd. Thus, the 'mymachines' entry should be
6453 removed from the 'passwd:' and 'group:' lines in /etc/nsswitch.conf
6454 (and 'systemd' added if it is not already there).
6456 * A new kernel command line option systemd.hostname= has been added
6457 that allows controlling the hostname that is initialized early during
6460 * A kernel command line option "udev.blockdev_read_only" has been
6461 added. If specified all hardware block devices that show up are
6462 immediately marked as read-only by udev. This option is useful for
6463 making sure that a specific boot under no circumstances modifies data
6464 on disk. Use "blockdev --setrw" to undo the effect of this, per
6467 * A new boolean kernel command line option systemd.swap= has been
6468 added, which may be used to turn off automatic activation of swap
6469 devices listed in /etc/fstab.
6471 * New kernel command line options systemd.condition_needs_update= and
6472 systemd.condition_first_boot= have been added, which override the
6473 result of the ConditionNeedsUpdate= and ConditionFirstBoot=
6476 * A new kernel command line option systemd.clock_usec= has been added
6477 that allows setting the system clock to the specified time in µs
6478 since Jan 1st, 1970 early during boot. This is in particular useful
6479 in order to make test cases more reliable.
6481 * The fs.suid_dumpable sysctl is set to 2 / "suidsafe". This allows
6482 systemd-coredump to save core files for suid processes. When saving
6483 the core file, systemd-coredump will use the effective uid and gid of
6484 the process that faulted.
6486 * The /sys/module/kernel/parameters/crash_kexec_post_notifiers file is
6487 now automatically set to "Y" at boot, in order to enable pstore
6488 generation for collection with systemd-pstore.
6490 * We provide a set of udev rules to enable auto-suspend on PCI and USB
6491 devices that were tested to correctly support it. Previously, this
6492 was distributed as a set of udev rules, but has now been replaced by
6493 by a set of hwdb entries (and a much shorter udev rule to take action
6494 if the device modalias matches one of the new hwdb entries).
6496 As before, entries are periodically imported from the database
6497 maintained by the ChromiumOS project. If you have a device that
6498 supports auto-suspend correctly and where it should be enabled by
6499 default, please submit a patch that adds it to the database (see
6500 /usr/lib/udev/hwdb.d/60-autosuspend.hwdb).
6502 * systemd-udevd gained the new configuration option timeout_signal= as well
6503 as a corresponding kernel command line option udev.timeout_signal=.
6504 The option can be used to configure the UNIX signal that the main
6505 daemon sends to the worker processes on timeout. Setting the signal
6506 to SIGABRT is useful for debugging.
6508 * .link files managed by systemd-udevd gained options RxFlowControl=,
6509 TxFlowControl=, AutoNegotiationFlowControl= in the [Link] section, in
6510 order to configure various flow control parameters. They also gained
6511 RxMiniBufferSize= and RxJumboBufferSize= in order to configure jumbo
6512 frame ring buffer sizes.
6514 * networkd.conf gained a new boolean setting ManageForeignRoutes=. If
6515 enabled systemd-networkd manages all routes configured by other tools.
6517 * .network files managed by systemd-networkd gained a new section
6518 [SR-IOV], in order to configure SR-IOV capable network devices.
6520 * systemd-networkd's [IPv6Prefix] section in .network files gained a
6521 new boolean setting Assign=. If enabled an address from the prefix is
6522 automatically assigned to the interface.
6524 * systemd-networkd gained a new section [DHCPv6PrefixDelegation] which
6525 controls delegated prefixes assigned by DHCPv6 client. The section
6526 has three settings: SubnetID=, Assign=, and Token=. The setting
6527 SubnetID= allows explicit configuration of the preferred subnet that
6528 systemd-networkd's Prefix Delegation logic assigns to interfaces. If
6529 Assign= is enabled (which is the default) an address from any acquired
6530 delegated prefix is automatically chosen and assigned to the
6531 interface. The setting Token= specifies an optional address generation
6534 * systemd-networkd's [Network] section gained a new setting
6535 IPv4AcceptLocal=. If enabled the interface accepts packets with local
6538 * systemd-networkd gained support for configuring the HTB queuing
6539 discipline in the [HierarchyTokenBucket] and
6540 [HierarchyTokenBucketClass] sections. Similar the "pfifo" qdisc may
6541 be configured in the [PFIFO] section, "GRED" in
6542 [GenericRandomEarlyDetection], "SFB" in [StochasticFairBlue], "cake"
6543 in [CAKE], "PIE" in [PIE], "DRR" in [DeficitRoundRobinScheduler] and
6544 [DeficitRoundRobinSchedulerClass], "BFIFO" in [BFIFO],
6545 "PFIFOHeadDrop" in [PFIFOHeadDrop], "PFIFOFast" in [PFIFOFast], "HHF"
6546 in [HeavyHitterFilter], "ETS" in [EnhancedTransmissionSelection] and
6547 "QFQ" in [QuickFairQueueing] and [QuickFairQueueingClass].
6549 * systemd-networkd gained support for a new Termination= setting in the
6550 [CAN] section for configuring the termination resistor. It also
6551 gained a new ListenOnly= setting for controlling whether to only
6552 listen on CAN interfaces, without interfering with traffic otherwise
6553 (which is useful for debugging/monitoring CAN network
6554 traffic). DataBitRate=, DataSamplePoint=, FDMode=, FDNonISO= have
6555 been added to configure various CAN-FD aspects.
6557 * systemd-networkd's [DHCPv6] section gained a new option WithoutRA=.
6558 When enabled, DHCPv6 will be attempted right-away without requiring an
6559 Router Advertisement packet suggesting it first (i.e. without the 'M'
6560 or 'O' flags set). The [IPv6AcceptRA] section gained a boolean option
6561 DHCPv6Client= that may be used to turn off the DHCPv6 client even if
6562 the RA packets suggest it.
6564 * systemd-networkd's [DHCPv4] section gained a new setting UseGateway=
6565 which may be used to turn off use of the gateway information provided
6566 by the DHCP lease. A new FallbackLeaseLifetimeSec= setting may be
6567 used to configure how to process leases that lack a lifetime option.
6569 * systemd-networkd's [DHCPv4] and [DHCPServer] sections gained a new
6570 setting SendVendorOption= allowing configuration of additional vendor
6571 options to send in the DHCP requests/responses. The [DHCPv6] section
6572 gained a new SendOption= setting for sending arbitrary DHCP
6573 options. RequestOptions= has been added to request arbitrary options
6574 from the server. UserClass= has been added to set the DHCP user class
6577 * systemd-networkd's [DHCPServer] section gained a new set of options
6578 EmitPOP3=/POP3=, EmitSMTP=/SMTP=, EmitLPR=/LPR= for including server
6579 information about these three protocols in the DHCP lease. It also
6580 gained support for including "MUD" URLs ("Manufacturer Usage
6581 Description"). Support for "MUD" URLs was also added to the LLDP
6582 stack, configurable in the [LLDP] section in .network files.
6584 * The Mode= settings in [MACVLAN] and [MACVTAP] now support 'source'
6585 mode. Also, the sections now support a new setting SourceMACAddress=.
6587 * systemd-networkd's .netdev files now support a new setting
6588 VLANProtocol= in the [Bridge] section that allows configuration of
6589 the VLAN protocol to use.
6591 * systemd-networkd supports a new Group= setting in the [Link] section
6592 of the .network files, to control the link group.
6594 * systemd-networkd's [Network] section gained a new
6595 IPv6LinkLocalAddressGenerationMode= setting, which specifies how IPv6
6596 link local address is generated.
6598 * A new default .network file is now shipped that matches TUN/TAP
6599 devices that begin with "vt-" in their name. Such interfaces will
6600 have IP routing onto the host links set up automatically. This is
6601 supposed to be used by VM managers to trivially acquire a network
6602 interface which is fully set up for host communication, simply by
6603 carefully picking an interface name to use.
6605 * systemd-networkd's [DHCPv6] section gained a new setting RouteMetric=
6606 which sets the route priority for routes specified by the DHCP server.
6608 * systemd-networkd's [DHCPv6] section gained a new setting VendorClass=
6609 which configures the vendor class information sent to DHCP server.
6611 * The BlackList= settings in .network files' [DHCPv4] and
6612 [IPv6AcceptRA] sections have been renamed DenyList=. The old names
6613 are still understood to provide compatibility.
6615 * networkctl gained the new "forcerenew" command for forcing all DHCP
6616 server clients to renew their lease. The interface "status" output
6617 will now show numerous additional fields of information about an
6618 interface. There are new "up" and "down" commands to bring specific
6619 interfaces up or down.
6621 * systemd-resolved's DNS= configuration option now optionally accepts a
6622 port number (after ":") and a host name (after "#"). When the host
6623 name is specified, the DNS-over-TLS certificate is validated to match
6624 the specified hostname. Additionally, in case of IPv6 addresses, an
6625 interface may be specified (after "%").
6627 * systemd-resolved may be configured to forward single-label DNS names.
6628 This is not standard-conformant, but may make sense in setups where
6629 public DNS servers are not used.
6631 * systemd-resolved's DNS-over-TLS support gained SNI validation.
6633 * systemd-nspawn's --resolv-conf= switch gained a number of new
6634 supported values. Specifically, options starting with "replace-" are
6635 like those prefixed "copy-" but replace any existing resolv.conf
6636 file. And options ending in "-uplink" and "-stub" can now be used to
6637 propagate other flavours of resolv.conf into the container (as
6638 defined by systemd-resolved).
6640 * The various programs included in systemd can now optionally output
6641 their log messages on stderr prefixed with a timestamp, controlled by
6642 the $SYSTEMD_LOG_TIME environment variable.
6644 * systemctl gained a new "-P" switch that is a shortcut for "--value
6647 * "systemctl list-units" and "systemctl list-machines" no longer hide
6648 their first output column with --no-legend. To hide the first column,
6651 * "systemctl reboot" takes the option "--reboot-argument=".
6652 The optional positional argument to "systemctl reboot" is now
6653 being deprecated in favor of this option.
6655 * systemd-run gained a new switch --slice-inherit. If specified the
6656 unit it generates is placed in the same slice as the systemd-run
6659 * systemd-journald gained support for zstd compression of large fields
6660 in journal files. The hash tables in journal files have been hardened
6661 against hash collisions. This is an incompatible change and means
6662 that journal files created with new systemd versions are not readable
6663 with old versions. If the $SYSTEMD_JOURNAL_KEYED_HASH boolean
6664 environment variable for systemd-journald.service is set to 0 this
6665 new hardening functionality may be turned off, so that generated
6666 journal files remain compatible with older journalctl
6669 * journalctl will now include a clickable link in the default output for
6670 each log message for which a URL with further documentation is
6671 known. This is only supported on terminal emulators that support
6672 clickable hyperlinks, and is turned off if a pager is used (since
6673 "less" still doesn't support hyperlinks,
6674 unfortunately). Documentation URLs may be included in log messages
6675 either by including a DOCUMENTATION= journal field in it, or by
6676 associating a journal message catalog entry with the log message's
6677 MESSAGE_ID, which then carries a "Documentation:" tag.
6679 * journald.conf gained a new boolean setting Audit= that may be used to
6680 control whether systemd-journald will enable audit during
6683 * when systemd-journald's log stream is broken up into multiple lines
6684 because the PID of the sender changed this is indicated in the
6685 generated log records via the _LINE_BREAK=pid-change field.
6687 * journalctl's "-o cat" output mode will now show one or more journal
6688 fields specified with --output-fields= instead of unconditionally
6689 MESSAGE=. This is useful to retrieve a very specific set of fields
6690 without any decoration.
6692 * The sd-journal.h API gained two new functions:
6693 sd_journal_enumerate_available_unique() and
6694 sd_journal_enumerate_available_data() that operate like their
6695 counterparts that lack the _available_ in the name, but skip items
6696 that cannot be read and processed by the local implementation
6697 (i.e. are compressed in an unsupported format or such),
6699 * coredumpctl gained a new --file= switch, matching the same one in
6700 journalctl: a specific journal file may be specified to read the
6703 * coredumps collected by systemd-coredump may now be compressed using
6706 * systemd-binfmt gained a new switch --unregister for unregistering all
6707 registered entries at once. This is now invoked automatically at
6708 shutdown, so that binary formats registered with the "F" flag will
6709 not block clean file system unmounting.
6711 * systemd-notify's --pid= switch gained new values: "parent", "self",
6712 "auto" for controlling which PID to send to the service manager: the
6713 systemd-notify process' PID, or the one of the process invoking it.
6715 * systemd-logind's Session bus object learnt a new method call
6716 SetType() for temporarily updating the session type of an already
6717 allocated session. This is useful for upgrading tty sessions to
6718 graphical ones once a compositor is invoked.
6720 * systemd-socket-proxy gained a new switch --exit-idle-time= for
6721 configuring an exit-on-idle time.
6723 * systemd-repart's --empty= setting gained a new value "create". If
6724 specified a new empty regular disk image file is created under the
6725 specified name. Its size may be specified with the new --size=
6726 option. The latter is also supported without the "create" mode, in
6727 order to grow existing disk image files to the specified size. These
6728 two new options are useful when creating or manipulating disk images
6729 instead of operating on actual block devices.
6731 * systemd-repart drop-ins now support a new UUID= setting to control
6732 the UUID to assign to a newly created partition.
6734 * systemd-repart's SizeMin= per-partition parameter now defaults to 10M
6737 * systemd-repart's Label= setting now support the usual, simple
6738 specifier expansion.
6740 * systemd-homed's LUKS backend gained the ability to discard empty file
6741 system blocks automatically when the user logs out. This is enabled
6742 by default to ensure that home directories take minimal space when
6743 logged out but get full size guarantees when logged in. This may be
6744 controlled with the new --luks-offline-discard= switch to homectl.
6746 * If systemd-homed detects that /home/ is encrypted as a whole it will
6747 now default to the directory or subvolume backends instead of the
6748 LUKS backend, in order to avoid double encryption. The default
6749 storage and file system may now be configured explicitly, too, via
6750 the new /etc/systemd/homed.conf configuration file.
6752 * systemd-homed now supports unlocking home directories with FIDO2
6753 security tokens that support the 'hmac-secret' extension, in addition
6754 to the existing support for PKCS#11 security token unlocking
6755 support. Note that many recent hardware security tokens support both
6756 interfaces. The FIDO2 support is accessible via homectl's
6757 --fido2-device= option.
6759 * homectl's --pkcs11-uri= setting now accepts two special parameters:
6760 if "auto" is specified and only one suitable PKCS#11 security token
6761 is plugged in, its URL is automatically determined and enrolled for
6762 unlocking the home directory. If "list" is specified a brief table of
6763 suitable PKCS#11 security tokens is shown. Similar, the new
6764 --fido2-device= option also supports these two special values, for
6765 automatically selecting and listing suitable FIDO2 devices.
6767 * The /etc/crypttab tmp option now optionally takes an argument
6768 selecting the file system to use. Moreover, the default is now
6769 changed from ext2 to ext4.
6771 * There's a new /etc/crypttab option "keyfile-erase". If specified the
6772 key file listed in the same line is removed after use, regardless if
6773 volume activation was successful or not. This is useful if the key
6774 file is only acquired transiently at runtime and shall be erased
6775 before the system continues to boot.
6777 * There's also a new /etc/crypttab option "try-empty-password". If
6778 specified, before asking the user for a password it is attempted to
6779 unlock the volume with an empty password. This is useful for
6780 installing encrypted images whose password shall be set on first boot
6781 instead of at installation time.
6783 * systemd-cryptsetup will now attempt to load the keys to unlock
6784 volumes with automatically from files in
6785 /etc/cryptsetup-keys.d/<volume>.key and
6786 /run/cryptsetup-keys.d/<volume>.key, if any of these files exist.
6788 * systemd-cryptsetup may now activate Microsoft BitLocker volumes via
6789 /etc/crypttab, during boot.
6791 * logind.conf gained a new RuntimeDirectoryInodesMax= setting to
6792 control the inode limit for the per-user $XDG_RUNTIME_DIR tmpfs
6795 * A new generator systemd-xdg-autostart-generator has been added. It
6796 generates systemd unit files from XDG autostart .desktop files, and
6797 may be used to let the systemd user instance manage services that are
6798 started automatically as part of the desktop session.
6800 * "bootctl" gained a new verb "reboot-to-firmware" that may be used
6801 to query and change the firmware's 'Reboot Into Firmware Interface'
6804 * systemd-firstboot gained a new switch --kernel-command-line= that may
6805 be used to initialize the /etc/kernel/cmdline file of the image. It
6806 also gained a new switch --root-password-hashed= which is like
6807 --root-password= but accepts a pre-hashed UNIX password as
6808 argument. The new option --delete-root-password may be used to unset
6809 any password for the root user (dangerous!). The --root-shell= switch
6810 may be used to control the shell to use for the root account. A new
6811 --force option may be used to override any already set settings with
6812 the parameters specified on the command line (by default, the tool
6813 will not override what has already been set before, i.e. is purely
6816 * systemd-firstboot gained support for a new --image= switch, which is
6817 similar to --root= but accepts the path to a disk image file, on
6818 which it then operates.
6820 * A new sd-path.h API has been added to libsystemd. It provides a
6821 simple API for retrieving various search paths and primary
6822 directories for various resources.
6824 * A new call sd_notify_barrier() has been added to the sd-daemon.h
6825 API. The call will block until all previously sent sd_notify()
6826 messages have been processed by the service manager. This is useful
6827 to remove races caused by a process already having disappeared at the
6828 time a notification message is processed by the service manager,
6829 making correct attribution impossible. The systemd-notify tool will
6830 now make use of this call implicitly, but this can be turned off again
6831 via the new --no-block switch.
6833 * When sending a file descriptor (fd) to the service manager to keep
6834 track of, using the sd_notify() mechanism, a new parameter FDPOLL=0
6835 may be specified. If passed the service manager will refrain from
6836 poll()ing on the file descriptor. Traditionally (and when the
6837 parameter is not specified), the service manager will poll it for
6838 POLLHUP or POLLERR events, and immediately close the fds in that
6841 * The service manager (PID1) gained a new D-Bus method call
6842 SetShowStatus() which may be used to control whether it shall show
6843 boot-time status output on the console. This method has a similar
6844 effect to sending SIGRTMIN+20/SIGRTMIN+21 to PID 1.
6846 * The sd-bus API gained a number of convenience functions that take
6847 va_list arguments rather than "...". For example, there's now
6848 sd_bus_call_methodv() to match sd_bus_call_method(). Those calls make
6849 it easier to build wrappers that accept variadic arguments and want
6850 to pass a ready va_list structure to sd-bus.
6852 * sd-bus vtable entries can have a new SD_BUS_VTABLE_ABSOLUTE_OFFSET
6853 flag which alters how the userdata pointer to pass to the callbacks
6854 is determined. When the flag is set, the offset field is converted
6855 as-is into a pointer, without adding it to the object pointer the
6856 vtable is associated with.
6858 * sd-bus now exposes four new functions:
6859 sd_bus_interface_name_is_valid() + sd_bus_service_name_is_valid() +
6860 sd_bus_member_name_is_valid() + sd_bus_object_path_is_valid() will
6861 validate strings to check if they qualify as various D-Bus concepts.
6863 * The sd-bus API gained the SD_BUS_METHOD_WITH_ARGS(),
6864 SD_BUS_METHOD_WITH_ARGS_OFFSET() and SD_BUS_SIGNAL_WITH_ARGS() macros
6865 that simplify adding argument names to D-Bus methods and signals.
6867 * The man pages for the sd-bus and sd-hwdb APIs have been completed.
6869 * Various D-Bus APIs of systemd daemons now have man pages that
6870 document the methods, signals and properties.
6872 * The expectations on user/group name syntax are now documented in
6873 detail; documentation on how classic home directories may be
6874 converted into home directories managed by homed has been added;
6875 documentation regarding integration of homed/userdb functionality in
6876 desktops has been added:
6878 https://systemd.io/USER_NAMES
6879 https://systemd.io/CONVERTING_TO_HOMED
6880 https://systemd.io/USERDB_AND_DESKTOPS
6882 * Documentation for the on-disk Journal file format has been updated
6883 and has now moved to:
6885 https://systemd.io/JOURNAL_FILE_FORMAT
6887 * The interface for containers (https://systemd.io/CONTAINER_INTERFACE)
6888 has been extended by a set of environment variables that expose
6889 select fields from the host's os-release file to the container
6890 payload. Similarly, host's os-release files can be mounted into the
6891 container underneath /run/host. Together, those mechanisms provide a
6892 standardized way to expose information about the host to the
6893 container payload. Both interfaces are implemented in systemd-nspawn.
6895 * All D-Bus services shipped in systemd now implement the generic
6896 LogControl1 D-Bus API which allows clients to change log level +
6897 target of the service during runtime.
6899 * Only relevant for developers: the mkosi.default symlink has been
6900 dropped from version control. Please create a symlink to one of the
6901 distribution-specific defaults in .mkosi/ based on your preference.
6903 Contributions from: 24bisquitz, Adam Nielsen, Alan Perry, Alexander
6904 Malafeev, Amitanand.Chikorde, Alin Popa, Alvin Šipraga, Amos Bird,
6905 Andreas Rammhold, AndreRH, Andrew Doran, Anita Zhang, Ankit Jain,
6906 antznin, Arnaud Ferraris, Arthur Moraes do Lago, Arusekk, Balaji
6907 Punnuru, Balint Reczey, Bastien Nocera, bemarek, Benjamin Berg,
6908 Benjamin Dahlhoff, Benjamin Robin, Chris Down, Chris Kerr, Christian
6909 Göttsche, Christian Hesse, Christian Oder, Ciprian Hacman, Clinton Roy,
6910 codicodi, Corey Hinshaw, Daan De Meyer, Dana Olson, Dan Callaghan,
6911 Daniel Fullmer, Daniel Rusek, Dan Streetman, Dave Reisner, David
6912 Edmundson, David Wood, Denis Pronin, Diego Escalante Urrelo, Dimitri
6913 John Ledkov, dolphrundgren, duguxy, Einsler Lee, Elisei Roca, Emmanuel
6914 Garette, Eric Anderson, Eric DeVolder, Evgeny Vereshchagin,
6915 ExtinctFire, fangxiuning, Ferran Pallarès Roca, Filipe Brandenburger,
6916 Filippo Falezza, Finn, Florian Klink, Florian Mayer, Franck Bui,
6917 Frantisek Sumsal, gaurav, Georg Müller, Gergely Polonkai, Giedrius
6918 Statkevičius, Gigadoc2, gogogogi, Gaurav Singh, gzjsgdsb, Hans de
6919 Goede, Haochen Tong, ianhi, ignapk, Jakov Smolic, James T. Lee, Jan
6920 Janssen, Jan Klötzke, Jan Palus, Jay Burger, Jeremy Cline, Jérémy
6921 Rosen, Jian-Hong Pan, Jiri Slaby, Joel Shapiro, Joerg Behrmann, Jörg
6922 Thalheim, Jouke Witteveen, Kai-Heng Feng, Kenny Levinsen, Kevin
6923 Kuehler, Kumar Kartikeya Dwivedi, layderv, laydervus, Lénaïc Huard,
6924 Lennart Poettering, Lidong Zhong, Luca Boccassi, Luca BRUNO, Lucas
6925 Werkmeister, Lukas Klingsbo, Lukáš Nykrýn, Łukasz Stelmach, Maciej
6926 S. Szmigiero, MadMcCrow, Marc-André Lureau, Marcel Holtmann, Marc
6927 Kleine-Budde, Martin Hundebøll, Matthew Leeds, Matt Ranostay, Maxim
6928 Fomin, MaxVerevkin, Michael Biebl, Michael Chapman, Michael Gubbels,
6929 Michael Marley, Michał Bartoszkiewicz, Michal Koutný, Michal Sekletár,
6930 Mike Gilbert, Mike Kazantsev, Mikhail Novosyolov, ml, Motiejus Jakštys,
6931 nabijaczleweli, nerdopolis, Niccolò Maggioni, Niklas Hambüchen, Norbert
6932 Lange, Paul Cercueil, pelzvieh, Peter Hutterer, Piero La Terza, Pieter
6933 Lexis, Piotr Drąg, Rafael Fontenelle, Richard Petri, Ronan Pigott, Ross
6934 Lagerwall, Rubens Figueiredo, satmandu, Sean-StarLabs, Sebastian
6935 Jennen, sterlinghughes, Surhud More, Susant Sahani, szb512, Thomas
6936 Haller, Tobias Hunger, Tom, Tomáš Pospíšek, Tomer Shechner, Tom Hughes,
6937 Topi Miettinen, Tudor Roman, Uwe Kleine-König, Valery0xff, Vito Caputo,
6938 Vladimir Panteleev, Vladyslav Tronko, Wen Yang, Yegor Vialov, Yigal
6939 Korman, Yi Gao, YmrDtnJu, Yuri Chornoivan, Yu Watanabe, Zbigniew
6940 Jędrzejewski-Szmek, Zhu Li, Дамјан Георгиевски, наб
6942 – Warsaw, 2020-07-30
6946 * A new tool "systemd-repart" has been added, that operates as an
6947 idempotent declarative repartitioner for GPT partition tables.
6948 Specifically, a set of partitions that must or may exist can be
6949 configured via drop-in files, and during every boot the partition
6950 table on disk is compared with these files, creating missing
6951 partitions or growing existing ones based on configurable relative
6952 and absolute size constraints. The tool is strictly incremental,
6953 i.e. does not delete, shrink or move partitions, but only adds and
6954 grows them. The primary use-case is OS images that ship in minimized
6955 form, that on first boot are grown to the size of the underlying
6956 block device or augmented with additional partitions. For example,
6957 the root partition could be extended to cover the whole disk, or a
6958 swap or /home partitions could be added on first boot. It can also be
6959 used for systems that use an A/B update scheme but ship images with
6960 just the A partition, with B added on first boot. The tool is
6961 primarily intended to be run in the initrd, shortly before
6962 transitioning into the host OS, but can also be run after the
6963 transition took place. It automatically discovers the disk backing
6964 the root file system, and should hence not require any additional
6965 configuration besides the partition definition drop-ins. If no
6966 configuration drop-ins are present, no action is taken.
6968 * A new component "userdb" has been added, along with a small daemon
6969 "systemd-userdbd.service" and a client tool "userdbctl". The framework
6970 allows defining rich user and group records in a JSON format,
6971 extending on the classic "struct passwd" and "struct group"
6972 structures. Various components in systemd have been updated to
6973 process records in this format, including systemd-logind and
6974 pam-systemd. The user records are intended to be extensible, and
6975 allow setting various resource management, security and runtime
6976 parameters that shall be applied to processes and sessions of the
6977 user as they log in. This facility is intended to allow associating
6978 such metadata directly with user/group records so that they can be
6979 produced, extended and consumed in unified form. We hope that
6980 eventually frameworks such as sssd will generate records this way, so
6981 that for the first time resource management and various other
6982 per-user settings can be configured in LDAP directories and then
6983 provided to systemd (specifically to systemd-logind and pam-system)
6984 to apply on login. For further details see:
6986 https://systemd.io/USER_RECORD
6987 https://systemd.io/GROUP_RECORD
6988 https://systemd.io/USER_GROUP_API
6990 * A small new service systemd-homed.service has been added, that may be
6991 used to securely manage home directories with built-in encryption.
6992 The complete user record data is unified with the home directory,
6993 thus making home directories naturally migratable. Its primary
6994 back-end is based on LUKS volumes, but fscrypt, plain directories,
6995 and other storage schemes are also supported. This solves a couple of
6996 problems we saw with traditional ways to manage home directories, in
6997 particular when it comes to encryption. For further discussion of
6998 this, see the video of Lennart's talk at AllSystemsGo! 2019:
7000 https://media.ccc.de/v/ASG2019-164-reinventing-home-directories
7002 For further details about the format and expectations on home
7003 directories this new daemon makes, see:
7005 https://systemd.io/HOME_DIRECTORY
7007 * systemd-journald is now multi-instantiable. In addition to the main
7008 instance systemd-journald.service there's now a template unit
7009 systemd-journald@.service, with each instance defining a new named
7010 log 'namespace' (whose name is specified via the instance part of the
7011 unit name). A new unit file setting LogNamespace= has been added,
7012 taking such a namespace name, that assigns services to the specified
7013 log namespaces. As each log namespace is serviced by its own
7014 independent journal daemon, this functionality may be used to improve
7015 performance and increase isolation of applications, at the price of
7016 losing global message ordering. Each instance of journald has a
7017 separate set of configuration files, with possibly different disk
7018 usage limitations and other settings.
7020 journalctl now takes a new option --namespace= to show logs from a
7021 specific log namespace. The sd-journal.h API gained
7022 sd_journal_open_namespace() for opening the log stream of a specific
7023 log namespace. systemd-journald also gained the ability to exit on
7024 idle, which is useful in the context of log namespaces, as this means
7025 log daemons for log namespaces can be activated automatically on
7026 demand and will stop automatically when no longer used, minimizing
7029 * When systemd-tmpfiles copies a file tree using the 'C' line type it
7030 will now label every copied file according to the SELinux database.
7032 * When systemd/PID 1 detects it is used in the initrd it will now boot
7033 into initrd.target rather than default.target by default. This should
7034 make it simpler to build initrds with systemd as for many cases the
7035 only difference between a host OS image and an initrd image now is
7036 the presence of the /etc/initrd-release file.
7038 * A new kernel command line option systemd.cpu_affinity= is now
7039 understood. It's equivalent to the CPUAffinity= option in
7040 /etc/systemd/system.conf and allows setting the CPU mask for PID 1
7041 itself and the default for all other processes.
7043 * When systemd/PID 1 is reloaded (with systemctl daemon-reload or
7044 equivalent), the SELinux database is now reloaded, ensuring that
7045 sockets and other file system objects are generated taking the new
7046 database into account.
7048 * systemd/PID 1 accepts a new "systemd.show-status=error" setting, and
7049 "quiet" has been changed to imply that instead of
7050 "systemd.show-status=auto". In this mode, only messages about errors
7051 and significant delays in boot are shown on the console.
7053 * The sd-event.h API gained native support for the new Linux "pidfd"
7054 concept. This permits watching processes using file descriptors
7055 instead of PID numbers, which fixes a number of races and makes
7056 process supervision more robust and efficient. All of systemd's
7057 components will now use pidfds if the kernel supports it for process
7058 watching, with the exception of PID 1 itself, unfortunately. We hope
7059 to move PID 1 to exclusively using pidfds too eventually, but this
7060 requires some more kernel work first. (Background: PID 1 watches
7061 processes using waitid() with the P_ALL flag, and that does not play
7062 together nicely with pidfds yet.)
7064 * Closely related to this, the sd-event.h API gained two new calls
7065 sd_event_source_send_child_signal() (for sending a signal to a
7066 watched process) and sd_event_source_get_child_process_own() (for
7067 marking a process so that it is killed automatically whenever the
7068 event source watching it is freed).
7070 * systemd-networkd gained support for configuring Token Bucket Filter
7071 (TBF) parameters in its qdisc configuration support. Similarly,
7072 support for Stochastic Fairness Queuing (SFQ), Controlled-Delay
7073 Active Queue Management (CoDel), and Fair Queue (FQ) has been added.
7075 * systemd-networkd gained support for Intermediate Functional Block
7076 (IFB) network devices.
7078 * systemd-networkd gained support for configuring multi-path IP routes,
7079 using the new MultiPathRoute= setting in the [Route] section.
7081 * systemd-networkd's DHCPv4 client has been updated to support a new
7082 SendDecline= option. If enabled, duplicate address detection is done
7083 after a DHCP offer is received from the server. If a conflict is
7084 detected, the address is declined. The DHCPv4 client also gained
7085 support for a new RouteMTUBytes= setting that allows to configure the
7086 MTU size to be used for routes generated from DHCPv4 leases.
7088 * The PrefixRoute= setting in systemd-networkd's [Address] section of
7089 .network files has been deprecated, and replaced by AddPrefixRoute=,
7090 with its sense inverted.
7092 * The Gateway= setting of [Route] sections of .network files gained
7093 support for a special new value "_dhcp". If set, the configured
7094 static route uses the gateway host configured via DHCP.
7096 * New User= and SuppressPrefixLength= settings have been implemented
7097 for the [RoutingPolicyRule] section of .network files to configure
7098 source routing based on UID ranges and prefix length, respectively.
7100 * The Type= match property of .link files has been generalized to
7101 always match the device type shown by 'networkctl status', even for
7102 devices where udev does not set DEVTYPE=. This allows e.g. Type=ether
7105 * sd-bus gained a new API call sd_bus_message_sensitive() that marks a
7106 D-Bus message object as "sensitive". Those objects are erased from
7107 memory when they are freed. This concept is intended to be used for
7108 messages that contain security sensitive data. A new flag
7109 SD_BUS_VTABLE_SENSITIVE has been introduced as well to mark methods
7110 in sd-bus vtables, causing any incoming and outgoing messages of
7111 those methods to be implicitly marked as "sensitive".
7113 * sd-bus gained a new API call sd_bus_message_dump() for dumping the
7114 contents of a message (or parts thereof) to standard output for
7117 * systemd-sysusers gained support for creating users with the primary
7118 group named differently than the user.
7120 * systemd-growfs (i.e. the x-systemd.growfs mount option in /etc/fstab)
7121 gained support for growing XFS partitions. Previously it supported
7122 only ext4 and btrfs partitions.
7124 * The support for /etc/crypttab gained a new x-initrd.attach option. If
7125 set, the specified encrypted volume is unlocked already in the
7126 initrd. This concept corresponds to the x-initrd.mount option in
7129 * systemd-cryptsetup gained native support for unlocking encrypted
7130 volumes utilizing PKCS#11 smartcards, i.e. for example to bind
7131 encryption of volumes to YubiKeys. This is exposed in the new
7132 pkcs11-uri= option in /etc/crypttab.
7134 * The /etc/fstab support in systemd now supports two new mount options
7135 x-systemd.{required,wanted}-by=, for explicitly configuring the units
7136 that the specified mount shall be pulled in by, in place of
7137 the usual local-fs.target/remote-fs.target.
7139 * The https://systemd.io/ web site has been relaunched, directly
7140 populated with most of the documentation included in the systemd
7141 repository. systemd also acquired a new logo, thanks to Tobias
7144 * systemd-udevd gained support for managing "alternative" network
7145 interface names, as supported by new Linux kernels. For the first
7146 time this permits assigning multiple (and longer!) names to a network
7147 interface. systemd-udevd will now by default assign the names
7148 generated via all supported naming schemes to each interface. This
7149 may be further tweaked with .link files and the AlternativeName= and
7150 AlternativeNamesPolicy= settings. Other components of systemd have
7151 been updated to support the new alternative names wherever
7152 appropriate. For example, systemd-nspawn will now generate
7153 alternative interface names for the host-facing side of container
7154 veth links based on the full container name without truncation.
7156 * systemd-nspawn interface naming logic has been updated in another way
7157 too: if the main interface name (i.e. as opposed to new-style
7158 "alternative" names) based on the container name is truncated, a
7159 simple hashing scheme is used to give different interface names to
7160 multiple containers whose names all begin with the same prefix. Since
7161 this changes the primary interface names pointing to containers if
7162 truncation happens, the old scheme may still be requested by
7163 selecting an older naming scheme, via the net.naming_scheme= kernel
7164 command line option.
7166 * PrivateUsers= in service files now works in services run by the
7167 systemd --user per-user instance of the service manager.
7169 * A new per-service sandboxing option ProtectClock= has been added that
7170 locks down write access to the system clock. It takes away device
7171 node access to /dev/rtc as well as the system calls that set the
7172 system clock and the CAP_SYS_TIME and CAP_WAKE_ALARM capabilities.
7173 Note that this option does not affect access to auxiliary services
7174 that allow changing the clock, for example access to
7177 * The systemd-id128 tool gained a new "show" verb for listing or
7178 resolving a number of well-known UUIDs/128-bit IDs, currently mostly
7179 GPT partition table types.
7181 * The Discoverable Partitions Specification has been updated to support
7182 /var and /var/tmp partition discovery. Support for this has been
7183 added to systemd-gpt-auto-generator. For details see:
7185 https://systemd.io/DISCOVERABLE_PARTITIONS
7187 * "systemctl list-unit-files" has been updated to show a new column
7188 with the suggested enablement state based on the vendor preset files
7189 for the respective units.
7191 * "systemctl" gained a new option "--with-dependencies". If specified
7192 commands such as "systemctl status" or "systemctl cat" will now show
7193 all specified units along with all units they depend on.
7195 * networkctl gained support for showing per-interface logs in its
7198 * systemd-networkd-wait-online gained support for specifying the maximum
7199 operational state to wait for, and to wait for interfaces to
7202 * The [Match] section of .link and .network files now supports a new
7203 option PermanentMACAddress= which may be used to check against the
7204 permanent MAC address of a network device even if a randomized MAC
7207 * The [TrafficControlQueueingDiscipline] section in .network files has
7208 been renamed to [NetworkEmulator] with the "NetworkEmulator" prefix
7209 dropped from the individual setting names.
7211 * Any .link and .network files that have an empty [Match] section (this
7212 also includes empty and commented-out files) will now be
7213 rejected. systemd-udev and systemd-networkd started warning about
7214 such files in version 243.
7216 * systemd-logind will now validate access to the operation of changing
7217 the virtual terminal via a polkit action. By default, only users
7218 with at least one session on a local VT are granted permission.
7220 * When systemd sets up PAM sessions that invoked service processes
7221 shall run in, the pam_setcred() API is now invoked, thus permitting
7222 PAM modules to set additional credentials for the processes.
7224 * portablectl attach/detach verbs now accept --now and --enable options
7225 to combine attachment with enablement and invocation, or detachment
7226 with stopping and disablement.
7228 * UPGRADE ISSUE: a bug where some jobs were trimmed as redundant was
7229 fixed, which in turn exposed bugs in unit configuration of services
7230 which have Type=oneshot and should only run once, but do not have
7231 RemainAfterExit=yes set. Without RemainAfterExit=yes, a one-shot
7232 service may be started again after exiting successfully, for example
7233 as a dependency in another transaction. Affected services included
7234 some internal systemd services (most notably
7235 systemd-vconsole-setup.service, which was updated to have
7236 RemainAfterExit=yes), and plymouth-start.service. Please ensure that
7237 plymouth has been suitably updated or patched before upgrading to
7238 this systemd release. See
7239 https://bugzilla.redhat.com/show_bug.cgi?id=1807771 for some
7240 additional discussion.
7242 Contributions from: AJ Bagwell, Alin Popa, Andreas Rammhold, Anita
7243 Zhang, Ansgar Burchardt, Antonio Russo, Arian van Putten, Ashley Davis,
7244 Balint Reczey, Bart Willems, Bastien Nocera, Benjamin Dahlhoff, Charles
7245 (Chas) Williams, cheese1, Chris Down, Chris Murphy, Christian Ehrhardt,
7246 Christian Göttsche, cvoinf, Daan De Meyer, Daniele Medri, Daniel Rusek,
7247 Daniel Shahaf, Dann Frazier, Dan Streetman, Dariusz Gadomski, David
7248 Michael, Dimitri John Ledkov, Emmanuel Bourg, Evgeny Vereshchagin,
7249 ezst036, Felipe Sateler, Filipe Brandenburger, Florian Klink, Franck
7250 Bui, Fran Dieguez, Frantisek Sumsal, Greg "GothAck" Miell, Guilhem
7251 Lettron, Guillaume Douézan-Grard, Hans de Goede, HATAYAMA Daisuke, Iain
7252 Lane, James Buren, Jan Alexander Steffens (heftig), Jérémy Rosen, Jin
7253 Park, Jun'ichi Nomura, Kai Krakow, Kevin Kuehler, Kevin P. Fleming,
7254 Lennart Poettering, Leonid Bloch, Leonid Evdokimov, lothrond, Luca
7255 Boccassi, Lukas K, Lynn Kirby, Mario Limonciello, Mark Deneen, Matthew
7256 Leeds, Michael Biebl, Michal Koutný, Michal Sekletár, Mike Auty, Mike
7257 Gilbert, mtron, nabijaczleweli, Naïm Favier, Nate Jones, Norbert Lange,
7258 Oliver Giles, Paul Davey, Paul Menzel, Peter Hutterer, Piotr Drąg, Rafa
7259 Couto, Raphael, rhn, Robert Scheck, Rocka, Romain Naour, Ryan Attard,
7260 Sascha Dewald, Shengjing Zhu, Slava Kardakov, Spencer Michaels, Sylvain
7261 Plantefeve, Stanislav Angelovič, Susant Sahani, Thomas Haller, Thomas
7262 Schmitt, Timo Schlüßler, Timo Wilken, Tobias Bernard, Tobias Klauser,
7263 Tobias Stoeckmann, Topi Miettinen, tsia, WataruMatsuoka, Wieland
7264 Hoffmann, Wilhelm Schuster, Will Fleming, xduugu, Yong Cong Sin, Yuri
7265 Chornoivan, Yu Watanabe, Zach Smith, Zbigniew Jędrzejewski-Szmek, Zeyu
7268 – Warsaw, 2020-03-06
7272 * Support for the cpuset cgroups v2 controller has been added.
7273 Processes may be restricted to specific CPUs using the new
7274 AllowedCPUs= setting, and to specific memory NUMA nodes using the new
7275 AllowedMemoryNodes= setting.
7277 * The signal used in restart jobs (as opposed to e.g. stop jobs) may
7278 now be configured using a new RestartKillSignal= setting. This
7279 allows units which signals to request termination to implement
7280 different behaviour when stopping in preparation for a restart.
7282 * "systemctl clean" may now be used also for socket, mount, and swap
7285 * systemd will also read configuration options from the EFI variable
7286 SystemdOptions. This may be used to configure systemd behaviour when
7287 modifying the kernel command line is inconvenient, but configuration
7288 on disk is read too late, for example for the options related to
7289 cgroup hierarchy setup. 'bootctl systemd-efi-options' may be used to
7290 set the EFI variable.
7292 * systemd will now disable printk ratelimits in early boot. This should
7293 allow us to capture more logs from the early boot phase where normal
7294 storage is not available and the kernel ring buffer is used for
7295 logging. Configuration on the kernel command line has higher priority
7296 and overrides the systemd setting.
7298 systemd programs which log to /dev/kmsg directly use internal
7299 ratelimits to prevent runaway logging. (Normally this is only used
7300 during early boot, so in practice this change has very little
7303 * Unit files now support top level dropin directories of the form
7304 <unit_type>.d/ (e.g. service.d/) that may be used to add configuration
7305 that affects all corresponding unit files.
7307 * systemctl gained support for 'stop --job-mode=triggering' which will
7308 stop the specified unit and any units which could trigger it.
7310 * Unit status display now includes units triggering and triggered by
7311 the unit being shown.
7313 * The RuntimeMaxSec= setting is now supported by scopes, not just
7314 .service units. This is particularly useful for PAM sessions which
7315 create a scope unit for the user login. systemd.runtime_max_sec=
7316 setting may used with the pam_systemd module to limit the duration
7317 of the PAM session, for example for time-limited logins.
7319 * A new @pkey system call group is now defined to make it easier to
7320 allow-list memory protection syscalls for containers and services
7321 which need to use them.
7323 * systemd-udevd: removed the 30s timeout for killing stale workers on
7324 exit. systemd-udevd now waits for workers to finish. The hard-coded
7325 exit timeout of 30s was too short for some large installations, where
7326 driver initialization could be prematurely interrupted during initrd
7327 processing if the root file system had been mounted and init was
7328 preparing to switch root. If udevd is run without systemd and workers
7329 are hanging while udevd receives an exit signal, udevd will now exit
7330 when udev.event_timeout is reached for the last hanging worker. With
7331 systemd, the exit timeout can additionally be configured using
7332 TimeoutStopSec= in systemd-udevd.service.
7334 * udev now provides a program (fido_id) that identifies FIDO CTAP1
7335 ("U2F")/CTAP2 security tokens based on the usage declared in their
7336 report and descriptor and outputs suitable environment variables.
7337 This replaces the externally maintained allow lists of all known
7338 security tokens that were used previously.
7340 * Automatically generated autosuspend udev rules for allow-listed
7341 devices have been imported from the Chromium OS project. This should
7342 improve power saving with many more devices.
7344 * udev gained a new "CONST{key}=value" setting that allows matching
7345 against system-wide constants without forking a helper binary.
7346 Currently "arch" and "virt" keys are supported.
7348 * udev now opens CDROMs in non-exclusive mode when querying their
7349 capabilities. This should fix issues where other programs trying to
7350 use the CDROM cannot gain access to it, but carries a risk of
7351 interfering with programs writing to the disk, if they did not open
7352 the device in exclusive mode as they should.
7354 * systemd-networkd does not create a default route for IPv4 link local
7355 addressing anymore. The creation of the route was unexpected and was
7356 breaking routing in various cases, but people who rely on it being
7357 created implicitly will need to adjust. Such a route may be requested
7358 with DefaultRouteOnDevice=yes.
7360 Similarly, systemd-networkd will not assign a link-local IPv6 address
7361 when IPv6 link-local routing is not enabled.
7363 * Receive and transmit buffers may now be configured on links with
7364 the new RxBufferSize= and TxBufferSize= settings.
7366 * systemd-networkd may now advertise additional IPv6 routes. A new
7367 [IPv6RoutePrefix] section with Route= and LifetimeSec= options is
7370 * systemd-networkd may now configure "next hop" routes using the
7371 [NextHop] section and Gateway= and Id= settings.
7373 * systemd-networkd will now retain DHCP config on restarts by default
7374 (but this may be overridden using the KeepConfiguration= setting).
7375 The default for SendRelease= has been changed to true.
7377 * The DHCPv4 client now uses the OPTION_INFORMATION_REFRESH_TIME option
7378 received from the server.
7380 The client will use the received SIP server list if UseSIP=yes is
7383 The client may be configured to request specific options from the
7384 server using a new RequestOptions= setting.
7386 The client may be configured to send arbitrary options to the server
7387 using a new SendOption= setting.
7389 A new IPServiceType= setting has been added to configure the "IP
7390 service type" value used by the client.
7392 * The DHCPv6 client learnt a new PrefixDelegationHint= option to
7393 request prefix hints in the DHCPv6 solicitation.
7395 * The DHCPv4 server may be configured to send arbitrary options using
7396 a new SendOption= setting.
7398 * The DHCPv4 server may now be configured to emit SIP server list using
7399 the new EmitSIP= and SIP= settings.
7401 * systemd-networkd and networkctl may now renew DHCP leases on demand.
7402 networkctl has a new 'networkctl renew' verb.
7404 * systemd-networkd may now reconfigure links on demand. networkctl
7405 gained two new verbs: "reload" will reload the configuration, and
7406 "reconfigure DEVICE…" will reconfigure one or more devices.
7408 * .network files may now match on SSID and BSSID of a wireless network,
7409 i.e. the access point name and hardware address using the new SSID=
7410 and BSSID= options. networkctl will display the current SSID and
7411 BSSID for wireless links.
7413 .network files may also match on the wireless network type using the
7414 new WLANInterfaceType= option.
7416 * systemd-networkd now includes default configuration that enables
7417 link-local addressing when connected to an ad-hoc wireless network.
7419 * systemd-networkd may configure the Traffic Control queueing
7420 disciplines in the kernel using the new
7421 [TrafficControlQueueingDiscipline] section and Parent=,
7422 NetworkEmulatorDelaySec=, NetworkEmulatorDelayJitterSec=,
7423 NetworkEmulatorPacketLimit=, NetworkEmulatorLossRate=,
7424 NetworkEmulatorDuplicateRate= settings.
7426 * systemd-tmpfiles gained a new w+ setting to append to files.
7428 * systemd-analyze dump will now report when the memory configuration in
7429 the kernel does not match what systemd has configured (usually,
7430 because some external program has modified the kernel configuration
7433 * systemd-analyze gained a new --base-time= switch instructs the
7434 'calendar' verb to resolve times relative to that timestamp instead
7435 of the present time.
7437 * journalctl --update-catalog now produces deterministic output (making
7438 reproducible image builds easier).
7440 * A new devicetree-overlay setting is now documented in the Boot Loader
7443 * The default value of the WatchdogSec= setting used in systemd
7444 services (the ones bundled with the project itself) may be set at
7445 configuration time using the -Dservice-watchdog= setting. If set to
7446 empty, the watchdogs will be disabled.
7448 * systemd-resolved validates IP addresses in certificates now when GnuTLS
7451 * libcryptsetup >= 2.0.1 is now required.
7453 * A configuration option -Duser-path= may be used to override the $PATH
7454 used by the user service manager. The default is again to use the same
7455 path as the system manager.
7457 * The systemd-id128 tool gained a new switch "-u" (or "--uuid") for
7458 outputting the 128-bit IDs in UUID format (i.e. in the "canonical
7461 * Service units gained a new sandboxing option ProtectKernelLogs= which
7462 makes sure the program cannot get direct access to the kernel log
7463 buffer anymore, i.e. the syslog() system call (not to be confused
7464 with the API of the same name in libc, which is not affected), the
7465 /proc/kmsg and /dev/kmsg nodes and the CAP_SYSLOG capability are made
7466 inaccessible to the service. It's recommended to enable this setting
7467 for all services that should not be able to read from or write to the
7468 kernel log buffer, which are probably almost all.
7470 Contributions from: Aaron Plattner, Alcaro, Anita Zhang, Balint Reczey,
7471 Bastien Nocera, Baybal Ni, Benjamin Bouvier, Benjamin Gilbert, Carlo
7472 Teubner, cbzxt, Chen Qi, Chris Down, Christian Rebischke, Claudio
7473 Zumbo, ClydeByrdIII, crashfistfight, Cyprien Laplace, Daniel Edgecumbe,
7474 Daniel Gorbea, Daniel Rusek, Daniel Stuart, Dan Streetman, David
7475 Pedersen, David Tardon, Dimitri John Ledkov, Dominique Martinet, Donald
7476 A. Cupp Jr, Evgeny Vereshchagin, Fabian Henneke, Filipe Brandenburger,
7477 Franck Bui, Frantisek Sumsal, Georg Müller, Hans de Goede, Haochen
7478 Tong, HATAYAMA Daisuke, Iwan Timmer, Jan Janssen, Jan Kundrát, Jan
7479 Synacek, Jan Tojnar, Jay Strict, Jérémy Rosen, Jóhann B. Guðmundsson,
7480 Jonas Jelten, Jonas Thelemann, Justin Trudell, J. Xing, Kai-Heng Feng,
7481 Kenneth D'souza, Kevin Becker, Kevin Kuehler, Lennart Poettering,
7482 Léonard Gérard, Lorenz Bauer, Luca Boccassi, Maciej Stanczew, Mario
7483 Limonciello, Marko Myllynen, Mark Stosberg, Martin Wilck, matthiasroos,
7484 Michael Biebl, Michael Olbrich, Michael Tretter, Michal Sekletar,
7485 Michal Sekletár, Michal Suchanek, Mike Gilbert, Mike Kazantsev, Nicolas
7486 Douma, nikolas, Norbert Lange, pan93412, Pascal de Bruijn, Paul Menzel,
7487 Pavel Hrdina, Peter Wu, Philip Withnall, Piotr Drąg, Rafael Fontenelle,
7488 Renaud Métrich, Riccardo Schirone, RoadrunnerWMC, Ronan Pigott, Ryan
7489 Attard, Sebastian Wick, Serge, Siddharth Chandrasekara, Steve Ramage,
7490 Steve Traylen, Susant Sahani, Thibault Nélis, Tim Teichmann, Tom
7491 Fitzhenry, Tommy J, Torsten Hilbrich, Vito Caputo, ypf791, Yu Watanabe,
7492 Zach Smith, Zbigniew Jędrzejewski-Szmek
7494 – Warsaw, 2019-11-29
7498 * This release enables unprivileged programs (i.e. requiring neither
7499 setuid nor file capabilities) to send ICMP Echo (i.e. ping) requests
7500 by turning on the "net.ipv4.ping_group_range" sysctl of the Linux
7501 kernel for the whole UNIX group range, i.e. all processes. This
7502 change should be reasonably safe, as the kernel support for it was
7503 specifically implemented to allow safe access to ICMP Echo for
7504 processes lacking any privileges. If this is not desirable, it can be
7505 disabled again by setting the parameter to "1 0".
7507 * Previously, filters defined with SystemCallFilter= would have the
7508 effect that any calling of an offending system call would terminate
7509 the calling thread. This behaviour never made much sense, since
7510 killing individual threads of unsuspecting processes is likely to
7511 create more problems than it solves. With this release the default
7512 action changed from killing the thread to killing the whole
7513 process. For this to work correctly both a kernel version (>= 4.14)
7514 and a libseccomp version (>= 2.4.0) supporting this new seccomp
7515 action is required. If an older kernel or libseccomp is used the old
7516 behaviour continues to be used. This change does not affect any
7517 services that have no system call filters defined, or that use
7518 SystemCallErrorNumber= (and thus see EPERM or another error instead
7519 of being killed when calling an offending system call). Note that
7520 systemd documentation always claimed that the whole process is
7521 killed. With this change behaviour is thus adjusted to match the
7524 * On 64 bit systems, the "kernel.pid_max" sysctl is now bumped to
7525 4194304 by default, i.e. the full 22bit range the kernel allows, up
7526 from the old 16-bit range. This should improve security and
7527 robustness, as PID collisions are made less likely (though certainly
7528 still possible). There are rumours this might create compatibility
7529 problems, though at this moment no practical ones are known to
7530 us. Downstream distributions are hence advised to undo this change in
7531 their builds if they are concerned about maximum compatibility, but
7532 for everybody else we recommend leaving the value bumped. Besides
7533 improving security and robustness this should also simplify things as
7534 the maximum number of allowed concurrent tasks was previously bounded
7535 by both "kernel.pid_max" and "kernel.threads-max" and now effectively
7536 only a single knob is left ("kernel.threads-max"). There have been
7537 concerns that usability is affected by this change because larger PID
7538 numbers are harder to type, but we believe the change from 5 digits
7539 to 7 digits doesn't hamper usability.
7541 * MemoryLow= and MemoryMin= gained hierarchy-aware counterparts,
7542 DefaultMemoryLow= and DefaultMemoryMin=, which can be used to
7543 hierarchically set default memory protection values for a particular
7544 subtree of the unit hierarchy.
7546 * Memory protection directives can now take a value of zero, allowing
7547 explicit opting out of a default value propagated by an ancestor.
7549 * systemd now defaults to the "unified" cgroup hierarchy setup during
7550 build-time, i.e. -Ddefault-hierarchy=unified is now the build-time
7551 default. Previously, -Ddefault-hierarchy=hybrid was the default. This
7552 change reflects the fact that cgroupsv2 support has matured
7553 substantially in both systemd and in the kernel, and is clearly the
7554 way forward. Downstream production distributions might want to
7555 continue to use -Ddefault-hierarchy=hybrid (or even =legacy) for
7556 their builds as unfortunately the popular container managers have not
7557 caught up with the kernel API changes.
7559 * Man pages are not built by default anymore (html pages were already
7560 disabled by default), to make development builds quicker. When
7561 building systemd for a full installation with documentation, meson
7562 should be called with -Dman=true and/or -Dhtml=true as appropriate.
7563 The default was changed based on the assumption that quick one-off or
7564 repeated development builds are much more common than full optimized
7565 builds for installation, and people need to pass various other
7566 options to when doing "proper" builds anyway, so the gain from making
7567 development builds quicker is bigger than the one time disruption for
7570 Two scripts are created in the *build* directory to generate and
7571 preview man and html pages on demand, e.g.:
7573 build/man/man systemctl
7574 build/man/html systemd.index
7576 * libidn2 is used by default if both libidn2 and libidn are installed.
7577 Please use -Dlibidn=true if libidn is preferred.
7579 * The D-Bus "wire format" of the CPUAffinity= attribute is changed on
7580 big-endian machines. Before, bytes were written and read in native
7581 machine order as exposed by the native libc __cpu_mask interface.
7582 Now, little-endian order is always used (CPUs 0–7 are described by
7583 bits 0–7 in byte 0, CPUs 8–15 are described by byte 1, and so on).
7584 This change fixes D-Bus calls that cross endianness boundary.
7586 The presentation format used for CPUAffinity= by "systemctl show" and
7587 "systemd-analyze dump" is changed to present CPU indices instead of
7588 the raw __cpu_mask bitmask. For example, CPUAffinity=0-1 would be
7589 shown as CPUAffinity=03000000000000000000000000000… (on
7590 little-endian) or CPUAffinity=00000000000000300000000000000… (on
7591 64-bit big-endian), and is now shown as CPUAffinity=0-1, matching the
7592 input format. The maximum integer that will be printed in the new
7593 format is 8191 (four digits), while the old format always used a very
7594 long number (with the length varying by architecture), so they can be
7595 unambiguously distinguished.
7597 * /usr/sbin/halt.local is no longer supported. Implementation in
7598 distributions was inconsistent and it seems this functionality was
7601 To replace this functionality, users should:
7602 - either define a new unit and make it a dependency of final.target
7603 (systemctl add-wants final.target my-halt-local.service)
7604 - or move the shutdown script to /usr/lib/systemd/system-shutdown/
7605 and ensure that it accepts "halt", "poweroff", "reboot", and
7606 "kexec" as an argument, see the description in systemd-shutdown(8).
7608 * When a [Match] section in .link or .network file is empty (contains
7609 no match patterns), a warning will be emitted. Please add any "match
7610 all" pattern instead, e.g. OriginalName=* or Name=* in case all
7611 interfaces should really be matched.
7613 * A new setting NUMAPolicy= may be used to set process memory
7614 allocation policy. This setting can be specified in
7615 /etc/systemd/system.conf and hence will set the default policy for
7616 PID1. The default policy can be overridden on a per-service
7617 basis. The related setting NUMAMask= is used to specify NUMA node
7618 mask that should be associated with the selected policy.
7620 * PID 1 will now listen to Out-Of-Memory (OOM) events the kernel
7621 generates when processes it manages are reaching their memory limits,
7622 and will place their units in a special state, and optionally kill or
7623 stop the whole unit.
7625 * The service manager will now expose bus properties for the IO
7626 resources used by units. This information is also shown in "systemctl
7627 status" now (for services that have IOAccounting=yes set). Moreover,
7628 the IO accounting data is included in the resource log message
7629 generated whenever a unit stops.
7631 * Units may now configure an explicit timeout to wait for when killed
7632 with SIGABRT, for example when a service watchdog is hit. Previously,
7633 the regular TimeoutStopSec= timeout was applied in this case too —
7634 now a separate timeout may be set using TimeoutAbortSec=.
7636 * Services may now send a special WATCHDOG=trigger message with
7637 sd_notify() to trigger an immediate "watchdog missed" event, and thus
7638 trigger service termination. This is useful both for testing watchdog
7639 handling, but also for defining error paths in services, that shall
7640 be handled the same way as watchdog events.
7642 * There are two new per-unit settings IPIngressFilterPath= and
7643 IPEgressFilterPath= which allow configuration of a BPF program
7644 (usually by specifying a path to a program uploaded to /sys/fs/bpf/)
7645 to apply to the IP packet ingress/egress path of all processes of a
7646 unit. This is useful to allow running systemd services with BPF
7647 programs set up externally.
7649 * systemctl gained a new "clean" verb for removing the state, cache,
7650 runtime or logs directories of a service while it is terminated. The
7651 new verb may also be used to remove the state maintained on disk for
7652 timer units that have Persistent= configured.
7654 * During the last phase of shutdown systemd will now automatically
7655 increase the log level configured in the "kernel.printk" sysctl so
7656 that any relevant loggable events happening during late shutdown are
7657 made visible. Previously, loggable events happening so late during
7658 shutdown were generally lost if the "kernel.printk" sysctl was set to
7659 high thresholds, as regular logging daemons are terminated at that
7660 time and thus nothing is written to disk.
7662 * If processes terminated during the last phase of shutdown do not exit
7663 quickly systemd will now show their names after a short time, to make
7664 debugging easier. After a longer timeout they are forcibly killed,
7667 * journalctl (and the other tools that display logs) will now highlight
7668 warnings in yellow (previously, both LOG_NOTICE and LOG_WARNING where
7669 shown in bright bold, now only LOG_NOTICE is). Moreover, audit logs
7670 are now shown in blue color, to separate them visually from regular
7671 logs. References to configuration files are now turned into clickable
7672 links on terminals that support that.
7674 * systemd-journald will now stop logging to /var/log/journal during
7675 shutdown when /var/ is on a separate mount, so that it can be
7676 unmounted safely during shutdown.
7678 * systemd-resolved gained support for a new 'strict' DNS-over-TLS mode.
7680 * systemd-resolved "Cache=" configuration option in resolved.conf has
7681 been extended to also accept the 'no-negative' value. Previously,
7682 only a boolean option was allowed (yes/no), having yes as the
7683 default. If this option is set to 'no-negative', negative answers are
7684 not cached while the old cache heuristics are used positive answers.
7685 The default remains unchanged.
7687 * The predictable naming scheme for network devices now supports
7688 generating predictable names for "netdevsim" devices.
7690 Moreover, the "en" prefix was dropped from the ID_NET_NAME_ONBOARD
7693 Those two changes form a new net.naming_scheme= entry. Distributions
7694 which want to preserve naming stability may want to set the
7695 -Ddefault-net-naming-scheme= configuration option.
7697 * systemd-networkd now supports MACsec, nlmon, IPVTAP and Xfrm
7698 interfaces natively.
7700 * systemd-networkd's bridge FDB support now allows configuration of a
7701 destination address for each entry (Destination=), as well as the
7702 VXLAN VNI (VNI=), as well as an option to declare what an entry is
7703 associated with (AssociatedWith=).
7705 * systemd-networkd's DHCPv4 support now understands a new MaxAttempts=
7706 option for configuring the maximum number of DHCP lease requests. It
7707 also learnt a new BlackList= option for deny-listing DHCP servers (a
7708 similar setting has also been added to the IPv6 RA client), as well
7709 as a SendRelease= option for configuring whether to send a DHCP
7710 RELEASE message when terminating.
7712 * systemd-networkd's DHCPv4 and DHCPv6 stacks can now be configured
7713 separately in the [DHCPv4] and [DHCPv6] sections.
7715 * systemd-networkd's DHCP support will now optionally create an
7716 implicit host route to the DNS server specified in the DHCP lease, in
7717 addition to the routes listed explicitly in the lease. This should
7718 ensure that in multi-homed systems DNS traffic leaves the systems on
7719 the interface that acquired the DNS server information even if other
7720 routes such as default routes exist. This behaviour may be turned on
7721 with the new RoutesToDNS= option.
7723 * systemd-networkd's VXLAN support gained a new option
7724 GenericProtocolExtension= for enabling VXLAN Generic Protocol
7725 Extension support, as well as IPDoNotFragment= for setting the IP
7726 "Don't fragment" bit on outgoing packets. A similar option has been
7727 added to the GENEVE support.
7729 * In systemd-networkd's [Route] section you may now configure
7730 FastOpenNoCookie= for configuring per-route TCP fast-open support, as
7731 well as TTLPropagate= for configuring Label Switched Path (LSP) TTL
7732 propagation. The Type= setting now supports local, broadcast,
7733 anycast, multicast, any, xresolve routes, too.
7735 * systemd-networkd's [Network] section learnt a new option
7736 DefaultRouteOnDevice= for automatically configuring a default route
7737 onto the network device.
7739 * systemd-networkd's bridging support gained two new options ProxyARP=
7740 and ProxyARPWifi= for configuring proxy ARP behaviour as well as
7741 MulticastRouter= for configuring multicast routing behaviour. A new
7742 option MulticastIGMPVersion= may be used to change bridge's multicast
7743 Internet Group Management Protocol (IGMP) version.
7745 * systemd-networkd's FooOverUDP support gained the ability to configure
7746 local and peer IP addresses via Local= and Peer=. A new option
7747 PeerPort= may be used to configure the peer's IP port.
7749 * systemd-networkd's TUN support gained a new setting VnetHeader= for
7750 tweaking Generic Segment Offload support.
7752 * The address family for policy rules may be specified using the new
7753 Family= option in the [RoutingPolicyRule] section.
7755 * networkctl gained a new "delete" command for removing virtual network
7756 devices, as well as a new "--stats" switch for showing device
7759 * networkd.conf gained a new setting SpeedMeter= and
7760 SpeedMeterIntervalSec=, to measure bitrate of network interfaces. The
7761 measured speed may be shown by 'networkctl status'.
7763 * "networkctl status" now displays MTU and queue lengths, and more
7764 detailed information about VXLAN and bridge devices.
7766 * systemd-networkd's .network and .link files gained a new Property=
7767 setting in the [Match] section, to match against devices with
7768 specific udev properties.
7770 * systemd-networkd's tunnel support gained a new option
7771 AssignToLoopback= for selecting whether to use the loopback device
7772 "lo" as underlying device.
7774 * systemd-networkd's MACAddress= setting in the [Neighbor] section has
7775 been renamed to LinkLayerAddress=, and it now allows configuration of
7778 * systemd-networkd's handling of the kernel's disable_ipv6 sysctl is
7779 simplified: systemd-networkd will disable the sysctl (enable IPv6) if
7780 IPv6 configuration (static or DHCPv6) was found for a given
7781 interface. It will not touch the sysctl otherwise.
7783 * The order of entries is $PATH used by the user manager instance was
7784 changed to put bin/ entries before the corresponding sbin/ entries.
7785 It is recommended to not rely on this order, and only ever have one
7786 binary with a given name in the system paths under /usr.
7788 * A new tool systemd-network-generator has been added that may generate
7789 .network, .netdev and .link files from IP configuration specified on
7790 the kernel command line in the format used by Dracut.
7792 * The CriticalConnection= setting in .network files is now deprecated,
7793 and replaced by a new KeepConfiguration= setting which allows more
7794 detailed configuration of the IP configuration to keep in place.
7796 * systemd-analyze gained a few new verbs:
7798 - "systemd-analyze timestamp" parses and converts timestamps. This is
7799 similar to the existing "systemd-analyze calendar" command which
7800 does the same for recurring calendar events.
7802 - "systemd-analyze timespan" parses and converts timespans (i.e.
7803 durations as opposed to points in time).
7805 - "systemd-analyze condition" will parse and test ConditionXYZ=
7808 - "systemd-analyze exit-status" will parse and convert exit status
7809 codes to their names and back.
7811 - "systemd-analyze unit-files" will print a list of all unit
7812 file paths and unit aliases.
7814 * SuccessExitStatus=, RestartPreventExitStatus=, and
7815 RestartForceExitStatus= now accept exit status names (e.g. "DATAERR"
7816 is equivalent to "65"). Those exit status name mappings may be
7817 displayed with the systemd-analyze exit-status verb describe above.
7819 * systemd-logind now exposes a per-session SetBrightness() bus call,
7820 which may be used to securely change the brightness of a kernel
7821 brightness device, if it belongs to the session's seat. By using this
7822 call unprivileged clients can make changes to "backlight" and "leds"
7823 devices securely with strict requirements on session membership.
7824 Desktop environments may use this to generically make brightness
7825 changes to such devices without shipping private SUID binaries or
7826 udev rules for that purpose.
7828 * "udevadm info" gained a --wait-for-initialization switch to wait for
7829 a device to be initialized.
7831 * systemd-hibernate-resume-generator will now look for resumeflags= on
7832 the kernel command line, which is similar to rootflags= and may be
7833 used to configure device timeout for the hibernation device.
7835 * sd-event learnt a new API call sd_event_source_disable_unref() for
7836 disabling and unref'ing an event source in a single function. A
7837 related call sd_event_source_disable_unrefp() has been added for use
7838 with gcc's cleanup extension.
7840 * The sd-id128.h public API gained a new definition
7841 SD_ID128_UUID_FORMAT_STR for formatting a 128-bit ID in UUID format
7844 * "busctl introspect" gained a new switch --xml-interface for dumping
7845 XML introspection data unmodified.
7847 * PID 1 may now show the unit name instead of the unit description
7848 string in its status output during boot. This may be configured in
7849 the StatusUnitFormat= setting in /etc/systemd/system.conf or the
7850 kernel command line option systemd.status_unit_format=.
7852 * PID 1 now understands a new option KExecWatchdogSec= in
7853 /etc/systemd/system.conf to set a watchdog timeout for kexec reboots.
7854 Previously watchdog functionality was only available for regular
7855 reboots. The new setting defaults to off, because we don't know in
7856 the general case if the watchdog will be reset after kexec (some
7857 drivers do reset it, but not all), and the new userspace might not be
7858 configured to handle the watchdog.
7860 Moreover, the old ShutdownWatchdogSec= setting has been renamed to
7861 RebootWatchdogSec= to more clearly communicate what it is about. The
7862 old name is still accepted for compatibility.
7864 * The systemd.debug_shell kernel command line option now optionally
7865 takes a tty name to spawn the debug shell on, which allows a
7866 different tty to be selected than the built-in default.
7868 * Service units gained a new ExecCondition= setting which will run
7869 before ExecStartPre= and either continue execution of the unit (for
7870 clean exit codes), stop execution without marking the unit failed
7871 (for exit codes 1 through 254), or stop execution and fail the unit
7872 (for exit code 255 or abnormal termination).
7874 * A new service systemd-pstore.service has been added that pulls data
7875 from /sys/fs/pstore/ and saves it to /var/lib/pstore for later
7878 * timedatectl gained new verbs for configuring per-interface NTP
7879 service configuration for systemd-timesyncd.
7881 * "localectl list-locales" won't list non-UTF-8 locales anymore. It's
7882 2019. (You can set non-UTF-8 locales though, if you know their name.)
7884 * If variable assignments in sysctl.d/ files are prefixed with "-" any
7885 failures to apply them are now ignored.
7887 * systemd-random-seed.service now optionally credits entropy when
7888 applying the seed to the system. Set $SYSTEMD_RANDOM_SEED_CREDIT to
7889 true for the service to enable this behaviour, but please consult the
7890 documentation first, since this comes with a couple of caveats.
7892 * systemd-random-seed.service is now a synchronization point for full
7893 initialization of the kernel's entropy pool. Services that require
7894 /dev/urandom to be correctly initialized should be ordered after this
7897 * The systemd-boot boot loader has been updated to optionally maintain
7898 a random seed file in the EFI System Partition (ESP). During the boot
7899 phase, this random seed is read and updated with a new seed
7900 cryptographically derived from it. Another derived seed is passed to
7901 the OS. The latter seed is then credited to the kernel's entropy pool
7902 very early during userspace initialization (from PID 1). This allows
7903 systems to boot up with a fully initialized kernel entropy pool from
7904 earliest boot on, and thus entirely removes all entropy pool
7905 initialization delays from systems using systemd-boot. Special care
7906 is taken to ensure different seeds are derived on system images
7907 replicated to multiple systems. "bootctl status" will show whether
7908 a seed was received from the boot loader.
7910 * bootctl gained two new verbs:
7912 - "bootctl random-seed" will generate the file in ESP and an EFI
7913 variable to allow a random seed to be passed to the OS as described
7916 - "bootctl is-installed" checks whether systemd-boot is currently
7919 * bootctl will warn if it detects that boot entries are misconfigured
7920 (for example if the kernel image was removed without purging the
7923 * A new document has been added describing systemd's use and support
7924 for the kernel's entropy pool subsystem:
7926 https://systemd.io/RANDOM_SEEDS
7928 * When the system is hibernated the swap device to write the
7929 hibernation image to is now automatically picked from all available
7930 swap devices, preferring the swap device with the highest configured
7931 priority over all others, and picking the device with the most free
7932 space if there are multiple devices with the highest priority.
7934 * /etc/crypttab support has learnt a new keyfile-timeout= per-device
7935 option that permits selecting the timeout how long to wait for a
7936 device with an encryption key before asking for the password.
7938 * IOWeight= has learnt to properly set the IO weight when using the
7939 BFQ scheduler officially found in kernels 5.0+.
7941 * A new mailing list has been created for reporting of security issues:
7942 systemd-security@redhat.com. For mode details, see
7943 https://systemd.io/CONTRIBUTING#security-vulnerability-reports.
7945 Contributions from: Aaron Barany, Adrian Bunk, Alan Jenkins, Albrecht
7946 Lohofener, Andrej Valek, Anita Zhang, Arian van Putten, Balint Reczey,
7947 Bastien Nocera, Ben Boeckel, Benjamin Robin, camoz, Chen Qi, Chris
7948 Chiu, Chris Down, Christian Göttsche, Christian Kellner, Clinton Roy,
7949 Connor Reeder, Daniel Black, Daniel Lublin, Daniele Medri, Dan
7950 Streetman, Dave Reisner, Dave Ross, David Art, David Tardon, Debarshi
7951 Ray, Dimitri John Ledkov, Dominick Grift, Donald Buczek, Douglas
7952 Christman, Eric DeVolder, EtherGraf, Evgeny Vereshchagin, Feldwor,
7953 Felix Riemann, Florian Dollinger, Francesco Pennica, Franck Bui,
7954 Frantisek Sumsal, Franz Pletz, frederik, Hans de Goede, Iago López
7955 Galeiras, Insun Pyo, Ivan Shapovalov, Iwan Timmer, Jack, Jakob
7956 Unterwurzacher, Jan Chren, Jan Klötzke, Jan Losinski, Jan Pokorný, Jan
7957 Synacek, Jan-Michael Brummer, Jeka Pats, Jeremy Soller, Jérémy Rosen,
7958 Jiri Pirko, Joe Lin, Joerg Behrmann, Joe Richey, Jóhann B. Guðmundsson,
7959 Johannes Christ, Johannes Schmitz, Jonathan Rouleau, Jorge Niedbalski,
7960 Jörg Thalheim, Kai Krakow, Kai Lüke, Karel Zak, Kashyap Chamarthy,
7961 Krayushkin Konstantin, Lennart Poettering, Lubomir Rintel, Luca
7962 Boccassi, Luís Ferreira, Marc-André Lureau, Markus Felten, Martin Pitt,
7963 Matthew Leeds, Mattias Jernberg, Michael Biebl, Michael Olbrich,
7964 Michael Prokop, Michael Stapelberg, Michael Zhivich, Michal Koutný,
7965 Michal Sekletar, Mike Gilbert, Milan Broz, Miroslav Lichvar, mpe85,
7966 Mr-Foo, Network Silence, Oliver Harley, pan93412, Paul Menzel, pEJipE,
7967 Peter A. Bigot, Philip Withnall, Piotr Drąg, Rafael Fontenelle, Robert
7968 Scheck, Roberto Santalla, Ronan Pigott, root, RussianNeuroMancer,
7969 Sebastian Jennen, shinygold, Shreyas Behera, Simon Schricker, Susant
7970 Sahani, Thadeu Lima de Souza Cascardo, Theo Ouzhinski, Thiebaud
7971 Weksteen, Thomas Haller, Thomas Weißschuh, Tomas Mraz, Tommi Rantala,
7972 Topi Miettinen, VD-Lycos, ven, Vladimir Yerilov, Wieland Hoffmann,
7973 William A. Kennington III, William Wold, Xi Ruoyao, Yuri Chornoivan,
7974 Yu Watanabe, Zach Smith, Zbigniew Jędrzejewski-Szmek, Zhang Xianwei
7976 – Camerino, 2019-09-03
7980 * In .link files, MACAddressPolicy=persistent (the default) is changed
7981 to cover more devices. For devices like bridges, tun, tap, bond, and
7982 similar interfaces that do not have other identifying information,
7983 the interface name is used as the basis for persistent seed for MAC
7984 and IPv4LL addresses. The way that devices that were handled
7985 previously is not changed, and this change is about covering more
7986 devices then previously by the "persistent" policy.
7988 MACAddressPolicy=random may be used to force randomized MACs and
7989 IPv4LL addresses for a device if desired.
7991 Hint: the log output from udev (at debug level) was enhanced to
7992 clarify what policy is followed and which attributes are used.
7993 `SYSTEMD_LOG_LEVEL=debug udevadm test-builtin net_setup_link /sys/class/net/<name>`
7994 may be used to view this.
7996 Hint: if a bridge interface is created without any slaves, and gains
7997 a slave later, then now the bridge does not inherit slave's MAC.
7998 To inherit slave's MAC, for example, create the following file:
8000 # /etc/systemd/network/98-bridge-inherit-mac.link
8005 MACAddressPolicy=none
8008 * The .device units generated by systemd-fstab-generator and other
8009 generators do not automatically pull in the corresponding .mount unit
8010 as a Wants= dependency. This means that simply plugging in the device
8011 will not cause the mount unit to be started automatically. But please
8012 note that the mount unit may be started for other reasons, in
8013 particular if it is part of local-fs.target, and any unit which
8014 (transitively) depends on local-fs.target is started.
8016 * networkctl list/status/lldp now accept globbing wildcards for network
8017 interface names to match against all existing interfaces.
8019 * The $PIDFILE environment variable is set to point the absolute path
8020 configured with PIDFile= for processes of that service.
8022 * The fallback DNS server list was augmented with Cloudflare public DNS
8023 servers. Use `-Ddns-servers=` to set a different fallback.
8025 * A new special target usb-gadget.target will be started automatically
8026 when a USB Device Controller is detected (which means that the system
8027 is a USB peripheral).
8029 * A new unit setting CPUQuotaPeriodSec= assigns the time period
8030 relatively to which the CPU time quota specified by CPUQuota= is
8033 * A new unit setting ProtectHostname= may be used to prevent services
8034 from modifying hostname information (even if they otherwise would
8035 have privileges to do so).
8037 * A new unit setting NetworkNamespacePath= may be used to specify a
8038 namespace for service or socket units through a path referring to a
8039 Linux network namespace pseudo-file.
8041 * The PrivateNetwork= setting and JoinsNamespaceOf= dependencies now
8042 have an effect on .socket units: when used the listening socket is
8043 created within the configured network namespace instead of the host
8046 * ExecStart= command lines in unit files may now be prefixed with ':'
8047 in which case environment variable substitution is
8048 disabled. (Supported for the other ExecXYZ= settings, too.)
8050 * .timer units gained two new boolean settings OnClockChange= and
8051 OnTimezoneChange= which may be used to also trigger a unit when the
8052 system clock is changed or the local timezone is
8053 modified. systemd-run has been updated to make these options easily
8054 accessible from the command line for transient timers.
8056 * Two new conditions for units have been added: ConditionMemory= may be
8057 used to conditionalize a unit based on installed system
8058 RAM. ConditionCPUs= may be used to conditionalize a unit based on
8059 installed CPU cores.
8061 * The @default system call filter group understood by SystemCallFilter=
8062 has been updated to include the new rseq() system call introduced in
8065 * A new time-set.target has been added that indicates that the system
8066 time has been set from a local source (possibly imprecise). The
8067 existing time-sync.target is stronger and indicates that the time has
8068 been synchronized with a precise external source. Services where
8069 approximate time is sufficient should use the new target.
8071 * "systemctl start" (and related commands) learnt a new
8072 --show-transaction option. If specified brief information about all
8073 jobs queued because of the requested operation is shown.
8075 * systemd-networkd recognizes a new operation state 'enslaved', used
8076 (instead of 'degraded' or 'carrier') for interfaces which form a
8077 bridge, bond, or similar, and an new 'degraded-carrier' operational
8078 state used for the bond or bridge master interface when one of the
8079 enslaved devices is not operational.
8081 * .network files learnt the new IgnoreCarrierLoss= option for leaving
8082 networks configured even if the carrier is lost.
8084 * The RequiredForOnline= setting in .network files may now specify a
8085 minimum operational state required for the interface to be considered
8086 "online" by systemd-networkd-wait-online. Related to this
8087 systemd-networkd-wait-online gained a new option --operational-state=
8088 to configure the same, and its --interface= option was updated to
8089 optionally also take an operational state specific for an interface.
8091 * systemd-networkd-wait-online gained a new setting --any for waiting
8092 for only one of the requested interfaces instead of all of them.
8094 * systemd-networkd now implements L2TP tunnels.
8096 * Two new .network settings UseAutonomousPrefix= and UseOnLinkPrefix=
8097 may be used to cause autonomous and onlink prefixes received in IPv6
8098 Router Advertisements to be ignored.
8100 * New MulticastFlood=, NeighborSuppression=, and Learning= .network
8101 file settings may be used to tweak bridge behaviour.
8103 * The new TripleSampling= option in .network files may be used to
8104 configure CAN triple sampling.
8106 * A new .netdev settings PrivateKeyFile= and PresharedKeyFile= may be
8107 used to point to private or preshared key for a WireGuard interface.
8109 * /etc/crypttab now supports the same-cpu-crypt and
8110 submit-from-crypt-cpus options to tweak encryption work scheduling
8113 * systemd-tmpfiles will now take a BSD file lock before operating on a
8114 contents of directory. This may be used to temporarily exclude
8115 directories from aging by taking the same lock (useful for example
8116 when extracting a tarball into /tmp or /var/tmp as a privileged user,
8117 which might create files with really old timestamps, which
8118 nevertheless should not be deleted). For further details, see:
8120 https://systemd.io/TEMPORARY_DIRECTORIES
8122 * systemd-tmpfiles' h line type gained support for the
8123 FS_PROJINHERIT_FL ('P') file attribute (introduced in kernel 4.5),
8124 controlling project quota inheritance.
8126 * sd-boot and bootctl now implement support for an Extended Boot Loader
8127 (XBOOTLDR) partition, that is intended to be mounted to /boot, in
8128 addition to the ESP partition mounted to /efi or /boot/efi.
8129 Configuration file fragments, kernels, initrds and other EFI images
8130 to boot will be loaded from both the ESP and XBOOTLDR partitions.
8131 The XBOOTLDR partition was previously described by the Boot Loader
8132 Specification, but implementation was missing in sd-boot. Support for
8133 this concept allows using the sd-boot boot loader in more
8134 conservative scenarios where the boot loader itself is placed in the
8135 ESP but the kernels to boot (and their metadata) in a separate
8138 * A system may now be booted with systemd.volatile=overlay on the
8139 kernel command line, which causes the root file system to be set up
8140 an overlayfs mount combining the root-only root directory with a
8141 writable tmpfs. In this setup, the underlying root device is not
8142 modified, and any changes are lost at reboot.
8144 * Similar, systemd-nspawn can now boot containers with a volatile
8145 overlayfs root with the new --volatile=overlay switch.
8147 * systemd-nspawn can now consume OCI runtime bundles using a new
8148 --oci-bundle= option. This implementation is fully usable, with most
8149 features in the specification implemented, but since this a lot of
8150 new code and functionality, this feature should most likely not
8151 be used in production yet.
8153 * systemd-nspawn now supports various options described by the OCI
8154 runtime specification on the command-line and in .nspawn files:
8155 --inaccessible=/Inaccessible= may be used to mask parts of the file
8156 system tree, --console=/--pipe may be used to configure how standard
8157 input, output, and error are set up.
8159 * busctl learned the `emit` verb to generate D-Bus signals.
8161 * systemd-analyze cat-config may be used to gather and display
8162 configuration spread over multiple files, for example system and user
8163 presets, tmpfiles.d, sysusers.d, udev rules, etc.
8165 * systemd-analyze calendar now takes an optional new parameter
8166 --iterations= which may be used to show a maximum number of iterations
8167 the specified expression will elapse next.
8169 * The sd-bus C API gained support for naming method parameters in the
8172 * systemd-logind gained D-Bus APIs to specify the "reboot parameter"
8173 the reboot() system call expects.
8175 * journalctl learnt a new --cursor-file= option that points to a file
8176 from which a cursor should be loaded in the beginning and to which
8177 the updated cursor should be stored at the end.
8179 * ACRN hypervisor and Windows Subsystem for Linux (WSL) are now
8180 detected by systemd-detect-virt (and may also be used in
8181 ConditionVirtualization=).
8183 * The behaviour of systemd-logind may now be modified with environment
8184 variables $SYSTEMD_REBOOT_TO_FIRMWARE_SETUP,
8185 $SYSTEMD_REBOOT_TO_BOOT_LOADER_MENU, and
8186 $SYSTEMD_REBOOT_TO_BOOT_LOADER_ENTRY. They cause logind to either
8187 skip the relevant operation completely (when set to false), or to
8188 create a flag file in /run/systemd (when set to true), instead of
8189 actually commencing the real operation when requested. The presence
8190 of /run/systemd/reboot-to-firmware-setup,
8191 /run/systemd/reboot-to-boot-loader-menu, and
8192 /run/systemd/reboot-to-boot-loader-entry, may be used by alternative
8193 boot loader implementations to replace some steps logind performs
8194 during reboot with their own operations.
8196 * systemctl can be used to request a reboot into the boot loader menu
8197 or a specific boot loader entry with the new --boot-load-menu= and
8198 --boot-loader-entry= options to a reboot command. (This requires a
8199 boot loader that supports this, for example sd-boot.)
8201 * kernel-install will no longer unconditionally create the output
8202 directory (e.g. /efi/<machine-id>/<kernel-version>) for boot loader
8203 snippets, but will do only if the machine-specific parent directory
8204 (i.e. /efi/<machine-id>/) already exists. bootctl has been modified
8205 to create this parent directory during sd-boot installation.
8207 This makes it easier to use kernel-install with plugins which support
8208 a different layout of the bootloader partitions (for example grub2).
8210 * During package installation (with `ninja install`), we would create
8211 symlinks for getty@tty1.service, systemd-networkd.service,
8212 systemd-networkd.socket, systemd-resolved.service,
8213 remote-cryptsetup.target, remote-fs.target,
8214 systemd-networkd-wait-online.service, and systemd-timesyncd.service
8215 in /etc, as if `systemctl enable` was called for those units, to make
8216 the system usable immediately after installation. Now this is not
8217 done anymore, and instead calling `systemctl preset-all` is
8218 recommended after the first installation of systemd.
8220 * A new boolean sandboxing option RestrictSUIDSGID= has been added that
8221 is built on seccomp. When turned on creation of SUID/SGID files is
8224 * The NoNewPrivileges= and the new RestrictSUIDSGID= options are now
8225 implied if DynamicUser= is turned on for a service. This hardens
8226 these services, so that they neither can benefit from nor create
8227 SUID/SGID executables. This is a minor compatibility breakage, given
8228 that when DynamicUser= was first introduced SUID/SGID behaviour was
8229 unaffected. However, the security benefit of these two options is
8230 substantial, and the setting is still relatively new, hence we opted
8231 to make it mandatory for services with dynamic users.
8233 Contributions from: Adam Jackson, Alexander Tsoy, Andrey Yashkin,
8234 Andrzej Pietrasiewicz, Anita Zhang, Balint Reczey, Beniamino Galvani,
8235 Ben Iofel, Benjamin Berg, Benjamin Dahlhoff, Chris, Chris Morin,
8236 Christopher Wong, Claudius Ellsel, Clemens Gruber, dana, Daniel Black,
8237 Davide Cavalca, David Michael, David Rheinsberg, emersion, Evgeny
8238 Vereshchagin, Filipe Brandenburger, Franck Bui, Frantisek Sumsal,
8239 Giacinto Cifelli, Hans de Goede, Hugo Kindel, Ignat Korchagin, Insun
8240 Pyo, Jan Engelhardt, Jonas Dorel, Jonathan Lebon, Jonathon Kowalski,
8241 Jörg Sommer, Jörg Thalheim, Jussi Pakkanen, Kai-Heng Feng, Lennart
8242 Poettering, Lubomir Rintel, Luís Ferreira, Martin Pitt, Matthias
8243 Klumpp, Michael Biebl, Michael Niewöhner, Michael Olbrich, Michal
8244 Sekletar, Mike Lothian, Paul Menzel, Piotr Drąg, Riccardo Schirone,
8245 Robin Elvedi, Roman Kulikov, Ronald Tschalär, Ross Burton, Ryan
8246 Gonzalez, Sebastian Krzyszkowiak, Stephane Chazelas, StKob, Susant
8247 Sahani, Sylvain Plantefève, Szabolcs Fruhwald, Taro Yamada, Theo
8248 Ouzhinski, Thomas Haller, Tobias Jungel, Tom Yan, Tony Asleson, Topi
8249 Miettinen, unixsysadmin, Van Laser, Vesa Jääskeläinen, Yu, Li-Yu,
8250 Yu Watanabe, Zbigniew Jędrzejewski-Szmek
8252 — Warsaw, 2019-04-11
8256 * The default locale can now be configured at compile time. Otherwise,
8257 a suitable default will be selected automatically (one of C.UTF-8,
8258 en_US.UTF-8, and C).
8260 * The version string shown by systemd and other tools now includes the
8261 git commit hash when built from git. An override may be specified
8262 during compilation, which is intended to be used by distributions to
8263 include the package release information.
8265 * systemd-cat can now filter standard input and standard error streams
8266 for different syslog priorities using the new --stderr-priority=
8269 * systemd-journald and systemd-journal-remote reject entries which
8270 contain too many fields (CVE-2018-16865) and set limits on the
8271 process' command line length (CVE-2018-16864).
8273 * $DBUS_SESSION_BUS_ADDRESS environment variable is set by pam_systemd
8276 * A new network device NamePolicy "keep" is implemented for link files,
8277 and used by default in 99-default.link (the fallback configuration
8278 provided by systemd). With this policy, if the network device name
8279 was already set by userspace, the device will not be renamed again.
8280 This matches the naming scheme that was implemented before
8281 systemd-240. If naming-scheme < 240 is specified, the "keep" policy
8282 is also enabled by default, even if not specified. Effectively, this
8283 means that if naming-scheme >= 240 is specified, network devices will
8284 be renamed according to the configuration, even if they have been
8285 renamed already, if "keep" is not specified as the naming policy in
8286 the .link file. The 99-default.link file provided by systemd includes
8287 "keep" for backwards compatibility, but it is recommended for user
8288 installed .link files to *not* include it.
8290 The "kernel" policy, which keeps kernel names declared to be
8291 "persistent", now works again as documented.
8293 * kernel-install script now optionally takes the paths to one or more
8294 initrd files, and passes them to all plugins.
8296 * The mincore() system call has been dropped from the @system-service
8297 system call filter group, as it is pretty exotic and may potentially
8298 used for side-channel attacks.
8300 * -fPIE is dropped from compiler and linker options. Please specify
8301 -Db_pie=true option to meson to build position-independent
8302 executables. Note that the meson option is supported since meson-0.49.
8304 * The fs.protected_regular and fs.protected_fifos sysctls, which were
8305 added in Linux 4.19 to make some data spoofing attacks harder, are
8306 now enabled by default. While this will hopefully improve the
8307 security of most installations, it is technically a backwards
8308 incompatible change; to disable these sysctls again, place the
8309 following lines in /etc/sysctl.d/60-protected.conf or a similar file:
8311 fs.protected_regular = 0
8312 fs.protected_fifos = 0
8314 Note that the similar hardlink and symlink protection has been
8315 enabled since v199, and may be disabled likewise.
8317 * The files read from the EnvironmentFile= setting in unit files now
8318 parse backslashes inside quotes literally, matching the behaviour of
8321 * udevadm trigger, udevadm control, udevadm settle and udevadm monitor
8322 now automatically become NOPs when run in a chroot() environment.
8324 * The tmpfiles.d/ "C" line type will now copy directory trees not only
8325 when the destination is so far missing, but also if it already exists
8326 as a directory and is empty. This is useful to cater for systems
8327 where directory trees are put together from multiple separate mount
8328 points but otherwise empty.
8330 * A new function sd_bus_close_unref() (and the associated
8331 sd_bus_close_unrefp()) has been added to libsystemd, that combines
8332 sd_bus_close() and sd_bus_unref() in one.
8334 * udevadm control learnt a new option for --ping for testing whether a
8335 systemd-udevd instance is running and reacting.
8337 * udevadm trigger learnt a new option for --wait-daemon for waiting
8338 systemd-udevd daemon to be initialized.
8340 Contributions from: Aaron Plattner, Alberts Muktupāvels, Alex Mayer,
8341 Ayman Bagabas, Beniamino Galvani, Burt P, Chris Down, Chris Lamb, Chris
8342 Morin, Christian Hesse, Claudius Ellsel, dana, Daniel Axtens, Daniele
8343 Medri, Dave Reisner, David Santamaría Rogado, Diego Canuhe, Dimitri
8344 John Ledkov, Evgeny Vereshchagin, Fabrice Fontaine, Filipe
8345 Brandenburger, Franck Bui, Frantisek Sumsal, govwin, Hans de Goede,
8346 James Hilliard, Jan Engelhardt, Jani Uusitalo, Jan Janssen, Jan
8347 Synacek, Jonathan McDowell, Jonathan Roemer, Jonathon Kowalski, Joost
8348 Heitbrink, Jörg Thalheim, Lance, Lennart Poettering, Louis Taylor,
8349 Lucas Werkmeister, Mantas Mikulėnas, Marc-Antoine Perennou,
8350 marvelousblack, Michael Biebl, Michael Sloan, Michal Sekletar, Mike
8351 Auty, Mike Gilbert, Mikhail Kasimov, Neil Brown, Niklas Hambüchen,
8352 Patrick Williams, Paul Seyfert, Peter Hutterer, Philip Withnall, Roger
8353 James, Ronnie P. Thomas, Ryan Gonzalez, Sam Morris, Stephan Edel,
8354 Stephan Gerhold, Susant Sahani, Taro Yamada, Thomas Haller, Topi
8355 Miettinen, YiFei Zhu, YmrDtnJu, YunQiang Su, Yu Watanabe, Zbigniew
8356 Jędrzejewski-Szmek, zsergeant77, Дамјан Георгиевски
8358 — Berlin, 2019-02-14
8362 * NoNewPrivileges=yes has been set for all long-running services
8363 implemented by systemd. Previously, this was problematic due to
8364 SELinux (as this would also prohibit the transition from PID1's label
8365 to the service's label). This restriction has since been lifted, but
8366 an SELinux policy update is required.
8367 (See e.g. https://github.com/fedora-selinux/selinux-policy/pull/234.)
8369 * DynamicUser=yes is dropped from systemd-networkd.service,
8370 systemd-resolved.service and systemd-timesyncd.service, which was
8371 enabled in v239 for systemd-networkd.service and systemd-resolved.service,
8372 and since v236 for systemd-timesyncd.service. The users and groups
8373 systemd-network, systemd-resolve and systemd-timesync are created
8374 by systemd-sysusers again. Distributors or system administrators
8375 may need to create these users and groups if they not exist (or need
8376 to re-enable DynamicUser= for those units) while upgrading systemd.
8377 Also, the clock file for systemd-timesyncd may need to move from
8378 /var/lib/private/systemd/timesync/clock to /var/lib/systemd/timesync/clock.
8380 * When unit files are loaded from disk, previously systemd would
8381 sometimes (depending on the unit loading order) load units from the
8382 target path of symlinks in .wants/ or .requires/ directories of other
8383 units. This meant that unit could be loaded from different paths
8384 depending on whether the unit was requested explicitly or as a
8385 dependency of another unit, not honouring the priority of directories
8386 in search path. It also meant that it was possible to successfully
8387 load and start units which are not found in the unit search path, as
8388 long as they were requested as a dependency and linked to from
8389 .wants/ or .requires/. The target paths of those symlinks are not
8390 used for loading units anymore and the unit file must be found in
8393 * A new service type has been added: Type=exec. It's very similar to
8394 Type=simple but ensures the service manager will wait for both fork()
8395 and execve() of the main service binary to complete before proceeding
8396 with follow-up units. This is primarily useful so that the manager
8397 propagates any errors in the preparation phase of service execution
8398 back to the job that requested the unit to be started. For example,
8399 consider a service that has ExecStart= set to a file system binary
8400 that doesn't exist. With Type=simple starting the unit would be
8401 considered instantly successful, as only fork() has to complete
8402 successfully and the manager does not wait for execve(), and hence
8403 its failure is seen "too late". With the new Type=exec service type
8404 starting the unit will fail, as the manager will wait for the
8405 execve() and notice its failure, which is then propagated back to the
8408 NOTE: with the next release 241 of systemd we intend to change the
8409 systemd-run tool to default to Type=exec for transient services
8410 started by it. This should be mostly safe, but in specific corner
8411 cases might result in problems, as the systemd-run tool will then
8412 block on NSS calls (such as user name look-ups due to User=) done
8413 between the fork() and execve(), which under specific circumstances
8414 might cause problems. It is recommended to specify "-p Type=simple"
8415 explicitly in the few cases where this applies. For regular,
8416 non-transient services (i.e. those defined with unit files on disk)
8417 we will continue to default to Type=simple.
8419 * The Linux kernel's current default RLIMIT_NOFILE resource limit for
8420 userspace processes is set to 1024 (soft) and 4096
8421 (hard). Previously, systemd passed this on unmodified to all
8422 processes it forked off. With this systemd release the hard limit
8423 systemd passes on is increased to 512K, overriding the kernel's
8424 defaults and substantially increasing the number of simultaneous file
8425 descriptors unprivileged userspace processes can allocate. Note that
8426 the soft limit remains at 1024 for compatibility reasons: the
8427 traditional UNIX select() call cannot deal with file descriptors >=
8428 1024 and increasing the soft limit globally might thus result in
8429 programs unexpectedly allocating a high file descriptor and thus
8430 failing abnormally when attempting to use it with select() (of
8431 course, programs shouldn't use select() anymore, and prefer
8432 poll()/epoll, but the call unfortunately remains undeservedly popular
8433 at this time). This change reflects the fact that file descriptor
8434 handling in the Linux kernel has been optimized in more recent
8435 kernels and allocating large numbers of them should be much cheaper
8436 both in memory and in performance than it used to be. Programs that
8437 want to take benefit of the increased limit have to "opt-in" into
8438 high file descriptors explicitly by raising their soft limit. Of
8439 course, when they do that they must acknowledge that they cannot use
8440 select() anymore (and neither can any shared library they use — or
8441 any shared library used by any shared library they use and so on).
8442 Which default hard limit is most appropriate is of course hard to
8443 decide. However, given reports that ~300K file descriptors are used
8444 in real-life applications we believe 512K is sufficiently high as new
8445 default for now. Note that there are also reports that using very
8446 high hard limits (e.g. 1G) is problematic: some software allocates
8447 large arrays with one element for each potential file descriptor
8448 (Java, …) — a high hard limit thus triggers excessively large memory
8449 allocations in these applications. Hopefully, the new default of 512K
8450 is a good middle ground: higher than what real-life applications
8451 currently need, and low enough for avoid triggering excessively large
8452 allocations in problematic software. (And yes, somebody should fix
8455 * The fs.nr_open and fs.file-max sysctls are now automatically bumped
8456 to the highest possible values, as separate accounting of file
8457 descriptors is no longer necessary, as memcg tracks them correctly as
8458 part of the memory accounting anyway. Thus, from the four limits on
8459 file descriptors currently enforced (fs.file-max, fs.nr_open,
8460 RLIMIT_NOFILE hard, RLIMIT_NOFILE soft) we turn off the first two,
8461 and keep only the latter two. A set of build-time options
8462 (-Dbump-proc-sys-fs-file-max=false and -Dbump-proc-sys-fs-nr-open=false)
8463 has been added to revert this change in behaviour, which might be
8464 an option for systems that turn off memcg in the kernel.
8466 * When no /etc/locale.conf file exists (and hence no locale settings
8467 are in place), systemd will now use the "C.UTF-8" locale by default,
8468 and set LANG= to it. This locale is supported by various
8469 distributions including Fedora, with clear indications that upstream
8470 glibc is going to make it available too. This locale enables UTF-8
8471 mode by default, which appears appropriate for 2018.
8473 * The "net.ipv4.conf.all.rp_filter" sysctl will now be set to 2 by
8474 default. This effectively switches the RFC3704 Reverse Path filtering
8475 from Strict mode to Loose mode. This is more appropriate for hosts
8476 that have multiple links with routes to the same networks (e.g.
8477 a client with a Wi-Fi and Ethernet both connected to the internet).
8479 Consult the kernel documentation for details on this sysctl:
8480 https://docs.kernel.org/networking/ip-sysctl.html
8482 * The v239 change to turn on "net.ipv4.tcp_ecn" by default has been
8485 * CPUAccounting=yes no longer enables the CPU controller when using
8486 kernel 4.15+ and the unified cgroup hierarchy, as required accounting
8487 statistics are now provided independently from the CPU controller.
8489 * Support for disabling a particular cgroup controller within a sub-tree
8490 has been added through the DisableControllers= directive.
8492 * cgroup_no_v1=all on the kernel command line now also implies
8493 using the unified cgroup hierarchy, unless one explicitly passes
8494 systemd.unified_cgroup_hierarchy=0 on the kernel command line.
8496 * The new "MemoryMin=" unit file property may now be used to set the
8497 memory usage protection limit of processes invoked by the unit. This
8498 controls the cgroup v2 memory.min attribute. Similarly, the new
8499 "IODeviceLatencyTargetSec=" property has been added, wrapping the new
8500 cgroup v2 io.latency cgroup property for configuring per-service I/O
8503 * systemd now supports the cgroup v2 devices BPF logic, as counterpart
8504 to the cgroup v1 "devices" cgroup controller.
8506 * systemd-escape now is able to combine --unescape with --template. It
8507 also learnt a new option --instance for extracting and unescaping the
8508 instance part of a unit name.
8510 * sd-bus now provides the sd_bus_message_readv() which is similar to
8511 sd_bus_message_read() but takes a va_list object. The pair
8512 sd_bus_set_method_call_timeout() and sd_bus_get_method_call_timeout()
8513 has been added for configuring the default method call timeout to
8514 use. sd_bus_error_move() may be used to efficiently move the contents
8515 from one sd_bus_error structure to another, invalidating the
8516 source. sd_bus_set_close_on_exit() and sd_bus_get_close_on_exit() may
8517 be used to control whether a bus connection object is automatically
8518 flushed when an sd-event loop is exited.
8520 * When processing classic BSD syslog log messages, journald will now
8521 save the original time-stamp string supplied in the new
8522 SYSLOG_TIMESTAMP= journal field. This permits consumers to
8523 reconstruct the original BSD syslog message more correctly.
8525 * StandardOutput=/StandardError= in service files gained support for
8526 new "append:…" parameters, for connecting STDOUT/STDERR of a service
8527 to a file, and appending to it.
8529 * The signal to use as last step of killing of unit processes is now
8530 configurable. Previously it was hard-coded to SIGKILL, which may now
8531 be overridden with the new KillSignal= setting. Note that this is the
8532 signal used when regular termination (i.e. SIGTERM) does not suffice.
8533 Similarly, the signal used when aborting a program in case of a
8534 watchdog timeout may now be configured too (WatchdogSignal=).
8536 * The XDG_SESSION_DESKTOP environment variable may now be configured in
8537 the pam_systemd argument line, using the new desktop= switch. This is
8538 useful to initialize it properly from a display manager without
8539 having to touch C code.
8541 * Most configuration options that previously accepted percentage values
8542 now also accept permille values with the '‰' suffix (instead of '%').
8544 * systemd-resolved may now optionally use OpenSSL instead of GnuTLS for
8547 * systemd-resolved's configuration file resolved.conf gained a new
8548 option ReadEtcHosts= which may be used to turn off processing and
8549 honoring /etc/hosts entries.
8551 * The "--wait" switch may now be passed to "systemctl
8552 is-system-running", in which case the tool will synchronously wait
8553 until the system finished start-up.
8555 * hostnamed gained a new bus call to determine the DMI product UUID.
8557 * On x86-64 systemd will now prefer using the RDRAND processor
8558 instruction over /dev/urandom whenever it requires randomness that
8559 neither has to be crypto-grade nor should be reproducible. This
8560 should substantially reduce the amount of entropy systemd requests
8561 from the kernel during initialization on such systems, though not
8562 reduce it to zero. (Why not zero? systemd still needs to allocate
8563 UUIDs and such uniquely, which require high-quality randomness.)
8565 * networkd gained support for Foo-Over-UDP, ERSPAN and ISATAP
8566 tunnels. It also gained a new option ForceDHCPv6PDOtherInformation=
8567 for forcing the "Other Information" bit in IPv6 RA messages. The
8568 bonding logic gained four new options AdActorSystemPriority=,
8569 AdUserPortKey=, AdActorSystem= for configuring various 802.3ad
8570 aspects, and DynamicTransmitLoadBalancing= for enabling dynamic
8571 shuffling of flows. The tunnel logic gained a new
8572 IPv6RapidDeploymentPrefix= option for configuring IPv6 Rapid
8573 Deployment. The policy rule logic gained four new options IPProtocol=,
8574 SourcePort= and DestinationPort=, InvertRule=. The bridge logic gained
8575 support for the MulticastToUnicast= option. networkd also gained
8576 support for configuring static IPv4 ARP or IPv6 neighbor entries.
8578 * .preset files (as read by 'systemctl preset') may now be used to
8579 instantiate services.
8581 * /etc/crypttab now understands the sector-size= option to configure
8582 the sector size for an encrypted partition.
8584 * Key material for encrypted disks may now be placed on a formatted
8585 medium, and referenced from /etc/crypttab by the UUID of the file
8586 system, followed by "=" suffixed by the path to the key file.
8588 * The "collect" udev component has been removed without replacement, as
8589 it is neither used nor maintained.
8591 * When the RuntimeDirectory=, StateDirectory=, CacheDirectory=,
8592 LogsDirectory=, ConfigurationDirectory= settings are used in a
8593 service the executed processes will now receive a set of environment
8594 variables containing the full paths of these directories.
8595 Specifically, RUNTIME_DIRECTORY=, STATE_DIRECTORY, CACHE_DIRECTORY,
8596 LOGS_DIRECTORY, CONFIGURATION_DIRECTORY are now set if these options
8597 are used. Note that these options may be used multiple times per
8598 service in which case the resulting paths will be concatenated and
8599 separated by colons.
8601 * Predictable interface naming has been extended to cover InfiniBand
8602 NICs. They will be exposed with an "ib" prefix.
8604 * tmpfiles.d/ line types may now be suffixed with a '-' character, in
8605 which case the respective line failing is ignored.
8607 * .link files may now be used to configure the equivalent to the
8608 "ethtool advertise" commands.
8610 * The sd-device.h and sd-hwdb.h APIs are now exported, as an
8611 alternative to libudev.h. Previously, the latter was just an internal
8612 wrapper around the former, but now these two APIs are exposed
8615 * sd-id128.h gained a new function sd_id128_get_boot_app_specific()
8616 which calculates an app-specific boot ID similar to how
8617 sd_id128_get_machine_app_specific() generates an app-specific machine
8620 * A new tool systemd-id128 has been added that can be used to determine
8621 and generate various 128-bit IDs.
8623 * /etc/os-release gained two new standardized fields DOCUMENTATION_URL=
8626 * systemd-hibernate-resume-generator will now honor the "noresume"
8627 kernel command line option, in which case it will bypass resuming
8628 from any hibernated image.
8630 * The systemd-sleep.conf configuration file gained new options
8631 AllowSuspend=, AllowHibernation=, AllowSuspendThenHibernate=,
8632 AllowHybridSleep= for prohibiting specific sleep modes even if the
8633 kernel exports them.
8635 * portablectl is now officially supported and has thus moved to
8638 * bootctl learnt the two new commands "set-default" and "set-oneshot"
8639 for setting the default boot loader item to boot to (either
8640 persistently or only for the next boot). This is currently only
8641 compatible with sd-boot, but may be implemented on other boot loaders
8642 too, that follow the boot loader interface. The updated interface is
8643 now documented here:
8645 https://systemd.io/BOOT_LOADER_INTERFACE
8647 * A new kernel command line option systemd.early_core_pattern= is now
8648 understood which may be used to influence the core_pattern PID 1
8649 installs during early boot.
8651 * busctl learnt two new options -j and --json= for outputting method
8652 call replies, properties and monitoring output in JSON.
8654 * journalctl's JSON output now supports simple ANSI coloring as well as
8655 a new "json-seq" mode for generating RFC7464 output.
8657 * Unit files now support the %g/%G specifiers that resolve to the UNIX
8658 group/GID of the service manager runs as, similar to the existing
8659 %u/%U specifiers that resolve to the UNIX user/UID.
8661 * systemd-logind learnt a new global configuration option
8662 UserStopDelaySec= that may be set in logind.conf. It specifies how
8663 long the systemd --user instance shall remain started after a user
8664 logs out. This is useful to speed up repetitive re-connections of the
8665 same user, as it means the user's service manager doesn't have to be
8666 stopped/restarted on each iteration, but can be reused between
8667 subsequent options. This setting defaults to 10s. systemd-logind also
8668 exports two new properties on its Manager D-Bus objects indicating
8669 whether the system's lid is currently closed, and whether the system
8672 * systemd gained support for a generic boot counting logic, which
8673 generically permits automatic reverting to older boot loader entries
8674 if newer updated ones don't work. The boot loader side is implemented
8675 in sd-boot, but is kept open for other boot loaders too. For details
8678 https://systemd.io/AUTOMATIC_BOOT_ASSESSMENT
8680 * The SuccessAction=/FailureAction= unit file settings now learnt two
8681 new parameters: "exit" and "exit-force", which result in immediate
8682 exiting of the service manager, and are only useful in systemd --user
8683 and container environments.
8685 * Unit files gained support for a pair of options
8686 FailureActionExitStatus=/SuccessActionExitStatus= for configuring the
8687 exit status to use as service manager exit status when
8688 SuccessAction=/FailureAction= is set to exit or exit-force.
8690 * A pair of LogRateLimitIntervalSec=/LogRateLimitBurst= per-service
8691 options may now be used to configure the log rate limiting applied by
8692 journald per-service.
8694 * systemd-analyze gained a new verb "timespan" for parsing and
8695 normalizing time span values (i.e. strings like "5min 7s 8us").
8697 * systemd-analyze also gained a new verb "security" for analyzing the
8698 security and sand-boxing settings of services in order to determine an
8699 "exposure level" for them, indicating whether a service would benefit
8700 from more sand-boxing options turned on for them.
8702 * "systemd-analyze syscall-filter" will now also show system calls
8703 supported by the local kernel but not included in any of the defined
8706 * .nspawn files now understand the Ephemeral= setting, matching the
8707 --ephemeral command line switch.
8709 * sd-event gained the new APIs sd_event_source_get_floating() and
8710 sd_event_source_set_floating() for controlling whether a specific
8711 event source is "floating", i.e. destroyed along with the even loop
8714 * Unit objects on D-Bus gained a new "Refs" property that lists all
8715 clients that currently have a reference on the unit (to ensure it is
8718 * The JoinControllers= option in system.conf is no longer supported, as
8719 it didn't work correctly, is hard to support properly, is legacy (as
8720 the concept only exists on cgroup v1) and apparently wasn't used.
8722 * Journal messages that are generated whenever a unit enters the failed
8723 state are now tagged with a unique MESSAGE_ID. Similarly, messages
8724 generated whenever a service process exits are now made recognizable,
8725 too. A tagged message is also emitted whenever a unit enters the
8726 "dead" state on success.
8728 * systemd-run gained a new switch --working-directory= for configuring
8729 the working directory of the service to start. A shortcut -d is
8730 equivalent, setting the working directory of the service to the
8731 current working directory of the invoking program. The new --shell
8732 (or just -S) option has been added for invoking the $SHELL of the
8733 caller as a service, and implies --pty --same-dir --wait --collect
8734 --service-type=exec. Or in other words, "systemd-run -S" is now the
8735 quickest way to quickly get an interactive in a fully clean and
8736 well-defined system service context.
8738 * machinectl gained a new verb "import-fs" for importing an OS tree
8739 from a directory. Moreover, when a directory or tarball is imported
8740 and single top-level directory found with the OS itself below the OS
8741 tree is automatically mangled and moved one level up.
8743 * systemd-importd will no longer set up an implicit btrfs loop-back
8744 file system on /var/lib/machines. If one is already set up, it will
8745 continue to be used.
8747 * A new generator "systemd-run-generator" has been added. It will
8748 synthesize a unit from one or more program command lines included in
8749 the kernel command line. This is very useful in container managers
8752 # systemd-nspawn -i someimage.raw -b systemd.run='"some command line"'
8754 This will run "systemd-nspawn" on an image, invoke the specified
8755 command line and immediately shut down the container again, returning
8756 the command line's exit code.
8758 * The block device locking logic is now documented:
8760 https://systemd.io/BLOCK_DEVICE_LOCKING
8762 * loginctl and machinectl now optionally output the various tables in
8763 JSON using the --output= switch. It is our intention to add similar
8764 support to systemctl and all other commands.
8766 * udevadm's query and trigger verb now optionally take a .device unit
8769 * systemd-udevd's network naming logic now understands a new
8770 net.naming_scheme= kernel command line switch, which may be used to
8771 pick a specific version of the naming scheme. This helps stabilizing
8772 interface names even as systemd/udev are updated and the naming logic
8775 * sd-id128.h learnt two new auxiliary helpers: sd_id128_is_allf() and
8776 SD_ID128_ALLF to test if a 128-bit ID is set to all 0xFF bytes, and to
8777 initialize one to all 0xFF.
8779 * After loading the SELinux policy systemd will now recursively relabel
8780 all files and directories listed in
8781 /run/systemd/relabel-extra.d/*.relabel (which should be simple
8782 newline separated lists of paths) in addition to the ones it already
8783 implicitly relabels in /run, /dev and /sys. After the relabelling is
8784 completed the *.relabel files (and /run/systemd/relabel-extra.d/) are
8785 removed. This is useful to permit initrds (i.e. code running before
8786 the SELinux policy is in effect) to generate files in the host
8787 filesystem safely and ensure that the correct label is applied during
8788 the transition to the host OS.
8790 * KERNEL API BREAKAGE: Linux kernel 4.18 changed behaviour regarding
8791 mknod() handling in user namespaces. Previously mknod() would always
8792 fail with EPERM in user namespaces. Since 4.18 mknod() will succeed
8793 but device nodes generated that way cannot be opened, and attempts to
8794 open them result in EPERM. This breaks the "graceful fallback" logic
8795 in systemd's PrivateDevices= sand-boxing option. This option is
8796 implemented defensively, so that when systemd detects it runs in a
8797 restricted environment (such as a user namespace, or an environment
8798 where mknod() is blocked through seccomp or absence of CAP_SYS_MKNOD)
8799 where device nodes cannot be created the effect of PrivateDevices= is
8800 bypassed (following the logic that 2nd-level sand-boxing is not
8801 essential if the system systemd runs in is itself already sand-boxed
8802 as a whole). This logic breaks with 4.18 in container managers where
8803 user namespacing is used: suddenly PrivateDevices= succeeds setting
8804 up a private /dev/ file system containing devices nodes — but when
8805 these are opened they don't work.
8807 At this point it is recommended that container managers utilizing
8808 user namespaces that intend to run systemd in the payload explicitly
8809 block mknod() with seccomp or similar, so that the graceful fallback
8812 We are very sorry for the breakage and the requirement to change
8813 container configurations for newer kernels. It's purely caused by an
8814 incompatible kernel change. The relevant kernel developers have been
8815 notified about this userspace breakage quickly, but they chose to
8818 * PermissionsStartOnly= setting is deprecated (but is still supported
8819 for backwards compatibility). The same functionality is provided by
8820 the more flexible "+", "!", and "!!" prefixes to ExecStart= and other
8823 * $DBUS_SESSION_BUS_ADDRESS environment variable is not set by
8824 pam_systemd anymore.
8826 * The naming scheme for network devices was changed to always rename
8827 devices, even if they were already renamed by userspace. The "kernel"
8828 policy was changed to only apply as a fallback, if no other naming
8831 * The requirements to build systemd is bumped to meson-0.46 and
8834 Contributions from: afg, Alan Jenkins, Aleksei Timofeyev, Alexander
8835 Filippov, Alexander Kurtz, Alexey Bogdanenko, Andreas Henriksson,
8836 Andrew Jorgensen, Anita Zhang, apnix-uk, Arkan49, Arseny Maslennikov,
8837 asavah, Asbjørn Apeland, aszlig, Bastien Nocera, Ben Boeckel, Benedikt
8838 Morbach, Benjamin Berg, Bruce Zhang, Carlo Caione, Cedric Viou, Chen
8839 Qi, Chris Chiu, Chris Down, Chris Morin, Christian Rebischke, Claudius
8840 Ellsel, Colin Guthrie, dana, Daniel, Daniele Medri, Daniel Kahn
8841 Gillmor, Daniel Rusek, Daniel van Vugt, Dariusz Gadomski, Dave Reisner,
8842 David Anderson, Davide Cavalca, David Leeds, David Malcolm, David
8843 Strauss, David Tardon, Dimitri John Ledkov, Dmitry Torokhov, dj-kaktus,
8844 Dongsu Park, Elias Probst, Emil Soleyman, Erik Kooistra, Ervin Peters,
8845 Evgeni Golov, Evgeny Vereshchagin, Fabrice Fontaine, Faheel Ahmad,
8846 Faizal Luthfi, Felix Yan, Filipe Brandenburger, Franck Bui, Frank
8847 Schaefer, Frantisek Sumsal, Gautier Husson, Gianluca Boiano, Giuseppe
8848 Scrivano, glitsj16, Hans de Goede, Harald Hoyer, Harry Mallon, Harshit
8849 Jain, Helmut Grohne, Henry Tung, Hui Yiqun, imayoda, Insun Pyo, Iwan
8850 Timmer, Jan Janssen, Jan Pokorný, Jan Synacek, Jason A. Donenfeld,
8851 javitoom, Jérémy Nouhaud, Jeremy Su, Jiuyang Liu, João Paulo Rechi
8852 Vita, Joe Hershberger, Joe Rayhawk, Joerg Behrmann, Joerg Steffens,
8853 Jonas Dorel, Jon Ringle, Josh Soref, Julian Andres Klode, Jun Bo Bi,
8854 Jürg Billeter, Keith Busch, Khem Raj, Kirill Marinushkin, Larry
8855 Bernstone, Lennart Poettering, Lion Yang, Li Song, Lorenz
8856 Hübschle-Schneider, Lubomir Rintel, Lucas Werkmeister, Ludwin Janvier,
8857 Lukáš Nykrýn, Luke Shumaker, mal, Marc-Antoine Perennou, Marcin
8858 Skarbek, Marco Trevisan (Treviño), Marian Cepok, Mario Hros, Marko
8859 Myllynen, Markus Grimm, Martin Pitt, Martin Sobotka, Martin Wilck,
8860 Mathieu Trudel-Lapierre, Matthew Leeds, Michael Biebl, Michael Olbrich,
8861 Michael 'pbone' Pobega, Michael Scherer, Michal Koutný, Michal
8862 Sekletar, Michal Soltys, Mike Gilbert, Mike Palmer, Muhammet Kara, Neal
8863 Gompa, Neil Brown, Network Silence, Niklas Tibbling, Nikolas Nyby,
8864 Nogisaka Sadata, Oliver Smith, Patrik Flykt, Pavel Hrdina, Paweł
8865 Szewczyk, Peter Hutterer, Piotr Drąg, Ray Strode, Reinhold Mueller,
8866 Renaud Métrich, Roman Gushchin, Ronny Chevalier, Rubén Suárez Alvarez,
8867 Ruixin Bao, RussianNeuroMancer, Ryutaroh Matsumoto, Saleem Rashid, Sam
8868 Morris, Samuel Morris, Sandy Carter, scootergrisen, Sébastien Bacher,
8869 Sergey Ptashnick, Shawn Landden, Shengyao Xue, Shih-Yuan Lee
8870 (FourDollars), Silvio Knizek, Sjoerd Simons, Stasiek Michalski, Stephen
8871 Gallagher, Steven Allen, Steve Ramage, Susant Sahani, Sven Joachim,
8872 Sylvain Plantefève, Tanu Kaskinen, Tejun Heo, Thiago Macieira, Thomas
8873 Blume, Thomas Haller, Thomas H. P. Andersen, Tim Ruffing, TJ, Tobias
8874 Jungel, Todd Walton, Tommi Rantala, Tomsod M, Tony Novak, Tore
8875 Anderson, Trevonn, Victor Laskurain, Victor Tapia, Violet Halo, Vojtech
8876 Trefny, welaq, William A. Kennington III, William Douglas, Wyatt Ward,
8877 Xiang Fan, Xi Ruoyao, Xuanwo, Yann E. Morin, YmrDtnJu, Yu Watanabe,
8878 Zbigniew Jędrzejewski-Szmek, Zhang Xianwei, Zsolt Dollenstein
8880 — Warsaw, 2018-12-21
8884 * NETWORK INTERFACE DEVICE NAMING CHANGES: systemd-udevd's "net_id"
8885 builtin will name network interfaces differently than in previous
8886 versions for virtual network interfaces created with SR-IOV and NPAR
8887 and for devices where the PCI network controller device does not have
8888 a slot number associated.
8890 SR-IOV virtual devices are now named based on the name of the parent
8891 interface, with a suffix of "v<N>", where <N> is the virtual device
8892 number. Previously those virtual devices were named as if completely
8895 The ninth and later NPAR virtual devices will be named following the
8896 scheme used for the first eight NPAR partitions. Previously those
8897 devices were not renamed and the kernel default (eth<n>) was used.
8899 "net_id" will also generate names for PCI devices where the PCI
8900 network controller device does not have an associated slot number
8901 itself, but one of its parents does. Previously those devices were
8902 not renamed and the kernel default (eth<n>) was used.
8904 * AF_INET and AF_INET6 are dropped from RestrictAddressFamilies= in
8905 systemd-logind.service. Since v235, IPAddressDeny=any has been set to
8906 the unit. So, it is expected that the default behavior of
8907 systemd-logind is not changed. However, if distribution packagers or
8908 administrators disabled or modified IPAddressDeny= setting by a
8909 drop-in config file, then it may be necessary to update the file to
8910 re-enable AF_INET and AF_INET6 to support network user name services,
8913 * When the RestrictNamespaces= unit property is specified multiple
8914 times, then the specified types are merged now. Previously, only the
8915 last assignment was used. So, if distribution packagers or
8916 administrators modified the setting by a drop-in config file, then it
8917 may be necessary to update the file.
8919 * When OnFailure= is used in combination with Restart= on a service
8920 unit, then the specified units will no longer be triggered on
8921 failures that result in restarting. Previously, the specified units
8922 would be activated each time the unit failed, even when the unit was
8923 going to be restarted automatically. This behaviour contradicted the
8924 documentation. With this release the code is adjusted to match the
8927 * systemd-tmpfiles will now print a notice whenever it encounters
8928 tmpfiles.d/ lines referencing the /var/run/ directory. It will
8929 recommend reworking them to use the /run/ directory instead (for
8930 which /var/run/ is simply a symlinked compatibility alias). This way
8931 systemd-tmpfiles can properly detect line conflicts and merge lines
8932 referencing the same file by two paths, without having to access
8935 * systemctl disable/unmask/preset/preset-all cannot be used with
8936 --runtime. Previously this was allowed, but resulted in unintuitive
8937 behaviour that wasn't useful. systemctl disable/unmask will now undo
8938 both runtime and persistent enablement/masking, i.e. it will remove
8939 any relevant symlinks both in /run and /etc.
8941 * Note that all long-running system services shipped with systemd will
8942 now default to a system call allow list (rather than a deny list, as
8943 before). In particular, systemd-udevd will now enforce one too. For
8944 most cases this should be safe, however downstream distributions
8945 which disabled sandboxing of systemd-udevd (specifically the
8946 MountFlags= setting), might want to disable this security feature
8947 too, as the default allow-listing will prohibit all mount, swap,
8948 reboot and clock changing operations from udev rules.
8950 * sd-boot acquired new loader configuration settings to optionally turn
8951 off Windows and MacOS boot partition discovery as well as
8952 reboot-into-firmware menu items. It is also able to pick a better
8953 screen resolution for HiDPI systems, and now provides loader
8954 configuration settings to change the resolution explicitly.
8956 * systemd-resolved now supports DNS-over-TLS. It's still
8957 turned off by default, use DNSOverTLS=opportunistic to turn it on in
8958 resolved.conf. We intend to make this the default as soon as couple
8959 of additional techniques for optimizing the initial latency caused by
8960 establishing a TLS/TCP connection are implemented.
8962 * systemd-resolved.service and systemd-networkd.service now set
8963 DynamicUser=yes. The users systemd-resolve and systemd-network are
8964 not created by systemd-sysusers anymore.
8966 NOTE: This has a chance of breaking nss-ldap and similar NSS modules
8967 that embed a network facing module into any process using getpwuid()
8968 or related call: the dynamic allocation of the user ID for
8969 systemd-resolved.service means the service manager has to check NSS
8970 if the user name is already taken when forking off the service. Since
8971 the user in the common case won't be defined in /etc/passwd the
8972 lookup is likely to trigger nss-ldap which in turn might use NSS to
8973 ask systemd-resolved for hostname lookups. This will hence result in
8974 a deadlock: a user name lookup in order to start
8975 systemd-resolved.service will result in a hostname lookup for which
8976 systemd-resolved.service needs to be started already. There are
8977 multiple ways to work around this problem: pre-allocate the
8978 "systemd-resolve" user on such systems, so that nss-ldap won't be
8979 triggered; or use a different NSS package that doesn't do networking
8980 in-process but provides a local asynchronous name cache; or configure
8981 the NSS package to avoid lookups for UIDs in the range `pkg-config
8982 systemd --variable=dynamicuidmin` … `pkg-config systemd
8983 --variable=dynamicuidmax`, so that it does not consider itself
8984 authoritative for the same UID range systemd allocates dynamic users
8987 * The systemd-resolve tool has been renamed to resolvectl (it also
8988 remains available under the old name, for compatibility), and its
8989 interface is now verb-based, similar in style to the other <xyz>ctl
8990 tools, such as systemctl or loginctl.
8992 * The resolvectl/systemd-resolve tool also provides 'resolvconf'
8993 compatibility. It may be symlinked under the 'resolvconf' name, in
8994 which case it will take arguments and input compatible with the
8995 Debian and FreeBSD resolvconf tool.
8997 * Support for suspend-then-hibernate has been added, i.e. a sleep mode
8998 where the system initially suspends, and after a timeout resumes and
9001 * networkd's ClientIdentifier= now accepts a new option "duid-only". If
9002 set the client will only send a DUID as client identifier. (EDIT: the
9003 option was broken, and was dropped in v255.)
9005 * The nss-systemd glibc NSS module will now enumerate dynamic users and
9006 groups in effect. Previously, it could resolve UIDs/GIDs to user
9007 names/groups and vice versa, but did not support enumeration.
9009 * journald's Compress= configuration setting now optionally accepts a
9010 byte threshold value. All journal objects larger than this threshold
9011 will be compressed, smaller ones will not. Previously this threshold
9012 was not configurable and set to 512.
9014 * A new system.conf setting NoNewPrivileges= is now available which may
9015 be used to turn off acquisition of new privileges system-wide
9016 (i.e. set Linux' PR_SET_NO_NEW_PRIVS for PID 1 itself, and thus also
9017 for all its children). Note that turning this option on means setuid
9018 binaries and file system capabilities lose their special powers.
9019 While turning on this option is a big step towards a more secure
9020 system, doing so is likely to break numerous pre-existing UNIX tools,
9021 in particular su and sudo.
9023 * A new service systemd-time-sync-wait.service has been added. If
9024 enabled it will delay the time-sync.target unit at boot until time
9025 synchronization has been received from the network. This
9026 functionality is useful on systems lacking a local RTC or where it is
9027 acceptable that the boot process shall be delayed by external network
9030 * When hibernating, systemd will now inform the kernel of the image
9031 write offset, on kernels new enough to support this. This means swap
9032 files should work for hibernation now.
9034 * When loading unit files, systemd will now look for drop-in unit files
9035 extensions in additional places. Previously, for a unit file name
9036 "foo-bar-baz.service" it would look for dropin files in
9037 "foo-bar-baz.service.d/*.conf". Now, it will also look in
9038 "foo-bar-.service.d/*.conf" and "foo-.service.d/", i.e. at the
9039 service name truncated after all inner dashes. This scheme allows
9040 writing drop-ins easily that apply to a whole set of unit files at
9041 once. It's particularly useful for mount and slice units (as their
9042 naming is prefix based), but is also useful for service and other
9043 units, for packages that install multiple unit files at once,
9044 following a strict naming regime of beginning the unit file name with
9045 the package's name. Two new specifiers are now supported in unit
9046 files to match this: %j and %J are replaced by the part of the unit
9047 name following the last dash.
9049 * Unit files and other configuration files that support specifier
9050 expansion now understand another three new specifiers: %T and %V will
9051 resolve to /tmp and /var/tmp respectively, or whatever temporary
9052 directory has been set for the calling user. %E will expand to either
9053 /etc (for system units) or $XDG_CONFIG_HOME (for user units).
9055 * The ExecStart= lines of unit files are no longer required to
9056 reference absolute paths. If non-absolute paths are specified the
9057 specified binary name is searched within the service manager's
9058 built-in $PATH, which may be queried with 'systemd-path
9059 search-binaries-default'. It's generally recommended to continue to
9060 use absolute paths for all binaries specified in unit files.
9062 * Units gained a new load state "bad-setting", which is used when a
9063 unit file was loaded, but contained fatal errors which prevent it
9064 from being started (for example, a service unit has been defined
9065 lacking both ExecStart= and ExecStop= lines).
9067 * coredumpctl's "gdb" verb has been renamed to "debug", in order to
9068 support alternative debuggers, for example lldb. The old name
9069 continues to be available however, for compatibility reasons. Use the
9070 new --debugger= switch or the $SYSTEMD_DEBUGGER environment variable
9071 to pick an alternative debugger instead of the default gdb.
9073 * systemctl and the other tools will now output escape sequences that
9074 generate proper clickable hyperlinks in various terminal emulators
9075 where useful (for example, in the "systemctl status" output you can
9076 now click on the unit file name to quickly open it in the
9077 editor/viewer of your choice). Note that not all terminal emulators
9078 support this functionality yet, but many do. Unfortunately, the
9079 "less" pager doesn't support this yet, hence this functionality is
9080 currently automatically turned off when a pager is started (which
9081 happens quite often due to auto-paging). We hope to remove this
9082 limitation as soon as "less" learns these escape sequences. This new
9083 behaviour may also be turned off explicitly with the $SYSTEMD_URLIFY
9084 environment variable. For details on these escape sequences see:
9085 https://gist.github.com/egmontkob/eb114294efbcd5adb1944c9f3cb5feda
9087 * networkd's .network files now support a new IPv6MTUBytes= option for
9088 setting the MTU used by IPv6 explicitly as well as a new MTUBytes=
9089 option in the [Route] section to configure the MTU to use for
9090 specific routes. It also gained support for configuration of the DHCP
9091 "UserClass" option through the new UserClass= setting. It gained
9092 three new options in the new [CAN] section for configuring CAN
9093 networks. The MULTICAST and ALLMULTI interface flags may now be
9094 controlled explicitly with the new Multicast= and AllMulticast=
9097 * networkd will now automatically make use of the kernel's route
9098 expiration feature, if it is available.
9100 * udevd's .link files now support setting the number of receive and
9101 transmit channels, using the RxChannels=, TxChannels=,
9102 OtherChannels=, CombinedChannels= settings.
9104 * Support for UDPSegmentationOffload= has been removed, given its
9105 limited support in hardware, and waning software support.
9107 * networkd's .netdev files now support creating "netdevsim" interfaces.
9109 * PID 1 learnt a new bus call GetUnitByControlGroup() which may be used
9110 to query the unit belonging to a specific kernel control group.
9112 * systemd-analyze gained a new verb "cat-config", which may be used to
9113 dump the contents of any configuration file, with all its matching
9114 drop-in files added in, and honouring the usual search and masking
9115 logic applied to systemd configuration files. For example use
9116 "systemd-analyze cat-config systemd/system.conf" to get the complete
9117 system configuration file of systemd how it would be loaded by PID 1
9118 itself. Similar to this, various tools such as systemd-tmpfiles or
9119 systemd-sysusers, gained a new option "--cat-config", which does the
9120 corresponding operation for their own configuration settings. For
9121 example, "systemd-tmpfiles --cat-config" will now output the full
9122 list of tmpfiles.d/ lines in place.
9124 * timedatectl gained three new verbs: "show" shows bus properties of
9125 systemd-timedated, "timesync-status" shows the current NTP
9126 synchronization state of systemd-timesyncd, and "show-timesync"
9127 shows bus properties of systemd-timesyncd.
9129 * systemd-timesyncd gained a bus interface on which it exposes details
9132 * A new environment variable $SYSTEMD_TIMEDATED_NTP_SERVICES is now
9133 understood by systemd-timedated. It takes a colon-separated list of
9134 unit names of NTP client services. The list is used by
9135 "timedatectl set-ntp".
9137 * systemd-nspawn gained a new --rlimit= switch for setting initial
9138 resource limits for the container payload. There's a new switch
9139 --hostname= to explicitly override the container's hostname. A new
9140 --no-new-privileges= switch may be used to control the
9141 PR_SET_NO_NEW_PRIVS flag for the container payload. A new
9142 --oom-score-adjust= switch controls the OOM scoring adjustment value
9143 for the payload. The new --cpu-affinity= switch controls the CPU
9144 affinity of the container payload. The new --resolv-conf= switch
9145 allows more detailed control of /etc/resolv.conf handling of the
9146 container. Similarly, the new --timezone= switch allows more detailed
9147 control of /etc/localtime handling of the container.
9149 * systemd-detect-virt gained a new --list switch, which will print a
9150 list of all currently known VM and container environments.
9152 * Support for "Portable Services" has been added, see
9153 doc/PORTABLE_SERVICES.md for details. Currently, the support is still
9154 experimental, but this is expected to change soon. Reflecting this
9155 experimental state, the "portablectl" binary is not installed into
9156 /usr/bin yet. The binary has to be called with the full path
9157 /usr/lib/systemd/portablectl instead.
9159 * journalctl's and systemctl's -o switch now knows a new log output
9160 mode "with-unit". The output it generates is very similar to the
9161 regular "short" mode, but displays the unit name instead of the
9162 syslog tag for each log line. Also, the date is shown with timezone
9163 information. This mode is probably more useful than the classic
9164 "short" output mode for most purposes, except where pixel-perfect
9165 compatibility with classic /var/log/messages formatting is required.
9167 * A new --dump-bus-properties switch has been added to the systemd
9168 binary, which may be used to dump all supported D-Bus properties.
9169 (Options which are still supported, but are deprecated, are *not*
9172 * sd-bus gained a set of new calls:
9173 sd_bus_slot_set_floating()/sd_bus_slot_get_floating() may be used to
9174 enable/disable the "floating" state of a bus slot object,
9175 i.e. whether the slot object pins the bus it is allocated for into
9176 memory or if the bus slot object gets disconnected when the bus goes
9177 away. sd_bus_open_with_description(),
9178 sd_bus_open_user_with_description(),
9179 sd_bus_open_system_with_description() may be used to allocate bus
9180 objects and set their description string already during allocation.
9182 * sd-event gained support for watching inotify events from the event
9183 loop, in an efficient way, sharing inotify handles between multiple
9184 users. For this a new function sd_event_add_inotify() has been added.
9186 * sd-event and sd-bus gained support for calling special user-supplied
9187 destructor functions for userdata pointers associated with
9188 sd_event_source, sd_bus_slot, and sd_bus_track objects. For this new
9189 functions sd_bus_slot_set_destroy_callback,
9190 sd_bus_slot_get_destroy_callback, sd_bus_track_set_destroy_callback,
9191 sd_bus_track_get_destroy_callback,
9192 sd_event_source_set_destroy_callback,
9193 sd_event_source_get_destroy_callback have been added.
9195 * The "net.ipv4.tcp_ecn" sysctl will now be turned on by default.
9197 * PID 1 will now automatically reschedule .timer units whenever the
9198 local timezone changes. (They previously got rescheduled
9199 automatically when the system clock changed.)
9201 * New documentation has been added to document cgroups delegation,
9202 portable services and the various code quality tools we have set up:
9204 https://github.com/systemd/systemd/blob/master/docs/CGROUP_DELEGATION.md
9205 https://github.com/systemd/systemd/blob/master/docs/PORTABLE_SERVICES.md
9206 https://github.com/systemd/systemd/blob/master/docs/CODE_QUALITY.md
9208 * The Boot Loader Specification has been added to the source tree.
9210 https://github.com/systemd/systemd/blob/master/docs/BOOT_LOADER_SPECIFICATION.md
9212 While moving it into our source tree we have updated it and further
9213 changes are now accepted through the usual github PR workflow.
9215 * pam_systemd will now look for PAM userdata fields systemd.memory_max,
9216 systemd.tasks_max, systemd.cpu_weight, systemd.io_weight set by
9217 earlier PAM modules. The data in these fields is used to initialize
9218 the session scope's resource properties. Thus external PAM modules
9219 may now configure per-session limits, for example sourced from
9220 external user databases.
9222 * socket units with Accept=yes will now maintain a "refused" counter in
9223 addition to the existing "accepted" counter, counting connections
9224 refused due to the enforced limits.
9226 * The "systemd-path search-binaries-default" command may now be use to
9227 query the default, built-in $PATH PID 1 will pass to the services it
9230 * A new unit file setting PrivateMounts= has been added. It's a boolean
9231 option. If enabled the unit's processes are invoked in their own file
9232 system namespace. Note that this behaviour is also implied if any
9233 other file system namespacing options (such as PrivateTmp=,
9234 PrivateDevices=, ProtectSystem=, …) are used. This option is hence
9235 primarily useful for services that do not use any of the other file
9236 system namespacing options. One such service is systemd-udevd.service
9237 where this is now used by default.
9239 * ConditionSecurity= gained a new value "uefi-secureboot" that is true
9240 when the system is booted in UEFI "secure mode".
9242 * A new unit "system-update-pre.target" is added, which defines an
9243 optional synchronization point for offline system updates, as
9244 implemented by the pre-existing "system-update.target" unit. It
9245 allows ordering services before the service that executes the actual
9246 update process in a generic way.
9248 * Systemd now emits warnings whenever .include syntax is used.
9250 Contributions from: Adam Duskett, Alan Jenkins, Alessandro Casale,
9251 Alexander Kurtz, Alex Gartrell, Anssi Hannula, Arnaud Rebillout, Brian
9252 J. Murrell, Bruno Vernay, Chris Lamb, Chris Lesiak, Christian Brauner,
9253 Christian Hesse, Christian Rebischke, Colin Guthrie, Daniel Dao, Daniel
9254 Lin, Danylo Korostil, Davide Cavalca, David Tardon, Dimitri John
9255 Ledkov, Dmitriy Geels, Douglas Christman, Elia Geretto, emelenas, Emil
9256 Velikov, Evgeny Vereshchagin, Felipe Sateler, Feng Sun, Filipe
9257 Brandenburger, Franck Bui, futpib, Giuseppe Scrivano, Guillem Jover,
9258 guixxx, Hannes Reinecke, Hans de Goede, Harald Hoyer, Henrique Dante de
9259 Almeida, Hiram van Paassen, Ian Miell, Igor Gnatenko, Ivan Shapovalov,
9260 Iwan Timmer, James Cowgill, Jan Janssen, Jan Synacek, Jared Kazimir,
9261 Jérémy Rosen, João Paulo Rechi Vita, Joost Heitbrink, Jui-Chi Ricky
9262 Liang, Jürg Billeter, Kai-Heng Feng, Karol Augustin, Kay Sievers,
9263 Krzysztof Nowicki, Lauri Tirkkonen, Lennart Poettering, Leonard König,
9264 Long Li, Luca Boccassi, Lucas Werkmeister, Marcel Hoppe, Marc
9265 Kleine-Budde, Mario Limonciello, Martin Jansa, Martin Wilck, Mathieu
9266 Malaterre, Matteo F. Vescovi, Matthew McGinn, Matthias-Christian Ott,
9267 Michael Biebl, Michael Olbrich, Michael Prokop, Michal Koutný, Michal
9268 Sekletar, Mike Gilbert, Mikhail Kasimov, Milan Broz, Milan Pässler,
9269 Mladen Pejaković, Muhammet Kara, Nicolas Boichat, Omer Katz, Paride
9270 Legovini, Paul Menzel, Paul Milliken, Pavel Hrdina, Peter A. Bigot,
9271 Peter D'Hoye, Peter Hutterer, Peter Jones, Philip Sequeira, Philip
9272 Withnall, Piotr Drąg, Radostin Stoyanov, Ricardo Salveti de Araujo,
9273 Ronny Chevalier, Rosen Penev, Rubén Suárez Alvarez, Ryan Gonzalez,
9274 Salvo Tomaselli, Sebastian Reichel, Sergey Ptashnick, Sergio Lindo
9275 Mansilla, Stefan Schweter, Stephen Hemminger, Stuart Hayes, Susant
9276 Sahani, Sylvain Plantefève, Thomas H. P. Andersen, Tobias Jungel,
9277 Tomasz Torcz, Vito Caputo, Will Dietz, Will Thompson, Wim van Mourik,
9278 Yu Watanabe, Zbigniew Jędrzejewski-Szmek
9280 — Berlin, 2018-06-22
9284 * The MemoryAccounting= unit property now defaults to on. After
9285 discussions with the upstream control group maintainers we learnt
9286 that the negative impact of cgroup memory accounting on current
9287 kernels is finally relatively minimal, so that it should be safe to
9288 enable this by default without affecting system performance. Besides
9289 memory accounting only task accounting is turned on by default, all
9290 other forms of resource accounting (CPU, IO, IP) remain off for now,
9291 because it's not clear yet that their impact is small enough to move
9292 from opt-in to opt-out. We recommend downstreams to leave memory
9293 accounting on by default if kernel 4.14 or higher is primarily
9294 used. On very resource constrained systems or when support for old
9295 kernels is a necessity, -Dmemory-accounting-default=false can be used
9296 to revert this change.
9298 * rpm scriptlets to update the udev hwdb and rules (%udev_hwdb_update,
9299 %udev_rules_update) and the journal catalog (%journal_catalog_update)
9300 from the upgrade scriptlets of individual packages now do nothing.
9301 Transfiletriggers have been added which will perform those updates
9302 once at the end of the transaction.
9304 Similar transfiletriggers have been added to execute any sysctl.d
9305 and binfmt.d rules. Thus, it should be unnecessary to provide any
9306 scriptlets to execute this configuration from package installation
9309 * systemd-sysusers gained a mode where the configuration to execute is
9310 specified on the command line, but this configuration is not executed
9311 directly, but instead it is merged with the configuration on disk,
9312 and the result is executed. This is useful for package installation
9313 scripts which want to create the user before installing any files on
9314 disk (in case some of those files are owned by that user), while
9315 still allowing local admin overrides.
9317 This functionality is exposed to rpm scriptlets through a new
9318 %sysusers_create_package macro. Old %sysusers_create and
9319 %sysusers_create_inline macros are deprecated.
9321 A transfiletrigger for sysusers.d configuration is now installed,
9322 which means that it should be unnecessary to call systemd-sysusers from
9323 package installation scripts, unless the package installs any files
9324 owned by those newly-created users, in which case
9325 %sysusers_create_package should be used.
9327 * Analogous change has been done for systemd-tmpfiles: it gained a mode
9328 where the command-line configuration is merged with the configuration
9329 on disk. This is exposed as the new %tmpfiles_create_package macro,
9330 and %tmpfiles_create is deprecated. A transfiletrigger is installed
9331 for tmpfiles.d, hence it should be unnecessary to call systemd-tmpfiles
9332 from package installation scripts.
9334 * sysusers.d configuration for a user may now also specify the group
9335 number, in addition to the user number ("u username 123:456"), or
9336 without the user number ("u username -:456").
9338 * Configution items for systemd-sysusers can now be specified as
9339 positional arguments when the new --inline switch is used.
9341 * The login shell of users created through sysusers.d may now be
9342 specified (previously, it was always /bin/sh for root and
9343 /sbin/nologin for other users).
9345 * systemd-analyze gained a new --global switch to look at global user
9346 configuration. It also gained a unit-paths verb to list the unit load
9347 paths that are compiled into systemd (which can be used with
9348 --systemd, --user, or --global).
9350 * udevadm trigger gained a new --settle/-w option to wait for any
9351 triggered events to finish (but just those, and not any other events
9352 which are triggered meanwhile).
9354 * The action that systemd-logind takes when the lid is closed and the
9355 machine is connected to external power can now be configured using
9356 HandleLidSwitchExternalPower= in logind.conf. Previously, this action
9357 was determined by HandleLidSwitch=, and, for backwards compatibility,
9358 is still is, if HandleLidSwitchExternalPower= is not explicitly set.
9360 * journalctl will periodically call sd_journal_process() to make it
9361 resilient against inotify queue overruns when journal files are
9362 rotated very quickly.
9364 * Two new functions in libsystemd — sd_bus_get_n_queued_read and
9365 sd_bus_get_n_queued_write — may be used to check the number of
9366 pending bus messages.
9368 * systemd gained a new
9369 org.freedesktop.systemd1.Manager.AttachProcessesToUnit dbus call
9370 which can be used to migrate foreign processes to scope and service
9371 units. The primary user for this new API is systemd itself: the
9372 systemd --user instance uses this call of the systemd --system
9373 instance to migrate processes if it itself gets the request to
9374 migrate processes and the kernel refuses this due to access
9375 restrictions. Thanks to this "systemd-run --scope --user …" works
9376 again in pure cgroup v2 environments when invoked from the user
9379 * A new TemporaryFileSystem= setting can be used to mask out part of
9380 the real file system tree with tmpfs mounts. This may be combined
9381 with BindPaths= and BindReadOnlyPaths= to hide files or directories
9382 not relevant to the unit, while still allowing some paths lower in
9383 the tree to be accessed.
9385 ProtectHome=tmpfs may now be used to hide user home and runtime
9386 directories from units, in a way that is mostly equivalent to
9387 "TemporaryFileSystem=/home /run/user /root".
9389 * Non-service units are now started with KeyringMode=shared by default.
9390 This means that mount and swapon and other mount tools have access
9391 to keys in the main keyring.
9393 * /sys/fs/bpf is now mounted automatically.
9395 * QNX virtualization is now detected by systemd-detect-virt and may
9396 be used in ConditionVirtualization=.
9398 * IPAccounting= may now be enabled also for slice units.
9400 * A new -Dsplit-bin= build configuration switch may be used to specify
9401 whether bin and sbin directories are merged, or if they should be
9402 included separately in $PATH and various listings of executable
9403 directories. The build configuration scripts will try to autodetect
9404 the proper values of -Dsplit-usr= and -Dsplit-bin= based on build
9405 system, but distributions are encouraged to configure this
9408 * A new -Dok-color= build configuration switch may be used to change
9409 the colour of "OK" status messages.
9411 * UPGRADE ISSUE: serialization of units using JoinsNamespaceOf= with
9412 PrivateNetwork=yes was buggy in previous versions of systemd. This
9413 means that after the upgrade and daemon-reexec, any such units must
9416 * INCOMPATIBILITY: as announced in the NEWS for 237, systemd-tmpfiles
9417 will not exclude read-only files owned by root from cleanup.
9419 Contributions from: Alan Jenkins, Alexander F Rødseth, Alexis Jeandet,
9420 Andika Triwidada, Andrei Gherzan, Ansgar Burchardt, antizealot1337,
9421 Batuhan Osman Taşkaya, Beniamino Galvani, Bill Yodlowsky, Caio Marcelo
9422 de Oliveira Filho, CuBiC, Daniele Medri, Daniel Mouritzen, Daniel
9423 Rusek, Davide Cavalca, Dimitri John Ledkov, Douglas Christman, Evgeny
9424 Vereshchagin, Faalagorn, Filipe Brandenburger, Franck Bui, futpib,
9425 Giacomo Longo, Gunnar Hjalmarsson, Hans de Goede, Hermann Gausterer,
9426 Iago López Galeiras, Jakub Filak, Jan Synacek, Jason A. Donenfeld,
9427 Javier Martinez Canillas, Jérémy Rosen, Lennart Poettering, Lucas
9428 Werkmeister, Mao Huang, Marco Gulino, Michael Biebl, Michael Vogt,
9429 MilhouseVH, Neal Gompa (ニール・ゴンパ), Oleander Reis, Olof Mogren,
9430 Patrick Uiterwijk, Peter Hutterer, Peter Portante, Piotr Drąg, Robert
9431 Antoni Buj Gelonch, Sergey Ptashnick, Shawn Landden, Shuang Liu, Simon
9432 Fowler, SjonHortensius, snorreflorre, Susant Sahani, Sylvain
9433 Plantefève, Thomas Blume, Thomas Haller, Vito Caputo, Yu Watanabe,
9434 Zbigniew Jędrzejewski-Szmek, Марко М. Костић (Marko M. Kostić)
9436 — Warsaw, 2018-03-05
9440 * Some keyboards come with a zoom see-saw or rocker which until now got
9441 mapped to the Linux "zoomin/out" keys in hwdb. However, these
9442 keycodes are not recognized by any major desktop. They now produce
9443 Up/Down key events so that they can be used for scrolling.
9445 * INCOMPATIBILITY: systemd-tmpfiles' "f" lines changed behaviour
9446 slightly: previously, if an argument was specified for lines of this
9447 type (i.e. the right-most column was set) this string was appended to
9448 existing files each time systemd-tmpfiles was run. This behaviour was
9449 different from what the documentation said, and not particularly
9450 useful, as repeated systemd-tmpfiles invocations would not be
9451 idempotent and grow such files without bounds. With this release
9452 behaviour has been altered to match what the documentation says:
9453 lines of this type only have an effect if the indicated files don't
9454 exist yet, and only then the argument string is written to the file.
9456 * FUTURE INCOMPATIBILITY: In systemd v238 we intend to slightly change
9457 systemd-tmpfiles behaviour: previously, read-only files owned by root
9458 were always excluded from the file "aging" algorithm (i.e. the
9459 automatic clean-up of directories like /tmp based on
9460 atime/mtime/ctime). We intend to drop this restriction, and age files
9461 by default even when owned by root and read-only. This behaviour was
9462 inherited from older tools, but there have been requests to remove
9463 it, and it's not obvious why this restriction was made in the first
9464 place. Please speak up now, if you are aware of software that requires
9465 this behaviour, otherwise we'll remove the restriction in v238.
9467 * A new environment variable $SYSTEMD_OFFLINE is now understood by
9468 systemctl. It takes a boolean argument. If on, systemctl assumes it
9469 operates on an "offline" OS tree, and will not attempt to talk to the
9470 service manager. Previously, this mode was implicitly enabled if a
9471 chroot() environment was detected, and this new environment variable
9472 now provides explicit control.
9474 * .path and .socket units may now be created transiently, too.
9475 Previously only service, mount, automount and timer units were
9476 supported as transient units. The systemd-run tool has been updated
9477 to expose this new functionality, you may hence use it now to bind
9478 arbitrary commands to path or socket activation on-the-fly from the
9479 command line. Moreover, almost all properties are now exposed for the
9480 unit types that already supported transient operation.
9482 * The systemd-mount command gained support for a new --owner= parameter
9483 which takes a user name, which is then resolved and included in uid=
9484 and gid= mount options string of the file system to mount.
9486 * A new unit condition ConditionControlGroupController= has been added
9487 that checks whether a specific cgroup controller is available.
9489 * Unit files, udev's .link files, and systemd-networkd's .netdev and
9490 .network files all gained support for a new condition
9491 ConditionKernelVersion= for checking against specific kernel
9494 * In systemd-networkd, the [IPVLAN] section in .netdev files gained
9495 support for configuring device flags in the Flags= setting. In the
9496 same files, the [Tunnel] section gained support for configuring
9497 AllowLocalRemote=. The [Route] section in .network files gained
9498 support for configuring InitialCongestionWindow=,
9499 InitialAdvertisedReceiveWindow= and QuickAck=. The [DHCP] section now
9500 understands RapidCommit=.
9502 * systemd-networkd's DHCPv6 support gained support for Prefix
9505 * sd-bus gained support for a new "watch-bind" feature. When this
9506 feature is enabled, an sd_bus connection may be set up to connect to
9507 an AF_UNIX socket in the file system as soon as it is created. This
9508 functionality is useful for writing early-boot services that
9509 automatically connect to the system bus as soon as it is started,
9510 without ugly time-based polling. systemd-networkd and
9511 systemd-resolved have been updated to make use of this
9512 functionality. busctl exposes this functionality in a new
9513 --watch-bind= command line switch.
9515 * sd-bus will now optionally synthesize a local "Connected" signal as
9516 soon as a D-Bus connection is set up fully. This message mirrors the
9517 already existing "Disconnected" signal which is synthesized when the
9518 connection is terminated. This signal is generally useful but
9519 particularly handy in combination with the "watch-bind" feature
9520 described above. Synthesizing of this message has to be requested
9521 explicitly through the new API call sd_bus_set_connected_signal(). In
9522 addition a new call sd_bus_is_ready() has been added that checks
9523 whether a connection is fully set up (i.e. between the "Connected" and
9524 "Disconnected" signals).
9526 * sd-bus gained two new calls sd_bus_request_name_async() and
9527 sd_bus_release_name_async() for asynchronously registering bus
9528 names. Similar, there is now sd_bus_add_match_async() for installing
9529 a signal match asynchronously. All of systemd's own services have
9530 been updated to make use of these calls. Doing these operations
9531 asynchronously has two benefits: it reduces the risk of deadlocks in
9532 case of cyclic dependencies between bus services, and it speeds up
9533 service initialization since synchronization points for bus
9534 round-trips are removed.
9536 * sd-bus gained two new calls sd_bus_match_signal() and
9537 sd_bus_match_signal_async(), which are similar to sd_bus_add_match()
9538 and sd_bus_add_match_async() but instead of taking a D-Bus match
9539 string take match fields as normal function parameters.
9541 * sd-bus gained two new calls sd_bus_set_sender() and
9542 sd_bus_message_set_sender() for setting the sender name of outgoing
9543 messages (either for all outgoing messages or for just one specific
9544 one). These calls are only useful in direct connections as on
9545 brokered connections the broker fills in the sender anyway,
9546 overwriting whatever the client filled in.
9548 * sd-event gained a new pseudo-handle that may be specified on all API
9549 calls where an "sd_event*" object is expected: SD_EVENT_DEFAULT. When
9550 used this refers to the default event loop object of the calling
9551 thread. Note however that this does not implicitly allocate one —
9552 which has to be done prior by using sd_event_default(). Similarly
9553 sd-bus gained three new pseudo-handles SD_BUS_DEFAULT,
9554 SD_BUS_DEFAULT_USER, SD_BUS_DEFAULT_SYSTEM that may be used to refer
9555 to the default bus of the specified type of the calling thread. Here
9556 too this does not implicitly allocate bus connection objects, this
9557 has to be done prior with sd_bus_default() and friends.
9559 * sd-event gained a new call pair
9560 sd_event_source_{get|set}_io_fd_own(). This may be used to request
9561 automatic closure of the file descriptor an IO event source watches
9562 when the event source is destroyed.
9564 * systemd-networkd gained support for natively configuring WireGuard
9567 * In previous versions systemd synthesized user records both for the
9568 "nobody" (UID 65534) and "root" (UID 0) users in nss-systemd and
9569 internally. In order to simplify distribution-wide renames of the
9570 "nobody" user (like it is planned in Fedora: nfsnobody → nobody), a
9571 new transitional flag file has been added: if
9572 /etc/systemd/dont-synthesize-nobody exists synthesizing of the 65534
9573 user and group record within the systemd codebase is disabled.
9575 * systemd-notify gained a new --uid= option for selecting the source
9576 user/UID to use for notification messages sent to the service
9579 * journalctl gained a new --grep= option to list only entries in which
9580 the message matches a certain pattern. By default matching is case
9581 insensitive if the pattern is lowercase, and case sensitive
9582 otherwise. Option --case-sensitive=yes|no can be used to override
9583 this an specify case sensitivity or case insensitivity.
9585 * There's now a "systemd-analyze service-watchdogs" command for printing
9586 the current state of the service runtime watchdog, and optionally
9587 enabling or disabling the per-service watchdogs system-wide if given a
9588 boolean argument (i.e. the concept you configure in WatchdogSec=), for
9589 debugging purposes. There's also a kernel command line option
9590 systemd.service_watchdogs= for controlling the same.
9592 * Two new "log-level" and "log-target" options for systemd-analyze were
9593 added that merge the now deprecated get-log-level, set-log-level and
9594 get-log-target, set-log-target pairs. The deprecated options are still
9595 understood for backwards compatibility. The two new options print the
9596 current value when no arguments are given, and set them when a
9597 level/target is given as an argument.
9599 * sysusers.d's "u" lines now optionally accept both a UID and a GID
9600 specification, separated by a ":" character, in order to create users
9601 where UID and GID do not match.
9603 Contributions from: Adam Duskett, Alan Jenkins, Alexander Kuleshov,
9604 Alexis Deruelle, Andrew Jeddeloh, Armin Widegreen, Batuhan Osman
9605 Taşkaya, Björn Esser, bleep_blop, Bruce A. Johnson, Chris Down, Clinton
9606 Roy, Colin Walters, Daniel Rusek, Dimitri John Ledkov, Dmitry Rozhkov,
9607 Evgeny Vereshchagin, Ewout van Mansom, Felipe Sateler, Franck Bui,
9608 Frantisek Sumsal, George Gaydarov, Gianluca Boiano, Hans-Christian
9609 Noren Egtvedt, Hans de Goede, Henrik Grindal Bakken, Jan Alexander
9610 Steffens, Jan Klötzke, Jason A. Donenfeld, jdkbx, Jérémy Rosen,
9611 Jerónimo Borque, John Lin, John Paul Herold, Jonathan Rudenberg, Jörg
9612 Thalheim, Ken (Bitsko) MacLeod, Larry Bernstone, Lennart Poettering,
9613 Lucas Werkmeister, Maciej S. Szmigiero, Marek Čermák, Martin Pitt,
9614 Mathieu Malaterre, Matthew Thode, Matthias-Christian Ott, Max Harmathy,
9615 Michael Biebl, Michael Vogt, Michal Koutný, Michal Sekletar, Michał
9616 Szczepański, Mike Gilbert, Nathaniel McCallum, Nicolas Chauvet, Olaf
9617 Hering, Olivier Schwander, Patrik Flykt, Paul Cercueil, Peter Hutterer,
9618 Piotr Drąg, Raphael Vogelgsang, Reverend Homer, Robert Kolchmeyer,
9619 Samuel Dionne-Riel, Sergey Ptashnick, Shawn Landden, Susant Sahani,
9620 Sylvain Plantefève, Thomas H. P. Andersen, Thomas Huth, Tomasz
9621 Bachorski, Vladislav Vishnyakov, Wieland Hoffmann, Yu Watanabe, Zachary
9622 Winnerman, Zbigniew Jędrzejewski-Szmek, Дамјан Георгиевски, Дилян
9629 * The modprobe.d/ drop-in for the bonding.ko kernel module introduced
9630 in v235 has been extended to also set the dummy.ko module option
9631 numdummies=0, preventing the kernel from automatically creating
9632 dummy0. All dummy interfaces must now be explicitly created.
9634 * Unknown '%' specifiers in configuration files are now rejected. This
9635 applies to units and tmpfiles.d configuration. Any percent characters
9636 that are followed by a letter or digit that are not supposed to be
9637 interpreted as the beginning of a specifier should be escaped by
9638 doubling ("%%"). (So "size=5%" is still accepted, as well as
9639 "size=5%,foo=bar", but not "LABEL=x%y%z" since %y and %z are not
9640 valid specifiers today.)
9642 * systemd-resolved now maintains a new dynamic
9643 /run/systemd/resolve/stub-resolv.conf compatibility file. It is
9644 recommended to make /etc/resolv.conf a symlink to it. This file
9645 points at the systemd-resolved stub DNS 127.0.0.53 resolver and
9646 includes dynamically acquired search domains, achieving more correct
9647 DNS resolution by software that bypasses local DNS APIs such as NSS.
9649 * The "uaccess" udev tag has been dropped from /dev/kvm and
9650 /dev/dri/renderD*. These devices now have the 0666 permissions by
9651 default (but this may be changed at build-time). /dev/dri/renderD*
9652 will now be owned by the "render" group along with /dev/kfd.
9654 * "DynamicUser=yes" has been enabled for systemd-timesyncd.service,
9655 systemd-journal-gatewayd.service and
9656 systemd-journal-upload.service. This means "nss-systemd" must be
9657 enabled in /etc/nsswitch.conf to ensure the UIDs assigned to these
9658 services are resolved properly.
9660 * In /etc/fstab two new mount options are now understood:
9661 x-systemd.makefs and x-systemd.growfs. The former has the effect that
9662 the configured file system is formatted before it is mounted, the
9663 latter that the file system is resized to the full block device size
9664 after it is mounted (i.e. if the file system is smaller than the
9665 partition it resides on, it's grown). This is similar to the fsck
9666 logic in /etc/fstab, and pulls in systemd-makefs@.service and
9667 systemd-growfs@.service as necessary, similar to
9668 systemd-fsck@.service. Resizing is currently only supported on ext4
9671 * In systemd-networkd, the IPv6 RA logic now optionally may announce
9672 DNS server and domain information.
9674 * Support for the LUKS2 on-disk format for encrypted partitions has
9675 been added. This requires libcryptsetup2 during compilation and
9678 * The systemd --user instance will now signal "readiness" when its
9679 basic.target unit has been reached, instead of when the run queue ran
9680 empty for the first time.
9682 * Tmpfiles.d with user configuration are now also supported.
9683 systemd-tmpfiles gained a new --user switch, and snippets placed in
9684 ~/.config/user-tmpfiles.d/ and corresponding directories will be
9685 executed by systemd-tmpfiles --user running in the new
9686 systemd-tmpfiles-setup.service and systemd-tmpfiles-clean.service
9687 running in the user session.
9689 * Unit files and tmpfiles.d snippets learnt three new % specifiers:
9690 %S resolves to the top-level state directory (/var/lib for the system
9691 instance, $XDG_CONFIG_HOME for the user instance), %C resolves to the
9692 top-level cache directory (/var/cache for the system instance,
9693 $XDG_CACHE_HOME for the user instance), %L resolves to the top-level
9694 logs directory (/var/log for the system instance,
9695 $XDG_CONFIG_HOME/log/ for the user instance). This matches the
9696 existing %t specifier, that resolves to the top-level runtime
9697 directory (/run for the system instance, and $XDG_RUNTIME_DIR for the
9700 * journalctl learnt a new parameter --output-fields= for limiting the
9701 set of journal fields to output in verbose and JSON output modes.
9703 * systemd-timesyncd's configuration file gained a new option
9704 RootDistanceMaxSec= for setting the maximum root distance of servers
9705 it'll use, as well as the new options PollIntervalMinSec= and
9706 PollIntervalMaxSec= to tweak the minimum and maximum poll interval.
9708 * bootctl gained a new command "list" for listing all available boot
9709 menu items on systems that follow the boot loader specification.
9711 * systemctl gained a new --dry-run switch that shows what would be done
9712 instead of doing it, and is currently supported by the shutdown and
9715 * ConditionSecurity= can now detect the TOMOYO security module.
9717 * Unit file [Install] sections are now also respected in unit drop-in
9718 files. This is intended to be used by drop-ins under /usr/lib/.
9720 * systemd-firstboot may now also set the initial keyboard mapping.
9722 * Udev "changed" events for devices which are exposed as systemd
9723 .device units are now propagated to units specified in
9724 ReloadPropagatedFrom= as reload requests.
9726 * If a udev device has a SYSTEMD_WANTS= property containing a systemd
9727 unit template name (i.e. a name in the form of 'foobar@.service',
9728 without the instance component between the '@' and - the '.'), then
9729 the escaped sysfs path of the device is automatically used as the
9732 * SystemCallFilter= in unit files has been extended so that an "errno"
9733 can be specified individually for each system call. Example:
9734 SystemCallFilter=~uname:EILSEQ.
9736 * The cgroup delegation logic has been substantially updated. Delegate=
9737 now optionally takes a list of controllers (instead of a boolean, as
9738 before), which lists the controllers to delegate at least.
9740 * The networkd DHCPv6 client now implements the FQDN option (RFC 4704).
9742 * A new LogLevelMax= setting configures the maximum log level any
9743 process of the service may log at (i.e. anything with a lesser
9744 priority than what is specified is automatically dropped). A new
9745 LogExtraFields= setting allows configuration of additional journal
9746 fields to attach to all log records generated by any of the unit's
9749 * New StandardInputData= and StandardInputText= settings along with the
9750 new option StandardInput=data may be used to configure textual or
9751 binary data that shall be passed to the executed service process via
9752 standard input, encoded in-line in the unit file.
9754 * StandardInput=, StandardOutput= and StandardError= may now be used to
9755 connect stdin/stdout/stderr of executed processes directly with a
9756 file or AF_UNIX socket in the file system, using the new "file:" option.
9758 * A new unit file option CollectMode= has been added, that allows
9759 tweaking the garbage collection logic for units. It may be used to
9760 tell systemd to garbage collect units that have failed automatically
9761 (normally it only GCs units that exited successfully). systemd-run
9762 and systemd-mount expose this new functionality with a new -G option.
9764 * "machinectl bind" may now be used to bind mount non-directories
9765 (i.e. regularfiles, devices, fifos, sockets).
9767 * systemd-analyze gained a new verb "calendar" for validating and
9768 testing calendar time specifications to use for OnCalendar= in timer
9769 units. Besides validating the expression it will calculate the next
9770 time the specified expression would elapse.
9772 * In addition to the pre-existing FailureAction= unit file setting
9773 there's now SuccessAction=, for configuring a shutdown action to
9774 execute when a unit completes successfully. This is useful in
9775 particular inside containers that shall terminate after some workload
9776 has been completed. Also, both options are now supported for all unit
9777 types, not just services.
9779 * networkds's IP rule support gained two new options
9780 IncomingInterface= and OutgoingInterface= for configuring the incoming
9781 and outgoing interfaces of configured rules. systemd-networkd also
9782 gained support for "vxcan" network devices.
9784 * networkd gained a new setting RequiredForOnline=, taking a
9785 boolean. If set, systemd-wait-online will take it into consideration
9786 when determining that the system is up, otherwise it will ignore the
9787 interface for this purpose.
9789 * The sd_notify() protocol gained support for a new operation: with
9790 FDSTOREREMOVE=1 file descriptors may be removed from the per-service
9791 store again, ahead of POLLHUP or POLLERR when they are removed
9794 * A new document doc/UIDS-GIDS.md has been added to the source tree,
9795 that documents the UID/GID range and assignment assumptions and
9796 requirements of systemd.
9798 * The watchdog device PID 1 will ping may now be configured through the
9799 WatchdogDevice= configuration file setting, or by setting the
9800 systemd.watchdog_service= kernel command line option.
9802 * systemd-resolved's gained support for registering DNS-SD services on
9803 the local network using MulticastDNS. Services may either be
9804 registered by dropping in a .dnssd file in /etc/systemd/dnssd/ (or
9805 the same dir below /run, /usr/lib), or through its D-Bus API.
9807 * The sd_notify() protocol can now with EXTEND_TIMEOUT_USEC=microsecond
9808 extend the effective start, runtime, and stop time. The service must
9809 continue to send EXTEND_TIMEOUT_USEC within the period specified to
9810 prevent the service manager from making the service as timedout.
9812 * systemd-resolved's DNSSEC support gained support for RFC 8080
9813 (Ed25519 keys and signatures).
9815 * The systemd-resolve command line tool gained a new set of options
9816 --set-dns=, --set-domain=, --set-llmnr=, --set-mdns=, --set-dnssec=,
9817 --set-nta= and --revert to configure per-interface DNS configuration
9818 dynamically during runtime. It's useful for pushing DNS information
9819 into systemd-resolved from DNS hook scripts that various interface
9820 managing software supports (such as pppd).
9822 * systemd-nspawn gained a new --network-namespace-path= command line
9823 option, which may be used to make a container join an existing
9824 network namespace, by specifying a path to a "netns" file.
9826 Contributions from: Alan Jenkins, Alan Robertson, Alessandro Ghedini,
9827 Andrew Jeddeloh, Antonio Rojas, Ari, asavah, bleep_blop, Carsten
9828 Strotmann, Christian Brauner, Christian Hesse, Clinton Roy, Collin
9829 Eggert, Cong Wang, Daniel Black, Daniel Lockyer, Daniel Rusek, Dimitri
9830 John Ledkov, Dmitry Rozhkov, Dongsu Park, Edward A. James, Evgeny
9831 Vereshchagin, Florian Klink, Franck Bui, Gwendal Grignou, Hans de
9832 Goede, Harald Hoyer, Hristo Venev, Iago López Galeiras, Ikey Doherty,
9833 Jakub Wilk, Jérémy Rosen, Jiahui Xie, John Lin, José Bollo, Josef
9834 Andersson, juga0, Krzysztof Nowicki, Kyle Walker, Lars Karlitski, Lars
9835 Kellogg-Stedman, Lauri Tirkkonen, Lennart Poettering, Lubomir Rintel,
9836 Luca Bruno, Lucas Werkmeister, Lukáš Nykrýn, Lukáš Říha, Lukasz
9837 Rubaszewski, Maciej S. Szmigiero, Mantas Mikulėnas, Marcus Folkesson,
9838 Martin Steuer, Mathieu Trudel-Lapierre, Matija Skala,
9839 Matthias-Christian Ott, Max Resch, Michael Biebl, Michael Vogt, Michal
9840 Koutný, Michal Sekletar, Mike Gilbert, Muhammet Kara, Neil Brown, Olaf
9841 Hering, Ondrej Kozina, Patrik Flykt, Patryk Kocielnik, Peter Hutterer,
9842 Piotr Drąg, Razvan Cojocaru, Robin McCorkell, Roland Hieber, Saran
9843 Tunyasuvunakool, Sergey Ptashnick, Shawn Landden, Shuang Liu, Simon
9844 Arlott, Simon Peeters, Stanislav Angelovič, Stefan Agner, Susant
9845 Sahani, Sylvain Plantefève, Thomas Blume, Thomas Haller, Tiago Salem
9846 Herrmann, Tinu Weber, Tom Stellard, Topi Miettinen, Torsten Hilbrich,
9847 Vito Caputo, Vladislav Vishnyakov, WaLyong Cho, Yu Watanabe, Zbigniew
9848 Jędrzejewski-Szmek, Zeal Jagannatha
9850 — Berlin, 2017-12-14
9854 * INCOMPATIBILITY: systemd-logind.service and other long-running
9855 services now run inside an IPv4/IPv6 sandbox, prohibiting them any IP
9856 communication with the outside. This generally improves security of
9857 the system, and is in almost all cases a safe and good choice, as
9858 these services do not and should not provide any network-facing
9859 functionality. However, systemd-logind uses the glibc NSS API to
9860 query the user database. This creates problems on systems where NSS
9861 is set up to directly consult network services for user database
9862 lookups. In particular, this creates incompatibilities with the
9863 "nss-nis" module, which attempts to directly contact the NIS/YP
9864 network servers it is configured for, and will now consistently
9865 fail. In such cases, it is possible to turn off IP sandboxing for
9866 systemd-logind.service (set IPAddressDeny= in its [Service] section
9867 to the empty string, via a .d/ unit file drop-in). Downstream
9868 distributions might want to update their nss-nis packaging to include
9869 such a drop-in snippet, accordingly, to hide this incompatibility
9870 from the user. Another option is to make use of glibc's nscd service
9871 to proxy such network requests through a privilege-separated, minimal
9872 local caching daemon, or to switch to more modern technologies such
9873 sssd, whose NSS hook-ups generally do not involve direct network
9874 access. In general, we think it's definitely time to question the
9875 implementation choices of nss-nis, i.e. whether it's a good idea
9876 today to embed a network-facing loadable module into all local
9877 processes that need to query the user database, including the most
9878 trivial and benign ones, such as "ls". For more details about
9879 IPAddressDeny= see below.
9881 * A new modprobe.d drop-in is now shipped by default that sets the
9882 bonding module option max_bonds=0. This overrides the kernel default,
9883 to avoid conflicts and ambiguity as to whether or not bond0 should be
9884 managed by systemd-networkd or not. This resolves multiple issues
9885 with bond0 properties not being applied, when bond0 is configured
9886 with systemd-networkd. Distributors may choose to not package this,
9887 however in that case users will be prevented from correctly managing
9888 bond0 interface using systemd-networkd.
9890 * systemd-analyze gained new verbs "get-log-level" and "get-log-target"
9891 which print the logging level and target of the system manager. They
9892 complement the existing "set-log-level" and "set-log-target" verbs
9893 used to change those values.
9895 * journald.conf gained a new boolean setting ReadKMsg= which defaults
9896 to on. If turned off kernel log messages will not be read by
9897 systemd-journald or included in the logs. It also gained a new
9898 setting LineMax= for configuring the maximum line length in
9899 STDOUT/STDERR log streams. The new default for this value is 48K, up
9900 from the previous hardcoded 2048.
9902 * A new unit setting RuntimeDirectoryPreserve= has been added, which
9903 allows more detailed control of what to do with a runtime directory
9904 configured with RuntimeDirectory= (i.e. a directory below /run or
9905 $XDG_RUNTIME_DIR) after a unit is stopped.
9907 * The RuntimeDirectory= setting for units gained support for creating
9908 deeper subdirectories below /run or $XDG_RUNTIME_DIR, instead of just
9909 one top-level directory.
9911 * Units gained new options StateDirectory=, CacheDirectory=,
9912 LogsDirectory= and ConfigurationDirectory= which are closely related
9913 to RuntimeDirectory= but manage per-service directories below
9914 /var/lib, /var/cache, /var/log and /etc. By making use of them it is
9915 possible to write unit files which when activated automatically gain
9916 properly owned service specific directories in these locations, thus
9917 making unit files self-contained and increasing compatibility with
9918 stateless systems and factory reset where /etc or /var are
9919 unpopulated at boot. Matching these new settings there's also
9920 StateDirectoryMode=, CacheDirectoryMode=, LogsDirectoryMode=,
9921 ConfigurationDirectoryMode= for configuring the access mode of these
9922 directories. These settings are particularly useful in combination
9923 with DynamicUser=yes as they provide secure, properly-owned,
9924 writable, and stateful locations for storage, excluded from the
9925 sandbox that such services live in otherwise.
9927 * Automake support has been removed from this release. systemd is now
9930 * systemd-journald will now aggressively cache client metadata during
9931 runtime, speeding up log write performance under pressure. This comes
9932 at a small price though: as much of the metadata is read
9933 asynchronously from /proc/ (and isn't implicitly attached to log
9934 datagrams by the kernel, like UID/GID/PID/SELinux are) this means the
9935 metadata stored alongside a log entry might be slightly
9936 out-of-date. Previously it could only be slightly newer than the log
9937 message. The time window is small however, and given that the kernel
9938 is unlikely to be improved anytime soon in this regard, this appears
9941 * nss-myhostname/systemd-resolved will now by default synthesize an
9942 A/AAAA resource record for the "_gateway" hostname, pointing to the
9943 current default IP gateway. Previously it did that for the "gateway"
9944 name, hampering adoption, as some distributions wanted to leave that
9945 hostname open for local use. The old behaviour may still be
9946 requested at build time.
9948 * systemd-networkd's [Address] section in .network files gained a new
9949 Scope= setting for configuring the IP address scope. The [Network]
9950 section gained a new boolean setting ConfigureWithoutCarrier= that
9951 tells systemd-networkd to ignore link sensing when configuring the
9952 device. The [DHCP] section gained a new Anonymize= boolean option for
9953 turning on a number of options suggested in RFC 7844. A new
9954 [RoutingPolicyRule] section has been added for configuring the IP
9955 routing policy. The [Route] section has gained support for a new
9956 Type= setting which permits configuring
9957 blackhole/unreachable/prohibit routes.
9959 * The [VRF] section in .netdev files gained a new Table= setting for
9960 configuring the routing table to use. The [Tunnel] section gained a
9961 new Independent= boolean field for configuring tunnels independent of
9962 an underlying network interface. The [Bridge] section gained a new
9963 GroupForwardMask= option for configuration of propagation of link
9964 local frames between bridge ports.
9966 * The WakeOnLan= setting in .link files gained support for a number of
9967 new modes. A new TCP6SegmentationOffload= setting has been added for
9968 configuring TCP/IPv6 hardware segmentation offload.
9970 * The IPv6 RA sender implementation may now optionally send out RDNSS
9971 and RDNSSL records to supply DNS configuration to peers.
9973 * systemd-nspawn gained support for a new --system-call-filter= command
9974 line option for adding and removing entries in the default system
9975 call filter it applies. Moreover systemd-nspawn has been changed to
9976 implement a system call allow list instead of a deny list.
9978 * systemd-run gained support for a new --pipe command line option. If
9979 used the STDIN/STDOUT/STDERR file descriptors passed to systemd-run
9980 are directly passed on to the activated transient service
9981 executable. This allows invoking arbitrary processes as systemd
9982 services (for example to take benefit of dependency management,
9983 accounting management, resource management or log management that is
9984 done automatically for services) — while still allowing them to be
9985 integrated in a classic UNIX shell pipeline.
9987 * When a service sends RELOAD=1 via sd_notify() and reload propagation
9988 using ReloadPropagationTo= is configured, a reload is now propagated
9989 to configured units. (Previously this was only done on explicitly
9990 requested reloads, using "systemctl reload" or an equivalent
9993 * For each service unit a restart counter is now kept: it is increased
9994 each time the service is restarted due to Restart=, and may be
9995 queried using "systemctl show -p NRestarts …".
9997 * New system call filter groups @aio, @sync, @chown, @setuid, @memlock,
9998 @signal and @timer have been added, for usage with SystemCallFilter=
9999 in unit files and the new --system-call-filter= command line option
10000 of systemd-nspawn (see above).
10002 * ExecStart= lines in unit files gained two new modifiers: when a
10003 command line is prefixed with "!" the command will be executed as
10004 configured, except for the credentials applied by
10005 setuid()/setgid()/setgroups(). It is very similar to the pre-existing
10006 "+", but does still apply namespacing options unlike "+". There's
10007 also "!!" now, which is mostly identical, but becomes a NOP on
10008 systems that support ambient capabilities. This is useful to write
10009 unit files that work with ambient capabilities where possible but
10010 automatically fall back to traditional privilege dropping mechanisms
10011 on systems where this is not supported.
10013 * ListenNetlink= settings in socket units now support RDMA netlink
10016 * A new unit file setting LockPersonality= has been added which permits
10017 locking down the chosen execution domain ("personality") of a service
10020 * A new special target "getty-pre.target" has been added, which is
10021 ordered before all text logins, and may be used to order services
10022 before textual logins acquire access to the console.
10024 * systemd will now attempt to load the virtio-rng.ko kernel module very
10025 early on if a VM environment supporting this is detected. This should
10026 improve entropy during early boot in virtualized environments.
10028 * A _netdev option is now supported in /etc/crypttab that operates in a
10029 similar way as the same option in /etc/fstab: it permits configuring
10030 encrypted devices that need to be ordered after the network is up.
10031 Following this logic, two new special targets
10032 remote-cryptsetup-pre.target and remote-cryptsetup.target have been
10033 added that are to cryptsetup.target what remote-fs.target and
10034 remote-fs-pre.target are to local-fs.target.
10036 * Service units gained a new UnsetEnvironment= setting which permits
10037 unsetting specific environment variables for services that are
10038 normally passed to it (for example in order to mask out locale
10039 settings for specific services that can't deal with it).
10041 * Units acquired a new boolean option IPAccounting=. When turned on, IP
10042 traffic accounting (packet count as well as byte count) is done for
10043 the service, and shown as part of "systemctl status" or "systemd-run
10046 * Service units acquired two new options IPAddressAllow= and
10047 IPAddressDeny=, taking a list of IPv4 or IPv6 addresses and masks,
10048 for configuring a simple IP access control list for all sockets of
10049 the unit. These options are available also on .slice and .socket
10050 units, permitting flexible access list configuration for individual
10051 services as well as groups of services (as defined by a slice unit),
10052 including system-wide. Note that IP ACLs configured this way are
10053 enforced on every single IPv4 and IPv6 socket created by any process
10054 of the service unit, and apply to ingress as well as egress traffic.
10056 * If CPUAccounting= or IPAccounting= is turned on for a unit a new
10057 structured log message is generated each time the unit is stopped,
10058 containing information about the consumed resources of this
10061 * A new setting KeyringMode= has been added to unit files, which may be
10062 used to control how the kernel keyring is set up for executed
10065 * "systemctl poweroff", "systemctl reboot", "systemctl halt",
10066 "systemctl kexec" and "systemctl exit" are now always asynchronous in
10067 behaviour (that is: these commands return immediately after the
10068 operation was enqueued instead of waiting for the operation to
10069 complete). Previously, "systemctl poweroff" and "systemctl reboot"
10070 were asynchronous on systems using systemd-logind (i.e. almost
10071 always, and like they were on sysvinit), and the other three commands
10072 were unconditionally synchronous. With this release this is cleaned
10073 up, and callers will see the same asynchronous behaviour on all
10074 systems for all five operations.
10076 * systemd-logind gained new Halt() and CanHalt() bus calls for halting
10079 * .timer units now accept calendar specifications in other timezones
10080 than UTC or the local timezone.
10082 * The tmpfiles snippet var.conf has been changed to create
10083 /var/log/btmp with access mode 0660 instead of 0600. It was owned by
10084 the "utmp" group already, and it appears to be generally understood
10085 that members of "utmp" can modify/flush the utmp/wtmp/lastlog/btmp
10086 databases. Previously this was implemented correctly for all these
10087 databases excepts btmp, which has been opened up like this now
10088 too. Note that while the other databases are world-readable
10089 (i.e. 0644), btmp is not and remains more restrictive.
10091 * The systemd-resolve tool gained a new --reset-server-features
10092 switch. When invoked like this systemd-resolved will forget
10093 everything it learnt about the features supported by the configured
10094 upstream DNS servers, and restarts the feature probing logic on the
10095 next resolver look-up for them at the highest feature level
10098 * The status dump systemd-resolved sends to the logs upon receiving
10099 SIGUSR1 now also includes information about all DNS servers it is
10100 configured to use, and the features levels it probed for them.
10102 Contributions from: Abdó Roig-Maranges, Alan Jenkins, Alexander
10103 Kuleshov, Andreas Rammhold, Andrew Jeddeloh, Andrew Soutar, Ansgar
10104 Burchardt, Beniamino Galvani, Benjamin Berg, Benjamin Robin, Charles
10105 Huber, Christian Hesse, Daniel Berrange, Daniel Kahn Gillmor, Daniel
10106 Mack, Daniel Rusek, Daniel Șerbănescu, Davide Cavalca, Dimitri John
10107 Ledkov, Diogo Pereira, Djalal Harouni, Dmitriy Geels, Dmitry Torokhov,
10108 ettavolt, Evgeny Vereshchagin, Fabio Kung, Felipe Sateler, Franck Bui,
10109 Hans de Goede, Harald Hoyer, Insun Pyo, Ivan Kurnosov, Ivan Shapovalov,
10110 Jakub Wilk, Jan Synacek, Jason Gunthorpe, Jeremy Bicha, Jérémy Rosen,
10111 John Lin, jonasBoss, Jonathan Lebon, Jonathan Teh, Jon Ringle, Jörg
10112 Thalheim, Jouke Witteveen, juga0, Justin Capella, Justin Michaud,
10113 Kai-Heng Feng, Lennart Poettering, Lion Yang, Luca Bruno, Lucas
10114 Werkmeister, Lukáš Nykrýn, Marcel Hollerbach, Marcus Lundblad, Martin
10115 Pitt, Michael Biebl, Michael Grzeschik, Michal Sekletar, Mike Gilbert,
10116 Neil Brown, Nicolas Iooss, Patrik Flykt, pEJipE, Piotr Drąg, Russell
10117 Stuart, S. Fan, Shengyao Xue, Stefan Pietsch, Susant Sahani, Tejun Heo,
10118 Thomas Miller, Thomas Sailer, Tobias Hunger, Tomasz Pala, Tom
10119 Gundersen, Tommi Rantala, Topi Miettinen, Torstein Husebø, userwithuid,
10120 Vasilis Liaskovitis, Vito Caputo, WaLyong Cho, William Douglas, Xiang
10121 Fan, Yu Watanabe, Zbigniew Jędrzejewski-Szmek
10123 — Berlin, 2017-10-06
10127 * Meson is now supported as build system in addition to Automake. It is
10128 our plan to remove Automake in one of our next releases, so that
10129 Meson becomes our exclusive build system. Hence, please start using
10130 the Meson build system in your downstream packaging. There's plenty
10131 of documentation around how to use Meson, the extremely brief
10134 ./autogen.sh && ./configure && make && sudo make install
10138 meson build && ninja -C build && sudo ninja -C build install
10140 * Unit files gained support for a new JobRunningTimeoutUSec= setting,
10141 which permits configuring a timeout on the time a job is
10142 running. This is particularly useful for setting timeouts on jobs for
10145 * Unit files gained two new options ConditionUser= and ConditionGroup=
10146 for conditionalizing units based on the identity of the user/group
10147 running a systemd user instance.
10149 * systemd-networkd now understands a new FlowLabel= setting in the
10150 [VXLAN] section of .network files, as well as a Priority= in
10151 [Bridge], GVRP= + MVRP= + LooseBinding= + ReorderHeader= in [VLAN]
10152 and GatewayOnlink= + IPv6Preference= + Protocol= in [Route]. It also
10153 gained support for configuration of GENEVE links, and IPv6 address
10154 labels. The [Network] section gained the new IPv6ProxyNDP= setting.
10156 * .link files now understand a new Port= setting.
10158 * systemd-networkd's DHCP support gained support for DHCP option 119
10159 (domain search list).
10161 * systemd-networkd gained support for serving IPv6 address ranges using
10162 the Router Advertisement protocol. The new .network configuration
10163 section [IPv6Prefix] may be used to configure the ranges to
10164 serve. This is implemented based on a new, minimal, native server
10165 implementation of RA.
10167 * journalctl's --output= switch gained support for a new parameter
10168 "short-iso-precise" for a mode where timestamps are shown as precise
10171 * systemd-udevd's "net_id" builtin may now generate stable network
10172 interface names from IBM PowerVM VIO devices as well as ACPI platform
10175 * MulticastDNS support in systemd-resolved may now be explicitly
10176 enabled/disabled using the new MulticastDNS= configuration file
10179 * systemd-resolved may now optionally use libidn2 instead of the libidn
10180 for processing internationalized domain names. Support for libidn2
10181 should be considered experimental and should not be enabled by
10184 * "machinectl pull-tar" and related call may now do verification of
10185 downloaded images using SUSE-style .sha256 checksum files in addition
10186 to the already existing support for validating using Ubuntu-style
10189 * sd-bus gained support for a new sd_bus_message_appendv() call which
10190 is va_list equivalent of sd_bus_message_append().
10192 * sd-boot gained support for validating images using SHIM/MOK.
10194 * The SMACK code learnt support for "onlycap".
10196 * systemd-mount --umount is now much smarter in figuring out how to
10197 properly unmount a device given its mount or device path.
10199 * The code to call libnss_dns as a fallback from libnss_resolve when
10200 the communication with systemd-resolved fails was removed. This
10201 fallback was redundant and interfered with the [!UNAVAIL=return]
10202 suffix. See nss-resolve(8) for the recommended configuration.
10204 * systemd-logind may now be restarted without losing state. It stores
10205 the file descriptors for devices it manages in the system manager
10206 using the FDSTORE= mechanism. Please note that further changes in
10207 other components may be required to make use of this (for example
10208 Xorg has code to listen for stops of systemd-logind and terminate
10209 itself when logind is stopped or restarted, in order to avoid using
10210 stale file descriptors for graphical devices, which is now
10211 counterproductive and must be reverted in order for restarts of
10212 systemd-logind to be safe. See
10213 https://cgit.freedesktop.org/xorg/xserver/commit/?id=dc48bd653c7e101.)
10215 * All kernel-install plugins are called with the environment variable
10216 KERNEL_INSTALL_MACHINE_ID which is set to the machine ID given by
10217 /etc/machine-id. If the machine ID could not be determined,
10218 $KERNEL_INSTALL_MACHINE_ID will be empty. Plugins should not put
10219 anything in the entry directory (passed as the second argument) if
10220 $KERNEL_INSTALL_MACHINE_ID is empty. For backwards compatibility, a
10221 temporary directory is passed as the entry directory and removed
10222 after all the plugins exit.
10224 * If KERNEL_INSTALL_MACHINE_ID is set in /etc/machine-info, kernel-install
10225 will now use its value as the machine ID instead of the machine ID
10226 from /etc/machine-id. If KERNEL_INSTALL_MACHINE_ID isn't set in
10227 /etc/machine-info and no machine ID is set in /etc/machine-id,
10228 kernel-install will try to store the current machine ID there as
10229 KERNEL_INSTALL_MACHINE_ID. If there is no machine ID, kernel-install
10230 will generate a new UUID, store it in /etc/machine-info as
10231 KERNEL_INSTALL_MACHINE_ID and use it as the machine ID.
10233 Contributions from: Adrian Heine né Lang, Aggelos Avgerinos, Alexander
10234 Kurtz, Alexandros Frantzis, Alexey Brodkin, Alex Lu, Amir Pakdel, Amir
10235 Yalon, Anchor Cat, Anthony Parsons, Bastien Nocera, Benjamin Gilbert,
10236 Benjamin Robin, Boucman, Charles Plessy, Chris Chiu, Chris Lamb,
10237 Christian Brauner, Christian Hesse, Colin Walters, Daniel Drake,
10238 Danielle Church, Daniel Molkentin, Daniel Rusek, Daniel Wang, Davide
10239 Cavalca, David Herrmann, David Michael, Dax Kelson, Dimitri John
10240 Ledkov, Djalal Harouni, Dušan Kazik, Elias Probst, Evgeny Vereshchagin,
10241 Federico Di Pierro, Felipe Sateler, Felix Zhang, Franck Bui, Gary
10242 Tierney, George McCollister, Giedrius Statkevičius, Hans de Goede,
10243 hecke, Hendrik Westerberg, Hristo Venev, Ian Wienand, Insun Pyo, Ivan
10244 Shapovalov, James Cowgill, James Hemsing, Janne Heß, Jan Synacek, Jason
10245 Reeder, João Paulo Rechi Vita, John Paul Adrian Glaubitz, Jörg
10246 Thalheim, Josef Andersson, Josef Gajdusek, Julian Mehne, Kai Krakow,
10247 Krzysztof Jackiewicz, Lars Karlitski, Lennart Poettering, Lluís Gili,
10248 Lucas Werkmeister, Lukáš Nykrýn, Łukasz Stelmach, Mantas Mikulėnas,
10249 Marcin Bachry, Marcus Cooper, Mark Stosberg, Martin Pitt, Matija Skala,
10250 Matt Clarkson, Matthew Garrett, Matthias Greiner, Matthijs van Duin,
10251 Max Resch, Michael Biebl, Michal Koutný, Michal Sekletar, Michal
10252 Soltys, Michal Suchanek, Mike Gilbert, Nate Clark, Nathaniel R. Lewis,
10253 Neil Brown, Nikolai Kondrashov, Pascal S. de Kloe, Pat Riehecky, Patrik
10254 Flykt, Paul Kocialkowski, Peter Hutterer, Philip Withnall, Piotr
10255 Szydełko, Rafael Fontenelle, Ray Strode, Richard Maw, Roelf Wichertjes,
10256 Ronny Chevalier, Sarang S. Dalal, Sjoerd Simons, slodki, Stefan
10257 Schweter, Susant Sahani, Ted Wood, Thomas Blume, Thomas Haller, Thomas
10258 H. P. Andersen, Timothée Ravier, Tobias Jungel, Tobias Stoeckmann, Tom
10259 Gundersen, Tom Yan, Torstein Husebø, Umut Tezduyar Lindskog,
10260 userwithuid, Vito Caputo, Waldemar Brodkorb, WaLyong Cho, Yu, Li-Yu,
10261 Yusuke Nojima, Yu Watanabe, Zbigniew Jędrzejewski-Szmek, Дамјан
10264 — Berlin, 2017-07-12
10268 * The "hybrid" control group mode has been modified to improve
10269 compatibility with "legacy" cgroups-v1 setups. Specifically, the
10270 "hybrid" setup of /sys/fs/cgroup is now pretty much identical to
10271 "legacy" (including /sys/fs/cgroup/systemd as "name=systemd" named
10272 cgroups-v1 hierarchy), the only externally visible change being that
10273 the cgroups-v2 hierarchy is also mounted, to
10274 /sys/fs/cgroup/unified. This should provide a large degree of
10275 compatibility with "legacy" cgroups-v1, while taking benefit of the
10276 better management capabilities of cgroups-v2.
10278 * The default control group setup mode may be selected both a boot-time
10279 via a set of kernel command line parameters (specifically:
10280 systemd.unified_cgroup_hierarchy= and
10281 systemd.legacy_systemd_cgroup_controller=), as well as a compile-time
10282 default selected on the configure command line
10283 (--with-default-hierarchy=). The upstream default is "hybrid"
10284 (i.e. the cgroups-v1 + cgroups-v2 mixture discussed above) now, but
10285 this will change in a future systemd version to be "unified" (pure
10286 cgroups-v2 mode). The third option for the compile time option is
10287 "legacy", to enter pure cgroups-v1 mode. We recommend downstream
10288 distributions to default to "hybrid" mode for release distributions,
10289 starting with v233. We recommend "unified" for development
10290 distributions (specifically: distributions such as Fedora's rawhide)
10291 as that's where things are headed in the long run. Use "legacy" for
10292 greatest stability and compatibility only.
10294 * Note one current limitation of "unified" and "hybrid" control group
10295 setup modes: the kernel currently does not permit the systemd --user
10296 instance (i.e. unprivileged code) to migrate processes between two
10297 disconnected cgroup subtrees, even if both are managed and owned by
10298 the user. This effectively means "systemd-run --user --scope" doesn't
10299 work when invoked from outside of any "systemd --user" service or
10300 scope. Specifically, it is not supported from session scopes. We are
10301 working on fixing this in a future systemd version. (See #3388 for
10302 further details about this.)
10304 * DBus policy files are now installed into /usr rather than /etc. Make
10305 sure your system has dbus >= 1.9.18 running before upgrading to this
10306 version, or override the install path with --with-dbuspolicydir= .
10308 * All python scripts shipped with systemd (specifically: the various
10309 tests written in Python) now require Python 3.
10311 * systemd unit tests can now run standalone (without the source or
10312 build directories), and can be installed into /usr/lib/systemd/tests/
10313 with 'make install-tests'.
10315 * Note that from this version on, CONFIG_CRYPTO_USER_API_HASH,
10316 CONFIG_CRYPTO_HMAC and CONFIG_CRYPTO_SHA256 need to be enabled in the
10319 * Support for the %c, %r, %R specifiers in unit files has been
10320 removed. Specifiers are not supposed to be dependent on configuration
10321 in the unit file itself (so that they resolve the same regardless
10322 where used in the unit files), but these specifiers were influenced
10323 by the Slice= option.
10325 * The shell invoked by debug-shell.service now defaults to /bin/sh in
10326 all cases. If distributions want to use a different shell for this
10327 purpose (for example Fedora's /sbin/sushell) they need to specify
10328 this explicitly at configure time using --with-debug-shell=.
10330 * The confirmation spawn prompt has been reworked to offer the
10333 (c)ontinue, proceed without asking anymore
10334 (D)ump, show the state of the unit
10335 (f)ail, don't execute the command and pretend it failed
10337 (i)nfo, show a short summary of the unit
10338 (j)obs, show jobs that are in progress
10339 (s)kip, don't execute the command and pretend it succeeded
10340 (y)es, execute the command
10342 The 'n' choice for the confirmation spawn prompt has been removed,
10343 because its meaning was confusing.
10345 The prompt may now also be redirected to an alternative console by
10346 specifying the console as parameter to systemd.confirm_spawn=.
10348 * Services of Type=notify require a READY=1 notification to be sent
10349 during startup. If no such message is sent, the service now fails,
10350 even if the main process exited with a successful exit code.
10352 * Services that fail to start up correctly now always have their
10353 ExecStopPost= commands executed. Previously, they'd enter "failed"
10354 state directly, without executing these commands.
10356 * The option MulticastDNS= of network configuration files has acquired
10357 an actual implementation. With MulticastDNS=yes a host can resolve
10358 names of remote hosts and reply to mDNS A and AAAA requests.
10360 * When units are about to be started an additional check is now done to
10361 ensure that all dependencies of type BindsTo= (when used in
10362 combination with After=) have been started.
10364 * systemd-analyze gained a new verb "syscall-filter" which shows which
10365 system call groups are defined for the SystemCallFilter= unit file
10366 setting, and which system calls they contain.
10368 * A new system call filter group "@filesystem" has been added,
10369 consisting of various file system related system calls. Group
10370 "@reboot" has been added, covering reboot, kexec and shutdown related
10371 calls. Finally, group "@swap" has been added covering swap
10372 configuration related calls.
10374 * A new unit file option RestrictNamespaces= has been added that may be
10375 used to restrict access to the various process namespace types the
10376 Linux kernel provides. Specifically, it may be used to take away the
10377 right for a service unit to create additional file system, network,
10378 user, and other namespaces. This sandboxing option is particularly
10379 relevant due to the high amount of recently discovered namespacing
10380 related vulnerabilities in the kernel.
10382 * systemd-udev's .link files gained support for a new AutoNegotiation=
10383 setting for configuring Ethernet auto-negotiation.
10385 * systemd-networkd's .network files gained support for a new
10386 ListenPort= setting in the [DHCP] section to explicitly configure the
10387 UDP client port the DHCP client shall listen on.
10389 * .network files gained a new Unmanaged= boolean setting for explicitly
10390 excluding one or more interfaces from management by systemd-networkd.
10392 * The systemd-networkd ProxyARP= option has been renamed to
10393 IPV4ProxyARP=. Similarly, VXLAN-specific option ARPProxy= has been
10394 renamed to ReduceARPProxy=. The old names continue to be available
10397 * systemd-networkd gained support for configuring IPv6 Proxy NDP
10398 addresses via the new IPv6ProxyNDPAddress= .network file setting.
10400 * systemd-networkd's bonding device support gained support for two new
10401 configuration options ActiveSlave= and PrimarySlave=.
10403 * The various options in the [Match] section of .network files gained
10404 support for negative matching.
10406 * New systemd-specific mount options are now understood in /etc/fstab:
10408 x-systemd.mount-timeout= may be used to configure the maximum
10409 permitted runtime of the mount command.
10411 x-systemd.device-bound may be set to bind a mount point to its
10412 backing device unit, in order to automatically remove a mount point
10413 if its backing device is unplugged. This option may also be
10414 configured through the new SYSTEMD_MOUNT_DEVICE_BOUND udev property
10415 on the block device, which is now automatically set for all CDROM
10416 drives, so that mounted CDs are automatically unmounted when they are
10417 removed from the drive.
10419 x-systemd.after= and x-systemd.before= may be used to explicitly
10420 order a mount after or before another unit or mount point.
10422 * Enqueued start jobs for device units are now automatically garbage
10423 collected if there are no jobs waiting for them anymore.
10425 * systemctl list-jobs gained two new switches: with --after, for every
10426 queued job the jobs it's waiting for are shown; with --before the
10427 jobs which it's blocking are shown.
10429 * systemd-nspawn gained support for ephemeral boots from disk images
10430 (or in other words: --ephemeral and --image= may now be
10431 combined). Moreover, ephemeral boots are now supported for normal
10432 directories, even if the backing file system is not btrfs. Of course,
10433 if the file system does not support file system snapshots or
10434 reflinks, the initial copy operation will be relatively expensive, but
10435 this should still be suitable for many use cases.
10437 * Calendar time specifications in .timer units now support
10438 specifications relative to the end of a month by using "~" instead of
10439 "-" as separator between month and day. For example, "*-02~03" means
10440 "the third last day in February". In addition a new syntax for
10441 repeated events has been added using the "/" character. For example,
10442 "9..17/2:00" means "every two hours from 9am to 5pm".
10444 * systemd-socket-proxyd gained a new parameter --connections-max= for
10445 configuring the maximum number of concurrent connections.
10447 * sd-id128 gained a new API for generating unique IDs for the host in a
10448 way that does not leak the machine ID. Specifically,
10449 sd_id128_get_machine_app_specific() derives an ID based on the
10450 machine ID in a well-defined, non-reversible, stable way. This is
10451 useful whenever an identifier for the host is needed but where the
10452 identifier shall not be useful to identify the system beyond the
10453 scope of the application itself. (Internally this uses HMAC-SHA256 as
10454 keyed hash function using the machine ID as input.)
10456 * NotifyAccess= gained a new supported value "exec". When set
10457 notifications are accepted from all processes systemd itself invoked,
10458 including all control processes.
10460 * .nspawn files gained support for defining overlay mounts using the
10461 Overlay= and OverlayReadOnly= options. Previously this functionality
10462 was only available on the systemd-nspawn command line.
10464 * systemd-nspawn's --bind= and --overlay= options gained support for
10465 bind/overlay mounts whose source lies within the container tree by
10466 prefixing the source path with "+".
10468 * systemd-nspawn's --bind= and --overlay= options gained support for
10469 automatically allocating a temporary source directory in /var/tmp
10470 that is removed when the container dies. Specifically, if the source
10471 directory is specified as empty string this mechanism is selected. An
10472 example usage is --overlay=+/var::/var, which creates an overlay
10473 mount based on the original /var contained in the image, overlaid
10474 with a temporary directory in the host's /var/tmp. This way changes
10475 to /var are automatically flushed when the container shuts down.
10477 * systemd-nspawn --image= option does now permit raw file system block
10478 devices (in addition to images containing partition tables, as
10481 * The disk image dissection logic in systemd-nspawn gained support for
10482 automatically setting up LUKS encrypted as well as Verity protected
10483 partitions. When a container is booted from an encrypted image the
10484 passphrase is queried at start-up time. When a container with Verity
10485 data is started, the root hash is search in a ".roothash" file
10486 accompanying the disk image (alternatively, pass the root hash via
10487 the new --root-hash= command line option).
10489 * A new tool /usr/lib/systemd/systemd-dissect has been added that may
10490 be used to dissect disk images the same way as systemd-nspawn does
10491 it, following the Bootable Partition Specification. It may even be
10492 used to mount disk images with complex partition setups (including
10493 LUKS and Verity partitions) to a local host directory, in order to
10494 inspect them. This tool is not considered public API (yet), and is
10495 thus not installed into /usr/bin. Please do not rely on its
10496 existence, since it might go away or be changed in later systemd
10499 * A new generator "systemd-verity-generator" has been added, similar in
10500 style to "systemd-cryptsetup-generator", permitting automatic setup of
10501 Verity root partitions when systemd boots up. In order to make use of
10502 this your partition setup should follow the Discoverable Partitions
10503 Specification, and the GPT partition ID of the root file system
10504 partition should be identical to the upper 128-bit of the Verity root
10505 hash. The GPT partition ID of the Verity partition protecting it
10506 should be the lower 128-bit of the Verity root hash. If the partition
10507 image follows this model it is sufficient to specify a single
10508 "roothash=" kernel command line argument to both configure which root
10509 image and verity partition to use as well as the root hash for
10510 it. Note that systemd-nspawn's Verity support follows the same
10511 semantics, meaning that disk images with proper Verity data in place
10512 may be booted in containers with systemd-nspawn as well as on
10513 physical systems via the verity generator. Also note that the "mkosi"
10514 tool available at https://github.com/systemd/mkosi has been updated
10515 to generate Verity protected disk images following this scheme. In
10516 fact, it has been updated to generate disk images that optionally
10517 implement a complete UEFI SecureBoot trust chain, involving a signed
10518 kernel and initrd image that incorporates such a root hash as well as
10519 a Verity-enabled root partition.
10521 * The hardware database (hwdb) udev supports has been updated to carry
10522 accelerometer quirks.
10524 * All system services are now run with a fresh kernel keyring set up
10525 for them. The invocation ID is stored by default in it, thus
10526 providing a safe, non-overridable way to determine the invocation
10527 ID of each service.
10529 * Service unit files gained new BindPaths= and BindReadOnlyPaths=
10530 options for bind mounting arbitrary paths in a service-specific
10531 way. When these options are used, arbitrary host or service files and
10532 directories may be mounted to arbitrary locations in the service's
10535 * Documentation has been added that lists all of systemd's low-level
10536 environment variables:
10538 https://github.com/systemd/systemd/blob/master/docs/ENVIRONMENT.md
10540 * sd-daemon gained a new API sd_is_socket_sockaddr() for determining
10541 whether a specific socket file descriptor matches a specified socket
10544 * systemd-firstboot has been updated to check for the
10545 systemd.firstboot= kernel command line option. It accepts a boolean
10546 and when set to false the first boot questions are skipped.
10548 * systemd-fstab-generator has been updated to check for the
10549 systemd.volatile= kernel command line option, which either takes an
10550 optional boolean parameter or the special value "state". If used the
10551 system may be booted in a "volatile" boot mode. Specifically,
10552 "systemd.volatile" is used, the root directory will be mounted as
10553 tmpfs, and only /usr is mounted from the actual root file system. If
10554 "systemd.volatile=state" is used, the root directory will be mounted
10555 as usual, but /var is mounted as tmpfs. This concept provides similar
10556 functionality as systemd-nspawn's --volatile= option, but provides it
10557 on physical boots. Use this option for implementing stateless
10558 systems, or testing systems with all state and/or configuration reset
10559 to the defaults. (Note though that many distributions are not
10560 prepared to boot up without a populated /etc or /var, though.)
10562 * systemd-gpt-auto-generator gained support for LUKS encrypted root
10563 partitions. Previously it only supported LUKS encrypted partitions
10564 for all other uses, except for the root partition itself.
10566 * Socket units gained support for listening on AF_VSOCK sockets for
10567 communication in virtualized QEMU environments.
10569 * The "configure" script gained a new option --with-fallback-hostname=
10570 for specifying the fallback hostname to use if none is configured in
10571 /etc/hostname. For example, by specifying
10572 --with-fallback-hostname=fedora it is possible to default to a
10573 hostname of "fedora" on pristine installations.
10575 * systemd-cgls gained support for a new --unit= switch for listing only
10576 the control groups of a specific unit. Similar --user-unit= has been
10577 added for listing only the control groups of a specific user unit.
10579 * systemd-mount gained a new --umount switch for unmounting a mount or
10580 automount point (and all mount/automount points below it).
10582 * systemd will now refuse full configuration reloads (via systemctl
10583 daemon-reload and related calls) unless at least 16MiB of free space
10584 are available in /run. This is a safety precaution in order to ensure
10585 that generators can safely operate after the reload completed.
10587 * A new unit file option RootImage= has been added, which has a similar
10588 effect as RootDirectory= but mounts the service's root directory from
10589 a disk image instead of plain directory. This logic reuses the same
10590 image dissection and mount logic that systemd-nspawn already uses,
10591 and hence supports any disk images systemd-nspawn supports, including
10592 those following the Discoverable Partition Specification, as well as
10593 Verity enabled images. This option enables systemd to run system
10594 services directly off disk images acting as resource bundles,
10595 possibly even including full integrity data.
10597 * A new MountAPIVFS= unit file option has been added, taking a boolean
10598 argument. If enabled /proc, /sys and /dev (collectively called the
10599 "API VFS") will be mounted for the service. This is only relevant if
10600 RootDirectory= or RootImage= is used for the service, as these mounts
10601 are of course in place in the host mount namespace anyway.
10603 * systemd-nspawn gained support for a new --pivot-root= switch. If
10604 specified the root directory within the container image is pivoted to
10605 the specified mount point, while the original root disk is moved to a
10606 different place. This option enables booting of ostree images
10607 directly with systemd-nspawn.
10609 * The systemd build scripts will no longer complain if the NTP server
10610 addresses are not changed from the defaults. Google now supports
10611 these NTP servers officially. We still recommend downstreams to
10612 properly register an NTP pool with the NTP pool project though.
10614 * coredumpctl gained a new "--reverse" option for printing the list
10615 of coredumps in reverse order.
10617 * coredumpctl will now show additional information about truncated and
10618 inaccessible coredumps, as well as coredumps that are still being
10619 processed. It also gained a new --quiet switch for suppressing
10620 additional informational message in its output.
10622 * coredumpctl gained support for only showing coredumps newer and/or
10623 older than specific timestamps, using the new --since= and --until=
10624 options, reminiscent of journalctl's options by the same name.
10626 * The systemd-coredump logic has been improved so that it may be reused
10627 to collect backtraces in non-compiled languages, for example in
10628 scripting languages such as Python.
10630 * machinectl will now show the UID shift of local containers, if user
10631 namespacing is enabled for them.
10633 * systemd will now optionally run "environment generator" binaries at
10634 configuration load time. They may be used to add environment
10635 variables to the environment block passed to services invoked. One
10636 user environment generator is shipped by default that sets up
10637 environment variables based on files dropped into /etc/environment.d
10638 and ~/.config/environment.d/.
10640 * systemd-resolved now includes the new, recently published 2017 DNSSEC
10643 * hostnamed has been updated to report a new chassis type of
10644 "convertible" to cover "foldable" laptops that can both act as a
10645 tablet and as a laptop, such as various Lenovo Yoga devices.
10647 Contributions from: Adrián López, Alexander Galanin, Alexander
10648 Kochetkov, Alexandros Frantzis, Andrey Ulanov, Antoine Eiche, Baruch
10649 Siach, Bastien Nocera, Benjamin Robin, Björn, Brandon Philips, Cédric
10650 Schieli, Charles (Chas) Williams, Christian Hesse, Daniele Medri,
10651 Daniel Drake, Daniel Rusek, Daniel Wagner, Dan Streetman, Dave Reisner,
10652 David Glasser, David Herrmann, David Michael, Djalal Harouni, Dmitry
10653 Khlebnikov, Dmitry Rozhkov, Dongsu Park, Douglas Christman, Earnestly,
10654 Emil Soleyman, Eric Cook, Evgeny Vereshchagin, Felipe Sateler, Fionn
10655 Cleary, Florian Klink, Francesco Brozzu, Franck Bui, Gabriel Rauter,
10656 Gianluca Boiano, Giedrius Statkevičius, Graeme Lawes, Hans de Goede,
10657 Harald Hoyer, Ian Kelling, Ivan Shapovalov, Jakub Wilk, Janne Heß, Jan
10658 Synacek, Jason Reeder, Jonathan Boulle, Jörg Thalheim, Jouke Witteveen,
10659 Karl Kraus, Kees Cook, Keith Busch, Kieran Colford, kilian-k, Lennart
10660 Poettering, Lubomir Rintel, Lucas Werkmeister, Lukas Rusak, Maarten de
10661 Vries, Maks Naumov, Mantas Mikulėnas, Marc-Andre Lureau, Marcin Bachry,
10662 Mark Stosberg, Martin Ejdestig, Martin Pitt, Mauricio Faria de
10663 Oliveira, micah, Michael Biebl, Michael Shields, Michal Schmidt, Michal
10664 Sekletar, Michel Kraus, Mike Gilbert, Mikko Ylinen, Mirza Krak,
10665 Namhyung Kim, nikolaof, peoronoob, Peter Hutterer, Peter Körner, Philip
10666 Withnall, Piotr Drąg, Ray Strode, Reverend Homer, Rike-Benjamin
10667 Schuppner, Robert Kreuzer, Ronny Chevalier, Ruslan Bilovol, sammynx,
10668 Sergey Ptashnick, Sergiusz Urbaniak, Stefan Berger, Stefan Hajnoczi,
10669 Stefan Schweter, Stuart McLaren, Susant Sahani, Sylvain Plantefève,
10670 Taylor Smock, Tejun Heo, Thomas Blume, Thomas H. P. Andersen, Tibor
10671 Nagy, Tobias Stoeckmann, Tom Gundersen, Torstein Husebø, Viktar
10672 Vaŭčkievič, Viktor Mihajlovski, Vitaly Sulimov, Waldemar Brodkorb,
10673 Walter Garcia-Fontes, Wim de With, Yassine Imounachen, Yi EungJun,
10674 YunQiang Su, Yu Watanabe, Zbigniew Jędrzejewski-Szmek, Александр
10677 — Berlin, 2017-03-01
10681 * udev now runs with MemoryDenyWriteExecute=, RestrictRealtime= and
10682 RestrictAddressFamilies= enabled. These sandboxing options should
10683 generally be compatible with the various external udev call-out
10684 binaries we are aware of, however there may be exceptions, in
10685 particular when exotic languages for these call-outs are used. In
10686 this case, consider turning off these settings locally.
10688 * The new RemoveIPC= option can be used to remove IPC objects owned by
10689 the user or group of a service when that service exits.
10691 * The new ProtectKernelModules= option can be used to disable explicit
10692 load and unload operations of kernel modules by a service. In
10693 addition access to /usr/lib/modules is removed if this option is set.
10695 * ProtectSystem= option gained a new value "strict", which causes the
10696 whole file system tree with the exception of /dev, /proc, and /sys,
10697 to be remounted read-only for a service.
10699 * The new ProtectKernelTunables= option can be used to disable
10700 modification of configuration files in /sys and /proc by a service.
10701 Various directories and files are remounted read-only, so access is
10702 restricted even if the file permissions would allow it.
10704 * The new ProtectControlGroups= option can be used to disable write
10705 access by a service to /sys/fs/cgroup.
10707 * Various systemd services have been hardened with
10708 ProtectKernelTunables=yes, ProtectControlGroups=yes,
10709 RestrictAddressFamilies=.
10711 * Support for dynamically creating users for the lifetime of a service
10712 has been added. If DynamicUser=yes is specified, user and group IDs
10713 will be allocated from the range 61184…65519 for the lifetime of the
10714 service. They can be resolved using the new nss-systemd.so NSS
10715 module. The module must be enabled in /etc/nsswitch.conf. Services
10716 started in this way have PrivateTmp= and RemoveIPC= enabled, so that
10717 any resources allocated by the service will be cleaned up when the
10718 service exits. They also have ProtectHome=read-only and
10719 ProtectSystem=strict enabled, so they are not able to make any
10720 permanent modifications to the system.
10722 * The nss-systemd module also always resolves root and nobody, making
10723 it possible to have no /etc/passwd or /etc/group files in minimal
10724 container or chroot environments.
10726 * Services may be started with their own user namespace using the new
10727 boolean PrivateUsers= option. Only root, nobody, and the uid/gid
10728 under which the service is running are mapped. All other users are
10731 * Support for the cgroup namespace has been added to systemd-nspawn. If
10732 supported by kernel, the container system started by systemd-nspawn
10733 will have its own view of the cgroup hierarchy. This new behaviour
10734 can be disabled using $SYSTEMD_NSPAWN_USE_CGNS environment variable.
10736 * The new MemorySwapMax= option can be used to limit the maximum swap
10737 usage under the unified cgroup hierarchy.
10739 * Support for the CPU controller in the unified cgroup hierarchy has
10740 been added, via the CPUWeight=, CPUStartupWeight=, CPUAccounting=
10741 options. This controller requires out-of-tree patches for the kernel
10742 and the support is provisional.
10744 * Mount and automount units may now be created transiently
10745 (i.e. dynamically at runtime via the bus API, instead of requiring
10746 unit files in the file system).
10748 * systemd-mount is a new tool which may mount file systems – much like
10749 mount(8), optionally pulling in additional dependencies through
10750 transient .mount and .automount units. For example, this tool
10751 automatically runs fsck on a backing block device before mounting,
10752 and allows the automount logic to be used dynamically from the
10753 command line for establishing mount points. This tool is particularly
10754 useful when dealing with removable media, as it will ensure fsck is
10755 run – if necessary – before the first access and that the file system
10756 is quickly unmounted after each access by utilizing the automount
10757 logic. This maximizes the chance that the file system on the
10758 removable media stays in a clean state, and if it isn't in a clean
10759 state is fixed automatically.
10761 * LazyUnmount=yes option for mount units has been added to expose the
10762 umount --lazy option. Similarly, ForceUnmount=yes exposes the --force
10765 * /efi will be used as the mount point of the EFI boot partition, if
10766 the directory is present, and the mount point was not configured
10767 through other means (e.g. fstab). If /efi directory does not exist,
10768 /boot will be used as before. This makes it easier to automatically
10769 mount the EFI partition on systems where /boot is used for something
10772 * When operating on GPT disk images for containers, systemd-nspawn will
10773 now mount the ESP to /boot or /efi according to the same rules as PID
10774 1 running on a host. This allows tools like "bootctl" to operate
10775 correctly within such containers, in order to make container images
10776 bootable on physical systems.
10778 * disk/by-id and disk/by-path symlinks are now created for NVMe drives.
10780 * Two new user session targets have been added to support running
10781 graphical sessions under the systemd --user instance:
10782 graphical-session.target and graphical-session-pre.target. See
10783 systemd.special(7) for a description of how those targets should be
10786 * The vconsole initialization code has been significantly reworked to
10787 use KD_FONT_OP_GET/SET ioctls instead of KD_FONT_OP_COPY and better
10788 support unicode keymaps. Font and keymap configuration will now be
10789 copied to all allocated virtual consoles.
10791 * FreeBSD's bhyve virtualization is now detected.
10793 * Information recorded in the journal for core dumps now includes the
10794 contents of /proc/mountinfo and the command line of the process at
10795 the top of the process hierarchy (which is usually the init process
10798 * systemd-journal-gatewayd learned the --directory= option to serve
10799 files from the specified location.
10801 * journalctl --root=… can be used to peruse the journal in the
10802 /var/log/ directories inside of a container tree. This is similar to
10803 the existing --machine= option, but does not require the container to
10806 * The hardware database has been extended to support
10807 ID_INPUT_TRACKBALL, used in addition to ID_INPUT_MOUSE to identify
10810 MOUSE_WHEEL_CLICK_ANGLE_HORIZONTAL hwdb property has been added to
10811 specify the click rate for mice which include a horizontal wheel with
10812 a click rate that is different than the one for the vertical wheel.
10814 * systemd-run gained a new --wait option that makes service execution
10815 synchronous. (Specifically, the command will not return until the
10816 specified service binary exited.)
10818 * systemctl gained a new --wait option that causes the start command to
10819 wait until the units being started have terminated again.
10821 * A new journal output mode "short-full" has been added which displays
10822 timestamps with abbreviated English day names and adds a timezone
10823 suffix. Those timestamps include more information than the default
10824 "short" output mode, and can be passed directly to journalctl's
10825 --since= and --until= options.
10827 * /etc/resolv.conf will be bind-mounted into containers started by
10828 systemd-nspawn, if possible, so any changes to resolv.conf contents
10829 are automatically propagated to the container.
10831 * The number of instances for socket-activated services originating
10832 from a single IP address can be limited with
10833 MaxConnectionsPerSource=, extending the existing setting of
10836 * systemd-networkd gained support for vcan ("Virtual CAN") interface
10839 * .netdev and .network configuration can now be extended through
10842 * UDP Segmentation Offload, TCP Segmentation Offload, Generic
10843 Segmentation Offload, Generic Receive Offload, Large Receive Offload
10844 can be enabled and disabled using the new UDPSegmentationOffload=,
10845 TCPSegmentationOffload=, GenericSegmentationOffload=,
10846 GenericReceiveOffload=, LargeReceiveOffload= options in the
10847 [Link] section of .link files.
10849 * The Spanning Tree Protocol, Priority, Aging Time, and the Default
10850 Port VLAN ID can be configured for bridge devices using the new STP=,
10851 Priority=, AgeingTimeSec=, and DefaultPVID= settings in the [Bridge]
10852 section of .netdev files.
10854 * The route table to which routes received over DHCP or RA should be
10855 added can be configured with the new RouteTable= option in the [DHCP]
10856 and [IPv6AcceptRA] sections of .network files.
10858 * The Address Resolution Protocol can be disabled on links managed by
10859 systemd-networkd using the ARP=no setting in the [Link] section of
10862 * New environment variables $SERVICE_RESULT, $EXIT_CODE and
10863 $EXIT_STATUS are set for ExecStop= and ExecStopPost= commands, and
10864 encode information about the result and exit codes of the current
10865 service runtime cycle.
10867 * systemd-sysctl will now configure kernel parameters in the order
10868 they occur in the configuration files. This matches what sysctl
10869 has been traditionally doing.
10871 * kernel-install "plugins" that are executed to perform various
10872 tasks after a new kernel is added and before an old one is removed
10873 can now return a special value to terminate the procedure and
10874 prevent any later plugins from running.
10876 * Journald's SplitMode=login setting has been deprecated. It has been
10877 removed from documentation, and its use is discouraged. In a future
10878 release it will be completely removed, and made equivalent to current
10879 default of SplitMode=uid.
10881 * Storage=both option setting in /etc/systemd/coredump.conf has been
10882 removed. With fast LZ4 compression storing the core dump twice is not
10885 * The --share-system systemd-nspawn option has been replaced with an
10886 (undocumented) variable $SYSTEMD_NSPAWN_SHARE_SYSTEM, but the use of
10887 this functionality is discouraged. In addition the variables
10888 $SYSTEMD_NSPAWN_SHARE_NS_IPC, $SYSTEMD_NSPAWN_SHARE_NS_PID,
10889 $SYSTEMD_NSPAWN_SHARE_NS_UTS may be used to control the unsharing of
10890 individual namespaces.
10892 * "machinectl list" now shows the IP address of running containers in
10893 the output, as well as OS release information.
10895 * "loginctl list" now shows the TTY of each session in the output.
10897 * sd-bus gained new API calls sd_bus_track_set_recursive(),
10898 sd_bus_track_get_recursive(), sd_bus_track_count_name(),
10899 sd_bus_track_count_sender(). They permit usage of sd_bus_track peer
10900 tracking objects in a "recursive" mode, where a single client can be
10901 counted multiple times, if it takes multiple references.
10903 * sd-bus gained new API calls sd_bus_set_exit_on_disconnect() and
10904 sd_bus_get_exit_on_disconnect(). They may be used to make a
10905 process using sd-bus automatically exit if the bus connection is
10908 * Bus clients of the service manager may now "pin" loaded units into
10909 memory, by taking an explicit reference on them. This is useful to
10910 ensure the client can retrieve runtime data about the service even
10911 after the service completed execution. Taking such a reference is
10912 available only for privileged clients and should be helpful to watch
10913 running services in a race-free manner, and in particular collect
10914 information about exit statuses and results.
10916 * The nss-resolve module has been changed to strictly return UNAVAIL
10917 when communication via D-Bus with resolved failed, and NOTFOUND when
10918 a lookup completed but was negative. This means it is now possible to
10919 neatly configure fallbacks using nsswitch.conf result checking
10920 expressions. Taking benefit of this, the new recommended
10921 configuration line for the "hosts" entry in /etc/nsswitch.conf is:
10923 hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
10925 * A new setting CtrlAltDelBurstAction= has been added to
10926 /etc/systemd/system.conf which may be used to configure the precise
10927 behaviour if the user on the console presses Ctrl-Alt-Del more often
10928 than 7 times in 2s. Previously this would unconditionally result in
10929 an expedited, immediate reboot. With this new setting the precise
10930 operation may be configured in more detail, and also turned off
10933 * In .netdev files two new settings RemoteChecksumTx= and
10934 RemoteChecksumRx= are now understood that permit configuring the
10935 remote checksumming logic for VXLAN networks.
10937 * The service manager learnt a new "invocation ID" concept for invoked
10938 services. Each runtime cycle of a service will get a new invocation
10939 ID (a 128-bit random UUID) assigned that identifies the current
10940 run of the service uniquely and globally. A new invocation ID
10941 is generated each time a service starts up. The journal will store
10942 the invocation ID of a service along with any logged messages, thus
10943 making the invocation ID useful for matching the online runtime of a
10944 service with the offline log data it generated in a safe way without
10945 relying on synchronized timestamps. In many ways this new service
10946 invocation ID concept is similar to the kernel's boot ID concept that
10947 uniquely and globally identifies the runtime of each boot. The
10948 invocation ID of a service is passed to the service itself via an
10949 environment variable ($INVOCATION_ID). A new bus call
10950 GetUnitByInvocationID() has been added that is similar to GetUnit()
10951 but instead of retrieving the bus path for a unit by its name
10952 retrieves it by its invocation ID. The returned path is valid only as
10953 long as the passed invocation ID is current.
10955 * systemd-resolved gained a new "DNSStubListener" setting in
10956 resolved.conf. It either takes a boolean value or the special values
10957 "udp" and "tcp", and configures whether to enable the stub DNS
10958 listener on 127.0.0.53:53.
10960 * IP addresses configured via networkd may now carry additional
10961 configuration settings supported by the kernel. New options include:
10962 HomeAddress=, DuplicateAddressDetection=, ManageTemporaryAddress=,
10963 PrefixRoute=, AutoJoin=.
10965 * The PAM configuration fragment file for "user@.service" shipped with
10966 systemd (i.e. the --user instance of systemd) has been stripped to
10967 the minimum necessary to make the system boot. Previously, it
10968 contained Fedora-specific stanzas that did not apply to other
10969 distributions. It is expected that downstream distributions add
10970 additional configuration lines, matching their needs to this file,
10971 using it only as rough template of what systemd itself needs. Note
10972 that this reduced fragment does not even include an invocation of
10973 pam_limits which most distributions probably want to add, even though
10974 systemd itself does not need it. (There's also the new build time
10975 option --with-pamconfdir=no to disable installation of the PAM
10976 fragment entirely.)
10978 * If PrivateDevices=yes is set for a service the CAP_SYS_RAWIO
10979 capability is now also dropped from its set (in addition to
10980 CAP_SYS_MKNOD as before).
10982 * In service unit files it is now possible to connect a specific named
10983 file descriptor with stdin/stdout/stdout of an executed service. The
10984 name may be specified in matching .socket units using the
10985 FileDescriptorName= setting.
10987 * A number of journal settings may now be configured on the kernel
10988 command line. Specifically, the following options are now understood:
10989 systemd.journald.max_level_console=,
10990 systemd.journald.max_level_store=,
10991 systemd.journald.max_level_syslog=, systemd.journald.max_level_kmsg=,
10992 systemd.journald.max_level_wall=.
10994 * "systemctl is-enabled --full" will now show by which symlinks a unit
10995 file is enabled in the unit dependency tree.
10997 * Support for VeraCrypt encrypted partitions has been added to the
10998 "cryptsetup" logic and /etc/crypttab.
11000 * systemd-detect-virt gained support for a new --private-users switch
11001 that checks whether the invoking processes are running inside a user
11002 namespace. Similar, a new special value "private-users" for the
11003 existing ConditionVirtualization= setting has been added, permitting
11004 skipping of specific units in user namespace environments.
11006 Contributions from: Alban Crequy, Alexander Kuleshov, Alfie John,
11007 Andreas Henriksson, Andrew Jeddeloh, Balázs Úr, Bart Rulon, Benjamin
11008 Richter, Ben Gamari, Ben Harris, Brian J. Murrell, Christian Brauner,
11009 Christian Rebischke, Clinton Roy, Colin Walters, Cristian Rodríguez,
11010 Daniel Hahler, Daniel Mack, Daniel Maixner, Daniel Rusek, Dan Dedrick,
11011 Davide Cavalca, David Herrmann, David Michael, Dennis Wassenberg,
11012 Djalal Harouni, Dongsu Park, Douglas Christman, Elias Probst, Eric
11013 Cook, Erik Karlsson, Evgeny Vereshchagin, Felipe Sateler, Felix Zhang,
11014 Franck Bui, George Hilliard, Giuseppe Scrivano, HATAYAMA Daisuke,
11015 Heikki Kemppainen, Hendrik Brueckner, hi117, Ismo Puustinen, Ivan
11016 Shapovalov, Jakub Filak, Jakub Wilk, Jan Synacek, Jason Kölker,
11017 Jean-Sébastien Bour, Jiří Pírko, Jonathan Boulle, Jorge Niedbalski,
11018 Keith Busch, kristbaum, Kyle Russell, Lans Zhang, Lennart Poettering,
11019 Leonardo Brondani Schenkel, Lucas Werkmeister, Luca Bruno, Lukáš
11020 Nykrýn, Maciek Borzecki, Mantas Mikulėnas, Marc-Antoine Perennou,
11021 Marcel Holtmann, Marcos Mello, Martin Ejdestig, Martin Pitt, Matej
11022 Habrnal, Maxime de Roucy, Michael Biebl, Michael Chapman, Michael Hoy,
11023 Michael Olbrich, Michael Pope, Michal Sekletar, Michal Soltys, Mike
11024 Gilbert, Nick Owens, Patrik Flykt, Paweł Szewczyk, Peter Hutterer,
11025 Piotr Drąg, Reid Price, Richard W.M. Jones, Roman Stingler, Ronny
11026 Chevalier, Seraphime Kirkovski, Stefan Schweter, Steve Muir, Susant
11027 Sahani, Tejun Heo, Thomas Blume, Thomas H. P. Andersen, Tiago Levit,
11028 Tobias Jungel, Tomáš Janoušek, Topi Miettinen, Torstein Husebø, Umut
11029 Tezduyar Lindskog, Vito Caputo, WaLyong Cho, Wilhelm Schuster, Yann
11030 E. MORIN, Yi EungJun, Yuki Inoguchi, Yu Watanabe, Zbigniew
11031 Jędrzejewski-Szmek, Zeal Jagannatha
11033 — Santa Fe, 2016-11-03
11037 * In service units the various ExecXYZ= settings have been extended
11038 with an additional special character as first argument of the
11039 assigned value: if the character '+' is used the specified command
11040 line it will be run with full privileges, regardless of User=,
11041 Group=, CapabilityBoundingSet= and similar options. The effect is
11042 similar to the existing PermissionsStartOnly= option, but allows
11043 configuration of this concept for each executed command line
11046 * Services may now alter the service watchdog timeout at runtime by
11047 sending a WATCHDOG_USEC= message via sd_notify().
11049 * MemoryLimit= and related unit settings now optionally take percentage
11050 specifications. The percentage is taken relative to the amount of
11051 physical memory in the system (or in case of containers, the assigned
11052 amount of memory). This allows scaling service resources neatly with
11053 the amount of RAM available on the system. Similarly, systemd-logind's
11054 RuntimeDirectorySize= option now also optionally takes percentage
11057 * In similar fashion TasksMax= takes percentage values now, too. The
11058 value is taken relative to the configured maximum number of processes
11059 on the system. The per-service task maximum has been changed to 15%
11060 using this functionality. (Effectively this is an increase of 512 →
11061 4915 for service units, given the kernel's default pid_max setting.)
11063 * Calendar time specifications in .timer units now understand a ".."
11064 syntax for time ranges. Example: "4..7:10" may now be used for
11065 defining a timer that is triggered at 4:10am, 5:10am, 6:10am and
11068 * The InaccessableDirectories=, ReadOnlyDirectories= and
11069 ReadWriteDirectories= unit file settings have been renamed to
11070 InaccessablePaths=, ReadOnlyPaths= and ReadWritePaths= and may now be
11071 applied to all kinds of file nodes, and not just directories, with
11072 the exception of symlinks. Specifically these settings may now be
11073 used on block and character device nodes, UNIX sockets and FIFOS as
11074 well as regular files. The old names of these settings remain
11075 available for compatibility.
11077 * systemd will now log about all service processes it kills forcibly
11078 (using SIGKILL) because they remained after the clean shutdown phase
11079 of the service completed. This should help identifying services that
11080 shut down uncleanly. Moreover if KillUserProcesses= is enabled in
11081 systemd-logind's configuration a similar log message is generated for
11082 processes killed at the end of each session due to this setting.
11084 * systemd will now set the $JOURNAL_STREAM environment variable for all
11085 services whose stdout/stderr are connected to the Journal (which
11086 effectively means by default: all services). The variable contains
11087 the device and inode number of the file descriptor used for
11088 stdout/stderr. This may be used by invoked programs to detect whether
11089 their stdout/stderr is connected to the Journal, in which case they
11090 can switch over to direct Journal communication, thus being able to
11091 pass extended, structured metadata along with their log messages. As
11092 one example, this is now used by glib's logging primitives.
11094 * When using systemd's default tmp.mount unit for /tmp, the mount point
11095 will now be established with the "nosuid" and "nodev" options. This
11096 avoids privilege escalation attacks that put traps and exploits into
11097 /tmp. However, this might cause problems if you e.g. put container
11098 images or overlays into /tmp; if you need this, override tmp.mount's
11099 "Options=" with a drop-in, or mount /tmp from /etc/fstab with your
11102 * systemd now supports the "memory" cgroup controller also on
11105 * The systemd-cgtop tool now optionally takes a control group path as
11106 command line argument. If specified, the control group list shown is
11107 limited to subgroups of that group.
11109 * The SystemCallFilter= unit file setting gained support for
11110 pre-defined, named system call filter sets. For example
11111 SystemCallFilter=@clock is now an effective way to make all clock
11112 changing-related system calls unavailable to a service. A number of
11113 similar pre-defined groups are defined. Writing system call filters
11114 for system services is simplified substantially with this new
11115 concept. Accordingly, all of systemd's own, long-running services now
11116 enable system call filtering based on this, by default.
11118 * A new service setting MemoryDenyWriteExecute= has been added, taking
11119 a boolean value. If turned on, a service may no longer create memory
11120 mappings that are writable and executable at the same time. This
11121 enhances security for services where this is enabled as it becomes
11122 harder to dynamically write and then execute memory in exploited
11123 service processes. This option has been enabled for all of systemd's
11124 own long-running services.
11126 * A new RestrictRealtime= service setting has been added, taking a
11127 boolean argument. If set the service's processes may no longer
11128 acquire realtime scheduling. This improves security as realtime
11129 scheduling may otherwise be used to easily freeze the system.
11131 * systemd-nspawn gained a new switch --notify-ready= taking a boolean
11132 value. This may be used for requesting that the system manager inside
11133 of the container reports start-up completion to nspawn which then
11134 propagates this notification further to the service manager
11135 supervising nspawn itself. A related option NotifyReady= in .nspawn
11136 files has been added too. This functionality allows ordering of the
11137 start-up of multiple containers using the usual systemd ordering
11140 * machinectl gained a new command "stop" that is an alias for
11143 * systemd-resolved gained support for contacting DNS servers on
11144 link-local IPv6 addresses.
11146 * If systemd-resolved receives the SIGUSR2 signal it will now flush all
11147 its caches. A method call for requesting the same operation has been
11148 added to the bus API too, and is made available via "systemd-resolve
11151 * systemd-resolve gained a new --status switch. If passed a brief
11152 summary of the used DNS configuration with per-interface information
11155 * resolved.conf gained a new Cache= boolean option, defaulting to
11156 on. If turned off local DNS caching is disabled. This comes with a
11157 performance penalty in particular when DNSSEC is enabled. Note that
11158 resolved disables its internal caching implicitly anyway, when the
11159 configured DNS server is on a host-local IP address such as ::1 or
11160 127.0.0.1, thus automatically avoiding double local caching.
11162 * systemd-resolved now listens on the local IP address 127.0.0.53:53
11163 for DNS requests. This improves compatibility with local programs
11164 that do not use the libc NSS or systemd-resolved's bus APIs for name
11165 resolution. This minimal DNS service is only available to local
11166 programs and does not implement the full DNS protocol, but enough to
11167 cover local DNS clients. A new, static resolv.conf file, listing just
11168 this DNS server is now shipped in /usr/lib/systemd/resolv.conf. It is
11169 now recommended to make /etc/resolv.conf a symlink to this file in
11170 order to route all DNS lookups to systemd-resolved, regardless if
11171 done via NSS, the bus API or raw DNS packets. Note that this local
11172 DNS service is not as fully featured as the libc NSS or
11173 systemd-resolved's bus APIs. For example, as unicast DNS cannot be
11174 used to deliver link-local address information (as this implies
11175 sending a local interface index along), LLMNR/mDNS support via this
11176 interface is severely restricted. It is thus strongly recommended for
11177 all applications to use the libc NSS API or native systemd-resolved
11180 * systemd-networkd's bridge support learned a new setting
11181 VLANFiltering= for controlling VLAN filtering. Moreover a new section
11182 in .network files has been added for configuring VLAN bridging in
11183 more detail: VLAN=, EgressUntagged=, PVID= in [BridgeVLAN].
11185 * systemd-networkd's IPv6 Router Advertisement code now makes use of
11186 the DNSSL and RDNSS options. This means IPv6 DNS configuration may
11187 now be acquired without relying on DHCPv6. Two new options
11188 UseDomains= and UseDNS= have been added to configure this behaviour.
11190 * systemd-networkd's IPv6AcceptRouterAdvertisements= option has been
11191 renamed IPv6AcceptRA=, without altering its behaviour. The old
11192 setting name remains available for compatibility reasons.
11194 * The systemd-networkd VTI/VTI6 tunneling support gained new options
11195 Key=, InputKey= and OutputKey=.
11197 * systemd-networkd gained support for VRF ("Virtual Routing Function")
11198 interface configuration.
11200 * "systemctl edit" may now be used to create new unit files by
11201 specifying the --force switch.
11203 * sd-event gained a new function sd_event_get_iteration() for
11204 requesting the current iteration counter of the event loop. It starts
11205 at zero and is increased by one with each event loop iteration.
11207 * A new rpm macro %systemd_ordering is provided by the macros.systemd
11208 file. It can be used in lieu of %systemd_requires in packages which
11209 don't use any systemd functionality and are intended to be installed
11210 in minimal containers without systemd present. This macro provides
11211 ordering dependencies to ensure that if the package is installed in
11212 the same rpm transaction as systemd, systemd will be installed before
11213 the scriptlets for the package are executed, allowing unit presets
11216 New macros %_systemdgeneratordir and %_systemdusergeneratordir have
11217 been added to simplify packaging of generators.
11219 * The os-release file gained VERSION_CODENAME field for the
11220 distribution nickname (e.g. VERSION_CODENAME=woody).
11222 * New udev property UDEV_DISABLE_PERSISTENT_STORAGE_RULES_FLAG=1
11223 can be set to disable parsing of metadata and the creation
11224 of persistent symlinks for that device.
11226 * The v230 change to tag framebuffer devices (/dev/fb*) with "uaccess"
11227 to make them available to logged-in users has been reverted.
11229 * Much of the common code of the various systemd components is now
11230 built into an internal shared library libsystemd-shared-231.so
11231 (incorporating the systemd version number in the name, to be updated
11232 with future releases) that the components link to. This should
11233 decrease systemd footprint both in memory during runtime and on
11234 disk. Note that the shared library is not for public use, and is
11235 neither API nor ABI stable, but is likely to change with every new
11236 released update. Packagers need to make sure that binaries
11237 linking to libsystemd-shared.so are updated in step with the
11240 * Configuration for "mkosi" is now part of the systemd
11241 repository. mkosi is a tool to easily build legacy-free OS images,
11242 and is available on github: https://github.com/systemd/mkosi. If
11243 "mkosi" is invoked in the build tree a new raw OS image is generated
11244 incorporating the systemd sources currently being worked on and a
11245 clean, fresh distribution installation. The generated OS image may be
11246 booted up with "systemd-nspawn -b -i", qemu-kvm or on any physical
11247 UEFI PC. This functionality is particularly useful to easily test
11248 local changes made to systemd in a pristine, defined environment. See
11249 doc/HACKING for details.
11251 * configure learned the --with-support-url= option to specify the
11252 distribution's bugtracker.
11254 Contributions from: Alban Crequy, Alessandro Puccetti, Alessio Igor
11255 Bogani, Alexander Kuleshov, Alexander Kurtz, Alex Gaynor, Andika
11256 Triwidada, Andreas Pokorny, Andreas Rammhold, Andrew Jeddeloh, Ansgar
11257 Burchardt, Atrotors, Benjamin Drung, Brian Boylston, Christian Hesse,
11258 Christian Rebischke, Daniele Medri, Daniel Mack, Dave Reisner, David
11259 Herrmann, David Michael, Djalal Harouni, Douglas Christman, Elias
11260 Probst, Evgeny Vereshchagin, Federico Mena Quintero, Felipe Sateler,
11261 Franck Bui, Harald Hoyer, Ian Lee, Ivan Shapovalov, Jakub Wilk, Jan
11262 Janssen, Jean-Sébastien Bour, John Paul Adrian Glaubitz, Jouke
11263 Witteveen, Kai Ruhnau, kpengboy, Kyle Walker, Lénaïc Huard, Lennart
11264 Poettering, Luca Bruno, Lukas Lösche, Lukáš Nykrýn, mahkoh, Marcel
11265 Holtmann, Martin Pitt, Marty Plummer, Matthieu Codron, Max Prokhorov,
11266 Michael Biebl, Michael Karcher, Michael Olbrich, Michał Bartoszkiewicz,
11267 Michal Sekletar, Michal Soltys, Minkyung, Muhammet Kara, mulkieran,
11268 Otto Wallenius, Pablo Lezaeta Reyes, Peter Hutterer, Ronny Chevalier,
11269 Rusty Bird, Stef Walter, Susant Sahani, Tejun Heo, Thomas Blume, Thomas
11270 Haller, Thomas H. P. Andersen, Tobias Jungel, Tom Gundersen, Tom Yan,
11271 Topi Miettinen, Torstein Husebø, Valentin Vidić, Viktar Vaŭčkievič,
11272 WaLyong Cho, Weng Xuetian, Werner Fink, Zbigniew Jędrzejewski-Szmek
11274 — Berlin, 2016-07-25
11278 * DNSSEC is now turned on by default in systemd-resolved (in
11279 "allow-downgrade" mode), but may be turned off during compile time by
11280 passing "--with-default-dnssec=no" to "configure" (and of course,
11281 during runtime with DNSSEC= in resolved.conf). We recommend
11282 downstreams to leave this on at least during development cycles and
11283 report any issues with the DNSSEC logic upstream. We are very
11284 interested in collecting feedback about the DNSSEC validator and its
11285 limitations in the wild. Note however, that DNSSEC support is
11286 probably nothing downstreams should turn on in stable distros just
11287 yet, as it might create incompatibilities with a few DNS servers and
11288 networks. We tried hard to make sure we downgrade to non-DNSSEC mode
11289 automatically whenever we detect such incompatible setups, but there
11290 might be systems we do not cover yet. Hence: please help us testing
11291 the DNSSEC code, leave this on where you can, report back, but then
11292 again don't consider turning this on in your stable, LTS or
11293 production release just yet. (Note that you have to enable
11294 nss-resolve in /etc/nsswitch.conf, to actually use systemd-resolved
11295 and its DNSSEC mode for hostname resolution from local
11298 * systemd-resolve conveniently resolves DANE records with the --tlsa
11299 option and OPENPGPKEY records with the --openpgp option. It also
11300 supports dumping raw DNS record data via the new --raw= switch.
11302 * systemd-logind will now by default terminate user processes that are
11303 part of the user session scope unit (session-XX.scope) when the user
11304 logs out. This behavior is controlled by the KillUserProcesses=
11305 setting in logind.conf, and the previous default of "no" is now
11306 changed to "yes". This means that user sessions will be properly
11307 cleaned up after, but additional steps are necessary to allow
11308 intentionally long-running processes to survive logout.
11310 While the user is logged in at least once, user@.service is running,
11311 and any service that should survive the end of any individual login
11312 session can be started at a user service or scope using systemd-run.
11313 systemd-run(1) man page has been extended with an example which shows
11314 how to run screen in a scope unit underneath user@.service. The same
11315 command works for tmux.
11317 After the user logs out of all sessions, user@.service will be
11318 terminated too, by default, unless the user has "lingering" enabled.
11319 To effectively allow users to run long-term tasks even if they are
11320 logged out, lingering must be enabled for them. See loginctl(1) for
11321 details. The default polkit policy was modified to allow users to
11322 set lingering for themselves without authentication.
11324 Previous defaults can be restored at compile time by the
11325 --without-kill-user-processes option to "configure".
11327 * systemd-logind gained new configuration settings SessionsMax= and
11328 InhibitorsMax=, both with a default of 8192. It will not register new
11329 user sessions or inhibitors above this limit.
11331 * systemd-logind will now reload configuration on SIGHUP.
11333 * The unified cgroup hierarchy added in Linux 4.5 is now supported.
11334 Use systemd.unified_cgroup_hierarchy=1 on the kernel command line to
11335 enable. Also, support for the "io" cgroup controller in the unified
11336 hierarchy has been added, so that the "memory", "pids" and "io" are
11337 now the controllers that are supported on the unified hierarchy.
11339 WARNING: it is not possible to use previous systemd versions with
11340 systemd.unified_cgroup_hierarchy=1 and the new kernel. Therefore it
11341 is necessary to also update systemd in the initramfs if using the
11342 unified hierarchy. An updated SELinux policy is also required.
11344 * LLDP support has been extended, and both passive (receive-only) and
11345 active (sender) modes are supported. Passive mode ("routers-only") is
11346 enabled by default in systemd-networkd. Active LLDP mode is enabled
11347 by default for containers on the internal network. The "networkctl
11348 lldp" command may be used to list information gathered. "networkctl
11349 status" will also show basic LLDP information on connected peers now.
11351 * The IAID and DUID unique identifier sent in DHCP requests may now be
11352 configured for the system and each .network file managed by
11353 systemd-networkd using the DUIDType=, DUIDRawData=, IAID= options.
11355 * systemd-networkd gained support for configuring proxy ARP support for
11356 each interface, via the ProxyArp= setting in .network files. It also
11357 gained support for configuring the multicast querier feature of
11358 bridge devices, via the new MulticastQuerier= setting in .netdev
11359 files. Similarly, snooping on the IGMP traffic can be controlled
11360 via the new setting MulticastSnooping=.
11362 A new setting PreferredLifetime= has been added for addresses
11363 configured in .network file to configure the lifetime intended for an
11366 The systemd-networkd DHCP server gained the option EmitRouter=, which
11367 defaults to yes, to configure whether the DHCP Option 3 (Router)
11370 * The testing tool /usr/lib/systemd/systemd-activate is renamed to
11371 systemd-socket-activate and installed into /usr/bin. It is now fully
11374 * systemd-journald now uses separate threads to flush changes to disk
11375 when closing journal files, thus reducing impact of slow disk I/O on
11376 logging performance.
11378 * The sd-journal API gained two new calls
11379 sd_journal_open_directory_fd() and sd_journal_open_files_fd() which
11380 can be used to open journal files using file descriptors instead of
11381 file or directory paths. sd_journal_open_container() has been
11382 deprecated, sd_journal_open_directory_fd() should be used instead
11383 with the flag SD_JOURNAL_OS_ROOT.
11385 * journalctl learned a new output mode "-o short-unix" that outputs log
11386 lines prefixed by their UNIX time (i.e. seconds since Jan 1st, 1970
11387 UTC). It also gained support for a new --no-hostname setting to
11388 suppress the hostname column in the family of "short" output modes.
11390 * systemd-ask-password now optionally skips printing of the password to
11391 stdout with --no-output which can be useful in scripts.
11393 * Framebuffer devices (/dev/fb*) and 3D printers and scanners
11394 (devices tagged with ID_MAKER_TOOL) are now tagged with
11395 "uaccess" and are available to logged in users.
11397 * The DeviceAllow= unit setting now supports specifiers (with "%").
11399 * "systemctl show" gained a new --value switch, which allows print a
11400 only the contents of a specific unit property, without also printing
11401 the property's name. Similar support was added to "show*" verbs
11402 of loginctl and machinectl that output "key=value" lists.
11404 * A new unit type "generated" was added for files dynamically generated
11405 by generator tools. Similarly, a new unit type "transient" is used
11406 for unit files created using the runtime API. "systemctl enable" will
11407 refuse to operate on such files.
11409 * A new command "systemctl revert" has been added that may be used to
11410 revert to the vendor version of a unit file, in case local changes
11411 have been made by adding drop-ins or overriding the unit file.
11413 * "machinectl clean" gained a new verb to automatically remove all or
11414 just hidden container images.
11416 * systemd-tmpfiles gained support for a new line type "e" for emptying
11417 directories, if they exist, without creating them if they don't.
11419 * systemd-nspawn gained support for automatically patching the UID/GIDs
11420 of the owners and the ACLs of all files and directories in a
11421 container tree to match the UID/GID user namespacing range selected
11422 for the container invocation. This mode is enabled via the new
11423 --private-users-chown switch. It also gained support for
11424 automatically choosing a free, previously unused UID/GID range when
11425 starting a container, via the new --private-users=pick setting (which
11426 implies --private-users-chown). Together, these options for the first
11427 time make user namespacing for nspawn containers fully automatic and
11428 thus deployable. The systemd-nspawn@.service template unit file has
11429 been changed to use this functionality by default.
11431 * systemd-nspawn gained a new --network-zone= switch, that allows
11432 creating ad-hoc virtual Ethernet links between multiple containers,
11433 that only exist as long as at least one container referencing them is
11434 running. This allows easy connecting of multiple containers with a
11435 common link that implements an Ethernet broadcast domain. Each of
11436 these network "zones" may be named relatively freely by the user, and
11437 may be referenced by any number of containers, but each container may
11438 only reference one of these "zones". On the lower level, this is
11439 implemented by an automatically managed bridge network interface for
11440 each zone, that is created when the first container referencing its
11441 zone is created and removed when the last one referencing its zone
11444 * The default start timeout may now be configured on the kernel command
11445 line via systemd.default_timeout_start_sec=. It was already
11446 configurable via the DefaultTimeoutStartSec= option in
11447 /etc/systemd/system.conf.
11449 * Socket units gained a new TriggerLimitIntervalSec= and
11450 TriggerLimitBurst= setting to configure a limit on the activation
11451 rate of the socket unit.
11453 * The LimitNICE= setting now optionally takes normal UNIX nice values
11454 in addition to the raw integer limit value. If the specified
11455 parameter is prefixed with "+" or "-" and is in the range -20…19 the
11456 value is understood as UNIX nice value. If not prefixed like this it
11457 is understood as raw RLIMIT_NICE limit.
11459 * Note that the effect of the PrivateDevices= unit file setting changed
11460 slightly with this release: the per-device /dev file system will be
11461 mounted read-only from this version on, and will have "noexec"
11462 set. This (minor) change of behavior might cause some (exceptional)
11463 legacy software to break, when PrivateDevices=yes is set for its
11464 service. Please leave PrivateDevices= off if you run into problems
11467 * systemd-bootchart has been split out to a separate repository:
11468 https://github.com/systemd/systemd-bootchart
11470 * systemd-bus-proxyd has been removed, as kdbus is unlikely to still be
11471 merged into the kernel in its current form.
11473 * The compatibility libraries libsystemd-daemon.so,
11474 libsystemd-journal.so, libsystemd-id128.so, and libsystemd-login.so
11475 which have been deprecated since systemd-209 have been removed along
11476 with the corresponding pkg-config files. All symbols provided by
11477 those libraries are provided by libsystemd.so.
11479 * The Capabilities= unit file setting has been removed (it is ignored
11480 for backwards compatibility). AmbientCapabilities= and
11481 CapabilityBoundingSet= should be used instead.
11483 * A new special target has been added, initrd-root-device.target,
11484 which creates a synchronization point for dependencies of the root
11485 device in early userspace. Initramfs builders must ensure that this
11486 target is now included in early userspace.
11488 Contributions from: Alban Crequy, Alexander Kuleshov, Alexander Shopov,
11489 Alex Crawford, Andre Klärner, Andrew Eikum, Beniamino Galvani, Benjamin
11490 Robin, Biao Lu, Bjørnar Ness, Calvin Owens, Christian Hesse, Clemens
11491 Gruber, Colin Guthrie, Daniel Drake, Daniele Medri, Daniel J Walsh,
11492 Daniel Mack, Dan Nicholson, daurnimator, David Herrmann, David
11493 R. Hedges, Elias Probst, Emmanuel Gil Peyrot, EMOziko, Evgeny
11494 Vereshchagin, Federico, Felipe Sateler, Filipe Brandenburger, Franck
11495 Bui, frankheckenbach, gdamjan, Georgia Brikis, Harald Hoyer, Hendrik
11496 Brueckner, Hristo Venev, Iago López Galeiras, Ian Kelling, Ismo
11497 Puustinen, Jakub Wilk, Jaroslav Škarvada, Jeff Huang, Joel Holdsworth,
11498 John Paul Adrian Glaubitz, Jonathan Boulle, kayrus, Klearchos
11499 Chaloulos, Kyle Russell, Lars Uebernickel, Lennart Poettering, Lubomir
11500 Rintel, Lukáš Nykrýn, Mantas Mikulėnas, Marcel Holtmann, Martin Pitt,
11501 Michael Biebl, michaelolbrich, Michał Bartoszkiewicz, Michal Koutný,
11502 Michal Sekletar, Mike Frysinger, Mike Gilbert, Mingcong Bai, Ming Lin,
11503 mulkieran, muzena, Nalin Dahyabhai, Naohiro Aota, Nathan McSween,
11504 Nicolas Braud-Santoni, Patrik Flykt, Peter Hutterer, Peter Mattern,
11505 Petr Lautrbach, Petros Angelatos, Piotr Drąg, Rabin Vincent, Robert
11506 Węcławski, Ronny Chevalier, Samuel Tardieu, Stefan Saraev, Stefan
11507 Schallenberg aka nafets227, Steven Siloti, Susant Sahani, Sylvain
11508 Plantefève, Taylor Smock, Tejun Heo, Thomas Blume, Thomas Haller,
11509 Thomas H. P. Andersen, Tobias Klauser, Tom Gundersen, topimiettinen,
11510 Torstein Husebø, Umut Tezduyar Lindskog, Uwe Kleine-König, Victor Toso,
11511 Vinay Kulkarni, Vito Caputo, Vittorio G (VittGam), Vladimir Panteleev,
11512 Wieland Hoffmann, Wouter Verhelst, Yu Watanabe, Zbigniew
11515 — Fairfax, 2016-05-21
11519 * The systemd-resolved DNS resolver service has gained a substantial
11520 set of new features, most prominently it may now act as a DNSSEC
11521 validating stub resolver. DNSSEC mode is currently turned off by
11522 default, but is expected to be turned on by default in one of the
11523 next releases. For now, we invite everybody to test the DNSSEC logic
11524 by setting DNSSEC=allow-downgrade in /etc/systemd/resolved.conf. The
11525 service also gained a full set of D-Bus interfaces, including calls
11526 to configure DNS and DNSSEC settings per link (for use by external
11527 network management software). systemd-resolved and systemd-networkd
11528 now distinguish between "search" and "routing" domains. The former
11529 are used to qualify single-label names, the latter are used purely
11530 for routing lookups within certain domains to specific links.
11531 resolved now also synthesizes RRs for all entries from /etc/hosts.
11533 * The systemd-resolve tool (which is a client utility for
11534 systemd-resolved) has been improved considerably and is now fully
11535 supported and documented. Hence it has moved from /usr/lib/systemd to
11538 * /dev/disk/by-path/ symlink support has been (re-)added for virtio
11541 * The coredump collection logic has been reworked: when a coredump is
11542 collected it is now written to disk, compressed and processed
11543 (including stacktrace extraction) from a new instantiated service
11544 systemd-coredump@.service, instead of directly from the
11545 /proc/sys/kernel/core_pattern hook we provide. This is beneficial as
11546 processing large coredumps can take up a substantial amount of
11547 resources and time, and this previously happened entirely outside of
11548 systemd's service supervision. With the new logic the core_pattern
11549 hook only does minimal metadata collection before passing off control
11550 to the new instantiated service, which is configured with a time
11551 limit, a nice level and other settings to minimize negative impact on
11552 the rest of the system. Also note that the new logic will honour the
11553 RLIMIT_CORE setting of the crashed process, which now allows users
11554 and processes to turn off coredumping for their processes by setting
11557 * The RLIMIT_CORE resource limit now defaults to "unlimited" for PID 1
11558 and all forked processes by default. Previously, PID 1 would leave
11559 the setting at "0" for all processes, as set by the kernel. Note that
11560 the resource limit traditionally has no effect on the generated
11561 coredumps on the system if the /proc/sys/kernel/core_pattern hook
11562 logic is used. Since the limit is now honoured (see above) its
11563 default has been changed so that the coredumping logic is enabled by
11564 default for all processes, while allowing specific opt-out.
11566 * When the stacktrace is extracted from processes of system users, this
11567 is now done as "systemd-coredump" user, in order to sandbox this
11568 potentially security sensitive parsing operation. (Note that when
11569 processing coredumps of normal users this is done under the user ID
11570 of process that crashed, as before.) Packagers should take notice
11571 that it is now necessary to create the "systemd-coredump" system user
11572 and group at package installation time.
11574 * The systemd-activate socket activation testing tool gained support
11575 for SOCK_DGRAM and SOCK_SEQPACKET sockets using the new --datagram
11576 and --seqpacket switches. It also has been extended to support both
11577 new-style and inetd-style file descriptor passing. Use the new
11578 --inetd switch to request inetd-style file descriptor passing.
11580 * Most systemd tools now honor a new $SYSTEMD_COLORS environment
11581 variable, which takes a boolean value. If set to false, ANSI color
11582 output is disabled in the tools even when run on a terminal that
11585 * The VXLAN support in networkd now supports two new settings
11586 DestinationPort= and PortRange=.
11588 * A new systemd.machine_id= kernel command line switch has been added,
11589 that may be used to set the machine ID in /etc/machine-id if it is
11590 not initialized yet. This command line option has no effect if the
11591 file is already initialized.
11593 * systemd-nspawn gained a new --as-pid2 switch that invokes any
11594 specified command line as PID 2 rather than PID 1 in the
11595 container. In this mode PID 1 is a minimal stub init process that
11596 implements the special POSIX and Linux semantics of PID 1 regarding
11597 signal and child process management. Note that this stub init process
11598 is implemented in nspawn itself and requires no support from the
11599 container image. This new logic is useful to support running
11600 arbitrary commands in the container, as normal processes are
11601 generally not prepared to run as PID 1.
11603 * systemd-nspawn gained a new --chdir= switch for setting the current
11604 working directory for the process started in the container.
11606 * "journalctl /dev/sda" will now output all kernel log messages for
11607 specified device from the current boot, in addition to all devices
11608 that are parents of it. This should make log output about devices
11609 pretty useful, as long as kernel drivers attach enough metadata to
11610 the log messages. (The usual SATA drivers do.)
11612 * The sd-journal API gained two new calls
11613 sd_journal_has_runtime_files() and sd_journal_has_persistent_files()
11614 that report whether log data from /run or /var has been found.
11616 * journalctl gained a new switch "--fields" that prints all journal
11617 record field names currently in use in the journal. This is backed
11618 by two new sd-journal API calls sd_journal_enumerate_fields() and
11619 sd_journal_restart_fields().
11621 * Most configurable timeouts in systemd now expect an argument of
11622 "infinity" to turn them off, instead of "0" as before. The semantics
11623 from now on is that a timeout of "0" means "now", and "infinity"
11624 means "never". To maintain backwards compatibility, "0" continues to
11625 turn off previously existing timeout settings.
11627 * "systemctl reload-or-try-restart" has been renamed to "systemctl
11628 try-reload-or-restart" to clarify what it actually does: the "try"
11629 logic applies to both reloading and restarting, not just restarting.
11630 The old name continues to be accepted for compatibility.
11632 * On boot-up, when PID 1 detects that the system clock is behind the
11633 release date of the systemd version in use, the clock is now set
11634 to the latter. Previously, this was already done in timesyncd, in order
11635 to avoid running with clocks set to the various clock epochs such as
11636 1902, 1938 or 1970. With this change the logic is now done in PID 1
11637 in addition to timesyncd during early boot-up, so that it is enforced
11638 before the first process is spawned by systemd. Note that the logic
11639 in timesyncd remains, as it is more comprehensive and ensures
11640 clock monotonicity by maintaining a persistent timestamp file in
11641 /var. Since /var is generally not available in earliest boot or the
11642 initrd, this part of the logic remains in timesyncd, and is not done
11645 * Support for tweaking details in net_cls.class_id through the
11646 NetClass= configuration directive has been removed, as the kernel
11647 people have decided to deprecate that controller in cgroup v2.
11648 Userspace tools such as nftables are moving over to setting rules
11649 that are specific to the full cgroup path of a task, which obsoletes
11650 these controllers anyway. The NetClass= directive is kept around for
11651 legacy compatibility reasons. For a more in-depth description of the
11652 kernel change, please refer to the respective upstream commit:
11654 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bd1060a1d671
11656 * A new service setting RuntimeMaxSec= has been added that may be used
11657 to specify a maximum runtime for a service. If the timeout is hit, the
11658 service is terminated and put into a failure state.
11660 * A new service setting AmbientCapabilities= has been added. It allows
11661 configuration of additional Linux process capabilities that are
11662 passed to the activated processes. This is only available on very
11665 * The process resource limit settings in service units may now be used
11666 to configure hard and soft limits individually.
11668 * The various libsystemd APIs such as sd-bus or sd-event now publicly
11669 expose support for gcc's __attribute__((cleanup())) C extension.
11670 Specifically, for many object destructor functions alternative
11671 versions have been added that have names suffixed with "p" and take a
11672 pointer to a pointer to the object to destroy, instead of just a
11673 pointer to the object itself. This is useful because these destructor
11674 functions may be used directly as parameters to the cleanup
11675 construct. Internally, systemd has been a heavy user of this GCC
11676 extension for a long time, and with this change similar support is
11677 now available to consumers of the library outside of systemd. Note
11678 that by using this extension in your sources compatibility with old
11679 and strictly ANSI compatible C compilers is lost. However, all gcc or
11680 LLVM versions of recent years support this extension.
11682 * Timer units gained support for a new setting RandomizedDelaySec= that
11683 allows configuring some additional randomized delay to the configured
11684 time. This is useful to spread out timer events to avoid load peaks in
11685 clusters or larger setups.
11687 * Calendar time specifications now support sub-second accuracy.
11689 * Socket units now support listening on SCTP and UDP-lite protocol
11692 * The sd-event API now comes with a full set of man pages.
11694 * Older versions of systemd contained experimental support for
11695 compressing journal files and coredumps with the LZ4 compressor that
11696 was not compatible with the lz4 binary (due to API limitations of the
11697 lz4 library). This support has been removed; only support for files
11698 compatible with the lz4 binary remains. This LZ4 logic is now
11699 officially supported and no longer considered experimental.
11701 * The dkr image import logic has been removed again from importd. dkr's
11702 micro-services focus doesn't fit into the machine image focus of
11703 importd, and quickly got out of date with the upstream dkr API.
11705 * Creation of the /run/lock/lockdev/ directory was dropped from
11706 tmpfiles.d/legacy.conf. Better locking mechanisms like flock() have
11707 been available for many years. If you still need this, you need to
11708 create your own tmpfiles.d config file with:
11710 d /run/lock/lockdev 0775 root lock -
11712 * The settings StartLimitBurst=, StartLimitInterval=, StartLimitAction=
11713 and RebootArgument= have been moved from the [Service] section of
11714 unit files to [Unit], and they are now supported on all unit types,
11715 not just service units. Of course, systemd will continue to
11716 understand these settings also at the old location, in order to
11717 maintain compatibility.
11719 Contributions from: Abdo Roig-Maranges, Alban Crequy, Aleksander
11720 Adamowski, Alexander Kuleshov, Andreas Pokorny, Andrei Borzenkov,
11721 Andrew Wilcox, Arthur Clement, Beniamino Galvani, Casey Schaufler,
11722 Chris Atkinson, Chris Mayo, Christian Hesse, Damjan Georgievski, Dan
11723 Dedrick, Daniele Medri, Daniel J Walsh, Daniel Korostil, Daniel Mack,
11724 David Herrmann, Dimitri John Ledkov, Dominik Hannen, Douglas Christman,
11725 Evgeny Vereshchagin, Filipe Brandenburger, Franck Bui, Gabor Kelemen,
11726 Harald Hoyer, Hayden Walles, Helmut Grohne, Henrik Kaare Poulsen,
11727 Hristo Venev, Hui Wang, Indrajit Raychaudhuri, Ismo Puustinen, Jakub
11728 Wilk, Jan Alexander Steffens (heftig), Jan Engelhardt, Jan Synacek,
11729 Joost Bremmer, Jorgen Schaefer, Karel Zak, Klearchos Chaloulos,
11730 lc85446, Lennart Poettering, Lukas Nykryn, Mantas Mikulėnas, Marcel
11731 Holtmann, Martin Pitt, Michael Biebl, Michael Olbrich, Michael Scherer,
11732 Michał Górny, Michal Sekletar, Nicolas Cornu, Nicolas Iooss, Nils
11733 Carlson, nmartensen, nnz1024, Patrick Ohly, Peter Hutterer, Phillip Sz,
11734 Ronny Chevalier, Samu Kallio, Shawn Landden, Stef Walter, Susant
11735 Sahani, Sylvain Plantefève, Tadej Janež, Thomas Hindoe Paaboel
11736 Andersen, Tom Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Vito
11737 Caputo, WaLyong Cho, Yu Watanabe, Zbigniew Jędrzejewski-Szmek
11739 — Berlin, 2016-02-11
11743 * A number of properties previously only settable in unit
11744 files are now also available as properties to set when
11745 creating transient units programmatically via the bus, as it
11746 is exposed with systemd-run's --property=
11747 setting. Specifically, these are: SyslogIdentifier=,
11748 SyslogLevelPrefix=, TimerSlackNSec=, OOMScoreAdjust=,
11749 EnvironmentFile=, ReadWriteDirectories=,
11750 ReadOnlyDirectories=, InaccessibleDirectories=,
11751 ProtectSystem=, ProtectHome=, RuntimeDirectory=.
11753 * When creating transient services via the bus API it is now
11754 possible to pass in a set of file descriptors to use as
11755 STDIN/STDOUT/STDERR for the invoked process.
11757 * Slice units may now be created transiently via the bus APIs,
11758 similar to the way service and scope units may already be
11759 created transiently.
11761 * Wherever systemd expects a calendar timestamp specification
11762 (like in journalctl's --since= and --until= switches) UTC
11763 timestamps are now supported. Timestamps suffixed with "UTC"
11764 are now considered to be in Universal Time Coordinated
11765 instead of the local timezone. Also, timestamps may now
11766 optionally be specified with sub-second accuracy. Both of
11767 these additions also apply to recurring calendar event
11768 specification, such as OnCalendar= in timer units.
11770 * journalctl gained a new "--sync" switch that asks the
11771 journal daemon to write all so far unwritten log messages to
11772 disk and sync the files, before returning.
11774 * systemd-tmpfiles learned two new line types "q" and "Q" that
11775 operate like "v", but also set up a basic btrfs quota
11776 hierarchy when used on a btrfs file system with quota
11779 * tmpfiles' "v", "q" and "Q" will now create a plain directory
11780 instead of a subvolume (even on a btrfs file system) if the
11781 root directory is a plain directory, and not a
11782 subvolume. This should simplify things with certain chroot()
11783 environments which are not aware of the concept of btrfs
11786 * systemd-detect-virt gained a new --chroot switch to detect
11787 whether execution takes place in a chroot() environment.
11789 * CPUAffinity= now takes CPU index ranges in addition to
11790 individual indexes.
11792 * The various memory-related resource limit settings (such as
11793 LimitAS=) now understand the usual K, M, G, … suffixes to
11794 the base of 1024 (IEC). Similar, the time-related resource
11795 limit settings understand the usual min, h, day, … suffixes
11798 * There's a new system.conf setting DefaultTasksMax= to
11799 control the default TasksMax= setting for services and
11800 scopes running on the system. (TasksMax= is the primary
11801 setting that exposes the "pids" cgroup controller on systemd
11802 and was introduced in the previous systemd release.) The
11803 setting now defaults to 512, which means services that are
11804 not explicitly configured otherwise will only be able to
11805 create 512 processes or threads at maximum, from this
11806 version on. Note that this means that thread- or
11807 process-heavy services might need to be reconfigured to set
11808 TasksMax= to a higher value. It is sufficient to set
11809 TasksMax= in these specific unit files to a higher value, or
11810 even "infinity". Similar, there's now a logind.conf setting
11811 UserTasksMax= that defaults to 4096 and limits the total
11812 number of processes or tasks each user may own
11813 concurrently. nspawn containers also have the TasksMax=
11814 value set by default now, to 8192. Note that all of this
11815 only has an effect if the "pids" cgroup controller is
11816 enabled in the kernel. The general benefit of these changes
11817 should be a more robust and safer system, that provides a
11818 certain amount of per-service fork() bomb protection.
11820 * systemd-nspawn gained the new --network-veth-extra= switch
11821 to define additional and arbitrarily-named virtual Ethernet
11822 links between the host and the container.
11824 * A new service execution setting PassEnvironment= has been
11825 added that allows importing select environment variables
11826 from PID1's environment block into the environment block of
11829 * Timer units gained support for a new RemainAfterElapse=
11830 setting which takes a boolean argument. It defaults to on,
11831 exposing behaviour unchanged to previous releases. If set to
11832 off, timer units are unloaded after they elapsed if they
11833 cannot elapse again. This is particularly useful for
11834 transient timer units, which shall not stay around longer
11835 than until they first elapse.
11837 * systemd will now bump the net.unix.max_dgram_qlen to 512 by
11838 default now (the kernel default is 16). This is beneficial
11839 for avoiding blocking on AF_UNIX/SOCK_DGRAM sockets since it
11840 allows substantially larger numbers of queued
11841 datagrams. This should increase the capability of systemd to
11842 parallelize boot-up, as logging and sd_notify() are unlikely
11843 to stall execution anymore. If you need to change the value
11844 from the new defaults, use the usual sysctl.d/ snippets.
11846 * The compression framing format used by the journal or
11847 coredump processing has changed to be in line with what the
11848 official LZ4 tools generate. LZ4 compression support in
11849 systemd was considered unsupported previously, as the format
11850 was not compatible with the normal tools. With this release
11851 this has changed now, and it is hence safe for downstream
11852 distributions to turn it on. While not compressing as well
11853 as the XZ, LZ4 is substantially faster, which makes
11854 it a good default choice for the compression logic in the
11855 journal and in coredump handling.
11857 * Any reference to /etc/mtab has been dropped from
11858 systemd. The file has been obsolete since a while, but
11859 systemd refused to work on systems where it was incorrectly
11860 set up (it should be a symlink or non-existent). Please make
11861 sure to update to util-linux 2.27.1 or newer in conjunction
11862 with this systemd release, which also drops any reference to
11863 /etc/mtab. If you maintain a distribution make sure that no
11864 software you package still references it, as this is a
11865 likely source of bugs. There's also a glibc bug pending,
11866 asking for removal of any reference to this obsolete file:
11868 https://sourceware.org/bugzilla/show_bug.cgi?id=19108
11870 Note that only util-linux versions built with
11871 --enable-libmount-force-mountinfo are supported.
11873 * Support for the ".snapshot" unit type has been removed. This
11874 feature turned out to be little useful and little used, and
11875 has now been removed from the core and from systemctl.
11877 * The dependency types RequiresOverridable= and
11878 RequisiteOverridable= have been removed from systemd. They
11879 have been used only very sparingly to our knowledge and
11880 other options that provide a similar effect (such as
11881 systemctl --mode=ignore-dependencies) are much more useful
11882 and commonly used. Moreover, they were only half-way
11883 implemented as the option to control behaviour regarding
11884 these dependencies was never added to systemctl. By removing
11885 these dependency types the execution engine becomes a bit
11886 simpler. Unit files that use these dependencies should be
11887 changed to use the non-Overridable dependency types
11888 instead. In fact, when parsing unit files with these
11889 options, that's what systemd will automatically convert them
11890 too, but it will also warn, asking users to fix the unit
11891 files accordingly. Removal of these dependency types should
11892 only affect a negligible number of unit files in the wild.
11894 * Behaviour of networkd's IPForward= option changed
11895 (again). It will no longer maintain a per-interface setting,
11896 but propagate one way from interfaces where this is enabled
11897 to the global kernel setting. The global setting will be
11898 enabled when requested by a network that is set up, but
11899 never be disabled again. This change was made to make sure
11900 IPv4 and IPv6 behaviour regarding packet forwarding is
11901 similar (as the Linux IPv6 stack does not support
11902 per-interface control of this setting) and to minimize
11905 * In unit files the behaviour of %u, %U, %h, %s has
11906 changed. These specifiers will now unconditionally resolve
11907 to the various user database fields of the user that the
11908 systemd instance is running as, instead of the user
11909 configured in the specific unit via User=. Note that this
11910 effectively doesn't change much, as resolving of these
11911 specifiers was already turned off in the --system instance
11912 of systemd, as we cannot do NSS lookups from PID 1. In the
11913 --user instance of systemd these specifiers where correctly
11914 resolved, but hardly made any sense, since the user instance
11915 lacks privileges to do user switches anyway, and User= is
11916 hence useless. Moreover, even in the --user instance of
11917 systemd behaviour was awkward as it would only take settings
11918 from User= assignment placed before the specifier into
11919 account. In order to unify and simplify the logic around
11920 this the specifiers will now always resolve to the
11921 credentials of the user invoking the manager (which in case
11922 of PID 1 is the root user).
11924 Contributions from: Andrew Jones, Beniamino Galvani, Boyuan
11925 Yang, Daniel Machon, Daniel Mack, David Herrmann, David
11926 Reynolds, David Strauss, Dongsu Park, Evgeny Vereshchagin,
11927 Felipe Sateler, Filipe Brandenburger, Franck Bui, Hristo
11928 Venev, Iago López Galeiras, Jan Engelhardt, Jan Janssen, Jan
11929 Synacek, Jesus Ornelas Aguayo, Karel Zak, kayrus, Kay Sievers,
11930 Lennart Poettering, Liu Yuan Yuan, Mantas Mikulėnas, Marcel
11931 Holtmann, Marcin Bachry, Marcos Alano, Marcos Mello, Mark
11932 Theunissen, Martin Pitt, Michael Marineau, Michael Olbrich,
11933 Michal Schmidt, Michal Sekletar, Mirco Tischler, Nick Owens,
11934 Nicolas Cornu, Patrik Flykt, Peter Hutterer, reverendhomer,
11935 Ronny Chevalier, Sangjung Woo, Seong-ho Cho, Shawn Landden,
11936 Susant Sahani, Thomas Haller, Thomas Hindoe Paaboel Andersen,
11937 Tom Gundersen, Torstein Husebø, Vito Caputo, Zbigniew
11940 — Berlin, 2015-11-18
11944 * systemd now depends on util-linux v2.27. More specifically,
11945 the newly added mount monitor feature in libmount now
11946 replaces systemd's former own implementation.
11948 * libmount mandates /etc/mtab not to be regular file, and
11949 systemd now enforces this condition at early boot.
11950 /etc/mtab has been deprecated and warned about for a very
11951 long time, so systems running systemd should already have
11952 stopped having this file around as anything else than a
11953 symlink to /proc/self/mounts.
11955 * Support for the "pids" cgroup controller has been added. It
11956 allows accounting the number of tasks in a cgroup and
11957 enforcing limits on it. This adds two new setting
11958 TasksAccounting= and TasksMax= to each unit, as well as a
11959 global option DefaultTasksAccounting=.
11961 * Support for the "net_cls" cgroup controller has been added.
11962 It allows assigning a net class ID to each task in the
11963 cgroup, which can then be used in firewall rules and traffic
11964 shaping configurations. Note that the kernel netfilter net
11965 class code does not currently work reliably for ingress
11966 packets on unestablished sockets.
11968 This adds a new config directive called NetClass= to CGroup
11969 enabled units. Allowed values are positive numbers for fixed
11970 assignments and "auto" for picking a free value
11973 * 'systemctl is-system-running' now returns 'offline' if the
11974 system is not booted with systemd. This command can now be
11975 used as a substitute for 'systemd-notify --booted'.
11977 * Watchdog timeouts have been increased to 3 minutes for all
11978 in-tree service files. Apparently, disk IO issues are more
11979 frequent than we hoped, and user reported >1 minute waiting
11982 * 'machine-id-commit' functionality has been merged into
11983 'machine-id-setup --commit'. The separate binary has been
11986 * The WorkingDirectory= directive in unit files may now be set
11987 to the special value '~'. In this case, the working
11988 directory is set to the home directory of the user
11989 configured in User=.
11991 * "machinectl shell" will now open the shell in the home
11992 directory of the selected user by default.
11994 * The CrashChVT= configuration file setting is renamed to
11995 CrashChangeVT=, following our usual logic of not
11996 abbreviating unnecessarily. The old directive is still
11997 supported for compat reasons. Also, this directive now takes
11998 an integer value between 1 and 63, or a boolean value. The
11999 formerly supported '-1' value for disabling stays around for
12002 * The PrivateTmp=, PrivateDevices=, PrivateNetwork=,
12003 NoNewPrivileges=, TTYPath=, WorkingDirectory= and
12004 RootDirectory= properties can now be set for transient
12007 * The systemd-analyze tool gained a new "set-log-target" verb
12008 to change the logging target the system manager logs to
12009 dynamically during runtime. This is similar to how
12010 "systemd-analyze set-log-level" already changes the log
12013 * In nspawn /sys is now mounted as tmpfs, with only a selected
12014 set of subdirectories mounted in from the real sysfs. This
12015 enhances security slightly, and is useful for ensuring user
12016 namespaces work correctly.
12018 * Support for USB FunctionFS activation has been added. This
12019 allows implementation of USB gadget services that are
12020 activated as soon as they are requested, so that they don't
12021 have to run continuously, similar to classic socket
12024 * The "systemctl exit" command now optionally takes an
12025 additional parameter that sets the exit code to return from
12026 the systemd manager when exiting. This is only relevant when
12027 running the systemd user instance, or when running the
12028 system instance in a container.
12030 * sd-bus gained the new API calls sd_bus_path_encode_many()
12031 and sd_bus_path_decode_many() that allow easy encoding and
12032 decoding of multiple identifier strings inside a D-Bus
12033 object path. Another new call sd_bus_default_flush_close()
12034 has been added to flush and close per-thread default
12037 * systemd-cgtop gained support for a -M/--machine= switch to
12038 show the control groups within a certain container only.
12040 * "systemctl kill" gained support for an optional --fail
12041 switch. If specified the requested operation will fail of no
12042 processes have been killed, because the unit had no
12043 processes attached, or similar.
12045 * A new systemd.crash_reboot=1 kernel command line option has
12046 been added that triggers a reboot after crashing. This can
12047 also be set through CrashReboot= in systemd.conf.
12049 * The RuntimeDirectory= setting now understands unit
12050 specifiers like %i or %f.
12052 * A new (still internal) library API sd-ipv4acd has been added,
12053 that implements address conflict detection for IPv4. It's
12054 based on code from sd-ipv4ll, and will be useful for
12055 detecting DHCP address conflicts.
12057 * File descriptors passed during socket activation may now be
12058 named. A new API sd_listen_fds_with_names() is added to
12059 access the names. The default names may be overridden,
12060 either in the .socket file using the FileDescriptorName=
12061 parameter, or by passing FDNAME= when storing the file
12062 descriptors using sd_notify().
12064 * systemd-networkd gained support for:
12066 - Setting the IPv6 Router Advertisement settings via
12067 IPv6AcceptRouterAdvertisements= in .network files.
12069 - Configuring the HelloTimeSec=, MaxAgeSec= and
12070 ForwardDelaySec= bridge parameters in .netdev files.
12072 - Configuring PreferredSource= for static routes in
12075 * The "ask-password" framework used to query for LUKS harddisk
12076 passwords or SSL passwords during boot gained support for
12077 caching passwords in the kernel keyring, if it is
12078 available. This makes sure that the user only has to type in
12079 a passphrase once if there are multiple objects to unlock
12080 with the same one. Previously, such password caching was
12081 available only when Plymouth was used; this moves the
12082 caching logic into the systemd codebase itself. The
12083 "systemd-ask-password" utility gained a new --keyname=
12084 switch to control which kernel keyring key to use for
12085 caching a password in. This functionality is also useful for
12086 enabling display managers such as gdm to automatically
12087 unlock the user's GNOME keyring if its passphrase, the
12088 user's password and the harddisk password are the same, if
12089 gdm-autologin is used.
12091 * When downloading tar or raw images using "machinectl
12092 pull-tar" or "machinectl pull-raw", a matching ".nspawn"
12093 file is now also downloaded, if it is available and stored
12094 next to the image file.
12096 * Units of type ".socket" gained a new boolean setting
12097 Writable= which is only useful in conjunction with
12098 ListenSpecial=. If true, enables opening the specified
12099 special file in O_RDWR mode rather than O_RDONLY mode.
12101 * systemd-rfkill has been reworked to become a singleton
12102 service that is activated through /dev/rfkill on each rfkill
12103 state change and saves the settings to disk. This way,
12104 systemd-rfkill is now compatible with devices that exist
12105 only intermittendly, and even restores state if the previous
12106 system shutdown was abrupt rather than clean.
12108 * The journal daemon gained support for vacuuming old journal
12109 files controlled by the number of files that shall remain,
12110 in addition to the already existing control by size and by
12111 date. This is useful as journal interleaving performance
12112 degrades with too many separate journal files, and allows
12113 putting an effective limit on them. The new setting defaults
12114 to 100, but this may be changed by setting SystemMaxFiles=
12115 and RuntimeMaxFiles= in journald.conf. Also, the
12116 "journalctl" tool gained the new --vacuum-files= switch to
12117 manually vacuum journal files to leave only the specified
12118 number of files in place.
12120 * udev will now create /dev/disk/by-path links for ATA devices
12121 on kernels where that is supported.
12123 * Galician, Serbian, Turkish and Korean translations were added.
12125 Contributions from: Aaro Koskinen, Alban Crequy, Beniamino
12126 Galvani, Benjamin Robin, Branislav Blaskovic, Chen-Han Hsiao
12127 (Stanley), Daniel Buch, Daniel Machon, Daniel Mack, David
12128 Herrmann, David Milburn, doubleodoug, Evgeny Vereshchagin,
12129 Felipe Franciosi, Filipe Brandenburger, Fran Dieguez, Gabriel
12130 de Perthuis, Georg Müller, Hans de Goede, Hendrik Brueckner,
12131 Ivan Shapovalov, Jacob Keller, Jan Engelhardt, Jan Janssen,
12132 Jan Synacek, Jens Kuske, Karel Zak, Kay Sievers, Krzesimir
12133 Nowak, Krzysztof Kotlenga, Lars Uebernickel, Lennart
12134 Poettering, Lukas Nykryn, Łukasz Stelmach, Maciej Wereski,
12135 Marcel Holtmann, Marius Thesing, Martin Pitt, Michael Biebl,
12136 Michael Gebetsroither, Michal Schmidt, Michal Sekletar, Mike
12137 Gilbert, Muhammet Kara, nazgul77, Nicolas Cornu, NoXPhasma,
12138 Olof Johansson, Patrik Flykt, Pawel Szewczyk, reverendhomer,
12139 Ronny Chevalier, Sangjung Woo, Seong-ho Cho, Susant Sahani,
12140 Sylvain Plantefève, Thomas Haller, Thomas Hindoe Paaboel
12141 Andersen, Tom Gundersen, Tom Lyon, Viktar Vauchkevich,
12142 Zbigniew Jędrzejewski-Szmek, Марко М. Костић
12144 — Berlin, 2015-10-07
12148 * The DHCP implementation of systemd-networkd gained a set of
12151 - The DHCP server now supports emitting DNS and NTP
12152 information. It may be enabled and configured via
12153 EmitDNS=, DNS=, EmitNTP=, and NTP=. If transmission of DNS
12154 and NTP information is enabled, but no servers are
12155 configured, the corresponding uplink information (if there
12156 is any) is propagated.
12158 - Server and client now support transmission and reception
12159 of timezone information. It can be configured via the
12160 newly introduced network options UseTimezone=,
12161 EmitTimezone=, and Timezone=. Transmission of timezone
12162 information is enabled between host and containers by
12163 default now: the container will change its local timezone
12164 to what the host has set.
12166 - Lease timeouts can now be configured via
12167 MaxLeaseTimeSec= and DefaultLeaseTimeSec=.
12169 - The DHCP server improved on the stability of
12170 leases. Clients are more likely to get the same lease
12171 information back, even if the server loses state.
12173 - The DHCP server supports two new configuration options to
12174 control the lease address pool metrics, PoolOffset= and
12177 * The encapsulation limit of tunnels in systemd-networkd may
12178 now be configured via 'EncapsulationLimit='. It allows
12179 modifying the maximum additional levels of encapsulation
12180 that are permitted to be prepended to a packet.
12182 * systemd now supports the concept of user buses replacing
12183 session buses, if used with dbus-1.10 (and enabled via dbus
12184 --enable-user-session). It previously only supported this on
12185 kdbus-enabled systems, and this release expands this to
12186 'dbus-daemon' systems.
12188 * systemd-networkd now supports predictable interface names
12189 for virtio devices.
12191 * systemd now optionally supports the new Linux kernel
12192 "unified" control group hierarchy. If enabled via the kernel
12193 command-line option 'systemd.unified_cgroup_hierarchy=1',
12194 systemd will try to mount the unified cgroup hierarchy
12195 directly on /sys/fs/cgroup. If not enabled, or not
12196 available, systemd will fall back to the legacy cgroup
12197 hierarchy setup, as before. Host system and containers can
12198 mix and match legacy and unified hierarchies as they
12199 wish. nspawn understands the $UNIFIED_CGROUP_HIERARCHY
12200 environment variable to individually select the hierarchy to
12201 use for executed containers. By default, nspawn will use the
12202 unified hierarchy for the containers if the host uses the
12203 unified hierarchy, and the legacy hierarchy otherwise.
12204 Please note that at this point the unified hierarchy is an
12205 experimental kernel feature and is likely to change in one
12206 of the next kernel releases. Therefore, it should not be
12207 enabled by default in downstream distributions yet. The
12208 minimum required kernel version for the unified hierarchy to
12209 work is 4.2. Note that when the unified hierarchy is used
12210 for the first time delegated access to controllers is
12211 safe. Because of this systemd-nspawn containers will get
12212 access to controllers now, as will systemd user
12213 sessions. This means containers and user sessions may now
12214 manage their own resources, partitioning up what the system
12217 * A new special scope unit "init.scope" has been introduced
12218 that encapsulates PID 1 of the system. It may be used to
12219 determine resource usage and enforce resource limits on PID
12220 1 itself. PID 1 hence moved out of the root of the control
12223 * The cgtop tool gained support for filtering out kernel
12224 threads when counting tasks in a control group. Also, the
12225 count of processes is now recursively summed up by
12226 default. Two options -k and --recursive= have been added to
12227 revert to old behaviour. The tool has also been updated to
12228 work correctly in containers now.
12230 * systemd-nspawn's --bind= and --bind-ro= options have been
12231 extended to allow creation of non-recursive bind mounts.
12233 * libsystemd gained two new calls sd_pid_get_cgroup() and
12234 sd_peer_get_cgroup() which return the control group path of
12235 a process or peer of a connected AF_UNIX socket. This
12236 function call is particularly useful when implementing
12237 delegated subtrees support in the control group hierarchy.
12239 * The "sd-event" event loop API of libsystemd now supports
12240 correct dequeuing of real-time signals, without losing
12243 * When systemd requests a polkit decision when managing units it
12244 will now add additional fields to the request, including unit
12245 name and desired operation. This enables more powerful polkit
12246 policies, that make decisions depending on these parameters.
12248 * nspawn learnt support for .nspawn settings files, that may
12249 accompany the image files or directories of containers, and
12250 may contain additional settings for the container. This is
12251 an alternative to configuring container parameters via the
12252 nspawn command line.
12254 Contributions from: Cristian Rodríguez, Daniel Mack, David
12255 Herrmann, Eugene Yakubovich, Evgeny Vereshchagin, Filipe
12256 Brandenburger, Hans de Goede, Jan Alexander Steffens, Jan
12257 Synacek, Kay Sievers, Lennart Poettering, Mangix, Marcel
12258 Holtmann, Martin Pitt, Michael Biebl, Michael Chapman, Michal
12259 Sekletar, Peter Hutterer, Piotr Drąg, reverendhomer, Robin
12260 Hack, Susant Sahani, Sylvain Pasche, Thomas Hindoe Paaboel
12261 Andersen, Tom Gundersen, Torstein Husebø
12263 — Berlin, 2015-09-08
12267 * machinectl gained a new verb 'shell' which opens a fresh
12268 shell on the target container or the host. It is similar to
12269 the existing 'login' command of machinectl, but spawns the
12270 shell directly without prompting for username or
12271 password. The pseudo machine '.host' now refers to the local
12272 host and is used by default. Hence, 'machinectl shell' can
12273 be used as replacement for 'su -' which spawns a session as
12274 a fresh systemd unit in a way that is fully isolated from
12275 the originating session.
12277 * systemd-networkd learned to cope with private-zone DHCP
12278 options and allows other programs to query the values.
12280 * SELinux access control when enabling/disabling units is no
12281 longer enforced with this release. The previous implementation
12282 was incorrect, and a new corrected implementation is not yet
12283 available. As unit file operations are still protected via
12284 polkit and D-Bus policy this is not a security problem. Yet,
12285 distributions which care about optimal SELinux support should
12286 probably not stabilize on this release.
12288 * sd-bus gained support for matches of type "arg0has=", that
12289 test for membership of strings in string arrays sent in bus
12292 * systemd-resolved now dumps the contents of its DNS and LLMNR
12293 caches to the logs on reception of the SIGUSR1 signal. This
12294 is useful to debug DNS behaviour.
12296 * The coredumpctl tool gained a new --directory= option to
12297 operate on journal files in a specific directory.
12299 * "systemctl reboot" and related commands gained a new
12300 "--message=" option which may be used to set a free-text
12301 wall message when shutting down or rebooting the
12302 system. This message is also logged, which is useful for
12303 figuring out the reason for a reboot or shutdown a
12306 * The "systemd-resolve-host" tool's -i switch now takes
12307 network interface numbers as alternative to interface names.
12309 * A new unit file setting for services has been introduced:
12310 UtmpMode= allows configuration of how precisely systemd
12311 handles utmp and wtmp entries for the service if this is
12312 enabled. This allows writing services that appear similar to
12313 user sessions in the output of the "w", "who", "last" and
12316 * systemd-resolved will now locally synthesize DNS resource
12317 records for the "localhost" and "gateway" domains as well as
12318 the local hostname. This should ensure that clients querying
12319 RRs via resolved will get similar results as those going via
12320 NSS, if nss-myhostname is enabled.
12322 Contributions from: Alastair Hughes, Alex Crawford, Daniel
12323 Mack, David Herrmann, Dimitri John Ledkov, Eric Kostrowski,
12324 Evgeny Vereshchagin, Felipe Sateler, HATAYAMA Daisuke, Jan
12325 Pokorný, Jan Synacek, Johnny Robeson, Karel Zak, Kay Sievers,
12326 Kefeng Wang, Lennart Poettering, Major Hayden, Marcel
12327 Holtmann, Markus Elfring, Martin Mikkelsen, Martin Pitt, Matt
12328 Turner, Maxim Mikityanskiy, Michael Biebl, Namhyung Kim,
12329 Nicolas Cornu, Owen W. Taylor, Patrik Flykt, Peter Hutterer,
12330 reverendhomer, Richard Maw, Ronny Chevalier, Seth Jennings,
12331 Stef Walter, Susant Sahani, Thomas Blume, Thomas Hindoe
12332 Paaboel Andersen, Thomas Meyer, Tom Gundersen, Vincent Batts,
12333 WaLyong Cho, Zbigniew Jędrzejewski-Szmek
12335 — Berlin, 2015-08-27
12339 * The systemd-efi-boot-generator functionality was merged into
12340 systemd-gpt-auto-generator.
12342 * systemd-networkd now supports Group Policy for vxlan
12343 devices. It can be enabled via the new boolean configuration
12344 option called 'GroupPolicyExtension='.
12346 Contributions from: Andreas Kempf, Christian Hesse, Daniel Mack, David
12347 Herrmann, Herman Fries, Johannes Nixdorf, Kay Sievers, Lennart
12348 Poettering, Peter Hutterer, Susant Sahani, Tom Gundersen
12350 — Berlin, 2015-07-31
12354 * The python-systemd code has been removed from the systemd repository.
12355 A new repository has been created which accommodates the code from
12356 now on, and we kindly ask distributions to create a separate package
12357 for this: https://github.com/systemd/python-systemd
12359 * The systemd daemon will now reload its main configuration
12360 (/etc/systemd/system.conf) on daemon-reload.
12362 * sd-dhcp now exposes vendor specific extensions via
12363 sd_dhcp_lease_get_vendor_specific().
12365 * systemd-networkd gained a number of new configuration options.
12367 - A new boolean configuration option for TAP devices called
12368 'VNetHeader='. If set, the IFF_VNET_HDR flag is set for the
12369 device, thus allowing to send and receive GSO packets.
12371 - A new tunnel configuration option called 'CopyDSCP='.
12372 If enabled, the DSCP field of ip6 tunnels is copied into the
12373 decapsulated packet.
12375 - A set of boolean bridge configuration options were added.
12376 'UseBPDU=', 'HairPin=', 'FastLeave=', 'AllowPortToBeRoot=',
12377 and 'UnicastFlood=' are now parsed by networkd and applied to the
12378 respective bridge link device via the respective IFLA_BRPORT_*
12381 - A new string configuration option to override the hostname sent
12382 to a DHCP server, called 'Hostname='. If set and 'SendHostname='
12383 is true, networkd will use the configured hostname instead of the
12384 system hostname when sending DHCP requests.
12386 - A new tunnel configuration option called 'IPv6FlowLabel='. If set,
12387 networkd will configure the IPv6 flow-label of the tunnel device
12388 according to RFC2460.
12390 - The 'macvtap' virtual network devices are now supported, similar to
12391 the already supported 'macvlan' devices.
12393 * systemd-resolved now implements RFC5452 to improve resilience against
12394 cache poisoning. Additionally, source port randomization is enabled
12395 by default to further protect against DNS spoofing attacks.
12397 * nss-mymachines now supports translating UIDs and GIDs of running
12398 containers with user-namespaces enabled. If a container 'foo'
12399 translates a host uid 'UID' to the container uid 'TUID', then
12400 nss-mymachines will also map uid 'UID' to/from username 'vu-foo-TUID'
12401 (with 'foo' and 'TUID' replaced accordingly). Similarly, groups are
12402 mapped as 'vg-foo-TGID'.
12404 Contributions from: Beniamino Galvani, cee1, Christian Hesse, Daniel
12405 Buch, Daniel Mack, daurnimator, David Herrmann, Dimitri John Ledkov,
12406 HATAYAMA Daisuke, Ivan Shapovalov, Jan Alexander Steffens (heftig),
12407 Johan Ouwerkerk, Jose Carlos Venegas Munoz, Karel Zak, Kay Sievers,
12408 Lennart Poettering, Lidong Zhong, Martin Pitt, Michael Biebl, Michael
12409 Olbrich, Michal Schmidt, Michal Sekletar, Mike Gilbert, Namhyung Kim,
12410 Nick Owens, Peter Hutterer, Richard Maw, Steven Allen, Sungbae Yoo,
12411 Susant Sahani, Thomas Blume, Thomas Hindoe Paaboel Andersen, Tom
12412 Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Vito Caputo,
12413 Vivenzio Pagliari, Zbigniew Jędrzejewski-Szmek
12415 — Berlin, 2015-07-29
12419 * udev does not longer support the WAIT_FOR_SYSFS= key in udev rules.
12420 There are no known issues with current sysfs, and udev does not need
12421 or should be used to work around such bugs.
12423 * udev does no longer enable USB HID power management. Several reports
12424 indicate, that some devices cannot handle that setting.
12426 * The udev accelerometer helper was removed. The functionality
12427 is now fully included in iio-sensor-proxy. But this means,
12428 older iio-sensor-proxy versions will no longer provide
12429 accelerometer/orientation data with this systemd version.
12430 Please upgrade iio-sensor-proxy to version 1.0.
12432 * networkd gained a new configuration option IPv6PrivacyExtensions=
12433 which enables IPv6 privacy extensions (RFC 4941, "Privacy Extensions
12434 for Stateless Address") on selected networks.
12436 * For the sake of fewer build-time dependencies and less code in the
12437 main repository, the python bindings are about to be removed in the
12438 next release. A new repository has been created which accommodates
12439 the code from now on, and we kindly ask distributions to create a
12440 separate package for this. The removal will take place in v223.
12442 https://github.com/systemd/python-systemd
12444 Contributions from: Abdo Roig-Maranges, Andrew Eikum, Bastien Nocera,
12445 Cédric Delmas, Christian Hesse, Christos Trochalakis, Daniel Mack,
12446 daurnimator, David Herrmann, Dimitri John Ledkov, Eric Biggers, Eric
12447 Cook, Felipe Sateler, Geert Jansen, Gerd Hoffmann, Gianpaolo Macario,
12448 Greg Kroah-Hartman, Iago López Galeiras, Jan Alexander Steffens
12449 (heftig), Jan Engelhardt, Jay Strict, Kay Sievers, Lennart Poettering,
12450 Markus Knetschke, Martin Pitt, Michael Biebl, Michael Marineau, Michal
12451 Sekletar, Miguel Bernal Marin, Peter Hutterer, Richard Maw, rinrinne,
12452 Susant Sahani, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Torstein
12453 Husebø, Vedran Miletić, WaLyong Cho, Zbigniew Jędrzejewski-Szmek
12455 — Berlin, 2015-07-07
12459 * The sd-bus.h and sd-event.h APIs have now been declared
12460 stable and have been added to the official interface of
12461 libsystemd.so. sd-bus implements an alternative D-Bus client
12462 library, that is relatively easy to use, very efficient and
12463 supports both classic D-Bus as well as kdbus as transport
12464 backend. sd-event is a generic event loop abstraction that
12465 is built around Linux epoll, but adds features such as event
12466 prioritization or efficient timer handling. Both APIs are good
12467 choices for C programs looking for a bus and/or event loop
12468 implementation that is minimal and does not have to be
12469 portable to other kernels.
12471 * kdbus support is no longer compile-time optional. It is now
12472 always built-in. However, it can still be disabled at
12473 runtime using the kdbus=0 kernel command line setting, and
12474 that setting may be changed to default to off, by specifying
12475 --disable-kdbus at build-time. Note though that the kernel
12476 command line setting has no effect if the kdbus.ko kernel
12477 module is not installed, in which case kdbus is (obviously)
12478 also disabled. We encourage all downstream distributions to
12479 begin testing kdbus by adding it to the kernel images in the
12480 development distributions, and leaving kdbus support in
12483 * The minimal required util-linux version has been bumped to
12486 * Support for chkconfig (--enable-chkconfig) was removed in
12487 favor of calling an abstraction tool
12488 /lib/systemd/systemd-sysv-install. This needs to be
12489 implemented for your distribution. See "SYSV INIT.D SCRIPTS"
12490 in README for details.
12492 * If there's a systemd unit and a SysV init script for the
12493 same service name, and the user executes "systemctl enable"
12494 for it (or a related call), then this will now enable both
12495 (or execute the related operation on both), not just the
12498 * The libudev API documentation has been converted from gtkdoc
12501 * gudev has been removed from the systemd tree, it is now an
12504 * The systemd-cgtop tool learnt a new --raw switch to generate
12505 "raw" (machine parsable) output.
12507 * networkd's IPForwarding= .network file setting learnt the
12508 new setting "kernel", which ensures that networkd does not
12509 change the IP forwarding sysctl from the default kernel
12512 * The systemd-logind bus API now exposes a new boolean
12513 property "Docked" that reports whether logind considers the
12514 system "docked", i.e. connected to a docking station or not.
12516 Contributions from: Alex Crawford, Andreas Pokorny, Andrei
12517 Borzenkov, Charles Duffy, Colin Guthrie, Cristian Rodríguez,
12518 Daniele Medri, Daniel Hahler, Daniel Mack, David Herrmann,
12519 David Mohr, Dimitri John Ledkov, Djalal Harouni, dslul, Ed
12520 Swierk, Eric Cook, Filipe Brandenburger, Gianpaolo Macario,
12521 Harald Hoyer, Iago López Galeiras, Igor Vuk, Jan Synacek,
12522 Jason Pleau, Jason S. McMullan, Jean Delvare, Jeff Huang,
12523 Jonathan Boulle, Karel Zak, Kay Sievers, kloun, Lennart
12524 Poettering, Marc-Antoine Perennou, Marcel Holtmann, Mario
12525 Limonciello, Martin Pitt, Michael Biebl, Michael Olbrich,
12526 Michal Schmidt, Mike Gilbert, Nick Owens, Pablo Lezaeta Reyes,
12527 Patrick Donnelly, Pavel Odvody, Peter Hutterer, Philip
12528 Withnall, Ronny Chevalier, Simon McVittie, Susant Sahani,
12529 Thomas Hindoe Paaboel Andersen, Tom Gundersen, Torstein
12530 Husebø, Umut Tezduyar Lindskog, Viktar Vauchkevich, Werner
12531 Fink, Zbigniew Jędrzejewski-Szmek
12533 — Berlin, 2015-06-19
12537 * The gudev library has been extracted into a separate repository
12538 available at: https://git.gnome.org/browse/libgudev/
12539 It is now managed as part of the Gnome project. Distributions
12540 are recommended to pass --disable-gudev to systemd and use
12541 gudev from the Gnome project instead. gudev is still included
12542 in systemd, for now. It will be removed soon, though. Please
12543 also see the announcement-thread on systemd-devel:
12544 https://lists.freedesktop.org/archives/systemd-devel/2015-May/032070.html
12546 * systemd now exposes a CPUUsageNSec= property for each
12547 service unit on the bus, that contains the overall consumed
12548 CPU time of a service (the sum of what each process of the
12549 service consumed). This value is only available if
12550 CPUAccounting= is turned on for a service, and is then shown
12551 in the "systemctl status" output.
12553 * Support for configuring alternative mappings of the old SysV
12554 runlevels to systemd targets has been removed. They are now
12555 hardcoded in a way that runlevels 2, 3, 4 all map to
12556 multi-user.target and 5 to graphical.target (which
12557 previously was already the default behaviour).
12559 * The auto-mounter logic gained support for mount point
12560 expiry, using a new TimeoutIdleSec= setting in .automount
12561 units. (Also available as x-systemd.idle-timeout= in /etc/fstab).
12563 * The EFI System Partition (ESP) as mounted to /boot by
12564 systemd-efi-boot-generator will now be unmounted
12565 automatically after 2 minutes of not being used. This should
12566 minimize the risk of ESP corruptions.
12568 * New /etc/fstab options x-systemd.requires= and
12569 x-systemd.requires-mounts-for= are now supported to express
12570 additional dependencies for mounts. This is useful for
12571 journaling file systems that support external journal
12572 devices or overlay file systems that require underlying file
12573 systems to be mounted.
12575 * systemd does not support direct live-upgrades (via systemctl
12576 daemon-reexec) from versions older than v44 anymore. As no
12577 distribution we are aware of shipped such old versions in a
12578 stable release this should not be problematic.
12580 * When systemd forks off a new per-connection service instance
12581 it will now set the $REMOTE_ADDR environment variable to the
12582 remote IP address, and $REMOTE_PORT environment variable to
12583 the remote IP port. This behaviour is similar to the
12584 corresponding environment variables defined by CGI.
12586 * systemd-networkd gained support for uplink failure
12587 detection. The BindCarrier= option allows binding interface
12588 configuration dynamically to the link sense of other
12589 interfaces. This is useful to achieve behaviour like in
12592 * systemd-networkd gained support for configuring the DHCP
12593 client identifier to use when requesting leases.
12595 * systemd-networkd now has a per-network UseNTP= option to
12596 configure whether NTP server information acquired via DHCP
12597 is passed on to services like systemd-timesyncd.
12599 * systemd-networkd gained support for vti6 tunnels.
12601 * Note that systemd-networkd manages the sysctl variable
12602 /proc/sys/net/ipv[46]/conf/*/forwarding for each interface
12603 it is configured for since v219. The variable controls IP
12604 forwarding, and is a per-interface alternative to the global
12605 /proc/sys/net/ipv[46]/ip_forward. This setting is
12606 configurable in the IPForward= option, which defaults to
12607 "no". This means if networkd is used for an interface it is
12608 no longer sufficient to set the global sysctl option to turn
12609 on IP forwarding! Instead, the .network file option
12610 IPForward= needs to be turned on! Note that the
12611 implementation of this behaviour was broken in v219 and has
12612 been fixed in v220.
12614 * Many bonding and vxlan options are now configurable in
12617 * systemd-nspawn gained a new --property= setting to set unit
12618 properties for the container scope. This is useful for
12619 setting resource parameters (e.g. "CPUShares=500") on
12620 containers started from the command line.
12622 * systemd-nspawn gained a new --private-users= switch to make
12623 use of user namespacing available on recent Linux kernels.
12625 * systemd-nspawn may now be called as part of a shell pipeline
12626 in which case the pipes used for stdin and stdout are passed
12627 directly to the process invoked in the container, without
12628 indirection via a pseudo tty.
12630 * systemd-nspawn gained a new switch to control the UNIX
12631 signal to use when killing the init process of the container
12632 when shutting down.
12634 * systemd-nspawn gained a new --overlay= switch for mounting
12635 overlay file systems into the container using the new kernel
12638 * When a container image is imported via systemd-importd and
12639 the host file system is not btrfs, a loopback block device
12640 file is created in /var/lib/machines.raw with a btrfs file
12641 system inside. It is then mounted to /var/lib/machines to
12642 enable btrfs features for container management. The loopback
12643 file and btrfs file system is grown as needed when container
12644 images are imported via systemd-importd.
12646 * systemd-machined/systemd-importd gained support for btrfs
12647 quota, to enforce container disk space limits on disk. This
12648 is exposed in "machinectl set-limit".
12650 * systemd-importd now can import containers from local .tar,
12651 .raw and .qcow2 images, and export them to .tar and .raw. It
12652 can also import dkr v2 images now from the network (on top
12655 * systemd-importd gained support for verifying downloaded
12656 images with gpg2 (previously only gpg1 was supported).
12658 * systemd-machined, systemd-logind, systemd: most bus calls are
12659 now accessible to unprivileged processes via polkit. Also,
12660 systemd-logind will now allow users to kill their own sessions
12661 without further privileges or authorization.
12663 * systemd-shutdownd has been removed. This service was
12664 previously responsible for implementing scheduled shutdowns
12665 as exposed in /usr/bin/shutdown's time parameter. This
12666 functionality has now been moved into systemd-logind and is
12667 accessible via a bus interface.
12669 * "systemctl reboot" gained a new switch --firmware-setup that
12670 can be used to reboot into the EFI firmware setup, if that
12671 is available. systemd-logind now exposes an API on the bus
12672 to trigger such reboots, in case graphical desktop UIs want
12673 to cover this functionality.
12675 * "systemctl enable", "systemctl disable" and "systemctl mask"
12676 now support a new "--now" switch. If specified the units
12677 that are enabled will also be started, and the ones
12678 disabled/masked also stopped.
12680 * The Gummiboot EFI boot loader tool has been merged into
12681 systemd, and renamed to "systemd-boot". The bootctl tool has been
12682 updated to support systemd-boot.
12684 * An EFI kernel stub has been added that may be used to create
12685 kernel EFI binaries that contain not only the actual kernel,
12686 but also an initrd, boot splash, command line and OS release
12687 information. This combined binary can then be signed as a
12688 single image, so that the firmware can verify it all in one
12689 step. systemd-boot has special support for EFI binaries created
12690 like this and can extract OS release information from them
12691 and show them in the boot menu. This functionality is useful
12692 to implement cryptographically verified boot schemes.
12694 * Optional support has been added to systemd-fsck to pass
12695 fsck's progress report to an AF_UNIX socket in the file
12698 * udev will no longer create device symlinks for all block devices by
12699 default. A deny list for excluding special block devices from this
12700 logic has been turned into an allow list that requires picking block
12701 devices explicitly that require device symlinks.
12703 * A new (currently still internal) API sd-device.h has been
12704 added to libsystemd. This modernized API is supposed to
12705 replace libudev eventually. In fact, already much of libudev
12706 is now just a wrapper around sd-device.h.
12708 * A new hwdb database for storing metadata about pointing
12709 stick devices has been added.
12711 * systemd-tmpfiles gained support for setting file attributes
12712 similar to the "chattr" tool with new 'h' and 'H' lines.
12714 * systemd-journald will no longer unconditionally set the
12715 btrfs NOCOW flag on new journal files. This is instead done
12716 with tmpfiles snippet using the new 'h' line type. This
12717 allows easy disabling of this logic, by masking the
12718 journal-nocow.conf tmpfiles file.
12720 * systemd-journald will now translate audit message types to
12721 human readable identifiers when writing them to the
12722 journal. This should improve readability of audit messages.
12724 * The LUKS logic gained support for the offset= and skip=
12725 options in /etc/crypttab, as previously implemented by
12728 * /usr/lib/os-release gained a new optional field VARIANT= for
12729 distributions that support multiple variants (such as a
12730 desktop edition, a server edition, …)
12732 Contributions from: Aaro Koskinen, Adam Goode, Alban Crequy,
12733 Alberto Fanjul Alonso, Alexander Sverdlin, Alex Puchades, Alin
12734 Rauta, Alison Chaiken, Andrew Jones, Arend van Spriel,
12735 Benedikt Morbach, Benjamin Franzke, Benjamin Tissoires, Blaž
12736 Tomažič, Chris Morgan, Chris Morin, Colin Walters, Cristian
12737 Rodríguez, Daniel Buch, Daniel Drake, Daniele Medri, Daniel
12738 Mack, Daniel Mustieles, daurnimator, Davide Bettio, David
12739 Herrmann, David Strauss, Didier Roche, Dimitri John Ledkov,
12740 Eric Cook, Gavin Li, Goffredo Baroncelli, Hannes Reinecke,
12741 Hans de Goede, Hans-Peter Deifel, Harald Hoyer, Iago López
12742 Galeiras, Ivan Shapovalov, Jan Engelhardt, Jan Janssen, Jan
12743 Pazdziora, Jan Synacek, Jasper St. Pierre, Jay Faulkner, John
12744 Paul Adrian Glaubitz, Jonathon Gilbert, Karel Zak, Kay
12745 Sievers, Koen Kooi, Lennart Poettering, Lubomir Rintel, Lucas
12746 De Marchi, Lukas Nykryn, Lukas Rusak, Lukasz Skalski, Łukasz
12747 Stelmach, Mantas Mikulėnas, Marc-Antoine Perennou, Marcel
12748 Holtmann, Martin Pitt, Mathieu Chevrier, Matthew Garrett,
12749 Michael Biebl, Michael Marineau, Michael Olbrich, Michal
12750 Schmidt, Michal Sekletar, Mirco Tischler, Nir Soffer, Patrik
12751 Flykt, Pavel Odvody, Peter Hutterer, Peter Lemenkov, Peter
12752 Waller, Piotr Drąg, Raul Gutierrez S, Richard Maw, Ronny
12753 Chevalier, Ross Burton, Sebastian Rasmussen, Sergey Ptashnick,
12754 Seth Jennings, Shawn Landden, Simon Farnsworth, Stefan Junker,
12755 Stephen Gallagher, Susant Sahani, Sylvain Plantefève, Thomas
12756 Haller, Thomas Hindoe Paaboel Andersen, Tobias Hunger, Tom
12757 Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Will
12758 Woods, Zachary Cook, Zbigniew Jędrzejewski-Szmek
12760 — Berlin, 2015-05-22
12764 * Introduce a new API "sd-hwdb.h" for querying the hardware
12765 metadata database. With this minimal interface one can query
12766 and enumerate the udev hwdb, decoupled from the old libudev
12767 library. libudev's interface for this is now only a wrapper
12768 around sd-hwdb. A new tool systemd-hwdb has been added to
12769 interface with and update the database.
12771 * When any of systemd's tools copies files (for example due to
12772 tmpfiles' C lines) a btrfs reflink will attempted first,
12773 before bytewise copying is done.
12775 * systemd-nspawn gained a new --ephemeral switch. When
12776 specified a btrfs snapshot is taken of the container's root
12777 directory, and immediately removed when the container
12778 terminates again. Thus, a container can be started whose
12779 changes never alter the container's root directory, and are
12780 lost on container termination. This switch can also be used
12781 for starting a container off the root file system of the
12782 host without affecting the host OS. This switch is only
12783 available on btrfs file systems.
12785 * systemd-nspawn gained a new --template= switch. It takes the
12786 path to a container tree to use as template for the tree
12787 specified via --directory=, should that directory be
12788 missing. This allows instantiating containers dynamically,
12789 on first run. This switch is only available on btrfs file
12792 * When a .mount unit refers to a mount point on which multiple
12793 mounts are stacked, and the .mount unit is stopped all of
12794 the stacked mount points will now be unmounted until no
12795 mount point remains.
12797 * systemd now has an explicit notion of supported and
12798 unsupported unit types. Jobs enqueued for unsupported unit
12799 types will now fail with an "unsupported" error code. More
12800 specifically .swap, .automount and .device units are not
12801 supported in containers, .busname units are not supported on
12802 non-kdbus systems. .swap and .automount are also not
12803 supported if their respective kernel compile time options
12806 * machinectl gained support for two new "copy-from" and
12807 "copy-to" commands for copying files from a running
12808 container to the host or vice versa.
12810 * machinectl gained support for a new "bind" command to bind
12811 mount host directories into local containers. This is
12812 currently only supported for nspawn containers.
12814 * networkd gained support for configuring bridge forwarding
12815 database entries (fdb) from .network files.
12817 * A new tiny daemon "systemd-importd" has been added that can
12818 download container images in tar, raw, qcow2 or dkr formats,
12819 and make them available locally in /var/lib/machines, so
12820 that they can run as nspawn containers. The daemon can GPG
12821 verify the downloads (not supported for dkr, since it has no
12822 provisions for verifying downloads). It will transparently
12823 decompress bz2, xz, gzip compressed downloads if necessary,
12824 and restore sparse files on disk. The daemon uses privilege
12825 separation to ensure the actual download logic runs with
12826 fewer privileges than the daemon itself. machinectl has
12827 gained new commands "pull-tar", "pull-raw" and "pull-dkr" to
12828 make the functionality of importd available to the
12829 user. With this in place the Fedora and Ubuntu "Cloud"
12830 images can be downloaded and booted as containers unmodified
12831 (the Fedora images lack the appropriate GPG signature files
12832 currently, so they cannot be verified, but this will change
12833 soon, hopefully). Note that downloading images is currently
12834 only fully supported on btrfs.
12836 * machinectl is now able to list container images found in
12837 /var/lib/machines, along with some metadata about sizes of
12838 disk and similar. If the directory is located on btrfs and
12839 quota is enabled, this includes quota display. A new command
12840 "image-status" has been added that shows additional
12841 information about images.
12843 * machinectl is now able to clone container images
12844 efficiently, if the underlying file system (btrfs) supports
12845 it, with the new "machinectl clone" command. It also
12846 gained commands for renaming and removing images, as well as
12847 marking them read-only or read-write (supported also on
12848 legacy file systems).
12850 * networkd gained support for collecting LLDP network
12851 announcements, from hardware that supports this. This is
12852 shown in networkctl output.
12854 * systemd-run gained support for a new -t (--pty) switch for
12855 invoking a binary on a pty whose input and output is
12856 connected to the invoking terminal. This allows executing
12857 processes as system services while interactively
12858 communicating with them via the terminal. Most interestingly
12859 this is supported across container boundaries. Invoking
12860 "systemd-run -t /bin/bash" is an alternative to running a
12861 full login session, the difference being that the former
12862 will not register a session, nor go through the PAM session
12865 * tmpfiles gained support for a new "v" line type for creating
12866 btrfs subvolumes. If the underlying file system is a legacy
12867 file system, this automatically degrades to creating a
12868 normal directory. Among others /var/lib/machines is now
12869 created like this at boot, should it be missing.
12871 * The directory /var/lib/containers/ has been deprecated and
12872 been replaced by /var/lib/machines. The term "machines" has
12873 been used in the systemd context as generic term for both
12874 VMs and containers, and hence appears more appropriate for
12875 this, as the directory can also contain raw images bootable
12878 * systemd-nspawn when invoked with -M but without --directory=
12879 or --image= is now capable of searching for the container
12880 root directory, subvolume or disk image automatically, in
12881 /var/lib/machines. systemd-nspawn@.service has been updated
12882 to make use of this, thus allowing it to be used for raw
12885 * A new machines.target unit has been introduced that is
12886 supposed to group all containers/VMs invoked as services on
12887 the system. systemd-nspawn@.service has been updated to
12888 integrate with that.
12890 * machinectl gained a new "start" command, for invoking a
12891 container as a service. "machinectl start foo" is mostly
12892 equivalent to "systemctl start systemd-nspawn@foo.service",
12893 but handles escaping in a nicer way.
12895 * systemd-nspawn will now mount most of the cgroupfs tree
12896 read-only into each container, with the exception of the
12897 container's own subtree in the name=systemd hierarchy.
12899 * journald now sets the special FS_NOCOW file flag for its
12900 journal files. This should improve performance on btrfs, by
12901 avoiding heavy fragmentation when journald's write-pattern
12902 is used on COW file systems. It degrades btrfs' data
12903 integrity guarantees for the files to the same levels as for
12904 ext3/ext4 however. This should be OK though as journald does
12905 its own data integrity checks and all its objects are
12906 checksummed on disk. Also, journald should handle btrfs disk
12907 full events a lot more gracefully now, by processing SIGBUS
12908 errors, and not relying on fallocate() anymore.
12910 * When journald detects that journal files it is writing to
12911 have been deleted it will immediately start new journal
12914 * systemd now provides a way to store file descriptors
12915 per-service in PID 1. This is useful for daemons to ensure
12916 that fds they require are not lost during a daemon
12917 restart. The fds are passed to the daemon on the next
12918 invocation in the same way socket activation fds are
12919 passed. This is now used by journald to ensure that the
12920 various sockets connected to all the system's stdout/stderr
12921 are not lost when journald is restarted. File descriptors
12922 may be stored in PID 1 via the sd_pid_notify_with_fds() API,
12923 an extension to sd_notify(). Note that a limit is enforced
12924 on the number of fds a service can store in PID 1, and it
12925 defaults to 0, so that no fds may be stored, unless this is
12926 explicitly turned on.
12928 * The default TERM variable to use for units connected to a
12929 terminal, when no other value is explicitly is set is now
12930 vt220 rather than vt102. This should be fairly safe still,
12931 but allows PgUp/PgDn work.
12933 * The /etc/crypttab option header= as known from Debian is now
12936 * "loginctl user-status" and "loginctl session-status" will
12937 now show the last 10 lines of log messages of the
12938 user/session following the status output. Similar,
12939 "machinectl status" will show the last 10 log lines
12940 associated with a virtual machine or container
12941 service. (Note that this is usually not the log messages
12942 done in the VM/container itself, but simply what the
12943 container manager logs. For nspawn this includes all console
12946 * "loginctl session-status" without further argument will now
12947 show the status of the session of the caller. Similar,
12948 "lock-session", "unlock-session", "activate",
12949 "enable-linger", "disable-linger" may now be called without
12950 session/user parameter in which case they apply to the
12951 caller's session/user.
12953 * An X11 session scriptlet is now shipped that uploads
12954 $DISPLAY and $XAUTHORITY into the environment of the systemd
12955 --user daemon if a session begins. This should improve
12956 compatibility with X11 enabled applications run as systemd
12959 * Generators are now subject to masking via /etc and /run, the
12960 same way as unit files.
12962 * networkd .network files gained support for configuring
12963 per-link IPv4/IPv6 packet forwarding as well as IPv4
12964 masquerading. This is by default turned on for veth links to
12965 containers, as registered by systemd-nspawn. This means that
12966 nspawn containers run with --network-veth will now get
12967 automatic routed access to the host's networks without any
12968 further configuration or setup, as long as networkd runs on
12971 * systemd-nspawn gained the --port= (-p) switch to expose TCP
12972 or UDP posts of a container on the host. With this in place
12973 it is possible to run containers with private veth links
12974 (--network-veth), and have their functionality exposed on
12975 the host as if their services were running directly on the
12978 * systemd-nspawn's --network-veth switch now gained a short
12979 version "-n", since with the changes above it is now truly
12980 useful out-of-the-box. The systemd-nspawn@.service has been
12981 updated to make use of it too by default.
12983 * systemd-nspawn will now maintain a per-image R/W lock, to
12984 ensure that the same image is not started more than once
12985 writable. (It's OK to run an image multiple times
12986 simultaneously in read-only mode.)
12988 * systemd-nspawn's --image= option is now capable of
12989 dissecting and booting MBR and GPT disk images that contain
12990 only a single active Linux partition. Previously it
12991 supported only GPT disk images with proper GPT type
12992 IDs. This allows running cloud images from major
12993 distributions directly with systemd-nspawn, without
12996 * In addition to collecting mouse dpi data in the udev
12997 hardware database, there's now support for collecting angle
12998 information for mouse scroll wheels. The database is
12999 supposed to guarantee similar scrolling behavior on mice
13000 that it knows about. There's also support for collecting
13001 information about Touchpad types.
13003 * udev's input_id built-in will now also collect touch screen
13004 dimension data and attach it to probed devices.
13006 * /etc/os-release gained support for a Distribution Privacy
13009 * networkd gained support for creating "ipvlan", "gretap",
13010 "ip6gre", "ip6gretap" and "ip6tnl" network devices.
13012 * systemd-tmpfiles gained support for "a" lines for setting
13015 * systemd-nspawn will now mount /tmp in the container to
13016 tmpfs, automatically.
13018 * systemd now exposes the memory.usage_in_bytes cgroup
13019 attribute and shows it for each service in the "systemctl
13020 status" output, if available.
13022 * When the user presses Ctrl-Alt-Del more than 7x within 2s an
13023 immediate reboot is triggered. This useful if shutdown is
13024 hung and is unable to complete, to expedite the
13025 operation. Note that this kind of reboot will still unmount
13026 all file systems, and hence should not result in fsck being
13027 run on next reboot.
13029 * A .device unit for an optical block device will now be
13030 considered active only when a medium is in the drive. Also,
13031 mount units are now bound to their backing devices thus
13032 triggering automatic unmounting when devices become
13033 unavailable. With this in place systemd will now
13034 automatically unmount left-over mounts when a CD-ROM is
13035 ejected or a USB stick is yanked from the system.
13037 * networkd-wait-online now has support for waiting for
13038 specific interfaces only (with globbing), and for giving up
13039 after a configurable timeout.
13041 * networkd now exits when idle. It will be automatically
13042 restarted as soon as interfaces show up, are removed or
13043 change state. networkd will stay around as long as there is
13044 at least one DHCP state machine or similar around, that keep
13047 * networkd may now configure IPv6 link-local addressing in
13048 addition to IPv4 link-local addressing.
13050 * The IPv6 "token" for use in SLAAC may now be configured for
13051 each .network interface in networkd.
13053 * Routes configured with networkd may now be assigned a scope
13056 * networkd's [Match] sections now support globbing and lists
13057 of multiple space-separated matches per item.
13059 Contributions from: Alban Crequy, Alin Rauta, Andrey Chaser,
13060 Bastien Nocera, Bruno Bottazzini, Carlos Garnacho, Carlos
13061 Morata Castillo, Chris Atkinson, Chris J. Arges, Christian
13062 Kirbach, Christian Seiler, Christoph Brill, Colin Guthrie,
13063 Colin Walters, Cristian Rodríguez, Daniele Medri, Daniel Mack,
13064 Dave Reisner, David Herrmann, Djalal Harouni, Erik Auerswald,
13065 Filipe Brandenburger, Frank Theile, Gabor Kelemen, Gabriel de
13066 Perthuis, Harald Hoyer, Hui Wang, Ivan Shapovalov, Jan
13067 Engelhardt, Jan Synacek, Jay Faulkner, Johannes Hölzl, Jonas
13068 Ådahl, Jonathan Boulle, Josef Andersson, Kay Sievers, Ken
13069 Werner, Lennart Poettering, Lucas De Marchi, Lukas Märdian,
13070 Lukas Nykryn, Lukasz Skalski, Luke Shumaker, Mantas Mikulėnas,
13071 Manuel Mendez, Marcel Holtmann, Marc Schmitzer, Marko
13072 Myllynen, Martin Pitt, Maxim Mikityanskiy, Michael Biebl,
13073 Michael Marineau, Michael Olbrich, Michal Schmidt, Mindaugas
13074 Baranauskas, Moez Bouhlel, Naveen Kumar, Patrik Flykt, Paul
13075 Martin, Peter Hutterer, Peter Mattern, Philippe De Swert,
13076 Piotr Drąg, Rafael Ferreira, Rami Rosen, Robert Milasan, Ronny
13077 Chevalier, Sangjung Woo, Sebastien Bacher, Sergey Ptashnick,
13078 Shawn Landden, Stéphane Graber, Susant Sahani, Sylvain
13079 Plantefève, Thomas Hindoe Paaboel Andersen, Tim JP, Tom
13080 Gundersen, Topi Miettinen, Torstein Husebø, Umut Tezduyar
13081 Lindskog, Veres Lajos, Vincent Batts, WaLyong Cho, Wieland
13082 Hoffmann, Zbigniew Jędrzejewski-Szmek
13084 — Berlin, 2015-02-16
13088 * When querying unit file enablement status (for example via
13089 "systemctl is-enabled"), a new state "indirect" is now known
13090 which indicates that a unit might not be enabled itself, but
13091 another unit listed in its Also= setting might be.
13093 * Similar to the various existing ConditionXYZ= settings for
13094 units, there are now matching AssertXYZ= settings. While
13095 failing conditions cause a unit to be skipped, but its job
13096 to succeed, failing assertions declared like this will cause
13097 a unit start operation and its job to fail.
13099 * hostnamed now knows a new chassis type "embedded".
13101 * systemctl gained a new "edit" command. When used on a unit
13102 file, this allows extending unit files with .d/ drop-in
13103 configuration snippets or editing the full file (after
13104 copying it from /usr/lib to /etc). This will invoke the
13105 user's editor (as configured with $EDITOR), and reload the
13106 modified configuration after editing.
13108 * "systemctl status" now shows the suggested enablement state
13109 for a unit, as declared in the (usually vendor-supplied)
13110 system preset files.
13112 * nss-myhostname will now resolve the single-label hostname
13113 "gateway" to the locally configured default IP routing
13114 gateways, ordered by their metrics. This assigns a stable
13115 name to the used gateways, regardless which ones are
13116 currently configured. Note that the name will only be
13117 resolved after all other name sources (if nss-myhostname is
13118 configured properly) and should hence not negatively impact
13119 systems that use the single-label hostname "gateway" in
13122 * systemd-inhibit now allows filtering by mode when listing
13125 * Scope and service units gained a new "Delegate" boolean
13126 property, which, when set, allows processes running inside the
13127 unit to further partition resources. This is primarily
13128 useful for systemd user instances as well as container
13131 * journald will now pick up audit messages directly from
13132 the kernel, and log them like any other log message. The
13133 audit fields are split up and fully indexed. This means that
13134 journalctl in many ways is now a (nicer!) alternative to
13135 ausearch, the traditional audit client. Note that this
13136 implements only a minimal audit client. If you want the
13137 special audit modes like reboot-on-log-overflow, please use
13138 the traditional auditd instead, which can be used in
13139 parallel to journald.
13141 * The ConditionSecurity= unit file option now understands the
13142 special string "audit" to check whether auditing is
13145 * journalctl gained two new commands --vacuum-size= and
13146 --vacuum-time= to delete old journal files until the
13147 remaining ones take up no more than the specified size on disk,
13148 or are not older than the specified time.
13150 * A new, native PPPoE library has been added to sd-network,
13151 systemd's library of light-weight networking protocols. This
13152 library will be used in a future version of networkd to
13153 enable PPPoE communication without an external pppd daemon.
13155 * The busctl tool now understands a new "capture" verb that
13156 works similar to "monitor", but writes a packet capture
13157 trace to STDOUT that can be redirected to a file which is
13158 compatible with libcap's capture file format. This can then
13159 be loaded in Wireshark and similar tools to inspect bus
13162 * The busctl tool now understands a new "tree" verb that shows
13163 the object trees of a specific service on the bus, or of all
13166 * The busctl tool now understands a new "introspect" verb that
13167 shows all interfaces and members of objects on the bus,
13168 including their signature and values. This is particularly
13169 useful to get more information about bus objects shown by
13170 the new "busctl tree" command.
13172 * The busctl tool now understands new verbs "call",
13173 "set-property" and "get-property" for invoking bus method
13174 calls, setting and getting bus object properties in a
13177 * busctl gained a new --augment-creds= argument that controls
13178 whether the tool shall augment credential information it
13179 gets from the bus with data from /proc, in a possibly
13182 * nspawn's --link-journal= switch gained two new values
13183 "try-guest" and "try-host" that work like "guest" and
13184 "host", but do not fail if the host has no persistent
13185 journaling enabled. -j is now equivalent to
13186 --link-journal=try-guest.
13188 * macvlan network devices created by nspawn will now have
13189 stable MAC addresses.
13191 * A new SmackProcessLabel= unit setting has been added, which
13192 controls the SMACK security label processes forked off by
13193 the respective unit shall use.
13195 * If compiled with --enable-xkbcommon, systemd-localed will
13196 verify x11 keymap settings by compiling the given keymap. It
13197 will spew out warnings if the compilation fails. This
13198 requires libxkbcommon to be installed.
13200 * When a coredump is collected, a larger number of metadata
13201 fields is now collected and included in the journal records
13202 created for it. More specifically, control group membership,
13203 environment variables, memory maps, working directory,
13204 chroot directory, /proc/$PID/status, and a list of open file
13205 descriptors is now stored in the log entry.
13207 * The udev hwdb now contains DPI information for mice. For
13210 http://who-t.blogspot.de/2014/12/building-a-dpi-database-for-mice.html
13212 * All systemd programs that read standalone configuration
13213 files in /etc now also support a corresponding series of
13214 .conf.d configuration directories in /etc/, /run/,
13215 /usr/local/lib/, /usr/lib/, and (if configured with
13216 --enable-split-usr) /lib/. In particular, the following
13217 configuration files now have corresponding configuration
13218 directories: system.conf user.conf, logind.conf,
13219 journald.conf, sleep.conf, bootchart.conf, coredump.conf,
13220 resolved.conf, timesyncd.conf, journal-remote.conf, and
13221 journal-upload.conf. Note that distributions should use the
13222 configuration directories in /usr/lib/; the directories in
13223 /etc/ are reserved for the system administrator.
13225 * systemd-rfkill will no longer take the rfkill device name
13226 into account when storing rfkill state on disk, as the name
13227 might be dynamically assigned and not stable. Instead, the
13228 ID_PATH udev variable combined with the rfkill type (wlan,
13229 bluetooth, …) is used.
13231 * A new service systemd-machine-id-commit.service has been
13232 added. When used on systems where /etc is read-only during
13233 boot, and /etc/machine-id is not initialized (but an empty
13234 file), this service will copy the temporary machine ID
13235 created as replacement into /etc after the system is fully
13236 booted up. This is useful for systems that are freshly
13237 installed with a non-initialized machine ID, but should get
13238 a fixed machine ID for subsequent boots.
13240 * networkd's .netdev files now provide a large set of
13241 configuration parameters for VXLAN devices. Similarly, the
13242 bridge port cost parameter is now configurable in .network
13243 files. There's also new support for configuring IP source
13244 routing. networkd .link files gained support for a new
13245 OriginalName= match that is useful to match against the
13246 original interface name the kernel assigned. .network files
13247 may include MTU= and MACAddress= fields for altering the MTU
13248 and MAC address while being connected to a specific network
13251 * The LUKS logic gained supported for configuring
13252 UUID-specific key files. There's also new support for naming
13253 LUKS device from the kernel command line, using the new
13254 luks.name= argument.
13256 * Timer units may now be transiently created via the bus API
13257 (this was previously already available for scope and service
13258 units). In addition it is now possible to create multiple
13259 transient units at the same time with a single bus call. The
13260 "systemd-run" tool has been updated to make use of this for
13261 running commands on a specified time, in at(1)-style.
13263 * tmpfiles gained support for "t" lines, for assigning
13264 extended attributes to files. Among other uses this may be
13265 used to assign SMACK labels to files.
13267 Contributions from: Alin Rauta, Alison Chaiken, Andrej
13268 Manduch, Bastien Nocera, Chris Atkinson, Chris Leech, Chris
13269 Mayo, Colin Guthrie, Colin Walters, Cristian Rodríguez,
13270 Daniele Medri, Daniel Mack, Dan Williams, Dan Winship, Dave
13271 Reisner, David Herrmann, Didier Roche, Felipe Sateler, Gavin
13272 Li, Hans de Goede, Harald Hoyer, Iago López Galeiras, Ivan
13273 Shapovalov, Jakub Filak, Jan Janssen, Jan Synacek, Joe
13274 Lawrence, Josh Triplett, Kay Sievers, Lennart Poettering,
13275 Lukas Nykryn, Łukasz Stelmach, Maciej Wereski, Mantas
13276 Mikulėnas, Marcel Holtmann, Martin Pitt, Maurizio Lombardi,
13277 Michael Biebl, Michael Chapman, Michael Marineau, Michal
13278 Schmidt, Michal Sekletar, Olivier Brunel, Patrik Flykt, Peter
13279 Hutterer, Przemyslaw Kedzierski, Rami Rosen, Ray Strode,
13280 Richard Schütz, Richard W.M. Jones, Ronny Chevalier, Ross
13281 Lagerwall, Sean Young, Stanisław Pitucha, Susant Sahani,
13282 Thomas Haller, Thomas Hindoe Paaboel Andersen, Tom Gundersen,
13283 Torstein Husebø, Umut Tezduyar Lindskog, Vicente Olivert
13284 Riera, WaLyong Cho, Wesley Dawson, Zbigniew Jędrzejewski-Szmek
13286 — Berlin, 2014-12-10
13290 * journalctl gained the new options -t/--identifier= to match
13291 on the syslog identifier (aka "tag"), as well as --utc to
13292 show log timestamps in the UTC timezone. journalctl now also
13293 accepts -n/--lines=all to disable line capping in a pager.
13295 * journalctl gained a new switch, --flush, that synchronously
13296 flushes logs from /run/log/journal to /var/log/journal if
13297 persistent storage is enabled. systemd-journal-flush.service
13298 now waits until the operation is complete.
13300 * Services can notify the manager before they start a reload
13301 (by sending RELOADING=1) or shutdown (by sending
13302 STOPPING=1). This allows the manager to track and show the
13303 internal state of daemons and closes a race condition when
13304 the process is still running but has closed its D-Bus
13307 * Services with Type=oneshot do not have to have any ExecStart
13310 * User units are now loaded also from
13311 $XDG_RUNTIME_DIR/systemd/user/. This is similar to the
13312 /run/systemd/user directory that was already previously
13313 supported, but is under the control of the user.
13315 * Job timeouts (i.e. timeouts on the time a job that is
13316 queued stays in the run queue) can now optionally result in
13317 immediate reboot or power-off actions (JobTimeoutAction= and
13318 JobTimeoutRebootArgument=). This is useful on ".target"
13319 units, to limit the maximum time a target remains
13320 undispatched in the run queue, and to trigger an emergency
13321 operation in such a case. This is now used by default to
13322 turn off the system if boot-up (as defined by everything in
13323 basic.target) hangs and does not complete for at least
13324 15min. Also, if power-off or reboot hang for at least 30min
13325 an immediate power-off/reboot operation is triggered. This
13326 functionality is particularly useful to increase reliability
13327 on embedded devices, but also on laptops which might
13328 accidentally get powered on when carried in a backpack and
13329 whose boot stays stuck in a hard disk encryption passphrase
13332 * systemd-logind can be configured to also handle lid switch
13333 events even when the machine is docked or multiple displays
13334 are attached (HandleLidSwitchDocked= option).
13336 * A helper binary and a service have been added which can be
13337 used to resume from hibernation in the initramfs. A
13338 generator will parse the resume= option on the kernel
13339 command line to trigger resume.
13341 * A user console daemon systemd-consoled has been
13342 added. Currently, it is a preview, and will so far open a
13343 single terminal on each session of the user marked as
13344 Desktop=systemd-console.
13346 * Route metrics can be specified for DHCP routes added by
13349 * The SELinux context of socket-activated services can be set
13350 from the information provided by the networking stack
13351 (SELinuxContextFromNet= option).
13353 * Userspace firmware loading support has been removed and
13354 the minimum supported kernel version is thus bumped to 3.7.
13356 * Timeout for udev workers has been increased from 1 to 3
13357 minutes, but a warning will be printed after 1 minute to
13358 help diagnose kernel modules that take a long time to load.
13360 * Udev rules can now remove tags on devices with TAG-="foobar".
13362 * systemd's readahead implementation has been removed. In many
13363 circumstances it didn't give expected benefits even for
13364 rotational disk drives and was becoming less relevant in the
13365 age of SSDs. As none of the developers has been using
13366 rotating media anymore, and nobody stepped up to actively
13367 maintain this component of systemd it has now been removed.
13369 * Swap units can use Options= to specify discard options.
13370 Discard options specified for swaps in /etc/fstab are now
13373 * Docker containers are now detected as a separate type of
13376 * The Password Agent protocol gained support for queries where
13377 the user input is shown, useful e.g. for user names.
13378 systemd-ask-password gained a new --echo option to turn that
13381 * The default sysctl.d/ snippets will now set:
13383 net.core.default_qdisc = fq_codel
13385 This selects Fair Queuing Controlled Delay as the default
13386 queuing discipline for network interfaces. fq_codel helps
13387 fight the network bufferbloat problem. It is believed to be
13388 a good default with no tuning required for most workloads.
13389 Downstream distributions may override this choice. On 10Gbit
13390 servers that do not do forwarding, "fq" may perform better.
13391 Systems without a good clocksource should use "pfifo_fast".
13393 * If kdbus is enabled during build a new option BusPolicy= is
13394 available for service units, that allows locking all service
13395 processes into a stricter bus policy, in order to limit
13396 access to various bus services, or even hide most of them
13397 from the service's view entirely.
13399 * networkctl will now show the .network and .link file
13400 networkd has applied to a specific interface.
13402 * sd-login gained a new API call sd_session_get_desktop() to
13403 query which desktop environment has been selected for a
13406 * UNIX utmp support is now compile-time optional to support
13407 legacy-free systems.
13409 * systemctl gained two new commands "add-wants" and
13410 "add-requires" for pulling in units from specific targets
13413 * If the word "rescue" is specified on the kernel command line
13414 the system will now boot into rescue mode (aka
13415 rescue.target), which was previously available only by
13416 specifying "1" or "systemd.unit=rescue.target" on the kernel
13417 command line. This new kernel command line option nicely
13418 mirrors the already existing "emergency" kernel command line
13421 * New kernel command line options mount.usr=, mount.usrflags=,
13422 mount.usrfstype= have been added that match root=, rootflags=,
13423 rootfstype= but allow mounting a specific file system to
13426 * The $NOTIFY_SOCKET is now also passed to control processes of
13427 services, not only the main process.
13429 * This version reenables support for fsck's -l switch. This
13430 means at least version v2.25 of util-linux is required for
13431 operation, otherwise dead-locks on device nodes may
13432 occur. Again: you need to update util-linux to at least
13433 v2.25 when updating systemd to v217.
13435 * The "multi-seat-x" tool has been removed from systemd, as
13436 its functionality has been integrated into X servers 1.16,
13437 and the tool is hence redundant. It is recommended to update
13438 display managers invoking this tool to simply invoke X
13439 directly from now on, again.
13441 * Support for the new ALLOW_INTERACTIVE_AUTHORIZATION D-Bus
13442 message flag has been added for all of systemd's polkit
13443 authenticated method calls has been added. In particular this
13444 now allows optional interactive authorization via polkit for
13445 many of PID1's privileged operations such as unit file
13446 enabling and disabling.
13448 * "udevadm hwdb --update" learnt a new switch "--usr" for
13449 placing the rebuilt hardware database in /usr instead of
13450 /etc. When used only hardware database entries stored in
13451 /usr will be used, and any user database entries in /etc are
13452 ignored. This functionality is useful for vendors to ship a
13453 pre-built database on systems where local configuration is
13454 unnecessary or unlikely.
13456 * Calendar time specifications in .timer units now also
13457 understand the strings "semi-annually", "quarterly" and
13458 "minutely" as shortcuts (in addition to the preexisting
13459 "annually", "hourly", …).
13461 * systemd-tmpfiles will now correctly create files in /dev
13462 at boot which are marked for creation only at boot. It is
13463 recommended to always create static device nodes with 'c!'
13464 and 'b!', so that they are created only at boot and not
13465 overwritten at runtime.
13467 * When the watchdog logic is used for a service (WatchdogSec=)
13468 and the watchdog timeout is hit the service will now be
13469 terminated with SIGABRT (instead of just SIGTERM), in order
13470 to make sure a proper coredump and backtrace is
13471 generated. This ensures that hanging services will result in
13472 similar coredump/backtrace behaviour as services that hit a
13473 segmentation fault.
13475 Contributions from: Andreas Henriksson, Andrei Borzenkov,
13476 Angus Gibson, Ansgar Burchardt, Ben Wolsieffer, Brandon L.
13477 Black, Christian Hesse, Cristian Rodríguez, Daniel Buch,
13478 Daniele Medri, Daniel Mack, Dan Williams, Dave Reisner, David
13479 Herrmann, David Sommerseth, David Strauss, Emil Renner
13480 Berthing, Eric Cook, Evangelos Foutras, Filipe Brandenburger,
13481 Gustavo Sverzut Barbieri, Hans de Goede, Harald Hoyer, Hristo
13482 Venev, Hugo Grostabussiat, Ivan Shapovalov, Jan Janssen, Jan
13483 Synacek, Jonathan Liu, Juho Son, Karel Zak, Kay Sievers, Klaus
13484 Purer, Koen Kooi, Lennart Poettering, Lukas Nykryn, Lukasz
13485 Skalski, Łukasz Stelmach, Mantas Mikulėnas, Marcel Holtmann,
13486 Marius Tessmann, Marko Myllynen, Martin Pitt, Michael Biebl,
13487 Michael Marineau, Michael Olbrich, Michael Scherer, Michal
13488 Schmidt, Michal Sekletar, Miroslav Lichvar, Patrik Flykt,
13489 Philippe De Swert, Piotr Drąg, Rahul Sundaram, Richard
13490 Weinberger, Robert Milasan, Ronny Chevalier, Ruben Kerkhof,
13491 Santiago Vila, Sergey Ptashnick, Simon McVittie, Sjoerd
13492 Simons, Stefan Brüns, Steven Allen, Steven Noonan, Susant
13493 Sahani, Sylvain Plantefève, Thomas Hindoe Paaboel Andersen,
13494 Timofey Titovets, Tobias Hunger, Tom Gundersen, Torstein
13495 Husebø, Umut Tezduyar Lindskog, WaLyong Cho, Zbigniew
13498 — Berlin, 2014-10-28
13502 * timedated no longer reads NTP implementation unit names from
13503 /usr/lib/systemd/ntp-units.d/*.list. Alternative NTP
13504 implementations should add a
13506 Conflicts=systemd-timesyncd.service
13508 to their unit files to take over and replace systemd's NTP
13509 default functionality.
13511 * systemd-sysusers gained a new line type "r" for configuring
13512 which UID/GID ranges to allocate system users/groups
13513 from. Lines of type "u" may now add an additional column
13514 that specifies the home directory for the system user to be
13515 created. Also, systemd-sysusers may now optionally read user
13516 information from STDIN instead of a file. This is useful for
13517 invoking it from RPM preinst scriptlets that need to create
13518 users before the first RPM file is installed since these
13519 files might need to be owned by them. A new
13520 %sysusers_create_inline RPM macro has been introduced to do
13521 just that. systemd-sysusers now updates the shadow files as
13522 well as the user/group databases, which should enhance
13523 compatibility with certain tools like grpck.
13525 * A number of bus APIs of PID 1 now optionally consult polkit to
13526 permit access for otherwise unprivileged clients under certain
13527 conditions. Note that this currently doesn't support
13528 interactive authentication yet, but this is expected to be
13529 added eventually, too.
13531 * /etc/machine-info now has new fields for configuring the
13532 deployment environment of the machine, as well as the
13533 location of the machine. hostnamectl has been updated with
13534 new command to update these fields.
13536 * systemd-timesyncd has been updated to automatically acquire
13537 NTP server information from systemd-networkd, which might
13538 have been discovered via DHCP.
13540 * systemd-resolved now includes a caching DNS stub resolver
13541 and a complete LLMNR name resolution implementation. A new
13542 NSS module "nss-resolve" has been added which can be used
13543 instead of glibc's own "nss-dns" to resolve hostnames via
13544 systemd-resolved. Hostnames, addresses and arbitrary RRs may
13545 be resolved via systemd-resolved D-Bus APIs. In contrast to
13546 the glibc internal resolver systemd-resolved is aware of
13547 multi-homed system, and keeps DNS server and caches separate
13548 and per-interface. Queries are sent simultaneously on all
13549 interfaces that have DNS servers configured, in order to
13550 properly handle VPNs and local LANs which might resolve
13551 separate sets of domain names. systemd-resolved may acquire
13552 DNS server information from systemd-networkd automatically,
13553 which in turn might have discovered them via DHCP. A tool
13554 "systemd-resolve-host" has been added that may be used to
13555 query the DNS logic in resolved. systemd-resolved implements
13556 IDNA and automatically uses IDNA or UTF-8 encoding depending
13557 on whether classic DNS or LLMNR is used as transport. In the
13558 next releases we intend to add a DNSSEC and mDNS/DNS-SD
13559 implementation to systemd-resolved.
13561 * A new NSS module nss-mymachines has been added, that
13562 automatically resolves the names of all local registered
13563 containers to their respective IP addresses.
13565 * A new client tool "networkctl" for systemd-networkd has been
13566 added. It currently is entirely passive and will query
13567 networking configuration from udev, rtnetlink and networkd,
13568 and present it to the user in a very friendly
13569 way. Eventually, we hope to extend it to become a full
13570 control utility for networkd.
13572 * .socket units gained a new DeferAcceptSec= setting that
13573 controls the kernels' TCP_DEFER_ACCEPT sockopt for
13574 TCP. Similarly, support for controlling TCP keep-alive
13575 settings has been added (KeepAliveTimeSec=,
13576 KeepAliveIntervalSec=, KeepAliveProbes=). Also, support for
13577 turning off Nagle's algorithm on TCP has been added
13580 * logind learned a new session type "web", for use in projects
13581 like Cockpit which register web clients as PAM sessions.
13583 * timer units with at least one OnCalendar= setting will now
13584 be started only after time-sync.target has been
13585 reached. This way they will not elapse before the system
13586 clock has been corrected by a local NTP client or
13587 similar. This is particular useful on RTC-less embedded
13588 machines, that come up with an invalid system clock.
13590 * systemd-nspawn's --network-veth= switch should now result in
13591 stable MAC addresses for both the outer and the inner side
13594 * systemd-nspawn gained a new --volatile= switch for running
13595 container instances with /etc or /var unpopulated.
13597 * The kdbus client code has been updated to use the new Linux
13598 3.17 memfd subsystem instead of the old kdbus-specific one.
13600 * systemd-networkd's DHCP client and server now support
13601 FORCERENEW. There are also new configuration options to
13602 configure the vendor client identifier and broadcast mode
13605 * systemd will no longer inform the kernel about the current
13606 timezone, as this is necessarily incorrect and racy as the
13607 kernel has no understanding of DST and similar
13608 concepts. This hence means FAT timestamps will be always
13609 considered UTC, similar to what Android is already
13610 doing. Also, when the RTC is configured to the local time
13611 (rather than UTC) systemd will never synchronize back to it,
13612 as this might confuse Windows at a later boot.
13614 * systemd-analyze gained a new command "verify" for offline
13615 validation of unit files.
13617 * systemd-networkd gained support for a couple of additional
13618 settings for bonding networking setups. Also, the metric for
13619 statically configured routes may now be configured. For
13620 network interfaces where this is appropriate the peer IP
13621 address may now be configured.
13623 * systemd-networkd's DHCP client will no longer request
13624 broadcasting by default, as this tripped up some networks.
13625 For hardware where broadcast is required the feature should
13626 be switched back on using RequestBroadcast=yes.
13628 * systemd-networkd will now set up IPv4LL addresses (when
13629 enabled) even if DHCP is configured successfully.
13631 * udev will now default to respect network device names given
13632 by the kernel when the kernel indicates that these are
13633 predictable. This behavior can be tweaked by changing
13634 NamePolicy= in the relevant .link file.
13636 * A new library systemd-terminal has been added that
13637 implements full TTY stream parsing and rendering. This
13638 library is supposed to be used later on for implementing a
13639 full userspace VT subsystem, replacing the current kernel
13642 * A new tool systemd-journal-upload has been added to push
13643 journal data to a remote system running
13644 systemd-journal-remote.
13646 * journald will no longer forward all local data to another
13647 running syslog daemon. This change has been made because
13648 rsyslog (which appears to be the most commonly used syslog
13649 implementation these days) no longer makes use of this, and
13650 instead pulls the data out of the journal on its own. Since
13651 forwarding the messages to a non-existent syslog server is
13652 more expensive than we assumed we have now turned this
13653 off. If you run a syslog server that is not a recent rsyslog
13654 version, you have to turn this option on again
13655 (ForwardToSyslog= in journald.conf).
13657 * journald now optionally supports the LZ4 compressor for
13658 larger journal fields. This compressor should perform much
13659 better than XZ which was the previous default.
13661 * machinectl now shows the IP addresses of local containers,
13662 if it knows them, plus the interface name of the container.
13664 * A new tool "systemd-escape" has been added that makes it
13665 easy to escape strings to build unit names and similar.
13667 * sd_notify() messages may now include a new ERRNO= field
13668 which is parsed and collected by systemd and shown among the
13669 "systemctl status" output for a service.
13671 * A new component "systemd-firstboot" has been added that
13672 queries the most basic systemd information (timezone,
13673 hostname, root password) interactively on first
13674 boot. Alternatively it may also be used to provision these
13675 things offline on OS images installed into directories.
13677 * The default sysctl.d/ snippets will now set
13679 net.ipv4.conf.default.promote_secondaries=1
13681 This has the benefit of no flushing secondary IP addresses
13682 when primary addresses are removed.
13684 Contributions from: Ansgar Burchardt, Bastien Nocera, Colin
13685 Walters, Dan Dedrick, Daniel Buch, Daniel Korostil, Daniel
13686 Mack, Dan Williams, Dave Reisner, David Herrmann, Denis
13687 Kenzior, Eelco Dolstra, Eric Cook, Hannes Reinecke, Harald
13688 Hoyer, Hong Shick Pak, Hui Wang, Jean-André Santoni, Jóhann
13689 B. Guðmundsson, Jon Severinsson, Karel Zak, Kay Sievers, Kevin
13690 Wells, Lennart Poettering, Lukas Nykryn, Mantas Mikulėnas,
13691 Marc-Antoine Perennou, Martin Pitt, Michael Biebl, Michael
13692 Marineau, Michael Olbrich, Michal Schmidt, Michal Sekletar,
13693 Miguel Angel Ajo, Mike Gilbert, Olivier Brunel, Robert
13694 Schiele, Ronny Chevalier, Simon McVittie, Sjoerd Simons, Stef
13695 Walter, Steven Noonan, Susant Sahani, Tanu Kaskinen, Thomas
13696 Blume, Thomas Hindoe Paaboel Andersen, Timofey Titovets,
13697 Tobias Geerinckx-Rice, Tomasz Torcz, Tom Gundersen, Umut
13698 Tezduyar Lindskog, Zbigniew Jędrzejewski-Szmek
13700 — Berlin, 2014-08-19
13704 * A new tool systemd-sysusers has been added. This tool
13705 creates system users and groups in /etc/passwd and
13706 /etc/group, based on static declarative system user/group
13707 definitions in /usr/lib/sysusers.d/. This is useful to
13708 enable factory resets and volatile systems that boot up with
13709 an empty /etc directory, and thus need system users and
13710 groups created during early boot. systemd now also ships
13711 with two default sysusers.d/ files for the most basic
13712 users and groups systemd and the core operating system
13715 * A new tmpfiles snippet has been added that rebuilds the
13716 essential files in /etc on boot, should they be missing.
13718 * A directive for ensuring automatic clean-up of
13719 /var/cache/man/ has been removed from the default
13720 configuration. This line should now be shipped by the man
13721 implementation. The necessary change has been made to the
13722 man-db implementation. Note that you need to update your man
13723 implementation to one that ships this line, otherwise no
13724 automatic clean-up of /var/cache/man will take place.
13726 * A new condition ConditionNeedsUpdate= has been added that
13727 may conditionalize services to only run when /etc or /var
13728 are "older" than the vendor operating system resources in
13729 /usr. This is useful for reconstructing or updating /etc
13730 after an offline update of /usr or a factory reset, on the
13731 next reboot. Services that want to run once after such an
13732 update or reset should use this condition and order
13733 themselves before the new systemd-update-done.service, which
13734 will mark the two directories as fully updated. A number of
13735 service files have been added making use of this, to rebuild
13736 the udev hardware database, the journald message catalog and
13737 dynamic loader cache (ldconfig). The systemd-sysusers tool
13738 described above also makes use of this now. With this in
13739 place it is now possible to start up a minimal operating
13740 system with /etc empty cleanly. For more information on the
13741 concepts involved see this recent blog story:
13743 https://0pointer.de/blog/projects/stateless.html
13745 * A new system group "input" has been introduced, and all
13746 input device nodes get this group assigned. This is useful
13747 for system-level software to get access to input devices. It
13748 complements what is already done for "audio" and "video".
13750 * systemd-networkd learnt minimal DHCPv4 server support in
13751 addition to the existing DHCPv4 client support. It also
13752 learnt DHCPv6 client and IPv6 Router Solicitation client
13753 support. The DHCPv4 client gained support for static routes
13754 passed in from the server. Note that the [DHCPv4] section
13755 known in older systemd-networkd versions has been renamed to
13756 [DHCP] and is now also used by the DHCPv6 client. Existing
13757 .network files using settings of this section should be
13758 updated, though compatibility is maintained. Optionally, the
13759 client hostname may now be sent to the DHCP server.
13761 * networkd gained support for vxlan virtual networks as well
13762 as tun/tap and dummy devices.
13764 * networkd gained support for automatic allocation of address
13765 ranges for interfaces from a system-wide pool of
13766 addresses. This is useful for dynamically managing a large
13767 number of interfaces with a single network configuration
13768 file. In particular this is useful to easily assign
13769 appropriate IP addresses to the veth links of a large number
13770 of nspawn instances.
13772 * RPM macros for processing sysusers, sysctl and binfmt
13773 drop-in snippets at package installation time have been
13776 * The /etc/os-release file should now be placed in
13777 /usr/lib/os-release. The old location is automatically
13778 created as symlink. /usr/lib is the more appropriate
13779 location of this file, since it shall actually describe the
13780 vendor operating system shipped in /usr, and not the
13781 configuration stored in /etc.
13783 * .mount units gained a new boolean SloppyOptions= setting
13784 that maps to mount(8)'s -s option which enables permissive
13785 parsing of unknown mount options.
13787 * tmpfiles learnt a new "L+" directive which creates a symlink
13788 but (unlike "L") deletes a pre-existing file first, should
13789 it already exist and not already be the correct
13790 symlink. Similarly, "b+", "c+" and "p+" directives have been
13791 added as well, which create block and character devices, as
13792 well as fifos in the filesystem, possibly removing any
13793 pre-existing files of different types.
13795 * For tmpfiles' "L", "L+", "C" and "C+" directives the final
13796 'argument' field (which so far specified the source to
13797 symlink/copy the files from) is now optional. If omitted the
13798 same file os copied from /usr/share/factory/ suffixed by the
13799 full destination path. This is useful for populating /etc
13800 with essential files, by copying them from vendor defaults
13801 shipped in /usr/share/factory/etc.
13803 * A new command "systemctl preset-all" has been added that
13804 applies the service preset settings to all installed unit
13805 files. A new switch --preset-mode= has been added that
13806 controls whether only enable or only disable operations
13809 * A new command "systemctl is-system-running" has been added
13810 that allows checking the overall state of the system, for
13811 example whether it is fully up and running.
13813 * When the system boots up with an empty /etc, the equivalent
13814 to "systemctl preset-all" is executed during early boot, to
13815 make sure all default services are enabled after a factory
13818 * systemd now contains a minimal preset file that enables the
13819 most basic services systemd ships by default.
13821 * Unit files' [Install] section gained a new DefaultInstance=
13822 field for defining the default instance to create if a
13823 template unit is enabled with no instance specified.
13825 * A new passive target cryptsetup-pre.target has been added
13826 that may be used by services that need to make they run and
13827 finish before the first LUKS cryptographic device is set up.
13829 * The /dev/loop-control and /dev/btrfs-control device nodes
13830 are now owned by the "disk" group by default, opening up
13831 access to this group.
13833 * systemd-coredump will now automatically generate a
13834 stack trace of all core dumps taking place on the system,
13835 based on elfutils' libdw library. This stack trace is logged
13838 * systemd-coredump may now optionally store coredumps directly
13839 on disk (in /var/lib/systemd/coredump, possibly compressed),
13840 instead of storing them unconditionally in the journal. This
13841 mode is the new default. A new configuration file
13842 /etc/systemd/coredump.conf has been added to configure this
13843 and other parameters of systemd-coredump.
13845 * coredumpctl gained a new "info" verb to show details about a
13846 specific coredump. A new switch "-1" has also been added
13847 that makes sure to only show information about the most
13848 recent entry instead of all entries. Also, as the tool is
13849 generally useful now the "systemd-" prefix of the binary
13850 name has been removed. Distributions that want to maintain
13851 compatibility with the old name should add a symlink from
13852 the old name to the new name.
13854 * journald's SplitMode= now defaults to "uid". This makes sure
13855 that unprivileged users can access their own coredumps with
13856 coredumpctl without restrictions.
13858 * New kernel command line options "systemd.wants=" (for
13859 pulling an additional unit during boot), "systemd.mask="
13860 (for masking a specific unit for the boot), and
13861 "systemd.debug-shell" (for enabling the debug shell on tty9)
13862 have been added. This is implemented in the new generator
13863 "systemd-debug-generator".
13865 * systemd-nspawn will now by default filter a couple of
13866 syscalls for containers, among them those required for
13867 kernel module loading, direct x86 IO port access, swap
13868 management, and kexec. Most importantly though
13869 open_by_handle_at() is now prohibited for containers,
13870 closing a hole similar to a recently discussed vulnerability
13871 in docker regarding access to files on file hierarchies the
13872 container should normally not have access to. Note that, for
13873 nspawn, we generally make no security claims anyway (and
13874 this is explicitly documented in the man page), so this is
13875 just a fix for one of the most obvious problems.
13877 * A new man page file-hierarchy(7) has been added that
13878 contains a minimized, modernized version of the file system
13879 layout systemd expects, similar in style to the FHS
13880 specification or hier(5). A new tool systemd-path(1) has
13881 been added to query many of these paths for the local
13884 * Automatic time-based clean-up of $XDG_RUNTIME_DIR is no
13885 longer done. Since the directory now has a per-user size
13886 limit, and is cleaned on logout this appears unnecessary,
13887 in particular since this now brings the lifecycle of this
13888 directory closer in line with how IPC objects are handled.
13890 * systemd.pc now exports a number of additional directories,
13891 including $libdir (which is useful to identify the library
13892 path for the primary architecture of the system), and a
13893 couple of drop-in directories.
13895 * udev's predictable network interface names now use the dev_port
13896 sysfs attribute, introduced in linux 3.15 instead of dev_id to
13897 distinguish between ports of the same PCI function. dev_id should
13898 only be used for ports using the same HW address, hence the need
13901 * machined has been updated to export the OS version of a
13902 container (read from /etc/os-release and
13903 /usr/lib/os-release) on the bus. This is now shown in
13904 "machinectl status" for a machine.
13906 * A new service setting RestartForceExitStatus= has been
13907 added. If configured to a set of exit signals or process
13908 return values, the service will be restarted when the main
13909 daemon process exits with any of them, regardless of the
13912 * systemctl's -H switch for connecting to remote systemd
13913 machines has been extended so that it may be used to
13914 directly connect to a specific container on the
13915 host. "systemctl -H root@foobar:waldi" will now connect as
13916 user "root" to host "foobar", and then proceed directly to
13917 the container named "waldi". Note that currently you have to
13918 authenticate as user "root" for this to work, as entering
13919 containers is a privileged operation.
13921 Contributions from: Andreas Henriksson, Benjamin Steinwender,
13922 Carl Schaefer, Christian Hesse, Colin Ian King, Cristian
13923 Rodríguez, Daniel Mack, Dave Reisner, David Herrmann, Eugene
13924 Yakubovich, Filipe Brandenburger, Frederic Crozat, Hristo
13925 Venev, Jan Engelhardt, Jonathan Boulle, Kay Sievers, Lennart
13926 Poettering, Luke Shumaker, Mantas Mikulėnas, Marc-Antoine
13927 Perennou, Marcel Holtmann, Michael Marineau, Michael Olbrich,
13928 Michał Bartoszkiewicz, Michal Sekletar, Patrik Flykt, Ronan Le
13929 Martret, Ronny Chevalier, Ruediger Oertel, Steven Noonan,
13930 Susant Sahani, Thadeu Lima de Souza Cascardo, Thomas Hindoe
13931 Paaboel Andersen, Tom Gundersen, Tom Hirst, Umut Tezduyar
13932 Lindskog, Uoti Urpala, Zbigniew Jędrzejewski-Szmek
13934 — Berlin, 2014-07-03
13938 * As an experimental feature, udev now tries to lock the
13939 disk device node (flock(LOCK_SH|LOCK_NB)) while it
13940 executes events for the disk or any of its partitions.
13941 Applications like partitioning programs can lock the
13942 disk device node (flock(LOCK_EX)) and claim temporary
13943 device ownership that way; udev will entirely skip all event
13944 handling for this disk and its partitions. If the disk
13945 was opened for writing, the close will trigger a partition
13946 table rescan in udev's "watch" facility, and if needed
13947 synthesize "change" events for the disk and all its partitions.
13948 This is now unconditionally enabled, and if it turns out to
13949 cause major problems, we might turn it on only for specific
13950 devices, or might need to disable it entirely. Device Mapper
13951 devices are excluded from this logic.
13953 * We temporarily dropped the "-l" switch for fsck invocations,
13954 since they collide with the flock() logic above. util-linux
13955 upstream has been changed already to avoid this conflict,
13956 and we will re-add "-l" as soon as util-linux with this
13957 change has been released.
13959 * The dependency on libattr has been removed. Since a long
13960 time, the extended attribute calls have moved to glibc, and
13961 libattr is thus unnecessary.
13963 * Virtualization detection works without privileges now. This
13964 means the systemd-detect-virt binary no longer requires
13965 CAP_SYS_PTRACE file capabilities, and our daemons can run
13966 with fewer privileges.
13968 * systemd-networkd now runs under its own "systemd-network"
13969 user. It retains the CAP_NET_ADMIN, CAP_NET_BIND_SERVICE,
13970 CAP_NET_BROADCAST, CAP_NET_RAW capabilities though, but
13971 loses the ability to write to files owned by root this way.
13973 * Similarly, systemd-resolved now runs under its own
13974 "systemd-resolve" user with no capabilities remaining.
13976 * Similarly, systemd-bus-proxyd now runs under its own
13977 "systemd-bus-proxy" user with only CAP_IPC_OWNER remaining.
13979 * systemd-networkd gained support for setting up "veth"
13980 virtual Ethernet devices for container connectivity, as well
13981 as GRE and VTI tunnels.
13983 * systemd-networkd will no longer automatically attempt to
13984 manually load kernel modules necessary for certain tunnel
13985 transports. Instead, it is assumed the kernel loads them
13986 automatically when required. This only works correctly on
13987 very new kernels. On older kernels, please consider adding
13988 the kernel modules to /etc/modules-load.d/ as a work-around.
13990 * The resolv.conf file systemd-resolved generates has been
13991 moved to /run/systemd/resolve/. If you have a symlink from
13992 /etc/resolv.conf, it might be necessary to correct it.
13994 * Two new service settings, ProtectHome= and ProtectSystem=,
13995 have been added. When enabled, they will make the user data
13996 (such as /home) inaccessible or read-only and the system
13997 (such as /usr) read-only, for specific services. This allows
13998 very light-weight per-service sandboxing to avoid
13999 modifications of user data or system files from
14000 services. These two new switches have been enabled for all
14001 of systemd's long-running services, where appropriate.
14003 * Socket units gained new SocketUser= and SocketGroup=
14004 settings to set the owner user and group of AF_UNIX sockets
14005 and FIFOs in the file system.
14007 * Socket units gained a new RemoveOnStop= setting. If enabled,
14008 all FIFOS and sockets in the file system will be removed
14009 when the specific socket unit is stopped.
14011 * Socket units gained a new Symlinks= setting. It takes a list
14012 of symlinks to create to file system sockets or FIFOs
14013 created by the specific Unix sockets. This is useful to
14014 manage symlinks to socket nodes with the same lifecycle as
14017 * The /dev/log socket and /dev/initctl FIFO have been moved to
14018 /run, and have been replaced by symlinks. This allows
14019 connecting to these facilities even if PrivateDevices=yes is
14020 used for a service (which makes /dev/log itself unavailable,
14021 but /run is left). This also has the benefit of ensuring
14022 that /dev only contains device nodes, directories and
14023 symlinks, and nothing else.
14025 * sd-daemon gained two new calls sd_pid_notify() and
14026 sd_pid_notifyf(). They are similar to sd_notify() and
14027 sd_notifyf(), but allow overriding of the source PID of
14028 notification messages if permissions permit this. This is
14029 useful to send notify messages on behalf of a different
14030 process (for example, the parent process). The
14031 systemd-notify tool has been updated to make use of this
14032 when sending messages (so that notification messages now
14033 originate from the shell script invoking systemd-notify and
14034 not the systemd-notify process itself. This should minimize
14035 a race where systemd fails to associate notification
14036 messages to services when the originating process already
14039 * A new "on-abnormal" setting for Restart= has been added. If
14040 set, it will result in automatic restarts on all "abnormal"
14041 reasons for a process to exit, which includes unclean
14042 signals, core dumps, timeouts and watchdog timeouts, but
14043 does not include clean and unclean exit codes or clean
14044 signals. Restart=on-abnormal is an alternative for
14045 Restart=on-failure for services that shall be able to
14046 terminate and avoid restarts on certain errors, by
14047 indicating so with an unclean exit code. Restart=on-failure
14048 or Restart=on-abnormal is now the recommended setting for
14049 all long-running services.
14051 * If the InaccessibleDirectories= service setting points to a
14052 mount point (or if there are any submounts contained within
14053 it), it is now attempted to completely unmount it, to make
14054 the file systems truly unavailable for the respective
14057 * The ReadOnlyDirectories= service setting and
14058 systemd-nspawn's --read-only parameter are now recursively
14059 applied to all submounts, too.
14061 * Mount units may now be created transiently via the bus APIs.
14063 * The support for SysV and LSB init scripts has been removed
14064 from the systemd daemon itself. Instead, it is now
14065 implemented as a generator that creates native systemd units
14066 from these scripts when needed. This enables us to remove a
14067 substantial amount of legacy code from PID 1, following the
14068 fact that many distributions only ship a very small number
14069 of LSB/SysV init scripts nowadays.
14071 * Privileged Xen (dom0) domains are not considered
14072 virtualization anymore by the virtualization detection
14073 logic. After all, they generally have unrestricted access to
14074 the hardware and usually are used to manage the unprivileged
14077 * systemd-tmpfiles gained a new "C" line type, for copying
14078 files or entire directories.
14080 * systemd-tmpfiles "m" lines are now fully equivalent to "z"
14081 lines. So far, they have been non-globbing versions of the
14082 latter, and have thus been redundant. In future, it is
14083 recommended to only use "z". "m" has hence been removed
14084 from the documentation, even though it stays supported.
14086 * A tmpfiles snippet to recreate the most basic structure in
14087 /var has been added. This is enough to create the /var/run →
14088 /run symlink and create a couple of structural
14089 directories. This allows systems to boot up with an empty or
14090 volatile /var. Of course, while with this change, the core OS
14091 now is capable with dealing with a volatile /var, not all
14092 user services are ready for it. However, we hope that sooner
14093 or later, many service daemons will be changed upstream so
14094 that they are able to automatically create their necessary
14095 directories in /var at boot, should they be missing. This is
14096 the first step to allow state-less systems that only require
14097 the vendor image for /usr to boot.
14099 * systemd-nspawn has gained a new --tmpfs= switch to mount an
14100 empty tmpfs instance to a specific directory. This is
14101 particularly useful for making use of the automatic
14102 reconstruction of /var (see above), by passing --tmpfs=/var.
14104 * Access modes specified in tmpfiles snippets may now be
14105 prefixed with "~", which indicates that they shall be masked
14106 by whether the existing file or directory is currently
14107 writable, readable or executable at all. Also, if specified,
14108 the sgid/suid/sticky bits will be masked for all
14111 * A new passive target unit "network-pre.target" has been
14112 added which is useful for services that shall run before any
14113 network is configured, for example firewall scripts.
14115 * The "floppy" group that previously owned the /dev/fd*
14116 devices is no longer used. The "disk" group is now used
14117 instead. Distributions should probably deprecate usage of
14120 Contributions from: Camilo Aguilar, Christian Hesse, Colin Ian
14121 King, Cristian Rodríguez, Daniel Buch, Dave Reisner, David
14122 Strauss, Denis Tikhomirov, John, Jonathan Liu, Kay Sievers,
14123 Lennart Poettering, Mantas Mikulėnas, Mark Eichin, Ronny
14124 Chevalier, Susant Sahani, Thomas Blume, Thomas Hindoe Paaboel
14125 Andersen, Tom Gundersen, Umut Tezduyar Lindskog, Zbigniew
14128 — Berlin, 2014-06-11
14132 * A new "systemd-timesyncd" daemon has been added for
14133 synchronizing the system clock across the network. It
14134 implements an SNTP client. In contrast to NTP
14135 implementations such as chrony or the NTP reference server,
14136 this only implements a client side, and does not bother with
14137 the full NTP complexity, focusing only on querying time from
14138 one remote server and synchronizing the local clock to
14139 it. Unless you intend to serve NTP to networked clients or
14140 want to connect to local hardware clocks, this simple NTP
14141 client should be more than appropriate for most
14142 installations. The daemon runs with minimal privileges, and
14143 has been hooked up with networkd to only operate when
14144 network connectivity is available. The daemon saves the
14145 current clock to disk every time a new NTP sync has been
14146 acquired, and uses this to possibly correct the system clock
14147 early at bootup, in order to accommodate for systems that
14148 lack an RTC such as the Raspberry Pi and embedded devices,
14149 and to make sure that time monotonically progresses on these
14150 systems, even if it is not always correct. To make use of
14151 this daemon, a new system user and group "systemd-timesync"
14152 needs to be created on installation of systemd.
14154 * The queue "seqnum" interface of libudev has been disabled, as
14155 it was generally incompatible with device namespacing as
14156 sequence numbers of devices go "missing" if the devices are
14157 part of a different namespace.
14159 * "systemctl list-timers" and "systemctl list-sockets" gained
14160 a --recursive switch for showing units of these types also
14161 for all local containers, similar in style to the already
14162 supported --recursive switch for "systemctl list-units".
14164 * A new RebootArgument= setting has been added for service
14165 units, which may be used to specify a kernel reboot argument
14166 to use when triggering reboots with StartLimitAction=.
14168 * A new FailureAction= setting has been added for service
14169 units which may be used to specify an operation to trigger
14170 when a service fails. This works similarly to
14171 StartLimitAction=, but unlike it, controls what is done
14172 immediately rather than only after several attempts to
14173 restart the service in question.
14175 * hostnamed got updated to also expose the kernel name,
14176 release, and version on the bus. This is useful for
14177 executing commands like hostnamectl with the -H switch.
14178 systemd-analyze makes use of this to properly display
14179 details when running non-locally.
14181 * The bootchart tool can now show cgroup information in the
14182 graphs it generates.
14184 * The CFS CPU quota cgroup attribute is now exposed for
14185 services. The new CPUQuota= switch has been added for this
14186 which takes a percentage value. Setting this will have the
14187 result that a service may never get more CPU time than the
14188 specified percentage, even if the machine is otherwise idle.
14190 * systemd-networkd learned IPIP and SIT tunnel support.
14192 * LSB init scripts exposing a dependency on $network will now
14193 get a dependency on network-online.target rather than simply
14194 network.target. This should bring LSB handling closer to
14195 what it was on SysV systems.
14197 * A new fsck.repair= kernel option has been added to control
14198 how fsck shall deal with unclean file systems at boot.
14200 * The (.ini) configuration file parser will now silently ignore
14201 sections whose names begin with "X-". This may be used to maintain
14202 application-specific extension sections in unit files.
14204 * machined gained a new API to query the IP addresses of
14205 registered containers. "machinectl status" has been updated
14206 to show these addresses in its output.
14208 * A new call sd_uid_get_display() has been added to the
14209 sd-login APIs for querying the "primary" session of a
14210 user. The "primary" session of the user is elected from the
14211 user's sessions and generally a graphical session is
14212 preferred over a text one.
14214 * A minimal systemd-resolved daemon has been added. It
14215 currently simply acts as a companion to systemd-networkd and
14216 manages resolv.conf based on per-interface DNS
14217 configuration, possibly supplied via DHCP. In the long run
14218 we hope to extend this into a local DNSSEC enabled DNS and
14221 * The systemd-networkd-wait-online tool is now enabled by
14222 default. It will delay network-online.target until a network
14223 connection has been configured. The tool primarily integrates
14224 with networkd, but will also make a best effort to make sense
14225 of network configuration performed in some other way.
14227 * Two new service options StartupCPUShares= and
14228 StartupBlockIOWeight= have been added that work similarly to
14229 CPUShares= and BlockIOWeight= however only apply during
14230 system startup. This is useful to prioritize certain services
14231 differently during bootup than during normal runtime.
14233 * hostnamed has been changed to prefer the statically
14234 configured hostname in /etc/hostname (unless set to
14235 'localhost' or empty) over any dynamic one supplied by
14236 dhcp. With this change, the rules for picking the hostname
14237 match more closely the rules of other configuration settings
14238 where the local administrator's configuration in /etc always
14239 overrides any other settings.
14241 Contributions from: Ali H. Caliskan, Alison Chaiken, Bas van
14242 den Berg, Brandon Philips, Cristian Rodríguez, Daniel Buch,
14243 Dan Kilman, Dave Reisner, David Härdeman, David Herrmann,
14244 David Strauss, Dimitris Spingos, Djalal Harouni, Eelco
14245 Dolstra, Evan Nemerson, Florian Albrechtskirchinger, Greg
14246 Kroah-Hartman, Harald Hoyer, Holger Hans Peter Freyther, Jan
14247 Engelhardt, Jani Nikula, Jason St. John, Jeffrey Clark,
14248 Jonathan Boulle, Kay Sievers, Lennart Poettering, Lukas
14249 Nykryn, Lukasz Skalski, Łukasz Stelmach, Mantas Mikulėnas,
14250 Marcel Holtmann, Martin Pitt, Matthew Monaco, Michael
14251 Marineau, Michael Olbrich, Michal Sekletar, Mike Gilbert, Nis
14252 Martensen, Patrik Flykt, Philip Lorenz, poma, Ray Strode,
14253 Reyad Attiyat, Robert Milasan, Scott Thrasher, Stef Walter,
14254 Steven Siloti, Susant Sahani, Tanu Kaskinen, Thomas Bächler,
14255 Thomas Hindoe Paaboel Andersen, Tom Gundersen, Umut Tezduyar
14256 Lindskog, WaLyong Cho, Will Woods, Zbigniew
14259 — Beijing, 2014-05-28
14263 * When restoring the screen brightness at boot, stay away from
14264 the darkest setting or from the lowest 5% of the available
14265 range, depending on which is the larger value of both. This
14266 should effectively protect the user from rebooting into a
14267 black screen, should the brightness have been set to minimum
14270 * sd-login gained a new sd_machine_get_class() call to
14271 determine the class ("vm" or "container") of a machine
14272 registered with machined.
14274 * sd-login gained new calls
14275 sd_peer_get_{session,owner_uid,unit,user_unit,slice,machine_name}(),
14276 to query the identity of the peer of a local AF_UNIX
14277 connection. They operate similarly to their sd_pid_get_xyz()
14280 * PID 1 will now maintain a system-wide system state engine
14281 with the states "starting", "running", "degraded",
14282 "maintenance", "stopping". These states are bound to system
14283 startup, normal runtime, runtime with at least one failed
14284 service, rescue/emergency mode and system shutdown. This
14285 state is shown in the "systemctl status" output when no unit
14286 name is passed. It is useful to determine system state, in
14287 particularly when doing so for many systems or containers at
14290 * A new command "list-machines" has been added to "systemctl"
14291 that lists all local OS containers and shows their system
14292 state (see above), if systemd runs inside of them.
14294 * systemctl gained a new "-r" switch to recursively enumerate
14295 units on all local containers, when used with the
14296 "list-unit" command (which is the default one that is
14297 executed when no parameters are specified).
14299 * The GPT automatic partition discovery logic will now honour
14300 two GPT partition flags: one may be set on a partition to
14301 cause it to be mounted read-only, and the other may be set
14302 on a partition to ignore it during automatic discovery.
14304 * Two new GPT type UUIDs have been added for automatic root
14305 partition discovery, for 32-bit and 64-bit ARM. This is not
14306 particularly useful for discovering the root directory on
14307 these architectures during bare-metal boots (since UEFI is
14308 not common there), but still very useful to allow booting of
14309 ARM disk images in nspawn with the -i option.
14311 * MAC addresses of interfaces created with nspawn's
14312 --network-interface= switch will now be generated from the
14313 machine name, and thus be stable between multiple invocations
14316 * logind will now automatically remove all IPC objects owned
14317 by a user if she or he fully logs out. This makes sure that
14318 users who are logged out cannot continue to consume IPC
14319 resources. This covers SysV memory, semaphores and message
14320 queues as well as POSIX shared memory and message
14321 queues. Traditionally, SysV and POSIX IPC had no lifecycle
14322 limits. With this functionality, that is corrected. This may
14323 be turned off by using the RemoveIPC= switch of logind.conf.
14325 * The systemd-machine-id-setup and tmpfiles tools gained a
14326 --root= switch to operate on a specific root directory,
14329 * journald can now forward logged messages to the TTYs of all
14330 logged in users ("wall"). This is the default for all
14331 emergency messages now.
14333 * A new tool systemd-journal-remote has been added to stream
14334 journal log messages across the network.
14336 * /sys/fs/cgroup/ is now mounted read-only after all cgroup
14337 controller trees are mounted into it. Note that the
14338 directories mounted beneath it are not read-only. This is a
14339 security measure and is particularly useful because glibc
14340 actually includes a search logic to pick any tmpfs it can
14341 find to implement shm_open() if /dev/shm is not available
14342 (which it might very well be in namespaced setups).
14344 * machinectl gained a new "poweroff" command to cleanly power
14345 down a local OS container.
14347 * The PrivateDevices= unit file setting will now also drop the
14348 CAP_MKNOD capability from the capability bound set, and
14349 imply DevicePolicy=closed.
14351 * PrivateDevices=, PrivateNetwork= and PrivateTmp= is now used
14352 comprehensively on all long-running systemd services where
14353 this is appropriate.
14355 * systemd-udevd will now run in a disassociated mount
14356 namespace. To mount directories from udev rules, make sure to
14357 pull in mount units via SYSTEMD_WANTS properties.
14359 * The kdbus support gained support for uploading policy into
14360 the kernel. sd-bus gained support for creating "monitoring"
14361 connections that can eavesdrop into all bus communication
14362 for debugging purposes.
14364 * Timestamps may now be specified in seconds since the UNIX
14365 epoch Jan 1st, 1970 by specifying "@" followed by the value
14368 * Native tcpwrap support in systemd has been removed. tcpwrap
14369 is old code, not really maintained anymore and has serious
14370 shortcomings, and better options such as firewalls
14371 exist. For setups that require tcpwrap usage, please
14372 consider invoking your socket-activated service via tcpd,
14373 like on traditional inetd.
14375 * A new system.conf configuration option
14376 DefaultTimerAccuracySec= has been added that controls the
14377 default AccuracySec= setting of .timer units.
14379 * Timer units gained a new WakeSystem= switch. If enabled,
14380 timers configured this way will cause the system to resume
14381 from system suspend (if the system supports that, which most
14384 * Timer units gained a new Persistent= switch. If enabled,
14385 timers configured this way will save to disk when they have
14386 been last triggered. This information is then used on next
14387 reboot to possible execute overdue timer events, that
14388 could not take place because the system was powered off.
14389 This enables simple anacron-like behaviour for timer units.
14391 * systemctl's "list-timers" will now also list the time a
14392 timer unit was last triggered in addition to the next time
14393 it will be triggered.
14395 * systemd-networkd will now assign predictable IPv4LL
14396 addresses to its local interfaces.
14398 Contributions from: Brandon Philips, Daniel Buch, Daniel Mack,
14399 Dave Reisner, David Herrmann, Gerd Hoffmann, Greg
14400 Kroah-Hartman, Hendrik Brueckner, Jason St. John, Josh
14401 Triplett, Kay Sievers, Lennart Poettering, Marc-Antoine
14402 Perennou, Michael Marineau, Michael Olbrich, Miklos Vajna,
14403 Patrik Flykt, poma, Sebastian Thorarensen, Thomas Bächler,
14404 Thomas Hindoe Paaboel Andersen, Tomasz Torcz, Tom Gundersen,
14405 Umut Tezduyar Lindskog, Wieland Hoffmann, Zbigniew
14408 — Berlin, 2014-03-25
14412 * A new unit file setting RestrictAddressFamilies= has been
14413 added to restrict which socket address families unit
14414 processes gain access to. This takes address family names
14415 like "AF_INET" or "AF_UNIX", and is useful to minimize the
14416 attack surface of services via exotic protocol stacks. This
14417 is built on seccomp system call filters.
14419 * Two new unit file settings RuntimeDirectory= and
14420 RuntimeDirectoryMode= have been added that may be used to
14421 manage a per-daemon runtime directories below /run. This is
14422 an alternative for setting up directory permissions with
14423 tmpfiles snippets, and has the advantage that the runtime
14424 directory's lifetime is bound to the daemon runtime and that
14425 the daemon starts up with an empty directory each time. This
14426 is particularly useful when writing services that drop
14427 privileges using the User= or Group= setting.
14429 * The DeviceAllow= unit setting now supports globbing for
14430 matching against device group names.
14432 * The systemd configuration file system.conf gained new
14433 settings DefaultCPUAccounting=, DefaultBlockIOAccounting=,
14434 DefaultMemoryAccounting= to globally turn on/off accounting
14435 for specific resources (cgroups) for all units. These
14436 settings may still be overridden individually in each unit
14439 * systemd-gpt-auto-generator is now able to discover /srv and
14440 root partitions in addition to /home and swap partitions. It
14441 also supports LUKS-encrypted partitions now. With this in
14442 place, automatic discovery of partitions to mount following
14443 the Discoverable Partitions Specification
14444 (https://systemd.io/DISCOVERABLE_PARTITIONS/)
14445 is now a lot more complete. This allows booting without
14446 /etc/fstab and without root= on the kernel command line on
14447 systems prepared appropriately.
14449 * systemd-nspawn gained a new --image= switch which allows
14450 booting up disk images and Linux installations on any block
14451 device that follow the Discoverable Partitions Specification
14452 (see above). This means that installations made with
14453 appropriately updated installers may now be started and
14454 deployed using container managers, completely
14455 unmodified. (We hope that libvirt-lxc will add support for
14456 this feature soon, too.)
14458 * systemd-nspawn gained a new --network-macvlan= setting to
14459 set up a private macvlan interface for the
14460 container. Similarly, systemd-networkd gained a new
14461 Kind=macvlan setting in .netdev files.
14463 * systemd-networkd now supports configuring local addresses
14466 * A new tool systemd-network-wait-online has been added to
14467 synchronously wait for network connectivity using
14470 * The sd-bus.h bus API gained a new sd_bus_track object for
14471 tracking the lifecycle of bus peers. Note that sd-bus.h is
14472 still not a public API though (unless you specify
14473 --enable-kdbus on the configure command line, which however
14474 voids your warranty and you get no API stability guarantee).
14476 * The $XDG_RUNTIME_DIR runtime directories for each user are
14477 now individual tmpfs instances, which has the benefit of
14478 introducing separate pools for each user, with individual
14479 size limits, and thus making sure that unprivileged clients
14480 can no longer negatively impact the system or other users by
14481 filling up their $XDG_RUNTIME_DIR. A new logind.conf setting
14482 RuntimeDirectorySize= has been introduced that allows
14483 controlling the default size limit for all users. It
14484 defaults to 10% of the available physical memory. This is no
14485 replacement for quotas on tmpfs though (which the kernel
14486 still does not support), as /dev/shm and /tmp are still
14487 shared resources used by both the system and unprivileged
14490 * logind will now automatically turn off automatic suspending
14491 on laptop lid close when more than one display is
14492 connected. This was previously expected to be implemented
14493 individually in desktop environments (such as GNOME),
14494 however has been added to logind now, in order to fix a
14495 boot-time race where a desktop environment might not have
14496 been started yet and thus not been able to take an inhibitor
14497 lock at the time where logind already suspends the system
14498 due to a closed lid.
14500 * logind will now wait at least 30s after each system
14501 suspend/resume cycle, and 3min after system boot before
14502 suspending the system due to a closed laptop lid. This
14503 should give USB docking stations and similar enough time to
14504 be probed and configured after system resume and boot in
14505 order to then act as suspend blocker.
14507 * systemd-run gained a new --property= setting which allows
14508 initialization of resource control properties (and others)
14509 for the created scope or service unit. Example: "systemd-run
14510 --property=BlockIOWeight=10 updatedb" may be used to run
14511 updatedb at a low block IO scheduling weight.
14513 * systemd-run's --uid=, --gid=, --setenv=, --setenv= switches
14514 now also work in --scope mode.
14516 * When systemd is compiled with kdbus support, basic support
14517 for enforced policies is now in place. (Note that enabling
14518 kdbus still voids your warranty and no API compatibility
14519 promises are made.)
14521 Contributions from: Andrey Borzenkov, Ansgar Burchardt, Armin
14522 K., Daniel Mack, Dave Reisner, David Herrmann, Djalal Harouni,
14523 Harald Hoyer, Henrik Grindal Bakken, Jasper St. Pierre, Kay
14524 Sievers, Kieran Clancy, Lennart Poettering, Lukas Nykryn,
14525 Mantas Mikulėnas, Marcel Holtmann, Mark Oteiza, Martin Pitt,
14526 Mike Gilbert, Peter Rajnoha, poma, Samuli Suominen, Stef
14527 Walter, Susant Sahani, Tero Roponen, Thomas Andersen, Thomas
14528 Bächler, Thomas Hindoe Paaboel Andersen, Tomasz Torcz, Tom
14529 Gundersen, Umut Tezduyar Lindskog, Uoti Urpala, Zachary Cook,
14530 Zbigniew Jędrzejewski-Szmek
14532 — Berlin, 2014-03-12
14536 * systemd will now relabel /dev after loading the SMACK policy
14537 according to SMACK rules.
14539 * A new unit file option AppArmorProfile= has been added to
14540 set the AppArmor profile for the processes of a unit.
14542 * A new condition check ConditionArchitecture= has been added
14543 to conditionalize units based on the system architecture, as
14544 reported by uname()'s "machine" field.
14546 * systemd-networkd now supports matching on the system
14547 virtualization, architecture, kernel command line, hostname
14550 * logind is now a lot more aggressive when suspending the
14551 machine due to a closed laptop lid. Instead of acting only
14552 on the lid close action, it will continuously watch the lid
14553 status and act on it. This is useful for laptops where the
14554 power button is on the outside of the chassis so that it can
14555 be reached without opening the lid (such as the Lenovo
14556 Yoga). On those machines, logind will now immediately
14557 re-suspend the machine if the power button has been
14558 accidentally pressed while the laptop was suspended and in a
14559 backpack or similar.
14561 * logind will now watch SW_DOCK switches and inhibit reaction
14562 to the lid switch if it is pressed. This means that logind
14563 will not suspend the machine anymore if the lid is closed
14564 and the system is docked, if the laptop supports SW_DOCK
14565 notifications via the input layer. Note that ACPI docking
14566 stations do not generate this currently. Also note that this
14567 logic is usually not fully sufficient and Desktop
14568 Environments should take a lid switch inhibitor lock when an
14569 external display is connected, as systemd will not watch
14572 * nspawn will now make use of the devices cgroup controller by
14573 default, and only permit creation of and access to the usual
14574 API device nodes like /dev/null or /dev/random, as well as
14575 access to (but not creation of) the pty devices.
14577 * We will now ship a default .network file for
14578 systemd-networkd that automatically configures DHCP for
14579 network interfaces created by nspawn's --network-veth or
14580 --network-bridge= switches.
14582 * systemd will now understand the usual M, K, G, T suffixes
14583 according to SI conventions (i.e. to the base 1000) when
14584 referring to throughput and hardware metrics. It will stay
14585 with IEC conventions (i.e. to the base 1024) for software
14586 metrics, according to what is customary according to
14587 Wikipedia. We explicitly document which base applies for
14588 each configuration option.
14590 * The DeviceAllow= setting in unit files now supports a syntax to
14591 allow-list an entire group of devices node majors at once, based on
14592 the /proc/devices listing. For example, with the string "char-pts",
14593 it is now possible to allow-list all current and future pseudo-TTYs
14596 * sd-event learned a new "post" event source. Event sources of
14597 this type are triggered by the dispatching of any event
14598 source of a type that is not "post". This is useful for
14599 implementing clean-up and check event sources that are
14600 triggered by other work being done in the program.
14602 * systemd-networkd is no longer statically enabled, but uses
14603 the usual [Install] sections so that it can be
14604 enabled/disabled using systemctl. It still is enabled by
14607 * When creating a veth interface pair with systemd-nspawn, the
14608 host side will now be prefixed with "vb-" if
14609 --network-bridge= is used, and with "ve-" if --network-veth
14610 is used. This way, it is easy to distinguish these cases on
14611 the host, for example to apply different configuration to
14612 them with systemd-networkd.
14614 * The compatibility libraries for libsystemd-journal.so,
14615 libsystem-id128.so, libsystemd-login.so and
14616 libsystemd-daemon.so do not make use of IFUNC
14617 anymore. Instead, we now build libsystemd.so multiple times
14618 under these alternative names. This means that the footprint
14619 is drastically increased, but given that these are
14620 transitional compatibility libraries, this should not matter
14621 much. This change has been made necessary to support the ARM
14622 platform for these compatibility libraries, as the ARM
14623 toolchain is not really at the same level as the toolchain
14624 for other architectures like x86 and does not support
14625 IFUNC. Please make sure to use --enable-compat-libs only
14626 during a transitional period!
14628 * The .include syntax has been deprecated and is not documented
14629 anymore. Drop-in files in .d directories should be used instead.
14631 Contributions from: Andreas Fuchs, Armin K., Colin Walters,
14632 Daniel Mack, Dave Reisner, David Herrmann, Djalal Harouni,
14633 Holger Schurig, Jason A. Donenfeld, Jason St. John, Jasper
14634 St. Pierre, Kay Sievers, Lennart Poettering, Łukasz Stelmach,
14635 Marcel Holtmann, Michael Scherer, Michal Sekletar, Mike
14636 Gilbert, Samuli Suominen, Thomas Bächler, Thomas Hindoe
14637 Paaboel Andersen, Tom Gundersen, Umut Tezduyar Lindskog,
14638 Zbigniew Jędrzejewski-Szmek
14640 — Berlin, 2014-02-24
14644 * A new component "systemd-networkd" has been added that can
14645 be used to configure local network interfaces statically or
14646 via DHCP. It is capable of bringing up bridges, VLANs, and
14647 bonding. Currently, no hook-ups for interactive network
14648 configuration are provided. Use this for your initrd,
14649 container, embedded, or server setup if you need a simple,
14650 yet powerful, network configuration solution. This
14651 configuration subsystem is quite nifty, as it allows wildcard
14652 hotplug matching in interfaces. For example, with a single
14653 configuration snippet, you can configure that all Ethernet
14654 interfaces showing up are automatically added to a bridge,
14655 or similar. It supports link-sensing and more.
14657 * A new tool "systemd-socket-proxyd" has been added which can
14658 act as a bidirectional proxy for TCP sockets. This is
14659 useful for adding socket activation support to services that
14660 do not actually support socket activation, including virtual
14661 machines and the like.
14663 * Add a new tool to save/restore rfkill state on
14666 * Save/restore state of keyboard backlights in addition to
14667 display backlights on shutdown/boot.
14669 * udev learned a new SECLABEL{} construct to label device
14670 nodes with a specific security label when they appear. For
14671 now, only SECLABEL{selinux} is supported, but the syntax is
14672 prepared for additional security frameworks.
14674 * udev gained a new scheme to configure link-level attributes
14675 from files in /etc/systemd/network/*.link. These files can
14676 match against MAC address, device path, driver name and type,
14677 and will apply attributes like the naming policy, link speed,
14678 MTU, duplex settings, Wake-on-LAN settings, MAC address, MAC
14679 address assignment policy (randomized, …).
14681 * The configuration of network interface naming rules for
14682 "permanent interface names" has changed: a new NamePolicy=
14683 setting in the [Link] section of .link files determines the
14684 priority of possible naming schemes (onboard, slot, MAC,
14685 path). The default value of this setting is determined by
14686 /usr/lib/net/links/99-default.link. Old
14687 80-net-name-slot.rules udev configuration file has been
14688 removed, so local configuration overriding this file should
14689 be adapted to override 99-default.link instead.
14691 * When the User= switch is used in a unit file, also
14692 initialize $SHELL= based on the user database entry.
14694 * systemd no longer depends on libdbus. All communication is
14695 now done with sd-bus, systemd's low-level bus library
14698 * kdbus support has been added to PID 1 itself. When kdbus is
14699 enabled, this causes PID 1 to set up the system bus and
14700 enable support for a new ".busname" unit type that
14701 encapsulates bus name activation on kdbus. It works a little
14702 bit like ".socket" units, except for bus names. A new
14703 generator has been added that converts classic dbus1 service
14704 activation files automatically into native systemd .busname
14705 and .service units.
14707 * sd-bus: add a light-weight vtable implementation that allows
14708 defining objects on the bus with a simple static const
14709 vtable array of its methods, signals and properties.
14711 * systemd will not generate or install static dbus
14712 introspection data anymore to /usr/share/dbus-1/interfaces,
14713 as the precise format of these files is unclear, and
14714 nothing makes use of it.
14716 * A proxy daemon is now provided to proxy clients connecting
14717 via classic D-Bus AF_UNIX sockets to kdbus, to provide full
14718 compatibility with classic D-Bus.
14720 * A bus driver implementation has been added that supports the
14721 classic D-Bus bus driver calls on kdbus, also for
14722 compatibility purposes.
14724 * A new API "sd-event.h" has been added that implements a
14725 minimal event loop API built around epoll. It provides a
14726 couple of features that direct epoll usage is lacking:
14727 prioritization of events, scales to large numbers of timer
14728 events, per-event timer slack (accuracy), system-wide
14729 coalescing of timer events, exit handlers, watchdog
14730 supervision support using systemd's sd_notify() API, child
14733 * A new API "sd-rntl.h" has been added that provides an API
14734 around the route netlink interface of the kernel, similar in
14735 style to "sd-bus.h".
14737 * A new API "sd-dhcp-client.h" has been added that provides a
14738 small DHCPv4 client-side implementation. This is used by
14739 "systemd-networkd".
14741 * There is a new kernel command line option
14742 "systemd.restore_state=0|1". When set to "0", none of the
14743 systemd tools will restore saved runtime state to hardware
14744 devices. More specifically, the rfkill and backlight states
14747 * The FsckPassNo= compatibility option in mount/service units
14748 has been removed. The fstab generator will now add the
14749 necessary dependencies automatically, and does not require
14750 PID1's support for that anymore.
14752 * journalctl gained a new switch, --list-boots, that lists
14753 recent boots with their times and boot IDs.
14755 * The various tools like systemctl, loginctl, timedatectl,
14756 busctl, systemd-run, … have gained a new switch "-M" to
14757 connect to a specific, local OS container (as direct
14758 connection, without requiring SSH). This works on any
14759 container that is registered with machined, such as those
14760 created by libvirt-lxc or nspawn.
14762 * systemd-run and systemd-analyze also gained support for "-H"
14763 to connect to remote hosts via SSH. This is particularly
14764 useful for systemd-run because it enables queuing of jobs
14765 onto remote systems.
14767 * machinectl gained a new command "login" to open a getty
14768 login in any local container. This works with any container
14769 that is registered with machined (such as those created by
14770 libvirt-lxc or nspawn), and which runs systemd inside.
14772 * machinectl gained a new "reboot" command that may be used to
14773 trigger a reboot on a specific container that is registered
14774 with machined. This works on any container that runs an init
14775 system of some kind.
14777 * systemctl gained a new "list-timers" command to print a nice
14778 listing of installed timer units with the times they elapse
14781 * Alternative reboot() parameters may now be specified on the
14782 "systemctl reboot" command line and are passed to the
14783 reboot() system call.
14785 * systemctl gained a new --job-mode= switch to configure the
14786 mode to queue a job with. This is a more generic version of
14787 --fail, --irreversible, and --ignore-dependencies, which are
14788 still available but not advertised anymore.
14790 * /etc/systemd/system.conf gained new settings to configure
14791 various default timeouts of units, as well as the default
14792 start limit interval and burst. These may still be overridden
14795 * PID1 will now export on the bus profile data of the security
14796 policy upload process (such as the SELinux policy upload to
14799 * journald: when forwarding logs to the console, include
14800 timestamps (following the setting in
14801 /sys/module/printk/parameters/time).
14803 * OnCalendar= in timer units now understands the special
14804 strings "yearly" and "annually". (Both are equivalent)
14806 * The accuracy of timer units is now configurable with the new
14807 AccuracySec= setting. It defaults to 1min.
14809 * A new dependency type JoinsNamespaceOf= has been added that
14810 allows running two services within the same /tmp and network
14811 namespace, if PrivateNetwork= or PrivateTmp= are used.
14813 * A new command "cat" has been added to systemctl. It outputs
14814 the original unit file of a unit, and concatenates the
14815 contents of additional "drop-in" unit file snippets, so that
14816 the full configuration is shown.
14818 * systemctl now supports globbing on the various "list-xyz"
14819 commands, like "list-units" or "list-sockets", as well as on
14820 those commands which take multiple unit names.
14822 * journalctl's --unit= switch gained support for globbing.
14824 * All systemd daemons now make use of the watchdog logic so
14825 that systemd automatically notices when they hang.
14827 * If the $container_ttys environment variable is set,
14828 getty-generator will automatically spawn a getty for each
14829 listed tty. This is useful for container managers to request
14830 login gettys to be spawned on as many ttys as needed.
14832 * %h, %s, %U specifier support is not available anymore when
14833 used in unit files for PID 1. This is because NSS calls are
14834 not safe from PID 1. They stay available for --user
14835 instances of systemd, and as special case for the root user.
14837 * loginctl gained a new "--no-legend" switch to turn off output
14838 of the legend text.
14840 * The "sd-login.h" API gained three new calls:
14841 sd_session_is_remote(), sd_session_get_remote_user(),
14842 sd_session_get_remote_host() to query information about
14845 * The udev hardware database now also carries vendor/product
14846 information of SDIO devices.
14848 * The "sd-daemon.h" API gained a new sd_watchdog_enabled() to
14849 determine whether watchdog notifications are requested by
14850 the system manager.
14852 * Socket-activated per-connection services now include a
14853 short description of the connection parameters in the
14856 * tmpfiles gained a new "--boot" option. When this is not used,
14857 only lines where the command character is not suffixed with
14858 "!" are executed. When this option is specified, those
14859 options are executed too. This partitions tmpfiles
14860 directives into those that can be safely executed at any
14861 time, and those which should be run only at boot (for
14862 example, a line that creates /run/nologin).
14864 * A new API "sd-resolve.h" has been added which provides a simple
14865 asynchronous wrapper around glibc NSS hostname resolution
14866 calls, such as getaddrinfo(). In contrast to glibc's
14867 getaddrinfo_a(), it does not use signals. In contrast to most
14868 other asynchronous name resolution libraries, this one does
14869 not reimplement DNS, but reuses NSS, so that alternate
14870 hostname resolution systems continue to work, such as mDNS,
14871 LDAP, etc. This API is based on libasyncns, but it has been
14872 cleaned up for inclusion in systemd.
14874 * The APIs "sd-journal.h", "sd-login.h", "sd-id128.h",
14875 "sd-daemon.h" are no longer found in individual libraries
14876 libsystemd-journal.so, libsystemd-login.so,
14877 libsystemd-id128.so, libsystemd-daemon.so. Instead, we have
14878 merged them into a single library, libsystemd.so, which
14879 provides all symbols. The reason for this is cyclic
14880 dependencies, as these libraries tend to use each other's
14881 symbols. So far, we have managed to workaround that by linking
14882 a copy of a good part of our code into each of these
14883 libraries again and again, which, however, makes certain
14884 things hard to do, like sharing static variables. Also, it
14885 substantially increases footprint. With this change, there
14886 is only one library for the basic APIs systemd
14887 provides. Also, "sd-bus.h", "sd-memfd.h", "sd-event.h",
14888 "sd-rtnl.h", "sd-resolve.h", "sd-utf8.h" are found in this
14889 library as well, however are subject to the --enable-kdbus
14890 switch (see below). Note that "sd-dhcp-client.h" is not part
14891 of this library (this is because it only consumes, never
14892 provides, services of/to other APIs). To make the transition
14893 easy from the separate libraries to the unified one, we
14894 provide the --enable-compat-libs compile-time switch which
14895 will generate stub libraries that are compatible with the
14896 old ones but redirect all calls to the new one.
14898 * All of the kdbus logic and the new APIs "sd-bus.h",
14899 "sd-memfd.h", "sd-event.h", "sd-rtnl.h", "sd-resolve.h",
14900 and "sd-utf8.h" are compile-time optional via the
14901 "--enable-kdbus" switch, and they are not compiled in by
14902 default. To make use of kdbus, you have to explicitly enable
14903 the switch. Note however, that neither the kernel nor the
14904 userspace API for all of this is considered stable yet. We
14905 want to maintain the freedom to still change the APIs for
14906 now. By specifying this build-time switch, you acknowledge
14907 that you are aware of the instability of the current
14910 * Also, note that while kdbus is pretty much complete,
14911 it lacks one thing: proper policy support. This means you
14912 can build a fully working system with all features; however,
14913 it will be highly insecure. Policy support will be added in
14914 one of the next releases, at the same time that we will
14915 declare the APIs stable.
14917 * When the kernel command line argument "kdbus" is specified,
14918 systemd will automatically load the kdbus.ko kernel module. At
14919 this stage of development, it is only useful for testing kdbus
14920 and should not be used in production. Note: if "--enable-kdbus"
14921 is specified, and the kdbus.ko kernel module is available, and
14922 "kdbus" is added to the kernel command line, the entire system
14923 runs with kdbus instead of dbus-daemon, with the above mentioned
14924 problem of missing the system policy enforcement. Also a future
14925 version of kdbus.ko or a newer systemd will not be compatible with
14926 each other, and will unlikely be able to boot the machine if only
14927 one of them is updated.
14929 * systemctl gained a new "import-environment" command which
14930 uploads the caller's environment (or parts thereof) into the
14931 service manager so that it is inherited by services started
14932 by the manager. This is useful to upload variables like
14933 $DISPLAY into the user service manager.
14935 * A new PrivateDevices= switch has been added to service units
14936 which allows running a service with a namespaced /dev
14937 directory that does not contain any device nodes for
14938 physical devices. More specifically, it only includes devices
14939 such as /dev/null, /dev/urandom, and /dev/zero which are API
14942 * logind has been extended to support behaviour like VT
14943 switching on seats that do not support a VT. This makes
14944 multi-session available on seats that are not the first seat
14945 (seat0), and on systems where kernel support for VTs has
14946 been disabled at compile-time.
14948 * If a process holds a delay lock for system sleep or shutdown
14949 and fails to release it in time, we will now log its
14950 identity. This makes it easier to identify processes that
14951 cause slow suspends or power-offs.
14953 * When parsing /etc/crypttab, support for a new key-slot=
14954 option as supported by Debian is added. It allows indicating
14955 which LUKS slot to use on disk, speeding up key loading.
14957 * The sd_journal_sendv() API call has been checked and
14958 officially declared to be async-signal-safe so that it may
14959 be invoked from signal handlers for logging purposes.
14961 * Boot-time status output is now enabled automatically after a
14962 short timeout if boot does not progress, in order to give
14963 the user an indication what she or he is waiting for.
14965 * The boot-time output has been improved to show how much time
14966 remains until jobs expire.
14968 * The KillMode= switch in service units gained a new possible
14969 value "mixed". If set, and the unit is shut down, then the
14970 initial SIGTERM signal is sent only to the main daemon
14971 process, while the following SIGKILL signal is sent to
14972 all remaining processes of the service.
14974 * When a scope unit is registered, a new property "Controller"
14975 may be set. If set to a valid bus name, systemd will send a
14976 RequestStop() signal to this name when it would like to shut
14977 down the scope. This may be used to hook manager logic into
14978 the shutdown logic of scope units. Also, scope units may now
14979 be put in a special "abandoned" state, in which case the
14980 manager process which created them takes no further
14981 responsibilities for it.
14983 * When reading unit files, systemd will now verify
14984 the access mode of these files, and warn about certain
14985 suspicious combinations. This has been added to make it
14986 easier to track down packaging bugs where unit files are
14987 marked executable or world-writable.
14989 * systemd-nspawn gained a new "--setenv=" switch to set
14990 container-wide environment variables. The similar option in
14991 systemd-activate was renamed from "--environment=" to
14992 "--setenv=" for consistency.
14994 * systemd-nspawn has been updated to create a new kdbus domain
14995 for each container that is invoked, thus allowing each
14996 container to have its own set of system and user buses,
14997 independent of the host.
14999 * systemd-nspawn gained a new --drop-capability= switch to run
15000 the container with less capabilities than the default. Both
15001 --drop-capability= and --capability= now take the special
15002 string "all" for dropping or keeping all capabilities.
15004 * systemd-nspawn gained new switches for executing containers
15005 with specific SELinux labels set.
15007 * systemd-nspawn gained a new --quiet switch to not generate
15008 any additional output but the container's own console
15011 * systemd-nspawn gained a new --share-system switch to run a
15012 container without PID namespacing enabled.
15014 * systemd-nspawn gained a new --register= switch to control
15015 whether the container is registered with systemd-machined or
15016 not. This is useful for containers that do not run full
15017 OS images, but only specific apps.
15019 * systemd-nspawn gained a new --keep-unit which may be used
15020 when invoked as the only program from a service unit, and
15021 results in registration of the unit service itself in
15022 systemd-machined, instead of a newly opened scope unit.
15024 * systemd-nspawn gained a new --network-interface= switch for
15025 moving arbitrary interfaces to the container. The new
15026 --network-veth switch creates a virtual Ethernet connection
15027 between host and container. The new --network-bridge=
15028 switch then allows assigning the host side of this virtual
15029 Ethernet connection to a bridge device.
15031 * systemd-nspawn gained a new --personality= switch for
15032 setting the kernel personality for the container. This is
15033 useful when running a 32-bit container on a 64-bit host. A
15034 similar option Personality= is now also available for service
15037 * logind will now also track a "Desktop" identifier for each
15038 session which encodes the desktop environment of it. This is
15039 useful for desktop environments that want to identify
15040 multiple running sessions of itself easily.
15042 * A new SELinuxContext= setting for service units has been
15043 added that allows setting a specific SELinux execution
15044 context for a service.
15046 * Most systemd client tools will now honour $SYSTEMD_LESS for
15047 settings of the "less" pager. By default, these tools will
15048 override $LESS to allow certain operations to work, such as
15049 jump-to-the-end. With $SYSTEMD_LESS, it is possible to
15050 influence this logic.
15052 * systemd's "seccomp" hook-up has been changed to make use of
15053 the libseccomp library instead of using its own
15054 implementation. This has benefits for portability among
15057 * For usage together with SystemCallFilter=, a new
15058 SystemCallErrorNumber= setting has been introduced that
15059 allows configuration of a system error number to be returned
15060 on filtered system calls, instead of immediately killing the
15061 process. Also, SystemCallArchitectures= has been added to
15062 limit access to system calls of a particular architecture
15063 (in order to turn off support for unused secondary
15064 architectures). There is also a global
15065 SystemCallArchitectures= setting in system.conf now to turn
15066 off support for non-native system calls system-wide.
15068 * systemd requires a kernel with a working name_to_handle_at(),
15069 please see the kernel config requirements in the README file.
15071 Contributions from: Adam Williamson, Alex Jia, Anatol Pomozov,
15072 Ansgar Burchardt, AppleBloom, Auke Kok, Bastien Nocera,
15073 Chengwei Yang, Christian Seiler, Colin Guthrie, Colin Walters,
15074 Cristian Rodríguez, Daniel Buch, Daniele Medri, Daniel J
15075 Walsh, Daniel Mack, Dan McGee, Dave Reisner, David Coppa,
15076 David Herrmann, David Strauss, Djalal Harouni, Dmitry Pisklov,
15077 Elia Pinto, Florian Weimer, George McCollister, Goffredo
15078 Baroncelli, Greg Kroah-Hartman, Hendrik Brueckner, Igor
15079 Zhbanov, Jan Engelhardt, Jan Janssen, Jason A. Donenfeld,
15080 Jason St. John, Jasper St. Pierre, Jóhann B. Guðmundsson, Jose
15081 Ignacio Naranjo, Karel Zak, Kay Sievers, Kristian Høgsberg,
15082 Lennart Poettering, Lubomir Rintel, Lukas Nykryn, Lukasz
15083 Skalski, Łukasz Stelmach, Luke Shumaker, Mantas Mikulėnas,
15084 Marc-Antoine Perennou, Marcel Holtmann, Marcos Felipe Rasia de
15085 Mello, Marko Myllynen, Martin Pitt, Matthew Monaco, Michael
15086 Marineau, Michael Scherer, Michał Górny, Michal Sekletar,
15087 Michele Curti, Oleksii Shevchuk, Olivier Brunel, Patrik Flykt,
15088 Pavel Holica, Raudi, Richard Marko, Ronny Chevalier, Sébastien
15089 Luttringer, Sergey Ptashnick, Shawn Landden, Simon Peeters,
15090 Stefan Beller, Susant Sahani, Sylvain Plantefeve, Sylvia Else,
15091 Tero Roponen, Thomas Bächler, Thomas Hindoe Paaboel Andersen,
15092 Tom Gundersen, Umut Tezduyar Lindskog, Unai Uribarri, Václav
15093 Pavlín, Vincent Batts, WaLyong Cho, William Giokas, Yang
15094 Zhiyong, Yin Kangkai, Yuxuan Shui, Zbigniew Jędrzejewski-Szmek
15096 — Berlin, 2014-02-20
15100 * logind has gained support for facilitating privileged input
15101 and drm device access for unprivileged clients. This work is
15102 useful to allow Wayland display servers (and similar
15103 programs, such as kmscon) to run under the user's ID and
15104 access input and drm devices which are normally
15105 protected. When this is used (and the kernel is new enough)
15106 logind will "mute" IO on the file descriptors passed to
15107 Wayland as long as it is in the background and "unmute" it
15108 if it returns into the foreground. This allows secure
15109 session switching without allowing background sessions to
15110 eavesdrop on input and display data. This also introduces
15111 session switching support if VT support is turned off in the
15112 kernel, and on seats that are not seat0.
15114 * A new kernel command line option luks.options= is understood
15115 now which allows specifying LUKS options for usage for LUKS
15116 encrypted partitions specified with luks.uuid=.
15118 * tmpfiles.d(5) snippets may now use specifier expansion in
15119 path names. More specifically %m, %b, %H, %v, are now
15120 replaced by the local machine id, boot id, hostname, and
15121 kernel version number.
15123 * A new tmpfiles.d(5) command "m" has been introduced which
15124 may be used to change the owner/group/access mode of a file
15125 or directory if it exists, but do nothing if it does not.
15127 * This release removes high-level support for the
15128 MemorySoftLimit= cgroup setting. The underlying kernel
15129 cgroup attribute memory.soft_limit= is currently badly
15130 designed and likely to be removed from the kernel API in its
15131 current form, hence we should not expose it for now.
15133 * The memory.use_hierarchy cgroup attribute is now enabled for
15134 all cgroups systemd creates in the memory cgroup
15135 hierarchy. This option is likely to be come the built-in
15136 default in the kernel anyway, and the non-hierarchical mode
15137 never made much sense in the intrinsically hierarchical
15140 * A new field _SYSTEMD_SLICE= is logged along with all journal
15141 messages containing the slice a message was generated
15142 from. This is useful to allow easy per-customer filtering of
15143 logs among other things.
15145 * systemd-journald will no longer adjust the group of journal
15146 files it creates to the "systemd-journal" group. Instead we
15147 rely on the journal directory to be owned by the
15148 "systemd-journal" group, and its setgid bit set, so that the
15149 kernel file system layer will automatically enforce that
15150 journal files inherit this group assignment. The reason for
15151 this change is that we cannot allow NSS look-ups from
15152 journald which would be necessary to resolve
15153 "systemd-journal" to a numeric GID, because this might
15154 create deadlocks if NSS involves synchronous queries to
15155 other daemons (such as nscd, or sssd) which in turn are
15156 logging clients of journald and might block on it, which
15157 would then dead lock. A tmpfiles.d(5) snippet included in
15158 systemd will make sure the setgid bit and group are
15159 properly set on the journal directory if it exists on every
15160 boot. However, we recommend adjusting it manually after
15161 upgrades too (or from RPM scriptlets), so that the change is
15162 not delayed until next reboot.
15164 * Backlight and random seed files in /var/lib/ have moved into
15165 the /var/lib/systemd/ directory, in order to centralize all
15166 systemd generated files in one directory.
15168 * Boot time performance measurements (as displayed by
15169 "systemd-analyze" for example) will now read ACPI 5.0 FPDT
15170 performance information if that's available to determine how
15171 much time BIOS and boot loader initialization required. With
15172 a sufficiently new BIOS you hence no longer need to boot
15173 with Gummiboot to get access to such information.
15175 Contributions from: Andrey Borzenkov, Chen Jie, Colin Walters,
15176 Cristian Rodríguez, Dave Reisner, David Herrmann, David
15177 Mackey, David Strauss, Eelco Dolstra, Evan Callicoat, Gao
15178 feng, Harald Hoyer, Jimmie Tauriainen, Kay Sievers, Lennart
15179 Poettering, Lukas Nykryn, Mantas Mikulėnas, Martin Pitt,
15180 Michael Scherer, Michał Górny, Mike Gilbert, Patrick McCarty,
15181 Sebastian Ott, Tom Gundersen, Zbigniew Jędrzejewski-Szmek
15183 — Berlin, 2013-10-02
15187 * The Restart= option for services now understands a new
15188 on-watchdog setting, which will restart the service
15189 automatically if the service stops sending out watchdog keep
15190 alive messages (as configured with WatchdogSec=).
15192 * The getty generator (which is responsible for bringing up a
15193 getty on configured serial consoles) will no longer only
15194 start a getty on the primary kernel console but on all
15195 others, too. This makes the order in which console= is
15196 specified on the kernel command line less important.
15198 * libsystemd-logind gained a new sd_session_get_vt() call to
15199 retrieve the VT number of a session.
15201 * If the option "tries=0" is set for an entry of /etc/crypttab
15202 its passphrase is queried indefinitely instead of any
15203 maximum number of tries.
15205 * If a service with a configure PID file terminates its PID
15206 file will now be removed automatically if it still exists
15207 afterwards. This should put an end to stale PID files.
15209 * systemd-run will now also take relative binary path names
15210 for execution and no longer insists on absolute paths.
15212 * InaccessibleDirectories= and ReadOnlyDirectories= now take
15213 paths that are optionally prefixed with "-" to indicate that
15214 it should not be considered a failure if they do not exist.
15216 * journalctl -o (and similar commands) now understands a new
15217 output mode "short-precise", it is similar to "short" but
15218 shows timestamps with usec accuracy.
15220 * The option "discard" (as known from Debian) is now
15221 synonymous to "allow-discards" in /etc/crypttab. In fact,
15222 "discard" is preferred now (since it is easier to remember
15225 * Some licensing clean-ups were made, so that more code is now
15226 LGPL-2.1 licensed than before.
15228 * A minimal tool to save/restore the display backlight
15229 brightness across reboots has been added. It will store the
15230 backlight setting as late as possible at shutdown, and
15231 restore it as early as possible during reboot.
15233 * A logic to automatically discover and enable home and swap
15234 partitions on GPT disks has been added. With this in place
15235 /etc/fstab becomes optional for many setups as systemd can
15236 discover certain partitions located on the root disk
15237 automatically. Home partitions are recognized under their
15238 GPT type ID 933ac7e12eb44f13b8440e14e2aef915. Swap
15239 partitions are recognized under their GPT type ID
15240 0657fd6da4ab43c484e50933c84b4f4f.
15242 * systemd will no longer pass any environment from the kernel
15243 or initrd to system services. If you want to set an
15244 environment for all services, do so via the kernel command
15245 line systemd.setenv= assignment.
15247 * The systemd-sysctl tool no longer natively reads the file
15248 /etc/sysctl.conf. If desired, the file should be symlinked
15249 from /etc/sysctl.d/99-sysctl.conf. Apart from providing
15250 legacy support by a symlink rather than built-in code, it
15251 also makes the otherwise hidden order of application of the
15252 different files visible. (Note that this partly reverts to a
15253 pre-198 application order of sysctl knobs!)
15255 * The "systemctl set-log-level" and "systemctl dump" commands
15256 have been moved to systemd-analyze.
15258 * systemd-run learned the new --remain-after-exit switch,
15259 which causes the scope unit not to be cleaned up
15260 automatically after the process terminated.
15262 * tmpfiles learned a new --exclude-prefix= switch to exclude
15263 certain paths from operation.
15265 * journald will now automatically flush all messages to disk
15266 as soon as a message at the log level CRIT, ALERT or EMERG
15269 Contributions from: Andrew Cook, Brandon Philips, Christian
15270 Hesse, Christoph Junghans, Colin Walters, Daniel Schaal,
15271 Daniel Wallace, Dave Reisner, David Herrmann, Gao feng, George
15272 McCollister, Giovanni Campagna, Hannes Reinecke, Harald Hoyer,
15273 Herczeg Zsolt, Holger Hans Peter Freyther, Jan Engelhardt,
15274 Jesper Larsen, Kay Sievers, Khem Raj, Lennart Poettering,
15275 Lukas Nykryn, Maciej Wereski, Mantas Mikulėnas, Marcel
15276 Holtmann, Martin Pitt, Michael Biebl, Michael Marineau,
15277 Michael Scherer, Michael Stapelberg, Michal Sekletar, Michał
15278 Górny, Olivier Brunel, Ondrej Balaz, Ronny Chevalier, Shawn
15279 Landden, Steven Hiscocks, Thomas Bächler, Thomas Hindoe
15280 Paaboel Andersen, Tom Gundersen, Umut Tezduyar, WANG Chao,
15281 William Giokas, Zbigniew Jędrzejewski-Szmek
15283 — Berlin, 2013-09-13
15287 * The documentation has been updated to cover the various new
15288 concepts introduced with 205.
15290 * Unit files now understand the new %v specifier which
15291 resolves to the kernel version string as returned by "uname
15294 * systemctl now supports filtering the unit list output by
15295 load state, active state and sub state, using the new
15296 --state= parameter.
15298 * "systemctl status" will now show the results of the
15299 condition checks (like ConditionPathExists= and similar) of
15300 the last start attempts of the unit. They are also logged to
15303 * "journalctl -b" may now be used to look for boot output of a
15304 specific boot. Try "journalctl -b -1" for the previous boot,
15305 but the syntax is substantially more powerful.
15307 * "journalctl --show-cursor" has been added which prints the
15308 cursor string the last shown log line. This may then be used
15309 with the new "journalctl --after-cursor=" switch to continue
15310 browsing logs from that point on.
15312 * "journalctl --force" may now be used to force regeneration
15315 * Creation of "dead" device nodes has been moved from udev
15316 into kmod and tmpfiles. Previously, udev would read the kmod
15317 databases to pre-generate dead device nodes based on meta
15318 information contained in kernel modules, so that these would
15319 be auto-loaded on access rather then at boot. As this
15320 does not really have much to do with the exposing actual
15321 kernel devices to userspace this has always been slightly
15322 alien in the udev codebase. Following the new scheme kmod
15323 will now generate a runtime snippet for tmpfiles from the
15324 module meta information and it now is tmpfiles' job to the
15325 create the nodes. This also allows overriding access and
15326 other parameters for the nodes using the usual tmpfiles
15327 facilities. As side effect this allows us to remove the
15328 CAP_SYS_MKNOD capability bit from udevd entirely.
15330 * logind's device ACLs may now be applied to these "dead"
15331 devices nodes too, thus finally allowing managed access to
15332 devices such as /dev/snd/sequencer without loading the
15333 backing module right-away.
15335 * A new RPM macro has been added that may be used to apply
15336 tmpfiles configuration during package installation.
15338 * systemd-detect-virt and ConditionVirtualization= now can
15339 detect User-Mode-Linux machines (UML).
15341 * journald will now implicitly log the effective capabilities
15342 set of processes in the message metadata.
15344 * systemd-cryptsetup has gained support for TrueCrypt volumes.
15346 * The initrd interface has been simplified (more specifically,
15347 support for passing performance data via environment
15348 variables and fsck results via files in /run has been
15349 removed). These features were non-essential, and are
15350 nowadays available in a much nicer way by having systemd in
15351 the initrd serialize its state and have the hosts systemd
15352 deserialize it again.
15354 * The udev "keymap" data files and tools to apply keyboard
15355 specific mappings of scan to key codes, and force-release
15356 scan code lists have been entirely replaced by a udev
15357 "keyboard" builtin and a hwdb data file.
15359 * systemd will now honour the kernel's "quiet" command line
15360 argument also during late shutdown, resulting in a
15361 completely silent shutdown when used.
15363 * There's now an option to control the SO_REUSEPORT socket
15364 option in .socket units.
15366 * Instance units will now automatically get a per-template
15367 subslice of system.slice unless something else is explicitly
15368 configured. For example, instances of sshd@.service will now
15369 implicitly be placed in system-sshd.slice rather than
15370 system.slice as before.
15372 * Test coverage support may now be enabled at build time.
15374 Contributions from: Dave Reisner, Frederic Crozat, Harald
15375 Hoyer, Holger Hans Peter Freyther, Jan Engelhardt, Jan
15376 Janssen, Jason St. John, Jesper Larsen, Kay Sievers, Lennart
15377 Poettering, Lukas Nykryn, Maciej Wereski, Martin Pitt, Michael
15378 Olbrich, Ramkumar Ramachandra, Ross Lagerwall, Shawn Landden,
15379 Thomas H.P. Andersen, Tom Gundersen, Tomasz Torcz, William
15380 Giokas, Zbigniew Jędrzejewski-Szmek
15382 — Berlin, 2013-07-23
15386 * Two new unit types have been introduced:
15388 Scope units are very similar to service units, however, are
15389 created out of pre-existing processes — instead of PID 1
15390 forking off the processes. By using scope units it is
15391 possible for system services and applications to group their
15392 own child processes (worker processes) in a powerful way
15393 which then maybe used to organize them, or kill them
15394 together, or apply resource limits on them.
15396 Slice units may be used to partition system resources in an
15397 hierarchical fashion and then assign other units to them. By
15398 default there are now three slices: system.slice (for all
15399 system services), user.slice (for all user sessions),
15400 machine.slice (for VMs and containers).
15402 Slices and scopes have been introduced primarily in
15403 context of the work to move cgroup handling to a
15404 single-writer scheme, where only PID 1
15405 creates/removes/manages cgroups.
15407 * There's a new concept of "transient" units. In contrast to
15408 normal units these units are created via an API at runtime,
15409 not from configuration from disk. More specifically this
15410 means it is now possible to run arbitrary programs as
15411 independent services, with all execution parameters passed
15412 in via bus APIs rather than read from disk. Transient units
15413 make systemd substantially more dynamic then it ever was,
15414 and useful as a general batch manager.
15416 * logind has been updated to make use of scope and slice units
15417 for managing user sessions. As a user logs in he will get
15418 his own private slice unit, to which all sessions are added
15419 as scope units. We also added support for automatically
15420 adding an instance of user@.service for the user into the
15421 slice. Effectively logind will no longer create cgroup
15422 hierarchies on its own now, it will defer entirely to PID 1
15423 for this by means of scope, service and slice units. Since
15424 user sessions this way become entities managed by PID 1
15425 the output of "systemctl" is now a lot more comprehensive.
15427 * A new mini-daemon "systemd-machined" has been added which
15428 may be used by virtualization managers to register local
15429 VMs/containers. nspawn has been updated accordingly, and
15430 libvirt will be updated shortly. machined will collect a bit
15431 of meta information about the VMs/containers, and assign
15432 them their own scope unit (see above). The collected
15433 meta-data is then made available via the "machinectl" tool,
15434 and exposed in "ps" and similar tools. machined/machinectl
15435 is compile-time optional.
15437 * As discussed earlier, the low-level cgroup configuration
15438 options ControlGroup=, ControlGroupModify=,
15439 ControlGroupPersistent=, ControlGroupAttribute= have been
15440 removed. Please use high-level attribute settings instead as
15441 well as slice units.
15443 * A new bus call SetUnitProperties() has been added to alter
15444 various runtime parameters of a unit. This is primarily
15445 useful to alter cgroup parameters dynamically in a nice way,
15446 but will be extended later on to make more properties
15447 modifiable at runtime. systemctl gained a new set-properties
15448 command that wraps this call.
15450 * A new tool "systemd-run" has been added which can be used to
15451 run arbitrary command lines as transient services or scopes,
15452 while configuring a number of settings via the command
15453 line. This tool is currently very basic, however already
15454 very useful. We plan to extend this tool to even allow
15455 queuing of execution jobs with time triggers from the
15456 command line, similar in fashion to "at".
15458 * nspawn will now inform the user explicitly that kernels with
15459 audit enabled break containers, and suggest the user to turn
15462 * Support for detecting the IMA and AppArmor security
15463 frameworks with ConditionSecurity= has been added.
15465 * journalctl gained a new "-k" switch for showing only kernel
15466 messages, mimicking dmesg output; in addition to "--user"
15467 and "--system" switches for showing only user's own logs
15470 * systemd-delta can now show information about drop-in
15471 snippets extending unit files.
15473 * libsystemd-bus has been substantially updated but is still
15474 not available as public API.
15476 * systemd will now look for the "debug" argument on the kernel
15477 command line and enable debug logging, similar to what
15478 "systemd.log_level=debug" already did before.
15480 * "systemctl set-default", "systemctl get-default" has been
15481 added to configure the default.target symlink, which
15482 controls what to boot into by default.
15484 * "systemctl set-log-level" has been added as a convenient
15485 way to raise and lower systemd logging threshold.
15487 * "systemd-analyze plot" will now show the time the various
15488 generators needed for execution, as well as information
15489 about the unit file loading.
15491 * libsystemd-journal gained a new sd_journal_open_files() call
15492 for opening specific journal files. journactl also gained a
15493 new switch to expose this new functionality. Previously we
15494 only supported opening all files from a directory, or all
15495 files from the system, as opening individual files only is
15496 racy due to journal file rotation.
15498 * systemd gained the new DefaultEnvironment= setting in
15499 /etc/systemd/system.conf to set environment variables for
15502 * If a privileged process logs a journal message with the
15503 OBJECT_PID= field set, then journald will automatically
15504 augment this with additional OBJECT_UID=, OBJECT_GID=,
15505 OBJECT_COMM=, OBJECT_EXE=, … fields. This is useful if
15506 system services want to log events about specific client
15507 processes. journactl/systemctl has been updated to make use
15508 of this information if all log messages regarding a specific
15511 Contributions from: Auke Kok, Chengwei Yang, Colin Walters,
15512 Cristian Rodríguez, Daniel Albers, Daniel Wallace, Dave
15513 Reisner, David Coppa, David King, David Strauss, Eelco
15514 Dolstra, Gabriel de Perthuis, Harald Hoyer, Jan Alexander
15515 Steffens, Jan Engelhardt, Jan Janssen, Jason St. John, Johan
15516 Heikkilä, Karel Zak, Karol Lewandowski, Kay Sievers, Lennart
15517 Poettering, Lukas Nykryn, Mantas Mikulėnas, Marius Vollmer,
15518 Martin Pitt, Michael Biebl, Michael Olbrich, Michael Tremer,
15519 Michal Schmidt, Michał Bartoszkiewicz, Nirbheek Chauhan,
15520 Pierre Neidhardt, Ross Burton, Ross Lagerwall, Sean McGovern,
15521 Thomas Hindoe Paaboel Andersen, Tom Gundersen, Umut Tezduyar,
15522 Václav Pavlín, Zachary Cook, Zbigniew Jędrzejewski-Szmek,
15523 Łukasz Stelmach, 장동준
15527 * The Python bindings gained some minimal support for the APIs
15528 exposed by libsystemd-logind.
15530 * ConditionSecurity= gained support for detecting SMACK. Since
15531 this condition already supports SELinux and AppArmor we only
15532 miss IMA for this. Patches welcome!
15534 Contributions from: Karol Lewandowski, Lennart Poettering,
15535 Zbigniew Jędrzejewski-Szmek
15539 * systemd-nspawn will now create /etc/resolv.conf if
15540 necessary, before bind-mounting the host's file onto it.
15542 * systemd-nspawn will now store meta information about a
15543 container on the container's cgroup as extended attribute
15544 fields, including the root directory.
15546 * The cgroup hierarchy has been reworked in many ways. All
15547 objects any of the components systemd creates in the cgroup
15548 tree are now suffixed. More specifically, user sessions are
15549 now placed in cgroups suffixed with ".session", users in
15550 cgroups suffixed with ".user", and nspawn containers in
15551 cgroups suffixed with ".nspawn". Furthermore, all cgroup
15552 names are now escaped in a simple scheme to avoid collision
15553 of userspace object names with kernel filenames. This work
15554 is preparation for making these objects relocatable in the
15555 cgroup tree, in order to allow easy resource partitioning of
15556 these objects without causing naming conflicts.
15558 * systemctl list-dependencies gained the new switches
15559 --plain, --reverse, --after and --before.
15561 * systemd-inhibit now shows the process name of processes that
15562 have taken an inhibitor lock.
15564 * nss-myhostname will now also resolve "localhost"
15565 implicitly. This makes /etc/hosts an optional file and
15566 nicely handles that on IPv6 ::1 maps to both "localhost" and
15567 the local hostname.
15569 * libsystemd-logind.so gained a new call
15570 sd_get_machine_names() to enumerate running containers and
15571 VMs (currently only supported by very new libvirt and
15572 nspawn). sd_login_monitor can now be used to watch
15573 VMs/containers coming and going.
15575 * .include is not allowed recursively anymore, and only in
15576 unit files. Usually it is better to use drop-in snippets in
15577 .d/*.conf anyway, as introduced with systemd 198.
15579 * systemd-analyze gained a new "critical-chain" command that
15580 determines the slowest chain of units run during system
15581 boot-up. It is very useful for tracking down where
15582 optimizing boot time is the most beneficial.
15584 * systemd will no longer allow manipulating service paths in
15585 the name=systemd:/system cgroup tree using ControlGroup= in
15586 units. (But is still fine with it in all other dirs.)
15588 * There's a new systemd-nspawn@.service service file that may
15589 be used to easily run nspawn containers as system
15590 services. With the container's root directory in
15591 /var/lib/container/foobar it is now sufficient to run
15592 "systemctl start systemd-nspawn@foobar.service" to boot it.
15594 * systemd-cgls gained a new parameter "--machine" to list only
15595 the processes within a certain container.
15597 * ConditionSecurity= now can check for "apparmor". We still
15598 are lacking checks for SMACK and IMA for this condition
15599 check though. Patches welcome!
15601 * A new configuration file /etc/systemd/sleep.conf has been
15602 added that may be used to configure which kernel operation
15603 systemd is supposed to execute when "suspend", "hibernate"
15604 or "hybrid-sleep" is requested. This makes the new kernel
15605 "freeze" state accessible to the user.
15607 * ENV{SYSTEMD_WANTS} in udev rules will now implicitly escape
15608 the passed argument if applicable.
15610 Contributions from: Auke Kok, Colin Guthrie, Colin Walters,
15611 Cristian Rodríguez, Daniel Buch, Daniel Wallace, Dave Reisner,
15612 Evangelos Foutras, Greg Kroah-Hartman, Harald Hoyer, Josh
15613 Triplett, Kay Sievers, Lennart Poettering, Lukas Nykryn,
15614 MUNEDA Takahiro, Mantas Mikulėnas, Mirco Tischler, Nathaniel
15615 Chen, Nirbheek Chauhan, Ronny Chevalier, Ross Lagerwall, Tom
15616 Gundersen, Umut Tezduyar, Ville Skyttä, Zbigniew
15621 * The output of 'systemctl list-jobs' got some polishing. The
15622 '--type=' argument may now be passed more than once. A new
15623 command 'systemctl list-sockets' has been added which shows
15624 a list of kernel sockets systemd is listening on with the
15625 socket units they belong to, plus the units these socket
15628 * The experimental libsystemd-bus library got substantial
15629 updates to work in conjunction with the (also experimental)
15630 kdbus kernel project. It works well enough to exchange
15631 messages with some sophistication. Note that kdbus is not
15632 ready yet, and the library is mostly an elaborate test case
15633 for now, and not installable.
15635 * systemd gained a new unit 'systemd-static-nodes.service'
15636 that generates static device nodes earlier during boot, and
15637 can run in conjunction with udev.
15639 * libsystemd-login gained a new call sd_pid_get_user_unit()
15640 to retrieve the user systemd unit a process is running
15641 in. This is useful for systems where systemd is used as
15644 * systemd-nspawn now places all containers in the new /machine
15645 top-level cgroup directory in the name=systemd
15646 hierarchy. libvirt will soon do the same, so that we get a
15647 uniform separation of /system, /user and /machine for system
15648 services, user processes and containers/virtual
15649 machines. This new cgroup hierarchy is also useful to stick
15650 stable names to specific container instances, which can be
15651 recognized later this way (this name may be controlled
15652 via systemd-nspawn's new -M switch). libsystemd-login also
15653 gained a new call sd_pid_get_machine_name() to retrieve the
15654 name of the container/VM a specific process belongs to.
15656 * bootchart can now store its data in the journal.
15658 * libsystemd-journal gained a new call
15659 sd_journal_add_conjunction() for AND expressions to the
15660 matching logic. This can be used to express more complex
15661 logical expressions.
15663 * journactl can now take multiple --unit= and --user-unit=
15666 * The cryptsetup logic now understands the "luks.key=" kernel
15667 command line switch for specifying a file to read the
15668 decryption key from. Also, if a configured key file is not
15669 found the tool will now automatically fall back to prompting
15672 * Python systemd.journal module was updated to wrap recently
15673 added functions from libsystemd-journal. The interface was
15674 changed to bring the low level interface in s.j._Reader
15675 closer to the C API, and the high level interface in
15676 s.j.Reader was updated to wrap and convert all data about
15679 Contributions from: Anatol Pomozov, Auke Kok, Harald Hoyer,
15680 Henrik Grindal Bakken, Josh Triplett, Kay Sievers, Lennart
15681 Poettering, Lukas Nykryn, Mantas Mikulėnas Marius Vollmer,
15682 Martin Jansa, Martin Pitt, Michael Biebl, Michal Schmidt,
15683 Mirco Tischler, Pali Rohar, Simon Peeters, Steven Hiscocks,
15684 Tom Gundersen, Zbigniew Jędrzejewski-Szmek
15688 * journalctl --update-catalog now understands a new --root=
15689 option to operate on catalogs found in a different root
15692 * During shutdown after systemd has terminated all running
15693 services a final killing loop kills all remaining left-over
15694 processes. We will now print the name of these processes
15695 when we send SIGKILL to them, since this usually indicates a
15698 * If /etc/crypttab refers to password files stored on
15699 configured mount points automatic dependencies will now be
15700 generated to ensure the specific mount is established first
15701 before the key file is attempted to be read.
15703 * 'systemctl status' will now show information about the
15704 network sockets a socket unit is listening on.
15706 * 'systemctl status' will also shown information about any
15707 drop-in configuration file for units. (Drop-In configuration
15708 files in this context are files such as
15709 /etc/systemd/system/foobar.service.d/*.conf)
15711 * systemd-cgtop now optionally shows summed up CPU times of
15712 cgroups. Press '%' while running cgtop to switch between
15713 percentage and absolute mode. This is useful to determine
15714 which cgroups use up the most CPU time over the entire
15715 runtime of the system. systemd-cgtop has also been updated
15716 to be 'pipeable' for processing with further shell tools.
15718 * 'hostnamectl set-hostname' will now allow setting of FQDN
15721 * The formatting and parsing of time span values has been
15722 changed. The parser now understands fractional expressions
15723 such as "5.5h". The formatter will now output fractional
15724 expressions for all time spans under 1min, i.e. "5.123456s"
15725 rather than "5s 123ms 456us". For time spans under 1s
15726 millisecond values are shown, for those under 1ms
15727 microsecond values are shown. This should greatly improve
15728 all time-related output of systemd.
15730 * libsystemd-login and libsystemd-journal gained new
15731 functions for querying the poll() events mask and poll()
15732 timeout value for integration into arbitrary event
15735 * localectl gained the ability to list available X11 keymaps
15736 (models, layouts, variants, options).
15738 * 'systemd-analyze dot' gained the ability to filter for
15739 specific units via shell-style globs, to create smaller,
15740 more useful graphs. I.e. it is now possible to create simple
15741 graphs of all the dependencies between only target units, or
15742 of all units that Avahi has dependencies with.
15744 Contributions from: Cristian Rodríguez, Dr. Tilmann Bubeck,
15745 Harald Hoyer, Holger Hans Peter Freyther, Kay Sievers, Kelly
15746 Anderson, Koen Kooi, Lennart Poettering, Maksim Melnikau,
15747 Marc-Antoine Perennou, Marius Vollmer, Martin Pitt, Michal
15748 Schmidt, Oleksii Shevchuk, Ronny Chevalier, Simon McVittie,
15749 Steven Hiscocks, Thomas Weißschuh, Umut Tezduyar, Václav
15750 Pavlín, Zbigniew Jędrzejewski-Szmek, Łukasz Stelmach
15754 * The boot-time readahead implementation for rotating media
15755 will now read the read-ahead data in multiple passes which
15756 consist of all read requests made in equidistant time
15757 intervals. This means instead of strictly reading read-ahead
15758 data in its physical order on disk we now try to find a
15759 middle ground between physical and access time order.
15761 * /etc/os-release files gained a new BUILD_ID= field for usage
15762 on operating systems that provide continuous builds of OS
15765 Contributions from: Auke Kok, Eelco Dolstra, Kay Sievers,
15766 Lennart Poettering, Lukas Nykryn, Martin Pitt, Václav Pavlín
15767 William Douglas, Zbigniew Jędrzejewski-Szmek
15771 * systemd-python gained an API exposing libsystemd-daemon.
15773 * The SMACK setup logic gained support for uploading CIPSO
15776 * Behaviour of PrivateTmp=, ReadWriteDirectories=,
15777 ReadOnlyDirectories= and InaccessibleDirectories= has
15778 changed. The private /tmp and /var/tmp directories are now
15779 shared by all processes of a service (which means
15780 ExecStartPre= may now leave data in /tmp that ExecStart= of
15781 the same service can still access). When a service is
15782 stopped its temporary directories are immediately deleted
15783 (normal clean-up with tmpfiles is still done in addition to
15786 * By default, systemd will now set a couple of sysctl
15787 variables in the kernel: the safe sysrq options are turned
15788 on, IP route verification is turned on, and source routing
15789 disabled. The recently added hardlink and softlink
15790 protection of the kernel is turned on. These settings should
15791 be reasonably safe, and good defaults for all new systems.
15793 * The predictable network naming logic may now be turned off
15794 with a new kernel command line switch: net.ifnames=0.
15796 * A new libsystemd-bus module has been added that implements a
15797 pretty complete D-Bus client library. For details see:
15799 https://lists.freedesktop.org/archives/systemd-devel/2013-March/009797.html
15801 * journald will now explicitly flush the journal files to disk
15802 at the latest 5min after each write. The file will then also
15803 be marked offline until the next write. This should increase
15804 reliability in case of a crash. The synchronization delay
15805 can be configured via SyncIntervalSec= in journald.conf.
15807 * There's a new remote-fs-setup.target unit that can be used
15808 to pull in specific services when at least one remote file
15809 system is to be mounted.
15811 * There are new targets timers.target and paths.target as
15812 canonical targets to pull user timer and path units in
15813 from. This complements sockets.target with a similar
15814 purpose for socket units.
15816 * libudev gained a new call udev_device_set_attribute_value()
15817 to set sysfs attributes of a device.
15819 * The udev daemon now sets the default number of worker
15820 processes executed in parallel based on the number of available
15821 CPUs instead of the amount of available RAM. This is supposed
15822 to provide a more reliable default and limit a too aggressive
15823 parallelism for setups with 1000s of devices connected.
15825 Contributions from: Auke Kok, Colin Walters, Cristian
15826 Rodríguez, Daniel Buch, Dave Reisner, Frederic Crozat, Hannes
15827 Reinecke, Harald Hoyer, Jan Alexander Steffens, Jan
15828 Engelhardt, Josh Triplett, Kay Sievers, Lennart Poettering,
15829 Mantas Mikulėnas, Martin Pitt, Mathieu Bridon, Michael Biebl,
15830 Michal Schmidt, Michal Sekletar, Miklos Vajna, Nathaniel Chen,
15831 Oleksii Shevchuk, Ozan Çağlayan, Thomas Hindoe Paaboel
15832 Andersen, Tollef Fog Heen, Tom Gundersen, Umut Tezduyar,
15833 Zbigniew Jędrzejewski-Szmek
15837 * Configuration of unit files may now be extended via drop-in
15838 files without having to edit/override the unit files
15839 themselves. More specifically, if the administrator wants to
15840 change one value for a service file foobar.service he can
15841 now do so by dropping in a configuration snippet into
15842 /etc/systemd/system/foobar.service.d/*.conf. The unit logic
15843 will load all these snippets and apply them on top of the
15844 main unit configuration file, possibly extending or
15845 overriding its settings. Using these drop-in snippets is
15846 generally nicer than the two earlier options for changing
15847 unit files locally: copying the files from
15848 /usr/lib/systemd/system/ to /etc/systemd/system/ and editing
15849 them there; or creating a new file in /etc/systemd/system/
15850 that incorporates the original one via ".include". Drop-in
15851 snippets into these .d/ directories can be placed in any
15852 directory systemd looks for units in, and the usual
15853 overriding semantics between /usr/lib, /etc and /run apply
15856 * Most unit file settings which take lists of items can now be
15857 reset by assigning the empty string to them. For example,
15858 normally, settings such as Environment=FOO=BAR append a new
15859 environment variable assignment to the environment block,
15860 each time they are used. By assigning Environment= the empty
15861 string the environment block can be reset to empty. This is
15862 particularly useful with the .d/*.conf drop-in snippets
15863 mentioned above, since this adds the ability to reset list
15864 settings from vendor unit files via these drop-ins.
15866 * systemctl gained a new "list-dependencies" command for
15867 listing the dependencies of a unit recursively.
15869 * Inhibitors are now honored and listed by "systemctl
15870 suspend", "systemctl poweroff" (and similar) too, not only
15871 GNOME. These commands will also list active sessions by
15874 * Resource limits (as exposed by the various control group
15875 controllers) can now be controlled dynamically at runtime
15876 for all units. More specifically, you can now use a command
15877 like "systemctl set-cgroup-attr foobar.service cpu.shares
15878 2000" to alter the CPU shares a specific service gets. These
15879 settings are stored persistently on disk, and thus allow the
15880 administrator to easily adjust the resource usage of
15881 services with a few simple commands. This dynamic resource
15882 management logic is also available to other programs via the
15883 bus. Almost any kernel cgroup attribute and controller is
15886 * systemd-vconsole-setup will now copy all font settings to
15887 all allocated VTs, where it previously applied them only to
15890 * libsystemd-login gained the new sd_session_get_tty() API
15893 * This release drops support for a few legacy or
15894 distribution-specific LSB facility names when parsing init
15895 scripts: $x-display-manager, $mail-transfer-agent,
15896 $mail-transport-agent, $mail-transfer-agent, $smtp,
15897 $null. Also, the mail-transfer-agent.target unit backing
15898 this has been removed. Distributions which want to retain
15899 compatibility with this should carry the burden for
15900 supporting this themselves and patch support for these back
15901 in, if they really need to. Also, the facilities $syslog and
15902 $local_fs are now ignored, since systemd does not support
15903 early-boot LSB init scripts anymore, and these facilities
15904 are implied anyway for normal services. syslog.target has
15907 * There are new bus calls on PID1's Manager object for
15908 cancelling jobs, and removing snapshot units. Previously,
15909 both calls were only available on the Job and Snapshot
15910 objects themselves.
15912 * systemd-journal-gatewayd gained SSL support.
15914 * The various "environment" files, such as /etc/locale.conf
15915 now support continuation lines with a backslash ("\") as
15916 last character in the line, similarly in style (but different)
15917 to how this is supported in shells.
15919 * For normal user processes the _SYSTEMD_USER_UNIT= field is
15920 now implicitly appended to every log entry logged. systemctl
15921 has been updated to filter by this field when operating on a
15922 user systemd instance.
15924 * nspawn will now implicitly add the CAP_AUDIT_WRITE and
15925 CAP_AUDIT_CONTROL capabilities to the capabilities set for
15926 the container. This makes it easier to boot unmodified
15927 Fedora systems in a container, which however still requires
15928 audit=0 to be passed on the kernel command line. Auditing in
15929 kernel and userspace is unfortunately still too broken in
15930 context of containers, hence we recommend compiling it out
15931 of the kernel or using audit=0. Hopefully this will be fixed
15932 one day for good in the kernel.
15934 * nspawn gained the new --bind= and --bind-ro= parameters to
15935 bind mount specific directories from the host into the
15938 * nspawn will now mount its own devpts file system instance
15939 into the container, in order not to leak pty devices from
15940 the host into the container.
15942 * systemd will now read the firmware boot time performance
15943 information from the EFI variables, if the used boot loader
15944 supports this, and takes it into account for boot performance
15945 analysis via "systemd-analyze". This is currently supported
15946 only in conjunction with Gummiboot, but could be supported
15947 by other boot loaders too. For details see:
15949 https://systemd.io/BOOT_LOADER_INTERFACE
15951 * A new generator has been added that automatically mounts the
15952 EFI System Partition (ESP) to /boot, if that directory
15953 exists, is empty, and no other file system has been
15954 configured to be mounted there.
15956 * logind will now send out PrepareForSleep(false) out
15957 unconditionally, after coming back from suspend. This may be
15958 used by applications as asynchronous notification for
15959 system resume events.
15961 * "systemctl unlock-sessions" has been added, that allows
15962 unlocking the screens of all user sessions at once, similar
15963 to how "systemctl lock-sessions" already locked all users
15964 sessions. This is backed by a new D-Bus call UnlockSessions().
15966 * "loginctl seat-status" will now show the master device of a
15967 seat. (i.e. the device of a seat that needs to be around for
15968 the seat to be considered available, usually the graphics
15971 * tmpfiles gained a new "X" line type, that allows
15972 configuration of files and directories (with wildcards) that
15973 shall be excluded from automatic cleanup ("aging").
15975 * udev default rules set the device node permissions now only
15976 at "add" events, and do not change them any longer with a
15977 later "change" event.
15979 * The log messages for lid events and power/sleep keypresses
15980 now carry a message ID.
15982 * We now have a substantially larger unit test suite, but this
15983 continues to be work in progress.
15985 * udevadm hwdb gained a new --root= parameter to change the
15986 root directory to operate relative to.
15988 * logind will now issue a background sync() request to the kernel
15989 early at shutdown, so that dirty buffers are flushed to disk early
15990 instead of at the last moment, in order to optimize shutdown
15993 * A new bootctl tool has been added that is an interface for
15994 certain boot loader operations. This is currently a preview
15995 and is likely to be extended into a small mechanism daemon
15996 like timedated, localed, hostnamed, and can be used by
15997 graphical UIs to enumerate available boot options, and
15998 request boot into firmware operations.
16000 * systemd-bootchart has been relicensed to LGPLv2.1+ to match
16001 the rest of the package. It also has been updated to work
16002 correctly in initrds.
16004 * polkit previously has been runtime optional, and is now also
16005 compile time optional via a configure switch.
16007 * systemd-analyze has been reimplemented in C. Also "systemctl
16008 dot" has moved into systemd-analyze.
16010 * "systemctl status" with no further parameters will now print
16011 the status of all active or failed units.
16013 * Operations such as "systemctl start" can now be executed
16014 with a new mode "--irreversible" which may be used to queue
16015 operations that cannot accidentally be reversed by a later
16016 job queuing. This is by default used to make shutdown
16017 requests more robust.
16019 * The Python API of systemd now gained a new module for
16020 reading journal files.
16022 * A new tool kernel-install has been added that can install
16023 kernel images according to the Boot Loader Specification:
16025 https://systemd.io/BOOT_LOADER_SPECIFICATION
16027 * Boot time console output has been improved to provide
16028 animated boot time output for hanging jobs.
16030 * A new tool systemd-activate has been added which can be used
16031 to test socket activation with, directly from the command
16032 line. This should make it much easier to test and debug
16033 socket activation in daemons.
16035 * journalctl gained a new "--reverse" (or -r) option to show
16036 journal output in reverse order (i.e. newest line first).
16038 * journalctl gained a new "--pager-end" (or -e) option to jump
16039 to immediately jump to the end of the journal in the
16040 pager. This is only supported in conjunction with "less".
16042 * journalctl gained a new "--user-unit=" option, that works
16043 similarly to "--unit=" but filters for user units rather than
16046 * A number of unit files to ease adoption of systemd in
16047 initrds has been added. This moves some minimal logic from
16048 the various initrd implementations into systemd proper.
16050 * The journal files are now owned by a new group
16051 "systemd-journal", which exists specifically to allow access
16052 to the journal, and nothing else. Previously, we used the
16053 "adm" group for that, which however possibly covers more
16054 than just journal/log file access. This new group is now
16055 already used by systemd-journal-gatewayd to ensure this
16056 daemon gets access to the journal files and as little else
16057 as possible. Note that "make install" will also set FS ACLs
16058 up for /var/log/journal to give "adm" and "wheel" read
16059 access to it, in addition to "systemd-journal" which owns
16060 the journal files. We recommend that packaging scripts also
16061 add read access to "adm" + "wheel" to /var/log/journal, and
16062 all existing/future journal files. To normal users and
16063 administrators little changes, however packagers need to
16064 ensure to create the "systemd-journal" system group at
16065 package installation time.
16067 * The systemd-journal-gatewayd now runs as unprivileged user
16068 systemd-journal-gateway:systemd-journal-gateway. Packaging
16069 scripts need to create these system user/group at
16072 * timedated now exposes a new boolean property CanNTP that
16073 indicates whether a local NTP service is available or not.
16075 * systemd-detect-virt will now also detect xen PVs
16077 * The pstore file system is now mounted by default, if it is
16080 * In addition to the SELinux and IMA policies we will now also
16081 load SMACK policies at early boot.
16083 Contributions from: Adel Gadllah, Aleksander Morgado, Auke
16084 Kok, Ayan George, Bastien Nocera, Colin Walters, Daniel Buch,
16085 Daniel Wallace, Dave Reisner, David Herrmann, David Strauss,
16086 Eelco Dolstra, Enrico Scholz, Frederic Crozat, Harald Hoyer,
16087 Jan Janssen, Jonathan Callen, Kay Sievers, Lennart Poettering,
16088 Lukas Nykryn, Mantas Mikulėnas, Marc-Antoine Perennou, Martin
16089 Pitt, Mauro Dreissig, Max F. Albrecht, Michael Biebl, Michael
16090 Olbrich, Michal Schmidt, Michal Sekletar, Michal Vyskocil,
16091 Michał Bartoszkiewicz, Mirco Tischler, Nathaniel Chen, Nestor
16092 Ovroy, Oleksii Shevchuk, Paul W. Frields, Piotr Drąg, Rob
16093 Clark, Ryan Lortie, Simon McVittie, Simon Peeters, Steven
16094 Hiscocks, Thomas Hindoe Paaboel Andersen, Tollef Fog Heen, Tom
16095 Gundersen, Umut Tezduyar, William Giokas, Zbigniew
16096 Jędrzejewski-Szmek, Zeeshan Ali (Khattak)
16100 * Timer units now support calendar time events in addition to
16101 monotonic time events. That means you can now trigger a unit
16102 based on a calendar time specification such as "Thu,Fri
16103 2013-*-1,5 11:12:13" which refers to 11:12:13 of the first
16104 or fifth day of any month of the year 2013, given that it is
16105 a Thursday or a Friday. This brings timer event support
16106 considerably closer to cron's capabilities. For details on
16107 the supported calendar time specification language see
16110 * udev now supports a number of different naming policies for
16111 network interfaces for predictable names, and a combination
16112 of these policies is now the default. Please see this wiki
16113 document for details:
16115 https://www.freedesktop.org/software/systemd/man/systemd.net-naming-scheme.html
16117 * Auke Kok's bootchart implementation has been added to the
16118 systemd tree. It is an optional component that can graph the
16119 boot in quite some detail. It is one of the best bootchart
16120 implementations around and minimal in its code and
16123 * nss-myhostname has been integrated into the systemd source
16124 tree. nss-myhostname guarantees that the local hostname
16125 always stays resolvable via NSS. It has been a weak
16126 requirement of systemd-hostnamed since a long time, and
16127 since its code is actually trivial we decided to just
16128 include it in systemd's source tree. It can be turned off
16129 with a configure switch.
16131 * The read-ahead logic is now capable of properly detecting
16132 whether a btrfs file system is on SSD or rotating media, in
16133 order to optimize the read-ahead scheme. Previously, it was
16134 only capable of detecting this on traditional file systems
16137 * In udev, additional device properties are now read from the
16138 IAB in addition to the OUI database. Also, Bluetooth company
16139 identities are attached to the devices as well.
16141 * In service files %U may be used as specifier that is
16142 replaced by the configured user name of the service.
16144 * nspawn may now be invoked without a controlling TTY. This
16145 makes it suitable for invocation as its own service. This
16146 may be used to set up a simple containerized server system
16147 using only core OS tools.
16149 * systemd and nspawn can now accept socket file descriptors
16150 when they are started for socket activation. This enables
16151 implementation of socket activated nspawn
16152 containers. i.e. think about autospawning an entire OS image
16153 when the first SSH or HTTP connection is received. We expect
16154 that similar functionality will also be added to libvirt-lxc
16157 * journalctl will now suppress ANSI color codes when
16158 presenting log data.
16160 * systemctl will no longer show control group information for
16161 a unit if the control group is empty anyway.
16163 * logind can now automatically suspend/hibernate/shutdown the
16166 * /etc/machine-info and hostnamed now also expose the chassis
16167 type of the system. This can be used to determine whether
16168 the local system is a laptop, desktop, handset or
16169 tablet. This information may either be configured by the
16170 user/vendor or is automatically determined from ACPI and DMI
16171 information if possible.
16173 * A number of polkit actions are now bound together with "imply"
16174 rules. This should simplify creating UIs because many actions
16175 will now authenticate similar ones as well.
16177 * Unit files learnt a new condition ConditionACPower= which
16178 may be used to conditionalize a unit depending on whether an
16179 AC power source is connected or not, of whether the system
16180 is running on battery power.
16182 * systemctl gained a new "is-failed" verb that may be used in
16183 shell scripts and suchlike to check whether a specific unit
16184 is in the "failed" state.
16186 * The EnvironmentFile= setting in unit files now supports file
16187 globbing, and can hence be used to easily read a number of
16188 environment files at once.
16190 * systemd will no longer detect and recognize specific
16191 distributions. All distribution-specific #ifdeffery has been
16192 removed, systemd is now fully generic and
16193 distribution-agnostic. Effectively, not too much is lost as
16194 a lot of the code is still accessible via explicit configure
16195 switches. However, support for some distribution specific
16196 legacy configuration file formats has been dropped. We
16197 recommend distributions to simply adopt the configuration
16198 files everybody else uses now and convert the old
16199 configuration from packaging scripts. Most distributions
16200 already did that. If that's not possible or desirable,
16201 distributions are welcome to forward port the specific
16202 pieces of code locally from the git history.
16204 * When logging a message about a unit systemd will now always
16205 log the unit name in the message meta data.
16207 * localectl will now also discover system locale data that is
16208 not stored in locale archives, but directly unpacked.
16210 * logind will no longer unconditionally use framebuffer
16211 devices as seat masters, i.e. as devices that are required
16212 to be existing before a seat is considered preset. Instead,
16213 it will now look for all devices that are tagged as
16214 "seat-master" in udev. By default, framebuffer devices will
16215 be marked as such, but depending on local systems, other
16216 devices might be marked as well. This may be used to
16217 integrate graphics cards using closed source drivers (such
16218 as NVidia ones) more nicely into logind. Note however, that
16219 we recommend using the open source NVidia drivers instead,
16220 and no udev rules for the closed-source drivers will be
16221 shipped from us upstream.
16223 Contributions from: Adam Williamson, Alessandro Crismani, Auke
16224 Kok, Colin Walters, Daniel Wallace, Dave Reisner, David
16225 Herrmann, David Strauss, Dimitrios Apostolou, Eelco Dolstra,
16226 Eric Benoit, Giovanni Campagna, Hannes Reinecke, Henrik
16227 Grindal Bakken, Hermann Gausterer, Kay Sievers, Lennart
16228 Poettering, Lukas Nykryn, Mantas Mikulėnas, Marcel Holtmann,
16229 Martin Pitt, Matthew Monaco, Michael Biebl, Michael Terry,
16230 Michal Schmidt, Michal Sekletar, Michał Bartoszkiewicz, Oleg
16231 Samarin, Pekka Lundstrom, Philip Nilsson, Ramkumar
16232 Ramachandra, Richard Yao, Robert Millan, Sami Kerola, Shawn
16233 Landden, Thomas Hindoe Paaboel Andersen, Thomas Jarosch,
16234 Tollef Fog Heen, Tom Gundersen, Umut Tezduyar, Zbigniew
16239 * udev gained support for loading additional device properties
16240 from an indexed database that is keyed by vendor/product IDs
16241 and similar device identifiers. For the beginning this
16242 "hwdb" is populated with data from the well-known PCI and
16243 USB database, but also includes PNP, ACPI and OID data. In
16244 the longer run this indexed database shall grow into
16245 becoming the one central database for non-essential
16246 userspace device metadata. Previously, data from the PCI/USB
16247 database was only attached to select devices, since the
16248 lookup was a relatively expensive operation due to O(n) time
16249 complexity (with n being the number of entries in the
16250 database). Since this is now O(1), we decided to add in this
16251 data for all devices where this is available, by
16252 default. Note that the indexed database needs to be rebuilt
16253 when new data files are installed. To achieve this you need
16254 to update your packaging scripts to invoke "udevadm hwdb
16255 --update" after installation of hwdb data files. For
16256 RPM-based distributions we introduced the new
16257 %udev_hwdb_update macro for this purpose.
16259 * The Journal gained support for the "Message Catalog", an
16260 indexed database to link up additional information with
16261 journal entries. For further details please check:
16263 https://www.freedesktop.org/wiki/Software/systemd/catalog
16265 The indexed message catalog database also needs to be
16266 rebuilt after installation of message catalog files. Use
16267 "journalctl --update-catalog" for this. For RPM-based
16268 distributions we introduced the %journal_catalog_update
16269 macro for this purpose.
16271 * The Python Journal bindings gained support for the standard
16272 Python logging framework.
16274 * The Journal API gained new functions for checking whether
16275 the underlying file system of a journal file is capable of
16276 properly reporting file change notifications, or whether
16277 applications that want to reflect journal changes "live"
16278 need to recheck journal files continuously in appropriate
16281 * It is now possible to set the "age" field for tmpfiles
16282 entries to 0, indicating that files matching this entry
16283 shall always be removed when the directories are cleaned up.
16285 * coredumpctl gained a new "gdb" verb which invokes gdb
16286 right-away on the selected coredump.
16288 * There's now support for "hybrid sleep" on kernels that
16289 support this, in addition to "suspend" and "hibernate". Use
16290 "systemctl hybrid-sleep" to make use of this.
16292 * logind's HandleSuspendKey= setting (and related settings)
16293 now gained support for a new "lock" setting to simply
16294 request the screen lock on all local sessions, instead of
16295 actually executing a suspend or hibernation.
16297 * systemd will now mount the EFI variables file system by
16300 * Socket units now gained support for configuration of the
16301 SMACK security label.
16303 * timedatectl will now output the time of the last and next
16304 daylight saving change.
16306 * We dropped support for various legacy and distro-specific
16307 concepts, such as insserv, early-boot SysV services
16308 (i.e. those for non-standard runlevels such as 'b' or 'S')
16309 or ArchLinux /etc/rc.conf support. We recommend the
16310 distributions who still need support this to either continue
16311 to maintain the necessary patches downstream, or find a
16312 different solution. (Talk to us if you have questions!)
16314 * Various systemd components will now bypass polkit checks for
16315 root and otherwise handle properly if polkit is not found to
16316 be around. This should fix most issues for polkit-less
16317 systems. Quite frankly this should have been this way since
16318 day one. It is absolutely our intention to make systemd work
16319 fine on polkit-less systems, and we consider it a bug if
16320 something does not work as it should if polkit is not around.
16322 * For embedded systems it is now possible to build udev and
16323 systemd without blkid and/or kmod support.
16325 * "systemctl switch-root" is now capable of switching root
16326 more than once. I.e. in addition to transitions from the
16327 initrd to the host OS it is now possible to transition to
16328 further OS images from the host. This is useful to implement
16329 offline updating tools.
16331 * Various other additions have been made to the RPM macros
16332 shipped with systemd. Use %udev_rules_update() after
16333 installing new udev rules files. %_udevhwdbdir,
16334 %_udevrulesdir, %_journalcatalogdir, %_tmpfilesdir,
16335 %_sysctldir are now available which resolve to the right
16336 directories for packages to place various data files in.
16338 * journalctl gained the new --full switch (in addition to
16339 --all, to disable ellipsation for long messages.
16341 Contributions from: Anders Olofsson, Auke Kok, Ben Boeckel,
16342 Colin Walters, Cosimo Cecchi, Daniel Wallace, Dave Reisner,
16343 Eelco Dolstra, Holger Hans Peter Freyther, Kay Sievers,
16344 Chun-Yi Lee, Lekensteyn, Lennart Poettering, Mantas Mikulėnas,
16345 Marti Raudsepp, Martin Pitt, Mauro Dreissig, Michael Biebl,
16346 Michal Schmidt, Michal Sekletar, Miklos Vajna, Nis Martensen,
16347 Oleksii Shevchuk, Olivier Brunel, Ramkumar Ramachandra, Thomas
16348 Bächler, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Tony
16349 Camuso, Umut Tezduyar, Zbigniew Jędrzejewski-Szmek
16353 * journalctl gained new --since= and --until= switches to
16354 filter by time. It also now supports nice filtering for
16355 units via --unit=/-u.
16357 * Type=oneshot services may use ExecReload= and do the
16360 * The journal daemon now supports time-based rotation and
16361 vacuuming, in addition to the usual disk-space based
16364 * The journal will now index the available field values for
16365 each field name. This enables clients to show pretty drop
16366 downs of available match values when filtering. The bash
16367 completion of journalctl has been updated
16368 accordingly. journalctl gained a new switch -F to list all
16369 values a certain field takes in the journal database.
16371 * More service events are now written as structured messages
16372 to the journal, and made recognizable via message IDs.
16374 * The timedated, localed and hostnamed mini-services which
16375 previously only provided support for changing time, locale
16376 and hostname settings from graphical DEs such as GNOME now
16377 also have a minimal (but very useful) text-based client
16378 utility each. This is probably the nicest way to changing
16379 these settings from the command line now, especially since
16380 it lists available options and is fully integrated with bash
16383 * There's now a new tool "systemd-coredumpctl" to list and
16384 extract coredumps from the journal.
16386 * We now install a README each in /var/log/ and
16387 /etc/rc.d/init.d explaining where the system logs and init
16388 scripts went. This hopefully should help folks who go to
16389 that dirs and look into the otherwise now empty void and
16390 scratch their heads.
16392 * When user-services are invoked (by systemd --user) the
16393 $MANAGERPID env var is set to the PID of systemd.
16395 * SIGRTMIN+24 when sent to a --user instance will now result
16396 in immediate termination of systemd.
16398 * gatewayd received numerous feature additions such as a
16399 "follow" mode, for live syncing and filtering.
16401 * browse.html now allows filtering and showing detailed
16402 information on specific entries. Keyboard navigation and
16403 mouse screen support has been added.
16405 * gatewayd/journalctl now supports HTML5/JSON
16406 Server-Sent-Events as output.
16408 * The SysV init script compatibility logic will now
16409 heuristically determine whether a script supports the
16410 "reload" verb, and only then make this available as
16411 "systemctl reload".
16413 * "systemctl status --follow" has been removed, use "journalctl
16416 * journald.conf's RuntimeMinSize=, PersistentMinSize= settings
16417 have been removed since they are hardly useful to be
16420 * And I'd like to take the opportunity to specifically mention
16421 Zbigniew for his great contributions. Zbigniew, you rock!
16423 Contributions from: Andrew Eikum, Christian Hesse, Colin
16424 Guthrie, Daniel J Walsh, Dave Reisner, Eelco Dolstra, Ferenc
16425 Wágner, Kay Sievers, Lennart Poettering, Lukas Nykryn, Mantas
16426 Mikulėnas, Martin Mikkelsen, Martin Pitt, Michael Olbrich,
16427 Michael Stapelberg, Michal Schmidt, Sebastian Ott, Thomas
16428 Bächler, Umut Tezduyar, Will Woods, Wulf C. Krueger, Zbigniew
16429 Jędrzejewski-Szmek, Сковорода Никита Андреевич
16433 * If /etc/vconsole.conf is non-existent or empty we will no
16434 longer load any console font or key map at boot by
16435 default. Instead the kernel defaults will be left
16436 intact. This is definitely the right thing to do, as no
16437 configuration should mean no configuration, and hard-coding
16438 font names that are different on all archs is probably a bad
16439 idea. Also, the kernel default key map and font should be
16440 good enough for most cases anyway, and mostly identical to
16441 the userspace fonts/key maps we previously overloaded them
16442 with. If distributions want to continue to default to a
16443 non-kernel font or key map they should ship a default
16444 /etc/vconsole.conf with the appropriate contents.
16446 Contributions from: Colin Walters, Daniel J Walsh, Dave
16447 Reisner, Kay Sievers, Lennart Poettering, Lukas Nykryn, Tollef
16448 Fog Heen, Tom Gundersen, Zbigniew Jędrzejewski-Szmek
16452 * journalctl gained a new --cursor= switch to show entries
16453 starting from the specified location in the journal.
16455 * We now enforce a size limit on journal entry fields exported
16456 with "-o json" in journalctl. Fields larger than 4K will be
16457 assigned null. This can be turned off with --all.
16459 * An (optional) journal gateway daemon is now available as
16460 "systemd-journal-gatewayd.service". This service provides
16461 access to the journal via HTTP and JSON. This functionality
16462 will be used to implement live log synchronization in both
16463 pull and push modes, but has various other users too, such
16464 as easy log access for debugging of embedded devices. Right
16465 now it is already useful to retrieve the journal via HTTP:
16467 # systemctl start systemd-journal-gatewayd.service
16468 # wget http://localhost:19531/entries
16470 This will download the journal contents in a
16471 /var/log/messages compatible format. The same as JSON:
16473 # curl -H"Accept: application/json" http://localhost:19531/entries
16475 This service is also accessible via a web browser where a
16476 single static HTML5 app is served that uses the JSON logic
16477 to enable the user to do some basic browsing of the
16478 journal. This will be extended later on. Here's an example
16479 screenshot of this app in its current state:
16481 https://0pointer.de/public/journal-gatewayd
16483 Contributions from: Kay Sievers, Lennart Poettering, Robert
16484 Milasan, Tom Gundersen
16488 * The bash completion logic is now available for journalctl
16491 * We do not mount the "cpuset" controller anymore together with
16492 "cpu" and "cpuacct", as "cpuset" groups generally cannot be
16493 started if no parameters are assigned to it. "cpuset" hence
16494 broke code that assumed it could create "cpu" groups and
16497 * journalctl -f will now subscribe to terminal size changes,
16498 and line break accordingly.
16500 Contributions from: Dave Reisner, Kay Sievers, Lennart
16501 Poettering, Lukas Nykrynm, Mirco Tischler, Václav Pavlín
16505 * nspawn will now create a symlink /etc/localtime in the
16506 container environment, copying the host's timezone
16507 setting. Previously this has been done via a bind mount, but
16508 since symlinks cannot be bind mounted this has now been
16509 changed to create/update the appropriate symlink.
16511 * journalctl -n's line number argument is now optional, and
16512 will default to 10 if omitted.
16514 * journald will now log the maximum size the journal files may
16515 take up on disk. This is particularly useful if the default
16516 built-in logic of determining this parameter from the file
16517 system size is used. Use "systemctl status
16518 systemd-journald.service" to see this information.
16520 * The multi-seat X wrapper tool has been stripped down. As X
16521 is now capable of enumerating graphics devices via udev in a
16522 seat-aware way the wrapper is not strictly necessary
16523 anymore. A stripped down temporary stop-gap is still shipped
16524 until the upstream display managers have been updated to
16525 fully support the new X logic. Expect this wrapper to be
16526 removed entirely in one of the next releases.
16528 * HandleSleepKey= in logind.conf has been split up into
16529 HandleSuspendKey= and HandleHibernateKey=. The old setting
16530 is not available anymore. X11 and the kernel are
16531 distinguishing between these keys and we should too. This
16532 also means the inhibition lock for these keys has been split
16535 Contributions from: Dave Airlie, Eelco Dolstra, Lennart
16536 Poettering, Lukas Nykryn, Václav Pavlín
16540 * Whenever a unit changes state we will now log this to the
16541 journal and show along the unit's own log output in
16542 "systemctl status".
16544 * ConditionPathIsMountPoint= can now properly detect bind
16545 mount points too. (Previously, a bind mount of one file
16546 system to another place in the same file system could not be
16547 detected as mount, since they shared struct stat's st_dev
16550 * We will now mount the cgroup controllers cpu, cpuacct,
16551 cpuset and the controllers net_cls, net_prio together by
16554 * nspawn containers will now have a virtualized boot
16555 ID. (i.e. /proc/sys/kernel/random/boot_id is now mounted
16556 over with a randomized ID at container initialization). This
16557 has the effect of making "journalctl -b" do the right thing
16560 * The JSON output journal serialization has been updated not
16561 to generate "endless" list objects anymore, but rather one
16562 JSON object per line. This is more in line how most JSON
16563 parsers expect JSON objects. The new output mode
16564 "json-pretty" has been added to provide similar output, but
16565 neatly aligned for readability by humans.
16567 * We dropped all explicit sync() invocations in the shutdown
16568 code. The kernel does this implicitly anyway in the kernel
16569 reboot() syscall. halt(8)'s -n option is now a compatibility
16572 * We now support virtualized reboot() in containers, as
16573 supported by newer kernels. We will fall back to exit() if
16574 CAP_SYS_REBOOT is not available to the container. Also,
16575 nspawn makes use of this now and will actually reboot the
16576 container if the containerized OS asks for that.
16578 * journalctl will only show local log output by default
16579 now. Use --merge (-m) to show remote log output, too.
16581 * libsystemd-journal gained the new sd_journal_get_usage()
16582 call to determine the current disk usage of all journal
16583 files. This is exposed in the new "journalctl --disk-usage"
16586 * journald gained a new configuration setting SplitMode= in
16587 journald.conf which may be used to control how user journals
16588 are split off. See journald.conf(5) for details.
16590 * A new condition type ConditionFileNotEmpty= has been added.
16592 * tmpfiles' "w" lines now support file globbing, to write
16593 multiple files at once.
16595 * We added Python bindings for the journal submission
16596 APIs. More Python APIs for a number of selected APIs will
16597 likely follow. Note that we intend to add native bindings
16598 only for the Python language, as we consider it common
16599 enough to deserve bindings shipped within systemd. There are
16600 various projects outside of systemd that provide bindings
16601 for languages such as PHP or Lua.
16603 * Many conditions will now resolve specifiers such as %i. In
16604 addition, PathChanged= and related directives of .path units
16605 now support specifiers as well.
16607 * There's now a new RPM macro definition for the system preset
16610 * journald will now warn if it ca not forward a message to the
16611 syslog daemon because its socket is full.
16613 * timedated will no longer write or process /etc/timezone,
16614 except on Debian. As we do not support late mounted /usr
16615 anymore /etc/localtime always being a symlink is now safe,
16616 and hence the information in /etc/timezone is not necessary
16619 * logind will now always reserve one VT for a text getty (VT6
16620 by default). Previously if more than 6 X sessions where
16621 started they took up all the VTs with auto-spawned gettys,
16622 so that no text gettys were available anymore.
16624 * udev will now automatically inform the btrfs kernel logic
16625 about btrfs RAID components showing up. This should make
16626 simple hotplug based btrfs RAID assembly work.
16628 * PID 1 will now increase its RLIMIT_NOFILE to 64K by default
16629 (but not for its children which will stay at the kernel
16630 default). This should allow setups with a lot more listening
16633 * systemd will now always pass the configured timezone to the
16634 kernel at boot. timedated will do the same when the timezone
16637 * logind's inhibition logic has been updated. By default,
16638 logind will now handle the lid switch, the power and sleep
16639 keys all the time, even in graphical sessions. If DEs want
16640 to handle these events on their own they should take the new
16641 handle-power-key, handle-sleep-key and handle-lid-switch
16642 inhibitors during their runtime. A simple way to achieve
16643 that is to invoke the DE wrapped in an invocation of:
16645 systemd-inhibit --what=handle-power-key:handle-sleep-key:handle-lid-switch …
16647 * Access to unit operations is now checked via SELinux taking
16648 the unit file label and client process label into account.
16650 * systemd will now notify the administrator in the journal
16651 when he over-mounts a non-empty directory.
16653 * There are new specifiers that are resolved in unit files,
16654 for the hostname (%H), the machine ID (%m) and the boot ID
16657 Contributions from: Allin Cottrell, Auke Kok, Brandon Philips,
16658 Colin Guthrie, Colin Walters, Daniel J Walsh, Dave Reisner,
16659 Eelco Dolstra, Jan Engelhardt, Kay Sievers, Lennart
16660 Poettering, Lucas De Marchi, Lukas Nykryn, Mantas Mikulėnas,
16661 Martin Pitt, Matthias Clasen, Michael Olbrich, Pierre Schmitz,
16662 Shawn Landden, Thomas Hindoe Paaboel Andersen, Tom Gundersen,
16663 Václav Pavlín, Yin Kangkai, Zbigniew Jędrzejewski-Szmek
16667 * Support for reading structured kernel messages from
16668 /dev/kmsg has now been added and is enabled by default.
16670 * Support for reading kernel messages from /proc/kmsg has now
16671 been removed. If you want kernel messages in the journal
16672 make sure to run a recent kernel (>= 3.5) that supports
16673 reading structured messages from /dev/kmsg (see
16674 above). /proc/kmsg is now exclusive property of classic
16675 syslog daemons again.
16677 * The libudev API gained the new
16678 udev_device_new_from_device_id() call.
16680 * The logic for file system namespace (ReadOnlyDirectory=,
16681 ReadWriteDirectoy=, PrivateTmp=) has been reworked not to
16682 require pivot_root() anymore. This means fewer temporary
16683 directories are created below /tmp for this feature.
16685 * nspawn containers will now see and receive all submounts
16686 made on the host OS below the root file system of the
16689 * Forward Secure Sealing is now supported for Journal files,
16690 which provide cryptographical sealing of journal files so
16691 that attackers cannot alter log history anymore without this
16692 being detectable. Lennart will soon post a blog story about
16693 this explaining it in more detail.
16695 * There are two new service settings RestartPreventExitStatus=
16696 and SuccessExitStatus= which allow configuration of exit
16697 status (exit code or signal) which will be excepted from the
16698 restart logic, resp. consider successful.
16700 * journalctl gained the new --verify switch that can be used
16701 to check the integrity of the structure of journal files and
16702 (if Forward Secure Sealing is enabled) the contents of
16705 * nspawn containers will now be run with /dev/stdin, /dev/fd/
16706 and similar symlinks pre-created. This makes running shells
16707 as container init process a lot more fun.
16709 * The fstab support can now handle PARTUUID= and PARTLABEL=
16712 * A new ConditionHost= condition has been added to match
16713 against the hostname (with globs) and machine ID. This is
16714 useful for clusters where a single OS image is used to
16715 provision a large number of hosts which shall run slightly
16716 different sets of services.
16718 * Services which hit the restart limit will now be placed in a
16721 Contributions from: Bertram Poettering, Dave Reisner, Huang
16722 Hang, Kay Sievers, Lennart Poettering, Lukas Nykryn, Martin
16723 Pitt, Simon Peeters, Zbigniew Jędrzejewski-Szmek
16727 * When running in --user mode systemd will now become a
16728 subreaper (PR_SET_CHILD_SUBREAPER). This should make the ps
16729 tree a lot more organized.
16731 * A new PartOf= unit dependency type has been introduced that
16732 may be used to group services in a natural way.
16734 * "systemctl enable" may now be used to enable instances of
16737 * journalctl now prints error log levels in red, and
16738 warning/notice log levels in bright white. It also supports
16739 filtering by log level now.
16741 * cgtop gained a new -n switch (similar to top), to configure
16742 the maximum number of iterations to run for. It also gained
16743 -b, to run in batch mode (accepting no input).
16745 * The suffix ".service" may now be omitted on most systemctl
16746 command lines involving service unit names.
16748 * There's a new bus call in logind to lock all sessions, as
16749 well as a loginctl verb for it "lock-sessions".
16751 * libsystemd-logind.so gained a new call sd_journal_perror()
16752 that works similar to libc perror() but logs to the journal
16753 and encodes structured information about the error number.
16755 * /etc/crypttab entries now understand the new keyfile-size=
16758 * shutdown(8) now can send a (configurable) wall message when
16759 a shutdown is cancelled.
16761 * The mount propagation mode for the root file system will now
16762 default to "shared", which is useful to make containers work
16763 nicely out-of-the-box so that they receive new mounts from
16764 the host. This can be undone locally by running "mount
16765 --make-rprivate /" if needed.
16767 * The prefdm.service file has been removed. Distributions
16768 should maintain this unit downstream if they intend to keep
16769 it around. However, we recommend writing normal unit files
16770 for display managers instead.
16772 * Since systemd is a crucial part of the OS we will now
16773 default to a number of compiler switches that improve
16774 security (hardening) such as read-only relocations, stack
16775 protection, and suchlike.
16777 * The TimeoutSec= setting for services is now split into
16778 TimeoutStartSec= and TimeoutStopSec= to allow configuration
16779 of individual time outs for the start and the stop phase of
16782 Contributions from: Artur Zaprzala, Arvydas Sidorenko, Auke
16783 Kok, Bryan Kadzban, Dave Reisner, David Strauss, Harald Hoyer,
16784 Jim Meyering, Kay Sievers, Lennart Poettering, Mantas
16785 Mikulėnas, Martin Pitt, Michal Schmidt, Michal Sekletar, Peter
16786 Alfredsen, Shawn Landden, Simon Peeters, Terence Honles, Tom
16787 Gundersen, Zbigniew Jędrzejewski-Szmek
16791 * The journal and id128 C APIs are now fully documented as man
16794 * Extra safety checks have been added when transitioning from
16795 the initial RAM disk to the main system to avoid accidental
16798 * /etc/crypttab entries now understand the new keyfile-offset=
16801 * systemctl -t can now be used to filter by unit load state.
16803 * The journal C API gained the new sd_journal_wait() call to
16804 make writing synchronous journal clients easier.
16806 * journalctl gained the new -D switch to show journals from a
16807 specific directory.
16809 * journalctl now displays a special marker between log
16810 messages of two different boots.
16812 * The journal is now explicitly flushed to /var via a service
16813 systemd-journal-flush.service, rather than implicitly simply
16814 by seeing /var/log/journal to be writable.
16816 * journalctl (and the journal C APIs) can now match for much
16817 more complex expressions, with alternatives and
16820 * When transitioning from the initial RAM disk to the main
16821 system we will now kill all processes in a killing spree to
16822 ensure no processes stay around by accident.
16824 * Three new specifiers may be used in unit files: %u, %h, %s
16825 resolve to the user name, user home directory resp. user
16826 shell. This is useful for running systemd user instances.
16828 * We now automatically rotate journal files if their data
16829 object hash table gets a fill level > 75%. We also size the
16830 hash table based on the configured maximum file size. This
16831 together should lower hash collisions drastically and thus
16832 speed things up a bit.
16834 * journalctl gained the new "--header" switch to introspect
16835 header data of journal files.
16837 * A new setting SystemCallFilters= has been added to services which may
16838 be used to apply deny lists or allow lists to system calls. This is
16839 based on SECCOMP Mode 2 of Linux 3.5.
16841 * nspawn gained a new --link-journal= switch (and quicker: -j)
16842 to link the container journal with the host. This makes it
16843 very easy to centralize log viewing on the host for all
16844 guests while still keeping the journal files separated.
16846 * Many bugfixes and optimizations
16848 Contributions from: Auke Kok, Eelco Dolstra, Harald Hoyer, Kay
16849 Sievers, Lennart Poettering, Malte Starostik, Paul Menzel, Rex
16850 Tsai, Shawn Landden, Tom Gundersen, Ville Skyttä, Zbigniew
16855 * Several tools now understand kernel command line arguments,
16856 which are only read when run in an initial RAM disk. They
16857 usually follow closely their normal counterparts, but are
16860 * There's a new tool to analyze the readahead files that are
16861 automatically generated at boot. Use:
16863 /usr/lib/systemd/systemd-readahead analyze /.readahead
16865 * We now provide an early debug shell on tty9 if this enabled. Use:
16867 systemctl enable debug-shell.service
16869 * All plymouth related units have been moved into the Plymouth
16870 package. Please make sure to upgrade your Plymouth version
16873 * systemd-tmpfiles now supports getting passed the basename of
16874 a configuration file only, in which case it will look for it
16875 in all appropriate directories automatically.
16877 * udevadm info now takes a /dev or /sys path as argument, and
16878 does the right thing. Example:
16880 udevadm info /dev/sda
16881 udevadm info /sys/class/block/sda
16883 * systemctl now prints a warning if a unit is stopped but a
16884 unit that might trigger it continues to run. Example: a
16885 service is stopped but the socket that activates it is left
16888 * "systemctl status" will now mention if the log output was
16889 shortened due to rotation since a service has been started.
16891 * The journal API now exposes functions to determine the
16892 "cutoff" times due to rotation.
16894 * journald now understands SIGUSR1 and SIGUSR2 for triggering
16895 immediately flushing of runtime logs to /var if possible,
16896 resp. for triggering immediate rotation of the journal
16899 * It is now considered an error if a service is attempted to
16900 be stopped that is not loaded.
16902 * XDG_RUNTIME_DIR now uses numeric UIDs instead of usernames.
16904 * systemd-analyze now supports Python 3
16906 * tmpfiles now supports cleaning up directories via aging
16907 where the first level dirs are always kept around but
16908 directories beneath it automatically aged. This is enabled
16909 by prefixing the age field with '~'.
16911 * Seat objects now expose CanGraphical, CanTTY properties
16912 which is required to deal with very fast bootups where the
16913 display manager might be running before the graphics drivers
16914 completed initialization.
16916 * Seat objects now expose a State property.
16918 * We now include RPM macros for service enabling/disabling
16919 based on the preset logic. We recommend RPM based
16920 distributions to make use of these macros if possible. This
16921 makes it simpler to reuse RPM spec files across
16924 * We now make sure that the collected systemd unit name is
16925 always valid when services log to the journal via
16928 * There's a new man page kernel-command-line(7) detailing all
16929 command line options we understand.
16931 * The fstab generator may now be disabled at boot by passing
16932 fstab=0 on the kernel command line.
16934 * A new kernel command line option modules-load= is now understood
16935 to load a specific kernel module statically, early at boot.
16937 * Unit names specified on the systemctl command line are now
16938 automatically escaped as needed. Also, if file system or
16939 device paths are specified they are automatically turned
16940 into the appropriate mount or device unit names. Example:
16942 systemctl status /home
16943 systemctl status /dev/sda
16945 * The SysVConsole= configuration option has been removed from
16946 system.conf parsing.
16948 * The SysV search path is no longer exported on the D-Bus
16951 * The Names= option has been removed from unit file parsing.
16953 * There's a new man page bootup(7) detailing the boot process.
16955 * Every unit and every generator we ship with systemd now
16956 comes with full documentation. The self-explanatory boot is
16959 * A couple of services gained "systemd-" prefixes in their
16960 name if they wrap systemd code, rather than only external
16961 code. Among them fsck@.service which is now
16962 systemd-fsck@.service.
16964 * The HaveWatchdog property has been removed from the D-Bus
16967 * systemd.confirm_spawn= on the kernel command line should now
16970 * There's a new man page crypttab(5) which details all options
16971 we actually understand.
16973 * systemd-nspawn gained a new --capability= switch to pass
16974 additional capabilities to the container.
16976 * timedated will now read known NTP implementation unit names
16977 from /usr/lib/systemd/ntp-units.d/*.list,
16978 systemd-timedated-ntp.target has been removed.
16980 * journalctl gained a new switch "-b" that lists log data of
16981 the current boot only.
16983 * The notify socket is in the abstract namespace again, in
16984 order to support daemons which chroot() at start-up.
16986 * There is a new Storage= configuration option for journald
16987 which allows configuration of where log data should go. This
16988 also provides a way to disable journal logging entirely, so
16989 that data collected is only forwarded to the console, the
16990 kernel log buffer or another syslog implementation.
16992 * Many bugfixes and optimizations
16994 Contributions from: Auke Kok, Colin Guthrie, Dave Reisner,
16995 David Strauss, Eelco Dolstra, Kay Sievers, Lennart Poettering,
16996 Lukas Nykryn, Michal Schmidt, Michal Sekletar, Paul Menzel,
16997 Shawn Landden, Tom Gundersen
17001 * "systemctl help <unit>" now shows the man page if one is
17004 * Several new man pages have been added.
17006 * MaxLevelStore=, MaxLevelSyslog=, MaxLevelKMsg=,
17007 MaxLevelConsole= can now be specified in
17008 journald.conf. These options allow reducing the amount of
17009 data stored on disk or forwarded by the log level.
17011 * TimerSlackNSec= can now be specified in system.conf for
17012 PID1. This allows system-wide power savings.
17014 Contributions from: Dave Reisner, Kay Sievers, Lauri Kasanen,
17015 Lennart Poettering, Malte Starostik, Marc-Antoine Perennou,
17020 * logind is now capable of (optionally) handling power and
17021 sleep keys as well as the lid switch.
17023 * journalctl now understands the syntax "journalctl
17024 /usr/bin/avahi-daemon" to get all log output of a specific
17027 * CapabilityBoundingSet= in system.conf now also influences
17028 the capability bound set of usermode helpers of the kernel.
17030 Contributions from: Daniel Drake, Daniel J. Walsh, Gert
17031 Michael Kulyk, Harald Hoyer, Jean Delvare, Kay Sievers,
17032 Lennart Poettering, Matthew Garrett, Matthias Clasen, Paul
17033 Menzel, Shawn Landden, Tero Roponen, Tom Gundersen
17037 * Note that we skipped 139 releases here in order to set the
17038 new version to something that is greater than both udev's
17039 and systemd's most recent version number.
17041 * udev: all udev sources are merged into the systemd source tree now.
17042 All future udev development will happen in the systemd tree. It
17043 is still fully supported to use the udev daemon and tools without
17044 systemd running, like in initramfs or other init systems. Building
17045 udev though, will require the *build* of the systemd tree, but
17046 udev can be properly *run* without systemd.
17048 * udev: /lib/udev/devices/ are not read anymore; systemd-tmpfiles
17049 should be used to create dead device nodes as workarounds for broken
17052 * udev: RUN+="socket:…" and udev_monitor_new_from_socket() is
17053 no longer supported. udev_monitor_new_from_netlink() needs to be
17054 used to subscribe to events.
17056 * udev: when udevd is started by systemd, processes which are left
17057 behind by forking them off of udev rules, are unconditionally cleaned
17058 up and killed now after the event handling has finished. Services or
17059 daemons must be started as systemd services. Services can be
17060 pulled-in by udev to get started, but they can no longer be directly
17061 forked by udev rules.
17063 * udev: the daemon binary is called systemd-udevd now and installed
17064 in /usr/lib/systemd/. Standalone builds or non-systemd systems need
17065 to adapt to that, create symlink, or rename the binary after building
17068 * libudev no longer provides these symbols:
17069 udev_monitor_from_socket()
17070 udev_queue_get_failed_list_entry()
17071 udev_get_{dev,sys,run}_path()
17072 The versions number was bumped and symbol versioning introduced.
17074 * systemd-loginctl and systemd-journalctl have been renamed
17075 to loginctl and journalctl to match systemctl.
17077 * The config files: /etc/systemd/systemd-logind.conf and
17078 /etc/systemd/systemd-journald.conf have been renamed to
17079 logind.conf and journald.conf. Package updates should rename
17080 the files to the new names on upgrade.
17082 * For almost all files the license is now LGPL2.1+, changed
17083 from the previous GPL2.0+. Exceptions are some minor stuff
17084 of udev (which will be changed to LGPL2.1 eventually, too),
17085 and the MIT licensed sd-daemon.[ch] library that is suitable
17086 to be used as drop-in files.
17088 * systemd and logind now handle system sleep states, in
17089 particular suspending and hibernating.
17091 * logind now implements a sleep/shutdown/idle inhibiting logic
17092 suitable for a variety of uses. Soonishly Lennart will blog
17093 about this in more detail.
17095 * var-run.mount and var-lock.mount are no longer provided
17096 (which previously bind mounted these directories to their new
17097 places). Distributions which have not converted these
17098 directories to symlinks should consider stealing these files
17099 from git history and add them downstream.
17101 * We introduced the Documentation= field for units and added
17102 this to all our shipped units. This is useful to make it
17103 easier to explore the boot and the purpose of the various
17106 * All smaller setup units (such as
17107 systemd-vconsole-setup.service) now detect properly if they
17108 are run in a container and are skipped when
17109 appropriate. This guarantees an entirely noise-free boot in
17110 Linux container environments such as systemd-nspawn.
17112 * A framework for implementing offline system updates is now
17113 integrated, for details see:
17114 https://www.freedesktop.org/software/systemd/man/systemd.offline-updates.html
17116 * A new service type Type=idle is available now which helps us
17117 avoiding ugly interleaving of getty output and boot status
17120 * There's now a system-wide CapabilityBoundingSet= option to
17121 globally reduce the set of capabilities for the
17122 system. This is useful to drop CAP_SYS_MKNOD, CAP_SYS_RAWIO,
17123 CAP_NET_RAW, CAP_SYS_MODULE, CAP_SYS_TIME, CAP_SYS_PTRACE or
17124 even CAP_NET_ADMIN system-wide for secure systems.
17126 * There are now system-wide DefaultLimitXXX= options to
17127 globally change the defaults of the various resource limits
17128 for all units started by PID 1.
17130 * Harald Hoyer's systemd test suite has been integrated into
17131 systemd which allows easy testing of systemd builds in qemu
17132 and nspawn. (This is really awesome! Ask us for details!)
17134 * The fstab parser is now implemented as generator, not inside
17137 * systemctl will now warn you if .mount units generated from
17138 /etc/fstab are out of date due to changes in fstab that
17139 have not been read by systemd yet.
17141 * systemd is now suitable for usage in initrds. Dracut has
17142 already been updated to make use of this. With this in place
17143 initrds get a slight bit faster but primarily are much
17144 easier to introspect and debug since "systemctl status" in
17145 the host system can be used to introspect initrd services,
17146 and the journal from the initrd is kept around too.
17148 * systemd-delta has been added, a tool to explore differences
17149 between user/admin configuration and vendor defaults.
17151 * PrivateTmp= now affects both /tmp and /var/tmp.
17153 * Boot time status messages are now much prettier and feature
17154 proper english language. Booting up systemd has never been
17157 * Read-ahead pack files now include the inode number of all
17158 files to pre-cache. When the inode changes the pre-caching
17159 is not attempted. This should be nicer to deal with updated
17160 packages which might result in changes of read-ahead
17163 * We now temporaritly lower the kernel's read_ahead_kb variable
17164 when collecting read-ahead data to ensure the kernel's
17165 built-in read-ahead does not add noise to our measurements
17166 of necessary blocks to pre-cache.
17168 * There's now RequiresMountsFor= to add automatic dependencies
17169 for all mounts necessary for a specific file system path.
17171 * MountAuto= and SwapAuto= have been removed from
17172 system.conf. Mounting file systems at boot has to take place
17175 * nspawn now learned a new switch --uuid= to set the machine
17176 ID on the command line.
17178 * nspawn now learned the -b switch to automatically search
17179 for an init system.
17181 * vt102 is now the default TERM for serial TTYs, upgraded from
17184 * systemd-logind now works on VT-less systems.
17186 * The build tree has been reorganized. The individual
17187 components now have directories of their own.
17189 * A new condition type ConditionPathIsReadWrite= is now available.
17191 * nspawn learned the new -C switch to create cgroups for the
17192 container in other hierarchies.
17194 * We now have support for hardware watchdogs, configurable in
17197 * The scheduled shutdown logic now has a public API.
17199 * We now mount /tmp as tmpfs by default, but this can be
17200 masked and /etc/fstab can override it.
17202 * Since udisks does not make use of /media anymore we are not
17203 mounting a tmpfs on it anymore.
17205 * journalctl gained a new --local switch to only interleave
17206 locally generated journal files.
17208 * We can now load the IMA policy at boot automatically.
17210 * The GTK tools have been split off into a systemd-ui.
17212 Contributions from: Andreas Schwab, Auke Kok, Ayan George,
17213 Colin Guthrie, Daniel Mack, Dave Reisner, David Ward, Elan
17214 Ruusamäe, Frederic Crozat, Gergely Nagy, Guillermo Vidal,
17215 Hannes Reinecke, Harald Hoyer, Javier Jardón, Kay Sievers,
17216 Lennart Poettering, Lucas De Marchi, Léo Gillot-Lamure,
17217 Marc-Antoine Perennou, Martin Pitt, Matthew Monaco, Maxim
17218 A. Mikityanskiy, Michael Biebl, Michael Olbrich, Michal
17219 Schmidt, Nis Martensen, Patrick McCarty, Roberto Sassu, Shawn
17220 Landden, Sjoerd Simons, Sven Anders, Tollef Fog Heen, Tom
17225 * This is mostly a bugfix release
17227 * Support optional initialization of the machine ID from the
17228 KVM or container configured UUID.
17230 * Support immediate reboots with "systemctl reboot -ff"
17232 * Show /etc/os-release data in systemd-analyze output
17234 * Many bugfixes for the journal, including endianness fixes and
17235 ensuring that disk space enforcement works
17237 * sd-login.h is C++ compatible again
17239 * Extend the /etc/os-release format on request of the Debian
17242 * We now refuse non-UTF8 strings used in various configuration
17243 and unit files. This is done to ensure we do not pass invalid
17244 data over D-Bus or expose it elsewhere.
17246 * Register Mimo USB Screens as suitable for automatic seat
17249 * Read SELinux client context from journal clients in a race
17252 * Reorder configuration file lookup order. /etc now always
17253 overrides /run in order to allow the administrator to always
17254 and unconditionally override vendor-supplied or
17255 automatically generated data.
17257 * The various user visible bits of the journal now have man
17258 pages. We still lack man pages for the journal API calls
17261 * We now ship all man pages in HTML format again in the
17264 Contributions from: Dave Reisner, Dirk Eibach, Frederic
17265 Crozat, Harald Hoyer, Kay Sievers, Lennart Poettering, Marti
17266 Raudsepp, Michal Schmidt, Shawn Landden, Tero Roponen, Thierry
17271 * This is mostly a bugfix release
17273 * systems lacking /etc/os-release are no longer supported.
17275 * Various functionality updates to libsystemd-login.so
17277 * Track class of PAM logins to distinguish greeters from
17278 normal user logins.
17280 Contributions from: Kay Sievers, Lennart Poettering, Michael
17285 * This is an important bugfix release for v41.
17287 * Building man pages is now optional which should be useful
17288 for those building systemd from git but unwilling to install
17291 * Watchdog support for supervising services is now usable. In
17292 a future release support for hardware watchdogs
17293 (i.e. /dev/watchdog) will be added building on this.
17295 * Service start rate limiting is now configurable and can be
17296 turned off per service. When a start rate limit is hit a
17297 reboot can automatically be triggered.
17299 * New CanReboot(), CanPowerOff() bus calls in systemd-logind.
17301 Contributions from: Benjamin Franzke, Bill Nottingham,
17302 Frederic Crozat, Lennart Poettering, Michael Olbrich, Michal
17303 Schmidt, Michał Górny, Piotr Drąg
17307 * The systemd binary is installed /usr/lib/systemd/systemd now;
17308 An existing /sbin/init symlink needs to be adapted with the
17311 * The code that loads kernel modules has been ported to invoke
17312 libkmod directly, instead of modprobe. This means we do not
17313 support systems with module-init-tools anymore.
17315 * Watchdog support is now already useful, but still not
17318 * A new kernel command line option systemd.setenv= is
17319 understood to set system wide environment variables
17320 dynamically at boot.
17322 * We now limit the set of capabilities of systemd-journald.
17324 * We now set SIGPIPE to ignore by default, since it only is
17325 useful in shell pipelines, and has little use in general
17326 code. This can be disabled with IgnoreSIPIPE=no in unit
17329 Contributions from: Benjamin Franzke, Kay Sievers, Lennart
17330 Poettering, Michael Olbrich, Michal Schmidt, Tom Gundersen,
17335 * This is mostly a bugfix release
17337 * We now expose the reason why a service failed in the
17338 "Result" D-Bus property.
17340 * Rudimentary service watchdog support (will be completed over
17341 the next few releases.)
17343 * When systemd forks off in order execute some service we will
17344 now immediately changes its argv[0] to reflect which process
17345 it will execute. This is useful to minimize the time window
17346 with a generic argv[0], which makes bootcharts more useful
17348 Contributions from: Alvaro Soliverez, Chris Paulson-Ellis, Kay
17349 Sievers, Lennart Poettering, Michael Olbrich, Michal Schmidt,
17350 Mike Kazantsev, Ray Strode
17354 * This is mostly a test release, but incorporates many
17357 * New systemd-cgtop tool to show control groups by their
17360 * Linking against libacl for ACLs is optional again. If
17361 disabled, support tracking device access for active logins
17362 goes becomes unavailable, and so does access to the user
17363 journals by the respective users.
17365 * If a group "adm" exists, journal files are automatically
17366 owned by them, thus allow members of this group full access
17367 to the system journal as well as all user journals.
17369 * The journal now stores the SELinux context of the logging
17370 client for all entries.
17372 * Add C++ inclusion guards to all public headers
17374 * New output mode "cat" in the journal to print only text
17375 messages, without any meta data like date or time.
17377 * Include tiny X server wrapper as a temporary stop-gap to
17378 teach XOrg udev display enumeration. This is used by display
17379 managers such as gdm, and will go away as soon as XOrg
17380 learned native udev hotplugging for display devices.
17382 * Add new systemd-cat tool for executing arbitrary programs
17383 with STDERR/STDOUT connected to the journal. Can also act as
17384 BSD logger replacement, and does so by default.
17386 * Optionally store all locally generated coredumps in the
17387 journal along with meta data.
17389 * systemd-tmpfiles learnt four new commands: n, L, c, b, for
17390 writing short strings to files (for usage for /sys), and for
17391 creating symlinks, character and block device nodes.
17393 * New unit file option ControlGroupPersistent= to make cgroups
17394 persistent, following the mechanisms outlined in
17395 https://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups
17397 * Support multiple local RTCs in a sane way
17399 * No longer monopolize IO when replaying readahead data on
17400 rotating disks, since we might starve non-file-system IO to
17401 death, since fanotify() will not see accesses done by blkid,
17404 * Do not show kernel threads in systemd-cgls anymore, unless
17405 requested with new -k switch.
17407 Contributions from: Dan Horák, Kay Sievers, Lennart
17408 Poettering, Michal Schmidt
17412 * This is mostly a test release, but incorporates many
17415 * The git repository moved to:
17416 git://anongit.freedesktop.org/systemd/systemd
17417 ssh://git.freedesktop.org/git/systemd/systemd
17419 * First release with the journal
17420 https://0pointer.de/blog/projects/the-journal.html
17422 * The journal replaces both systemd-kmsg-syslogd and
17423 systemd-stdout-bridge.
17425 * New sd_pid_get_unit() API call in libsystemd-logind
17427 * Many systemadm clean-ups
17429 * Introduce remote-fs-pre.target which is ordered before all
17430 remote mounts and may be used to start services before all
17433 * Added Mageia support
17435 * Add bash completion for systemd-loginctl
17437 * Actively monitor PID file creation for daemons which exit in
17438 the parent process before having finished writing the PID
17439 file in the daemon process. Daemons which do this need to be
17440 fixed (i.e. PID file creation must have finished before the
17441 parent exits), but we now react a bit more gracefully to them.
17443 * Add colourful boot output, mimicking the well-known output
17444 of existing distributions.
17446 * New option PassCredentials= for socket units, for
17447 compatibility with a recent kernel ABI breakage.
17449 * /etc/rc.local is now hooked in via a generator binary, and
17450 thus will no longer act as synchronization point during
17453 * systemctl list-unit-files now supports --root=.
17455 * systemd-tmpfiles now understands two new commands: z, Z for
17456 relabelling files according to the SELinux database. This is
17457 useful to apply SELinux labels to specific files in /sys,
17458 among other things.
17460 * Output of SysV services is now forwarded to both the console
17461 and the journal by default, not only just the console.
17463 * New man pages for all APIs from libsystemd-login.
17465 * The build tree got reorganized and the build system is a
17466 lot more modular allowing embedded setups to specifically
17467 select the components of systemd they are interested in.
17469 * Support for Linux systems lacking the kernel VT subsystem is
17472 * configure's --with-rootdir= got renamed to
17473 --with-rootprefix= to follow the naming used by udev and
17476 * Unless specified otherwise we will now install to /usr instead
17477 of /usr/local by default.
17479 * Processes with '@' in argv[0][0] are now excluded from the
17480 final shut-down killing spree, following the logic explained
17482 https://systemd.io/ROOT_STORAGE_DAEMONS/
17484 * All processes remaining in a service cgroup when we enter
17485 the START or START_PRE states are now killed with
17486 SIGKILL. That means it is no longer possible to spawn
17487 background processes from ExecStart= lines (which was never
17488 supported anyway, and bad style).
17490 * New PropagateReloadTo=/PropagateReloadFrom= options to bind
17491 reloading of units together.
17493 Contributions from: Bill Nottingham, Daniel J. Walsh, Dave
17494 Reisner, Dexter Morgan, Gregs Gregs, Jonathan Nieder, Kay
17495 Sievers, Lennart Poettering, Michael Biebl, Michal Schmidt,
17496 Michał Górny, Ran Benita, Thomas Jarosch, Tim Waugh, Tollef
17497 Fog Heen, Tom Gundersen, Zbigniew Jędrzejewski-Szmek
projects / thirdparty / systemd.git / blob