systemd System and Service Manager
+CHANGES WITH 236 in spe:
+
+ * The modprobe.d drop-in, introduced in v235 for the bonding module,
+ has been extended to also set the dummy module option numdummies=0,
+ resolving issues with the kernel creating dummy0.
+
+ * systemd-resolved now maintains a new dynamic
+ /run/systemd/resolve/stub-resolv.conf compatibility file. It is now
+ recommended to maintain /etc/resolv.conf as a symlink to this new
+ dynamic file. It points at the systemd-resolved stub DNS 127.0.0.53
+ resolver and it includes dynamically acquired search domains. This
+ achieves a more correct DNS resolution by software that bypasses
+ local DNS APIs (e.g. NSS).
+
+ * uaccess tag has been dropped from /dev/kvm and /dev/dri/renderD*.
+ These devices now have 0666 permsions by default. /dev/dri/renderD*
+ will now be owned by the render group along with /dev/kfd.
+
+CHANGES WITH 235:
+
+ * INCOMPATIBILITY: systemd-logind.service and other long-running
+ services now run inside an IPv4/IPv6 sandbox, prohibiting them any IP
+ communication with the outside. This generally improves security of
+ the system, and is in almost all cases a safe and good choice, as
+ these services do not and should not provide any network-facing
+ functionality. However, systemd-logind uses the glibc NSS API to
+ query the user database. This creates problems on systems where NSS
+ is set up to directly consult network services for user database
+ lookups. In particular, this creates incompatibilities with the
+ "nss-nis" module, which attempts to directly contact the NIS/YP
+ network servers it is configured for, and will now consistently
+ fail. In such cases, it is possible to turn off IP sandboxing for
+ systemd-logind.service (set IPAddressDeny= in its [Service] section
+ to the empty string, via a .d/ unit file drop-in). Downstream
+ distributions might want to update their nss-nis packaging to include
+ such a drop-in snippet, accordingly, to hide this incompatibility
+ from the user. Another option is to make use of glibc's nscd service
+ to proxy such network requests through a privilege-separated, minimal
+ local caching daemon, or to switch to more modern technologies such
+ sssd, whose NSS hook-ups generally do not involve direct network
+ access. In general, we think it's definitely time to question the
+ implementation choices of nss-nis, i.e. whether it's a good idea
+ today to embed a network-facing loadable module into all local
+ processes that need to query the user database, including the most
+ trivial and benign ones, such as "ls". For more details about
+ IPAddressDeny= see below.
+
+ * A new modprobe.d drop-in is now shipped by default that sets the
+ bonding module option max_bonds=0. This overrides the kernel default,
+ to avoid conflicts and ambiguity as to whether or not bond0 should be
+ managed by systemd-networkd or not. This resolves multiple issues
+ with bond0 properties not being applied, when bond0 is configured
+ with systemd-networkd. Distributors may choose to not package this,
+ however in that case users will be prevented from correctly managing
+ bond0 interface using systemd-networkd.
+
+ * systemd-analyze gained new verbs "get-log-level" and "get-log-target"
+ which print the logging level and target of the system manager. They
+ complement the existing "set-log-level" and "set-log-target" verbs
+ used to change those values.
+
+ * journald.conf gained a new boolean setting ReadKMsg= which defaults
+ to on. If turned off kernel log messages will not be read by
+ systemd-journald or included in the logs. It also gained a new
+ setting LineMax= for configuring the maximum line length in
+ STDOUT/STDERR log streams. The new default for this value is 48K, up
+ from the previous hardcoded 2048.
+
+ * A new unit setting RuntimeDirectoryPreserve= has been added, which
+ allows more detailed control of what to do with a runtime directory
+ configured with RuntimeDirectory= (i.e. a directory below /run or
+ $XDG_RUNTIME_DIR) after a unit is stopped.
+
+ * The RuntimeDirectory= setting for units gained support for creating
+ deeper subdirectories below /run or $XDG_RUNTIME_DIR, instead of just
+ one top-level directory.
+
+ * Units gained new options StateDirectory=, CacheDirectory=,
+ LogsDirectory= and ConfigurationDirectory= which are closely related
+ to RuntimeDirectory= but manage per-service directories below
+ /var/lib, /var/cache, /var/log and /etc. By making use of them it is
+ possible to write unit files which when activated automatically gain
+ properly owned service specific directories in these locations, thus
+ making unit files self-contained and increasing compatibility with
+ stateless systems and factory reset where /etc or /var are
+ unpopulated at boot. Matching these new settings there's also
+ StateDirectoryMode=, CacheDirectoryMode=, LogsDirectoryMode=,
+ ConfigurationDirectoryMode= for configuring the access mode of these
+ directories. These settings are particularly useful in combination
+ with DynamicUser=yes as they provide secure, properly-owned,
+ writable, and stateful locations for storage, excluded from the
+ sandbox that such services live in otherwise.
+
+ * Automake support has been removed from this release. systemd is now
+ Meson-only.
+
+ * systemd-journald will now aggressively cache client metadata during
+ runtime, speeding up log write performance under pressure. This comes
+ at a small price though: as much of the metadata is read
+ asynchronously from /proc/ (and isn't implicitly attached to log
+ datagrams by the kernel, like UID/GID/PID/SELinux are) this means the
+ metadata stored alongside a log entry might be slightly
+ out-of-date. Previously it could only be slightly newer than the log
+ message. The time window is small however, and given that the kernel
+ is unlikely to be improved anytime soon in this regard, this appears
+ acceptable to us.
+
+ * nss-myhostname/systemd-resolved will now by default synthesize an
+ A/AAAA resource record for the "_gateway" hostname, pointing to the
+ current default IP gateway. Previously it did that for the "gateway"
+ name, hampering adoption, as some distributions wanted to leave that
+ host name open for local use. The old behaviour may still be
+ requested at build time.
+
+ * systemd-networkd's [Address] section in .network files gained a new
+ Scope= setting for configuring the IP address scope. The [Network]
+ section gained a new boolean setting ConfigureWithoutCarrier= that
+ tells systemd-networkd to ignore link sensing when configuring the
+ device. The [DHCP] section gained a new Anonymize= boolean option for
+ turning on a number of options suggested in RFC 7844. A new
+ [RoutingPolicyRule] section has been added for configuring the IP
+ routing policy. The [Route] section has gained support for a new
+ Type= setting which permits configuring
+ blackhole/unreachable/prohibit routes.
+
+ * The [VRF] section in .netdev files gained a new Table= setting for
+ configuring the routing table to use. The [Tunnel] section gained a
+ new Independent= boolean field for configuring tunnels independent of
+ an underlying network interface. The [Bridge] section gained a new
+ GroupForwardMask= option for configuration of propagation of link
+ local frames between bridge ports.
+
+ * The WakeOnLan= setting in .link files gained support for a number of
+ new modes. A new TCP6SegmentationOffload= setting has been added for
+ configuring TCP/IPv6 hardware segmentation offload.
+
+ * The IPv6 RA sender implementation may now optionally send out RDNSS
+ and RDNSSL records to supply DNS configuration to peers.
+
+ * systemd-nspawn gained support for a new --system-call-filter= command
+ line option for adding and removing entries in the default system
+ call filter it applies. Moreover systemd-nspawn has been changed to
+ implement a system call whitelist instead of a blacklist.
+
+ * systemd-run gained support for a new --pipe command line option. If
+ used the STDIN/STDOUT/STDERR file descriptors passed to systemd-run
+ are directly passed on to the activated transient service
+ executable. This allows invoking arbitrary processes as systemd
+ services (for example to take benefit of dependency management,
+ accounting management, resource management or log management that is
+ done automatically for services) — while still allowing them to be
+ integrated in a classic UNIX shell pipeline.
+
+ * When a service sends RELOAD=1 via sd_notify() and reload propagation
+ using ReloadPropagationTo= is configured, a reload is now propagated
+ to configured units. (Previously this was only done on explicitly
+ requested reloads, using "systemctl reload" or an equivalent
+ command.)
+
+ * For each service unit a restart counter is now kept: it is increased
+ each time the service is restarted due to Restart=, and may be
+ queried using "systemctl show -p NRestarts …".
+
+ * New system call filter groups @aio, @sync, @chown, @setuid, @memlock,
+ @signal and @timer have been added, for usage with SystemCallFilter=
+ in unit files and the new --system-call-filter= command line option
+ of systemd-nspawn (see above).
+
+ * ExecStart= lines in unit files gained two new modifiers: when a
+ command line is prefixed with "!" the command will be executed as
+ configured, except for the credentials applied by
+ setuid()/setgid()/setgroups(). It is very similar to the pre-existing
+ "+", but does still apply namespacing options unlike "+". There's
+ also "!!" now, which is mostly identical, but becomes a NOP on
+ systems that support ambient capabilities. This is useful to write
+ unit files that work with ambient capabilities where possible but
+ automatically fall back to traditional privilege dropping mechanisms
+ on systems where this is not supported.
+
+ * ListenNetlink= settings in socket units now support RDMA netlink
+ sockets.
+
+ * A new unit file setting LockPersonality= has been added which permits
+ locking down the chosen execution domain ("personality") of a service
+ during runtime.
+
+ * A new special target "getty-pre.target" has been added, which is
+ ordered before all text logins, and may be used to order services
+ before textual logins acquire access to the console.
+
+ * systemd will now attempt to load the virtio-rng.ko kernel module very
+ early on if a VM environment supporting this is detected. This should
+ improve entropy during early boot in virtualized environments.
+
+ * A _netdev option is now supported in /etc/crypttab that operates in a
+ similar way as the same option in /etc/fstab: it permits configuring
+ encrypted devices that need to be ordered after the network is up.
+ Following this logic, two new special targets
+ remote-cryptsetup-pre.target and remote-cryptsetup.target have been
+ added that are to cryptsetup.target what remote-fs.target and
+ remote-fs-pre.target are to local-fs.target.
+
+ * Service units gained a new UnsetEnvironment= setting which permits
+ unsetting specific environment variables for services that are
+ normally passed to it (for example in order to mask out locale
+ settings for specific services that can't deal with it).
+
+ * Units acquired a new boolean option IPAccounting=. When turned on, IP
+ traffic accounting (packet count as well as byte count) is done for
+ the service, and shown as part of "systemctl status" or "systemd-run
+ --wait".
+
+ * Service units acquired two new options IPAddressAllow= and
+ IPAddressDeny=, taking a list of IPv4 or IPv6 addresses and masks,
+ for configuring a simple IP access control list for all sockets of
+ the unit. These options are available also on .slice and .socket
+ units, permitting flexible access list configuration for individual
+ services as well as groups of services (as defined by a slice unit),
+ including system-wide. Note that IP ACLs configured this way are
+ enforced on every single IPv4 and IPv6 socket created by any process
+ of the service unit, and apply to ingress as well as egress traffic.
+
+ * If CPUAccounting= or IPAccounting= is turned on for a unit a new
+ structured log message is generated each time the unit is stopped,
+ containing information about the consumed resources of this
+ invocation.
+
+ * A new setting KeyringMode= has been added to unit files, which may be
+ used to control how the kernel keyring is set up for executed
+ processes.
+
+ * "systemctl poweroff", "systemctl reboot", "systemctl halt",
+ "systemctl kexec" and "systemctl exit" are now always asynchronous in
+ behaviour (that is: these commands return immediately after the
+ operation was enqueued instead of waiting for the operation to
+ complete). Previously, "systemctl poweroff" and "systemctl reboot"
+ were asynchronous on systems using systemd-logind (i.e. almost
+ always, and like they were on sysvinit), and the other three commands
+ were unconditionally synchronous. With this release this is cleaned
+ up, and callers will see the same asynchronous behaviour on all
+ systems for all five operations.
+
+ * systemd-logind gained new Halt() and CanHalt() bus calls for halting
+ the system.
+
+ * .timer units now accept calendar specifications in other timezones
+ than UTC or the local timezone.
+
+ * The tmpfiles snippet var.conf has been changed to create
+ /var/log/btmp with access mode 0660 instead of 0600. It was owned by
+ the "utmp" group already, and it appears to be generally understood
+ that members of "utmp" can modify/flush the utmp/wtmp/lastlog/btmp
+ databases. Previously this was implemented correctly for all these
+ databases excepts btmp, which has been opened up like this now
+ too. Note that while the other databases are world-readable
+ (i.e. 0644), btmp is not and remains more restrictive.
+
+ * The systemd-resolve tool gained a new --reset-server-features
+ switch. When invoked like this systemd-resolved will forget
+ everything it learnt about the features supported by the configured
+ upstream DNS servers, and restarts the feature probing logic on the
+ next resolver look-up for them at the highest feature level
+ again.
+
+ * The status dump systemd-resolved sends to the logs upon receiving
+ SIGUSR1 now also includes information about all DNS servers it is
+ configured to use, and the features levels it probed for them.
+
+ Contributions from: Abdó Roig-Maranges, Alan Jenkins, Alexander
+ Kuleshov, Andreas Rammhold, Andrew Jeddeloh, Andrew Soutar, Ansgar
+ Burchardt, Beniamino Galvani, Benjamin Berg, Benjamin Robin, Charles
+ Huber, Christian Hesse, Daniel Berrange, Daniel Kahn Gillmor, Daniel
+ Mack, Daniel Rusek, Daniel Șerbănescu, Davide Cavalca, Dimitri John
+ Ledkov, Diogo Pereira, Djalal Harouni, Dmitriy Geels, Dmitry Torokhov,
+ ettavolt, Evgeny Vereshchagin, Fabio Kung, Felipe Sateler, Franck Bui,
+ Hans de Goede, Harald Hoyer, Insun Pyo, Ivan Kurnosov, Ivan Shapovalov,
+ Jakub Wilk, Jan Synacek, Jason Gunthorpe, Jeremy Bicha, Jérémy Rosen,
+ John Lin, jonasBoss, Jonathan Lebon, Jonathan Teh, Jon Ringle, Jörg
+ Thalheim, Jouke Witteveen, juga0, Justin Capella, Justin Michaud,
+ Kai-Heng Feng, Lennart Poettering, Lion Yang, Luca Bruno, Lucas
+ Werkmeister, Lukáš Nykrýn, Marcel Hollerbach, Marcus Lundblad, Martin
+ Pitt, Michael Biebl, Michael Grzeschik, Michal Sekletar, Mike Gilbert,
+ Neil Brown, Nicolas Iooss, Patrik Flykt, pEJipE, Piotr Drąg, Russell
+ Stuart, S. Fan, Shengyao Xue, Stefan Pietsch, Susant Sahani, Tejun Heo,
+ Thomas Miller, Thomas Sailer, Tobias Hunger, Tomasz Pala, Tom
+ Gundersen, Tommi Rantala, Topi Miettinen, Torstein Husebø, userwithuid,
+ Vasilis Liaskovitis, Vito Caputo, WaLyong Cho, William Douglas, Xiang
+ Fan, Yu Watanabe, Zbigniew Jędrzejewski-Szmek
+
+ — Berlin, 2017-10-06
+
+CHANGES WITH 234:
+
+ * Meson is now supported as build system in addition to Automake. It is
+ our plan to remove Automake in one of our next releases, so that
+ Meson becomes our exclusive build system. Hence, please start using
+ the Meson build system in your downstream packaging. There's plenty
+ of documentation around how to use Meson, the extremely brief
+ summary:
+
+ ./autogen.sh && ./configure && make && sudo make install
+
+ becomes:
+
+ meson build && ninja -C build && sudo ninja -C build install
+
+ * Unit files gained support for a new JobRunningTimeoutUSec= setting,
+ which permits configuring a timeout on the time a job is
+ running. This is particularly useful for setting timeouts on jobs for
+ .device units.
+
+ * Unit files gained two new options ConditionUser= and ConditionGroup=
+ for conditionalizing units based on the identity of the user/group
+ running a systemd user instance.
+
+ * systemd-networkd now understands a new FlowLabel= setting in the
+ [VXLAN] section of .network files, as well as a Priority= in
+ [Bridge], GVRP= + MVRP= + LooseBinding= + ReorderHeader= in [VLAN]
+ and GatewayOnlink= + IPv6Preference= + Protocol= in [Route]. It also
+ gained support for configuration of GENEVE links, and IPv6 address
+ labels. The [Network] section gained the new IPv6ProxyNDP= setting.
+
+ * .link files now understand a new Port= setting.
+
+ * systemd-networkd's DHCP support gained support for DHCP option 119
+ (domain search list).
+
+ * systemd-networkd gained support for serving IPv6 address ranges using
+ the Router Advertisment protocol. The new .network configuration
+ section [IPv6Prefix] may be used to configure the ranges to
+ serve. This is implemented based on a new, minimal, native server
+ implementation of RA.
+
+ * journalctl's --output= switch gained support for a new parameter
+ "short-iso-precise" for a mode where timestamps are shown as precise
+ ISO date values.
+
+ * systemd-udevd's "net_id" builtin may now generate stable network
+ interface names from IBM PowerVM VIO devices as well as ACPI platform
+ devices.
+
+ * MulticastDNS support in systemd-resolved may now be explicitly
+ enabled/disabled using the new MulticastDNS= configuration file
+ option.
+
+ * systemd-resolved may now optionally use libidn2 instead of the libidn
+ for processing internationalized domain names. Support for libidn2
+ should be considered experimental and should not be enabled by
+ default yet.
+
+ * "machinectl pull-tar" and related call may now do verification of
+ downloaded images using SUSE-style .sha256 checksum files in addition
+ to the already existing support for validating using Ubuntu-style
+ SHA256SUMS files.
+
+ * sd-bus gained support for a new sd_bus_message_appendv() call which
+ is va_list equivalent of sd_bus_message_append().
+
+ * sd-boot gained support for validating images using SHIM/MOK.
+
+ * The SMACK code learnt support for "onlycap".
+
+ * systemd-mount --umount is now much smarter in figuring out how to
+ properly unmount a device given its mount or device path.
+
+ * The code to call libnss_dns as a fallback from libnss_resolve when
+ the communication with systemd-resolved fails was removed. This
+ fallback was redundant and interfered with the [!UNAVAIL=return]
+ suffix. See nss-resolve(8) for the recommended configuration.
+
+ * systemd-logind may now be restarted without losing state. It stores
+ the file descriptors for devices it manages in the system manager
+ using the FDSTORE= mechanism. Please note that further changes in
+ other components may be required to make use of this (for example
+ Xorg has code to listen for stops of systemd-logind and terminate
+ itself when logind is stopped or restarted, in order to avoid using
+ stale file descriptors for graphical devices, which is now
+ counterproductive and must be reverted in order for restarts of
+ systemd-logind to be safe. See
+ https://cgit.freedesktop.org/xorg/xserver/commit/?id=dc48bd653c7e101.)
+
+ * All kernel install plugins are called with the environment variable
+ KERNEL_INSTALL_MACHINE_ID which is set to the machine ID given by
+ /etc/machine-id. If the file is missing or empty, the variable is
+ empty and BOOT_DIR_ABS is the path of a temporary directory which is
+ removed after all the plugins exit. So, if KERNEL_INSTALL_MACHINE_ID
+ is empty, all plugins should not put anything in BOOT_DIR_ABS.
+
+ Contributions from: Adrian Heine né Lang, Aggelos Avgerinos, Alexander
+ Kurtz, Alexandros Frantzis, Alexey Brodkin, Alex Lu, Amir Pakdel, Amir
+ Yalon, Anchor Cat, Anthony Parsons, Bastien Nocera, Benjamin Gilbert,
+ Benjamin Robin, Boucman, Charles Plessy, Chris Chiu, Chris Lamb,
+ Christian Brauner, Christian Hesse, Colin Walters, Daniel Drake,
+ Danielle Church, Daniel Molkentin, Daniel Rusek, Daniel Wang, Davide
+ Cavalca, David Herrmann, David Michael, Dax Kelson, Dimitri John
+ Ledkov, Djalal Harouni, Dušan Kazik, Elias Probst, Evgeny Vereshchagin,
+ Federico Di Pierro, Felipe Sateler, Felix Zhang, Franck Bui, Gary
+ Tierney, George McCollister, Giedrius Statkevičius, Hans de Goede,
+ hecke, Hendrik Westerberg, Hristo Venev, Ian Wienand, Insun Pyo, Ivan
+ Shapovalov, James Cowgill, James Hemsing, Janne Heß, Jan Synacek, Jason
+ Reeder, João Paulo Rechi Vita, John Paul Adrian Glaubitz, Jörg
+ Thalheim, Josef Andersson, Josef Gajdusek, Julian Mehne, Kai Krakow,
+ Krzysztof Jackiewicz, Lars Karlitski, Lennart Poettering, Lluís Gili,
+ Lucas Werkmeister, Lukáš Nykrýn, Łukasz Stelmach, Mantas Mikulėnas,
+ Marcin Bachry, Marcus Cooper, Mark Stosberg, Martin Pitt, Matija Skala,
+ Matt Clarkson, Matthew Garrett, Matthias Greiner, Matthijs van Duin,
+ Max Resch, Michael Biebl, Michal Koutný, Michal Sekletar, Michal
+ Soltys, Michal Suchanek, Mike Gilbert, Nate Clark, Nathaniel R. Lewis,
+ Neil Brown, Nikolai Kondrashov, Pascal S. de Kloe, Pat Riehecky, Patrik
+ Flykt, Paul Kocialkowski, Peter Hutterer, Philip Withnall, Piotr
+ Szydełko, Rafael Fontenelle, Ray Strode, Richard Maw, Roelf Wichertjes,
+ Ronny Chevalier, Sarang S. Dalal, Sjoerd Simons, slodki, Stefan
+ Schweter, Susant Sahani, Ted Wood, Thomas Blume, Thomas Haller, Thomas
+ H. P. Andersen, Timothée Ravier, Tobias Jungel, Tobias Stoeckmann, Tom
+ Gundersen, Tom Yan, Torstein Husebø, Umut Tezduyar Lindskog,
+ userwithuid, Vito Caputo, Waldemar Brodkorb, WaLyong Cho, Yu, Li-Yu,
+ Yusuke Nojima, Yu Watanabe, Zbigniew Jędrzejewski-Szmek, Дамјан
+ Георгиевски
+
+ — Berlin, 2017-07-12
+
CHANGES WITH 233:
* The "hybrid" control group mode has been modified to improve
like Cockpit which register web clients as PAM sessions.
* timer units with at least one OnCalendar= setting will now
- be started only after timer-sync.target has been
+ be started only after time-sync.target has been
reached. This way they will not elapse before the system
clock has been corrected by a local NTP client or
similar. This is particular useful on RTC-less embedded
projects / thirdparty / systemd.git / blobdiff