systemd System and Service Manager
+CHANGES WITH 246 in spe:
+ * The fs.suid_dumpable sysctl is set to 2 / "suidsafe". This allows
+ systemd-coredump to save core files for suid processes. When saving
+ the core file, systemd-coredump will use the effective uid and gid of
+ the process that faulted.
+
+ * "systemctl list-units" and "systemctl list-machines" no longer hide
+ their first output column with --no-legend. To hide the first column,
+ use --plain.
+
+ * The service manager gained basic support for cgroup v2 freezer. Units
+ can now be suspended or resumed either using new systemctl verbs,
+ freeze and thaw respectively, or via D-Bus.
+
CHANGES WITH 245:
* A new tool "systemd-repart" has been added, that operates as an
such files in version 243.
* systemd-logind will now validate access to the operation of changing
- the virtual terminal via a PolicyKit action. By default, only users
+ the virtual terminal via a polkit action. By default, only users
with at least one session on a local VT are granted permission.
* When systemd sets up PAM sessions that invoked service processes
to combine attachment with enablement and invocation, or detachment
with stopping and disablement.
+ * UPGRADE ISSUE: a bug where some jobs were trimmed as redundant was
+ fixed, which in turn exposed bugs in unit configuration of services
+ which have Type=oneshot and should only run once, but do not have
+ RemainAfterExit=yes set. Without RemainAfterExit=yes, a one-shot
+ service may be started again after exiting successfully, for example
+ as a dependency in another transaction. Affected services included
+ some internal systemd services (most notably
+ systemd-vconsole-setup.service, which was updated to have
+ RemainAfterExit=yes), and plymouth-start.service. Please ensure that
+ plymouth has been suitably updated or patched before upgrading to
+ this systemd release. See
+ https://bugzilla.redhat.com/show_bug.cgi?id=1807771 for some
+ additional discussion.
+
Contributions from: AJ Bagwell, Alin Popa, Andreas Rammhold, Anita
Zhang, Ansgar Burchardt, Antonio Russo, Arian van Putten, Ashley Davis,
Balint Reczey, Bart Willems, Bastien Nocera, Benjamin Dahlhoff, Charles
configuration time using the -Dservice-watchdog= setting. If set to
empty, the watchdogs will be disabled.
- * systemd-resolved validates IP addresses in certificates now when GnuTLS
- is being used.
+ * systemd-resolved validates IP addresses in certificates now when GnuTLS
+ is being used.
* libcryptsetup >= 2.0.1 is now required.
the IO accounting data is included in the resource log message
generated whenever a unit stops.
- * Units may now configure an explicit time-out to wait for when killed
+ * Units may now configure an explicit timeout to wait for when killed
with SIGABRT, for example when a service watchdog is hit. Previously,
- the regular TimeoutStopSec= time-out was applied in this case too —
- now a separate time-out may be set using TimeoutAbortSec=.
+ the regular TimeoutStopSec= timeout was applied in this case too —
+ now a separate timeout may be set using TimeoutAbortSec=.
* Services may now send a special WATCHDOG=trigger message with
sd_notify() to trigger an immediate "watchdog missed" event, and thus
* If processes terminated during the last phase of shutdown do not exit
quickly systemd will now show their names after a short time, to make
- debugging easier. After a longer time-out they are forcibly killed,
+ debugging easier. After a longer timeout they are forcibly killed,
as before.
* journalctl (and the other tools that display logs) will now highlight
* systemd-networkd's TUN support gained a new setting VnetHeader= for
tweaking Generic Segment Offload support.
+ * The address family for policy rules may be specified using the new
+ Family= option in the [RoutingPolicyRule] section.
+
* networkctl gained a new "delete" command for removing virtual network
devices, as well as a new "--stats" switch for showing device
statistics.
space if there are multiple devices with the highest priority.
* /etc/crypttab support has learnt a new keyfile-timeout= per-device
- option that permits selecting the timout how long to wait for a
+ option that permits selecting the timeout how long to wait for a
device with an encryption key before asking for the password.
* IOWeight= has learnt to properly set the IO weight when using the
lookup is likely to trigger nss-ldap which in turn might use NSS to
ask systemd-resolved for hostname lookups. This will hence result in
a deadlock: a user name lookup in order to start
- systemd-resolved.service will result in a host name lookup for which
+ systemd-resolved.service will result in a hostname lookup for which
systemd-resolved.service needs to be started already. There are
multiple ways to work around this problem: pre-allocate the
"systemd-resolve" user on such systems, so that nss-ldap won't be
A/AAAA resource record for the "_gateway" hostname, pointing to the
current default IP gateway. Previously it did that for the "gateway"
name, hampering adoption, as some distributions wanted to leave that
- host name open for local use. The old behaviour may still be
+ hostname open for local use. The old behaviour may still be
requested at build time.
* systemd-networkd's [Address] section in .network files gained a new
that is removed when the container dies. Specifically, if the source
directory is specified as empty string this mechanism is selected. An
example usage is --overlay=+/var::/var, which creates an overlay
- mount based on the original /var contained in the image, overlayed
+ mount based on the original /var contained in the image, overlaid
with a temporary directory in the host's /var/tmp. This way changes
to /var are automatically flushed when the container shuts down.
again don't consider turning this on in your stable, LTS or
production release just yet. (Note that you have to enable
nss-resolve in /etc/nsswitch.conf, to actually use systemd-resolved
- and its DNSSEC mode for host name resolution from local
+ and its DNSSEC mode for hostname resolution from local
applications.)
* systemd-resolve conveniently resolves DANE records with the --tlsa
for a unit, as declared in the (usually vendor-supplied)
system preset files.
- * nss-myhostname will now resolve the single-label host name
+ * nss-myhostname will now resolve the single-label hostname
"gateway" to the locally configured default IP routing
gateways, ordered by their metrics. This assigns a stable
name to the used gateways, regardless which ones are
currently configured. Note that the name will only be
resolved after all other name sources (if nss-myhostname is
configured properly) and should hence not negatively impact
- systems that use the single-label host name "gateway" in
+ systems that use the single-label hostname "gateway" in
other contexts.
* systemd-inhibit now allows filtering by mode when listing
* Calendar time specifications in .timer units now also
understand the strings "semi-annually", "quarterly" and
"minutely" as shortcuts (in addition to the preexisting
- "anually", "hourly", ...).
+ "annually", "hourly", ...).
* systemd-tmpfiles will now correctly create files in /dev
at boot which are marked for creation only at boot. It is
reported by uname()'s "machine" field.
* systemd-networkd now supports matching on the system
- virtualization, architecture, kernel command line, host name
+ virtualization, architecture, kernel command line, hostname
and machine ID.
* logind is now a lot more aggressive when suspending the
example, a line that creates /run/nologin).
* A new API "sd-resolve.h" has been added which provides a simple
- asynchronous wrapper around glibc NSS host name resolution
+ asynchronous wrapper around glibc NSS hostname resolution
calls, such as getaddrinfo(). In contrast to glibc's
getaddrinfo_a(), it does not use signals. In contrast to most
other asynchronous name resolution libraries, this one does
not reimplement DNS, but reuses NSS, so that alternate
- host name resolution systems continue to work, such as mDNS,
+ hostname resolution systems continue to work, such as mDNS,
LDAP, etc. This API is based on libasyncns, but it has been
cleaned up for inclusion in systemd.
when he over-mounts a non-empty directory.
* There are new specifiers that are resolved in unit files,
- for the host name (%H), the machine ID (%m) and the boot ID
+ for the hostname (%H), the machine ID (%m) and the boot ID
(%b).
Contributions from: Allin Cottrell, Auke Kok, Brandon Philips,