CHANGES WITH 243 in spe:
+ * This release enables unprivileged programs (i.e. requiring neither
+ setuid nor file capabilities) to send ICMP Echo (i.e. ping) requests
+ by turning on the net.ipv4.ping_group_range sysctl of the Linux
+ kernel for the whole UNIX group range, i.e. all processes. This
+ change should be reasonably safe, as the kernel support for it was
+ specifically implemented to allow safe access to ICMP Echo for
+ processes lacking any privileges. If this is not desirable, it can be
+ disabled again by setting the parameter to "1 0".
+
* Previously, filters defined with SystemCallFilter= would have the
effect that an calling an offending system call would terminate the
calling thread. This behaviour never made much sense, since killing
- individual threads of unexpecting processes is likely to create more
+ individual threads of unsuspecting processes is likely to create more
problems than it solves. With this release the default action changed
from killing the thread to killing the whole process. For this to
work correctly both a kernel version (>= 4.14) and a libseccomp
interfaces should really be matched.
* A new setting NUMAPolicy= may be used to set process memory
- allocation policy. Setting can be specified in system.conf and
- hence will set the default policy for PID1. Default policy can be
+ allocation policy. Setting can be specified in system.conf and hence
+ will set the default policy for PID1. Default policy can be
overridden on per-service basis. Related setting NUMAMask= is used to
specify NUMA node mask that should be associated with the selected
policy.
* systemd-resolved gained support for a new 'strict' DNS-over-TLS mode.
+ * systemd-resolved "Cache=" configuration option in resolved.conf has
+ been extended to also accept the 'no-negative' value. Previously,
+ only a boolean option was allowed (yes/no), having yes as the
+ default. If this option is set to 'no-negative', negative answers
+ are skipped from being cached while keeping the same cache heuristics
+ for positive answers. The default remains as "yes" (i. e. caching is
+ enabled).
+
* The predictable naming scheme for network devices now supports
generating predictable names for "netdevsim" devices.
send a DHCP RELEASE message when terminating.
* systemd-networkd's DHCPv4 and DHCPv6 stacks can now be configured
- seperately in the [DHCPv4] and [DHCPv6] sections.
+ separately in the [DHCPv4] and [DHCPv6] sections.
+
+ * systemd-networkd's DHCP support will now optionally create an
+ implicit host route to the DNS server specified in the DHCP lease, in
+ addition to the routes listed explicitly in the lease. This should
+ ensure that in multi-homed systems DNS traffic leaves the systems on
+ the interface that acquired the DNS server information even if other
+ routes such as default routes exist. This behaviour may be turned on
+ with the new RoutesToDNS= option.
* systemd-networkd's VXLAN support gained a new option
GenericProtocolExtension= for enabling VXLAN Generic Protocol
* systemd-networkd's bridging support gained two new options ProxyARP=
and ProxyARPWifi= for configuring proxy ARP behaviour as well as
- MulticastRouter= for configureing multicast routing behaviour.
+ MulticastRouter= for configuring multicast routing behaviour. A new
+ option MulticastIGMPVersion= may be used to change bridge's multicast
+ Internet Group Management Protocol (IGMP) version.
* systemd-networkd's FooOverUDP support gained the ability to configure
local and peer IP addresses via Local= and Peer=. A new option
devices, as well as a new "--stats" switch for showing device
statistics.
+ * networkd.conf gained a new setting SpeedMeter= and
+ SpeedMeterIntervalSec=, to measure bitrate of network interfaces. The
+ measured speed may be shown by 'networkctl status'.
+
* systemd-networkd's .network and .link files gained a new Property=
setting in the [Match] section, to match against devices with
specific udev properties.
been renamed to LinkLayerAddress=, and it now allows configuration of
IP addresses, too.
+ * A new tool systemd-network-generator has been added that may generate
+ .network, .netdev and .link files from IP configuration specified on
+ the kernel command line, compatible with the format Dracut expects.
+
* The CriticalConnection= setting in .network files is now deprecated,
and replaced by a new KeepConfiguration= setting which allows more
detailed configuration of the IP configuration to keep in place.
the StatusUnitFormat= setting in /etc/systemd/system.conf or the
kernel command line option systemd.status_unit_format=.
+ * PID 1 now understands a new option KExecWatchdogSec= in
+ /etc/systemd/system.conf. It allows configuration of a watchdog
+ timeout to write to a hardware watchdog device on kexec-based
+ reboots. Previously this functionality was only available for regular
+ reboots. This option defaults to off, since it depends on drivers and
+ software setup whether the watchdog is correctly reset again after
+ the kexec completed, and thus for the general case not clear if safe
+ (since it might cause unwanted watchdog reboots after the kexec
+ completed otherwise). Moreover, the old ShutdownWatchdogSec= setting
+ has been renamed to RebootWatchdogSec= to more clearly communicate
+ what it is about. The old name of the setting is still accepted for
+ compatibility.
+
* The systemd.debug_shell kernel command line option now optionally
takes a tty name to spawn the debug shell on, which allows selecting
a different tty than the built-in default.
- …
+ * Service units gained a new ExecCondition= setting which will run
+ before ExecStartPre= and either continue execution of the unit (for
+ clean exit codes), stop execution without marking the unit failed
+ (for exit codes 1 through 254), or stop execution and fail the unit
+ (for exit code 255 or cases of abnormal termination).
+
+ * A new service systemd-pstore.service has been added that pulls data
+ from from /sys/fs/pstore/ and saves it to /var/lib/pstore for later
+ review.
+
+ * timedatectl gained new verbs for configuring per-interface NTP
+ service configuration for systemd-timesyncd.
+
+ * "localectl list-locales" won't list non-UTF-8 locales anymore. It's
+ 2019. (You can set non-UTF-8 locales though, if you know there name.)
+
+ * If variable assignments in sysctl.d/ files are prefixed with "-" any
+ failures to apply them are now ignored.
+
+ Contributions from: Aaron Barany, Adrian Bunk, Alan Jenkins, Andrej
+ Valek, Anita Zhang, Arian van Putten, Balint Reczey, Bastien Nocera,
+ Ben Boeckel, Benjamin Robin, camoz, Chen Qi, Chris Chiu, Chris Down,
+ Christian Kellner, Connor Reeder, Daniele Medri, Dan Streetman, Dave
+ Reisner, Dave Ross, David Art, David Tardon, Debarshi Ray, Dominick
+ Grift, Donald Buczek, Douglas Christman, Eric DeVolder, Evgeny
+ Vereshchagin, Feldwor, Felix Riemann, Florian Dollinger, Franck Bui,
+ Frantisek Sumsal, Franz Pletz, Hans de Goede, Insun Pyo, Ivan
+ Shapovalov, Iwan Timmer, Jack, Jakob Unterwurzacher, Jan Klötzke, Jan
+ Pokorný, Jan Synacek, Jeka Pats, Jérémy Rosen, Jiri Pirko, Joe Lin,
+ Joerg Behrmann, Joe Richey, Jóhann B. Guðmundsson, Johannes Schmitz,
+ Jonathan Rouleau, Jorge Niedbalski, Kai Lüke, Karel Zak, Kashyap
+ Chamarthy, Krayushkin Konstantin, Lennart Poettering, Lubomir Rintel,
+ Luca Boccassi, Luís Ferreira, Marc-André Lureau, Markus Felten, Martin
+ Pitt, Michael Biebl, Michael Olbrich, Michael Prokop, Michael
+ Stapelberg, Michael Zhivich, Michal Koutný, Michal Sekletar, Mike
+ Gilbert, Milan Broz, mpe85, Oliver Harley, pan93412, Paul Menzel,
+ pEJipE, Peter A. Bigot, Philip Withnall, Piotr Drąg, Rafael Fontenelle,
+ Roberto Santalla, root, RussianNeuroMancer, Sebastian Jennen, Simon
+ Schricker, Susant Sahani, Thadeu Lima de Souza Cascardo, Theo
+ Ouzhinski, Thomas Weißschuh, Tomas Mraz, Topi Miettinen, ven, Wieland
+ Hoffmann, Xi Ruoyao, Yuri Chornoivan, Yu Watanabe, Zach Smith, Zbigniew
+ Jędrzejewski-Szmek, Zhang Xianwei
+
+ – Somewhere, SOME-TI-ME
CHANGES WITH 242: