systemd System and Service Manager
+CHANGES WITH 246:
+
+ * The service manager gained basic support for cgroup v2 freezer. Units
+ can now be suspended or resumed either using new systemctl verbs,
+ freeze and thaw respectively, or via D-Bus.
+
+ * PID 1 may now automatically load pre-compiled AppArmor policies from
+ /etc/apparmor/earlypolicy during early boot.
+
+ * The CPUAffinity= setting in service unit files now supports a new
+ special value "numa" that causes the CPU affinity masked to be set
+ based on the NUMA mask.
+
+ * systemd will now log about all left-over processes remaining in a
+ unit when the unit is stopped. It will now warn about services using
+ KillMode=none, as this is generally an unsafe thing to make use of.
+
+ * Two new unit file settings
+ ConditionPathIsEncrypted=/AssertPathIsEncrypted= have been
+ added. They may be used to check whether a specific file system path
+ resides on a block device that is encrypted on the block level
+ (i.e. using dm-crypt/LUKS).
+
+ * Another pair of new settings ConditionEnvironment=/AssertEnvironment=
+ has been added that may be used for simple environment checks. This
+ is particularly useful when passing in environment variables from a
+ container manager (or from PAM in case of the systemd --user
+ instance).
+
+ * .service unit files now accept a new setting CoredumpFilter= which
+ allows configuration of the memory sections coredumps of the
+ service's processes shall include.
+
+ * .mount units gained a new ReadWriteOnly= boolean option. If set
+ it will not be attempted to mount a file system read-only if mounting
+ in read-write mode doesn't succeed. An option x-systemd.rw-only is
+ available in /etc/fstab to control the same.
+
+ * .socket units gained a new boolean setting PassPacketInfo=. If
+ enabled, the kernel will attach additional per-packet metadata to all
+ packets read from the socket, as an ancillary message. This controls
+ the IP_PKTINFO, IPV6_RECVPKTINFO, NETLINK_PKTINFO socket options,
+ depending on socket type.
+
+ * .service units gained a new setting RootHash= which may be used to
+ specify the root hash for verity enabled disk images which are
+ specified in RootImage=. RootVerity= may be used to specify a path to
+ the Verity data matching a RootImage= file system. (The latter is
+ only useful for images that do not contain the Verity data embedded
+ into the same image that carries a GPT partition table following the
+ Discoverable Partition Specification). Similarly, systemd-nspawn
+ gained a new switch --verity-data= that takes a path to a file with
+ the verity data of the disk image supplied in --image=, if the image
+ doesn't contain the verity data itself.
+
+ * .service units gained a new setting RootHashSignature= which takes
+ either a base64 encoded PKCS#7 signature of the root hash specified
+ with RootHash=, or a path to a file to read the signature from. This
+ allows validation of the root hash against public keys available in
+ the kernel keyring, and is only supported on recent kernels
+ (>= 5.4)/libcryptsetup (>= 2.30). A similar switch has been added to
+ systemd-nspawn and systemd-dissect (--root-hash-sig=). Support for
+ this mechanism has also been added to systemd-veritysetup.
+
+ * .service unit files gained two new options
+ TimeoutStartFailureMode=/TimeoutStopFailureMode= that may be used to
+ tune behaviour if a start or stop timeout is hit, i.e. whether to
+ terminate the service with SIGTERM, SIGABRT or SIGKILL.
+
+ * Most options in systemd that accept hexadecimal values prefixed with
+ 0x in additional to the usual decimal notation now also support octal
+ notation when the 0o prefix is used and binary notation if the 0b
+ prefix is used.
+
+ * Unit files, tmpfiles.d/ snippets, sysusers.d/ snippets and other
+ configuration files that support specifier expansion learnt six new
+ specifiers: %a resolves to the current architecture, %o/%w/%B/%W
+ resolve to the various ID fields from /etc/os-release, %l resolves to
+ the "short" hostname of the system, i.e. the hostname configured in
+ the kernel truncated at the first dot.
+
+ * Support for the .include syntax in unit files has been removed. The
+ concept has been obsolete for 6 years and we started warning about
+ its pending removal 2 years ago (also see NEWS file below). It's
+ finally gone now.
+
+ * StandardError= and StandardOutput= in unit files no longer support
+ the "syslog" and "syslog-console" switches. They were long removed
+ from the documentation, but will now result in warnings when used,
+ and be converted to "journal" and "journal+console" automatically.
+
+ * If the service setting User= is set to the "nobody" user, a warning
+ message is now written to the logs (but the value is nonetheless
+ accepted). Setting User=nobody is unsafe, since the primary purpose
+ of the "nobody" user is to own all files whose owner cannot be mapped
+ locally. It's in particular used by the NFS subsystem and in user
+ namespacing. By running a service under this user's UID it might get
+ read and even write access to all these otherwise unmappable files,
+ which is quite likely a major security problem.
+
+ * A new kernel command line option systemd.hostname= has been added
+ that allows controlling the hostname that is initialized early during
+ boot.
+
+ * A kernel command line option "udev.blockdev_read_only" has been
+ added. If specified all hardware block devices that show up are
+ immediately marked as read-only by udev. This option is useful for
+ making sure that a specific boot under no circumstances modifies data
+ on disk. Use "blockdev --setrw" to undo the effect of this, per
+ device.
+
+ * A new boolean kernel command line option systemd.swap= has been
+ added, which may be used to turn off automatic activation of swap
+ devices listed in /etc/fstab.
+
+ * New kernel command line options systemd.condition-needs-update= and
+ systemd.condition-first-boot= have been added, which override the
+ result of the ConditionNeedsUpdate= and ConditionFirstBoot=
+ conditions.
+
+ * A new kernel command line option systemd.clock-usec= has been added
+ that allows setting the system clock to the specified time in µs
+ since Jan 1st, 1970 early during boot. This is in particular useful
+ in order to make test cases more reliable.
+
+ * The fs.suid_dumpable sysctl is set to 2 / "suidsafe". This allows
+ systemd-coredump to save core files for suid processes. When saving
+ the core file, systemd-coredump will use the effective uid and gid of
+ the process that faulted.
+
+ * The /sys/module/kernel/parameters/crash_kexec_post_notifiers file is
+ now automatically set to "Y" at boot, in order to enable pstore
+ generation for collection with systemd-pstore.
+
+ * A new 'hwdb' file has been added that collects information about PCI
+ and USB devices that correctly support auto-suspend, on top of the
+ databases for this we import from the ChromiumOS project. If you have
+ a device that supports auto-suspend correctly and where it should be
+ enabled by default, please submit a patch that adds it to the
+ database (see /usr/lib/udev/hwdb.d/60-autosuspend.hwdb).
+
+ * systemd-udevd gained the new configuration option timeout_signal= as well
+ as a corresponding kernel command line option udev.timeout_signal=.
+ The option can be used to configure the UNIX signal that the main
+ daemon sends to the worker processes on timeout. Setting the signal
+ to SIGABRT is useful for debugging.
+
+ * .link files managed by systemd-udevd gained options RxFlowControl=,
+ TxFlowControl=, AutoNegotiationFlowControl= in the [Link] section, in
+ order to configure various flow control parameters. They also gained
+ RxMiniBufferSize= and RxJumboBufferSize= in order to configure jumbo
+ frame ring buffer sizes.
+
+ * networkd.conf gained a new boolean setting ManageForeignRoutes=. If
+ enabled systemd-networkd manages all routes configured by other tools.
+
+ * .network files managed by systemd-networkd gained a new section
+ [SR-IOV], in order to configure SR-IOV capable network devices.
+
+ * systemd-networkd's [IPv6Prefix] section in .network files gained a
+ new boolean setting Assign=. If enabled an address from the prefix is
+ automatically assigned to the interface.
+
+ * systemd-networkd's [Network] section gained a new setting
+ IPv6PDSubnetId= that allows explicit configuration of the preferred
+ subnet that networkd's Prefix Delegation logic assigns to interfaces.
+
+ * systemd-networkd's [Network] section gained a new setting
+ IPv4AcceptLocal=. If enabled the interface accepts packets with local
+ source addresses.
+
+ * systemd-networkd gained support for configuring the HTB queuing
+ discipline in the [HierarchyTokenBucket] and
+ [HierarchyTokenBucketClass] sections. Similar the "pfifo" qdisc may
+ be configured in the [PFIFO] section, "GRED" in
+ [GenericRandomEarlyDetection], "SFB" in [StochasticFairBlue], "cake"
+ in [CAKE], "PIE" in [PIE], "DRR" in [DeficitRoundRobinScheduler] and
+ [DeficitRoundRobinSchedulerClass], "BFIFO" in [BFIFO],
+ "PFIFOHeadDrop" in [PFIFOHeadDrop], "PFIFOFast" in [PFIFOFast], "HHF"
+ in [HeavyHitterFilter], "ETS" in [EnhancedTransmissionSelection] and
+ "QFQ" in [QuickFairQueueing] and [QuickFairQueueingClass].
+
+ * systemd-networkd gained support for a new Termination= setting in the
+ [CAN] section for configuring the termination resistor. It also
+ gained a new ListenOnly= setting for controlling whether to only
+ listen on CAN interfaces, without interfering with traffic otherwise
+ (which is useful for debugging/monitoring CAN network
+ traffic). DataBitRate=, DataSamplePoint=, FDMode=, FDNonISO= have
+ been added to configure various CAN-FD aspects.
+
+ * systemd-networkd's [DHCPv6] section gained a new option WithoutRA=.
+ When enabled, DHCPv6 will be attempted right-away without requiring an
+ Router Advertisement packet suggesting it first (i.e. without the 'M'
+ or 'O' flags set). The [IPv6AcceptRA] section gained a boolean option
+ DHCPv6Client= that may be used to turn off the DHCPv6 client even if
+ the RA packets suggest it.
+
+ * systemd-networkd's [DHCPv4] section gained a new setting UseGateway=
+ which may be used to turn off use of the gateway information provided
+ by the DHCP lease. A new FallbackLeaseLifetimeSec= setting may be
+ used to configure how to process leases that lack a lifetime option.
+
+ * systemd-networkd's [DHCPv4] and [DHCPServer] sections gained a new
+ setting SendVendorOption= allowing configuration of additional vendor
+ options to send in the DHCP requests/responses. The [DHCPv6] section
+ gained a new SendOption= setting for sending arbitrary DHCP
+ options. RequestOptions= has been added to request arbitrary options
+ from the server. UserClass= has been added to set the DHCP user class
+ field.
+
+ * systemd-networkd's [DHCPServer] section gained a new set of options
+ EmitPOP3=/POP3=, EmitSMTP=/SMTP=, EmitLPR=/LPR= for including server
+ information about these three protocols in the DHCP lease. It also
+ gained support for including "MUD" URLs ("Manufacturer Usage
+ Description"). Support for "MUD" URLs was also added to the LLDP
+ stack, configurable in the [LLDP] section in .network files.
+
+ * The Mode= settings in [MACVLAN] and [MACVTAP] now support 'source'
+ mode. Also, the sections now support a new setting SourceMACAddress=.
+
+ * systemd-networkd's .netdev files now support a new setting
+ VLANProtocol= in the [Bridge] section that allows configuration of
+ the VLAN protocol to use.
+
+ * systemd-networkd supports a new Group= setting in the [Link] section
+ of the .network files, to control the link group.
+
+ * systemd-networkd's [Network] section gained a new
+ IPv6LinkLocalAddressGenerationMode= setting, which specifies how IPv6
+ link local address is generated.
+
+ * A new default .network file is now shipped that matches TUN/TAP
+ devices that begin with "vt-" in their name. Such interfaces will
+ have IP routing onto the host links set up automatically. This is
+ supposed to be used by VM managers to trivially acquire a network
+ interface which is fully set up for host communication, simply by
+ carefully picking an interface name to use.
+
+ * A new boolean option AssignAcquiredDelegatedPrefixAddress= has been
+ added to the [DHCPv6] section of .network files. If enabled (which is
+ the default) an address from any acquired delegated prefix is
+ automatically chosen and assigned to the interface.
+
+ * systemd-networkd's [DHCPv6] section gained a new setting RouteMetric=
+ which sets the route priority for routes specified by the DHCP server.
+
+ * systemd-networkd's [DHCPv6] section gained a new setting VendorClass=
+ which configures the vendor class information sent to DHCP server.
+
+ * The BlackList= settings in .network files' [DHCPv4] and
+ [IPv6AcceptRA] sections have been renamed DenyList=. The old names
+ are still understood to provide compatibility.
+
+ * networkctl gained the new "forcerenew" command for forcing all DHCP
+ server clients to renew their lease. The interface "status" output
+ will now show numerous additional fields of information about an
+ interface. There are new "up" and "down" commands to bring specific
+ interfaces up or down.
+
+ * systemd-resolved's DNS= configuration option now optionally accepts
+ DNS server addresses suffixed by "#" followed by a host name. If
+ used, the DNS-over-TLS certificate is validated to match the
+ specified hostname.
+
+ * systemd-resolved may be configured to forward single-label DNS names.
+ This is not standard-conformant, but may make sense in setups where
+ public DNS servers are not used.
+
+ * systemd-resolved's DNS-over-TLS support gained SNI validation.
+
+ * systemd-nspawn's --resolv-conf= switch gained a number of new
+ supported values. Specifically, options starting with "replace-" are
+ like those prefixed "copy-" but replace any existing resolv.conf
+ file. And options ending in "-uplink" and "-stub" can now be used to
+ propagate other flavours of resolv.conf into the container (as
+ defined by systemd-resolved).
+
+ * The various programs included in systemd can now optionally output
+ their log messages on stderr prefixed with a timestamp, controlled by
+ the $SYSTEMD_LOG_TIME environment variable.
+
+ * systemctl gained a new "-P" switch that is a shortcut for "--value
+ --property=…".
+
+ * "systemctl list-units" and "systemctl list-machines" no longer hide
+ their first output column with --no-legend. To hide the first column,
+ use --plain.
+
+ * "systemctl reboot" takes the option "--reboot-argument=".
+ The optional positional argument to "systemctl reboot" is now
+ being deprecated in favor of this option.
+
+ * systemd-run gained a new switch --slice-inherit. If specified the
+ unit it generates is placed in the same slice as the systemd-run
+ process itself.
+
+ * systemd-journald gained support for zstd compression of large fields
+ in journal files. The hash tables in journal files have been hardened
+ against hash collisions. This is an incompatible change and means
+ that journal files created with new systemd versions are not readable
+ with old versions. If the $SYSTEMD_JOURNAL_KEYED_HASH boolean
+ environment variable for systemd-journald.service is set to 0 this
+ new hardening functionality may be turned off, so that generated
+ journal files remain compatible with older journalctl
+ implementations.
+
+ * journalctl will now include a clickable link in the default output for
+ each log message for which an URL with further documentation is
+ known. This is only supported on terminal emulators that support
+ clickable hyperlinks, and is turned off if a pager is used (since
+ "less" still doesn't support hyperlinks,
+ unfortunately). Documentation URLs may be included in log messages
+ either by including a DOCUMENTATION= journal field in it, or by
+ associating a journal message catalog entry with the log message's
+ MESSAGE_ID, which then carries a "Documentation:" tag.
+
+ * journald.conf gained a new boolean setting Audit= that may be used to
+ control whether systemd-journald will enable audit during
+ initialization.
+
+ * when systemd-journald's log stream is broken up into multiple lines
+ because the PID of the sender changed this is indicated in the
+ generated log records via the _LINE_BREAK=pid-change field.
+
+ * journalctl's "-o cat" output mode will now show one or more journal
+ fields specified with --output-fields= instead of unconditionally
+ MESSAGE=. This is useful to retrieve a very specific set of fields
+ without any decoration.
+
+ * coredumpctl gained a new --file= switch, matching the same one in
+ journalctl: a specific journal file may be specified to read the
+ coredump data from.
+
+ * coredumps collected by systemd-coredump may now be compressed using
+ the zstd algorithm.
+
+ * systemd-binfmt gained a new switch --unregister for unregistering all
+ registered entries at once. This is now invoked automatically at
+ shutdown, so that binary formats registered with the "F" flag will
+ not block clean file system unmounting.
+
+ * systemd-notify's --pid= switch gained new values: "parent", "self",
+ "auto" for controlling which PID to send to the service manager: the
+ systemd-notify process' PID, or the one of the process invoking it.
+
+ * systemd-logind's Session bus object learnt a new method call
+ SetType() for temporarily updating the session type of an already
+ allocated session. This is useful for upgrading tty sessions to
+ graphical ones once a compositor is invoked.
+
+ * systemd-socket-proxy gained a new switch --exit-idle-time= for
+ configuring an exit-on-idle time.
+
+ * systemd-repart's --empty= setting gained a new value "create". If
+ specified a new empty regular disk image file is created under the
+ specified name. Its size may be specified with the new --size=
+ option. The latter is also supported without the "create" mode, in
+ order to grow existing disk image files to the specified size. These
+ two new options are useful when creating or manipulating disk images
+ instead of operating on actual block devices.
+
+ * systemd-repart drop-ins now support a new UUID= setting to control
+ the UUID to assign to a newly created partition.
+
+ * systemd-repart's SizeMin= per-partition parameter now defaults to 10M
+ instead of 0.
+
+ * systemd-repart's Label= setting now support the usual, simple
+ specifier expansion.
+
+ * systemd-homed's LUKS backend gained the ability to discard empty file
+ system blocks automatically when the user logs out. This is enabled
+ by default to ensure that home directories take minimal space when
+ logged out but get full size guarantees when logged in. This may be
+ controlled with the new --luks-offline-discard= switch to homectl.
+
+ * If systemd-homed detects that /home/ is encrypted as a whole it will
+ now default to the directory or subvolume backends instead of the
+ LUKS backend, in order to avoid double encryption. The default
+ storage and file system may now be configured explicitly, too, via
+ the new /etc/systemd/homed.conf configuration file.
+
+ * systemd-homed now supports unlocking home directories with FIDO2
+ security tokens that support the 'hmac-secret' extension, in addition
+ to the existing support for PKCS#11 security token unlocking
+ support. Note that many recent hardware security tokens support both
+ interfaces. The FIDO2 support is accessible via homectl's
+ --fido2-device= option.
+
+ * homectl's --pkcs11-uri= setting now accepts two special parameters:
+ if "auto" is specified and only one suitable PKCS#11 security token
+ is plugged in, its URL is automatically determined and enrolled for
+ unlocking the home directory. If "list" is specified a brief table of
+ suitable PKCS#11 security tokens is shown. Similar, the new
+ --fido2-device= option also supports these two special values, for
+ automatically selecting and listing suitable FIDO2 devices.
+
+ * The /etc/crypttab tmp option now optionally takes an argument
+ selecting the file system to use. Moreover, the default is now
+ changed from ext2 to ext4.
+
+ * There's a new /etc/crypttab option "keyfile-erase". If specified the
+ key file listed in the same line is removed after use, regardless if
+ volume activation was successful or not. This is useful if the key
+ file is only acquired transiently at runtime and shall be erased
+ before the system continues to boot.
+
+ * There's also a new /etc/crypttab option "try-empty-password". If
+ specified, before asking the user for a password it is attempted to
+ unlock the volume with an empty password. This is useful for
+ installing encrypted images whose password shall be set on first boot
+ instead of at installation time.
+
+ * systemd-cryptsetup will now attempt to load the keys to unlock
+ volumes with automatically from files in
+ /etc/cryptsetup-keys.d/<volume>.key and
+ /run/cryptsetup-keys.d/<volume>.key, if any of these files exist.
+
+ * systemd-cryptsetup may now activate Microsoft BitLocker volumes via
+ /etc/crypttab, during boot.
+
+ * logind.conf gained a new RuntimeDirectoryInodesMax= setting to
+ control the inode limit for the per-user $XDG_RUNTIME_DIR tmpfs
+ instance.
+
+ * A new generator systemd-xdg-autostart-generator has been added. It
+ generates systemd unit files from XDG autostart .desktop files, and
+ may be used to let the systemd user instance manage services that are
+ started automatically as part of the desktop session.
+
+ * "bootctl" gained a new verb "reboot-to-firmware" that may be used
+ to query and change the firmware's 'reboot into firmware' setup flag.
+
+ * systemd-firstboot gained a new switch --kernel-command-line= that may
+ be used to initialize the /etc/kernel/cmdline file of the image. It
+ also gained a new switch --root-password-hashed= which is like
+ --root-password= but accepts a pre-hashed UNIX password as
+ argument. The new option --delete-root-password may be used to unset
+ any password for the root user (dangerous!). A new --force option may
+ be used to override any already set settings with the parameters
+ specified on the command line (by default, the tool will not override
+ what has already been set before, i.e. is purely incremental).
+
+ * systemd-firstboot gained support for a new --image= switch, which is
+ similar to --root= but accepts the path to a disk image file, on
+ which it then operates.
+
+ * A new sd-path.h API has been added to libsystemd. It provides a
+ simple API for retrieving various search paths and primary
+ directories for various resources.
+
+ * A new call sd_notify_barrier() has been added to the sd-daemon.h
+ API. The call will block until all previously sent sd_notify()
+ messages have been processed by the service manager. This is useful
+ to remove races caused by a process already having disappeared at the
+ time a notification message is processed by the service manager,
+ making correct attribution impossible. The systemd-notify tool will
+ now make use of this call implicitly, but this can be turned off again
+ via the new --no-block switch.
+
+ * When sending a file descriptor (fd) to the service manager to keep
+ track of, using the sd_notify() mechanism, a new parameter FDPOLL=0
+ may be specified. If passed the service manager will refrain from
+ poll()ing on the file descriptor. Traditionally (and when the
+ parameter is not specified), the service manager will poll it for
+ POLLHUP or POLLERR events, and immediately close the fds in that
+ case.
+
+ * The service manager (PID1) gained a new D-Bus method call
+ SetShowStatus() which may be used to control whether it shall show
+ boot-time status output on the console. This method has a similar
+ effect to sending SIGRTMIN+20/SIGRTMIN+21 to PID 1.
+
+ * The sd-bus API gained a number of convenience functions that take
+ va_list arguments rather than "...". For example, there's now
+ sd_bus_call_methodv() to match sd_bus_call_method(). Those calls make
+ it easier to build wrappers that accept variadic arguments and want
+ to pass a ready va_list structure to sd-bus.
+
+ * sd-bus vtable entries can have a new SD_BUS_VTABLE_ABSOLUTE_OFFSET
+ flag which alters how the userdata pointer to pass to the callbacks
+ is determined. When the flag is set, the offset field is converted
+ as-is into a pointer, without adding it to the object pointer the
+ vtable is associated with.
+
+ * sd-bus now exposes four new functions:
+ sd_bus_interface_name_is_valid() + sd_bus_service_name_is_valid() +
+ sd_bus_member_name_is_valid() + sd_bus_object_path_is_valid() will
+ validate strings to check if they qualify as various D-Bus concepts.
+
+ * The sd-bus API gained the SD_BUS_METHOD_WITH_ARGS(),
+ SD_BUS_METHOD_WITH_ARGS_OFFSET() and SD_BUS_SIGNAL_WITH_ARGS() macros
+ that simplify adding argument names to D-Bus methods and signals.
+
+ * The man pages for the sd-bus and sd-hwdb APIs have been completed.
+
+ * Various D-Bus APIs of systemd daemons now have man pages that
+ document the methods, signals and properties.
+
+ * The expectations on user/group name syntax are now documented in
+ detail; documentation on how classic home directories may be
+ converted into home directories managed by homed has been added;
+ documentation regarding integration of homed/userdb functionality in
+ desktops has been added:
+
+ https://systemd.io/USER_NAMES
+ https://systemd.io/CONVERTING_TO_HOMED
+ https://systemd.io/USERDB_AND_DESKTOPS
+
+ * Documentation for the on-disk Journal file format has been updated
+ and has now moved to:
+
+ https://systemd.io/JOURNAL_FILE_FORMAT
+
+ * The interface for containers (https://systemd.io/CONTAINER_INTERFACE)
+ has been extended by a set of environment variables that expose
+ select fields from the host's os-release file to the container
+ payload. Similarly, host's os-release files can be mounted into the
+ container underneath /run/hosts. Together, those mechanisms provide a
+ standardized way to expose information about the host to the
+ container payload. Both interfaces are implemented in systemd-nspawn.
+
+ * All D-Bus services shipped in systemd now implement the generic
+ LogControl1 D-Bus API which allows clients to change log level +
+ target of the service during runtime.
+
+ Contributions from: 24bisquitz, Adam Nielsen, Alan Perry, Alexander
+ Malafeev, Alin Popa, Amos Bird, Andreas Rammhold, AndreRH, Andrew
+ Doran, Anita Zhang, Ankit Jain, antznin, Arnaud Ferraris, Arthur Moraes
+ do Lago, Arusekk, Balaji Punnuru, Balint Reczey, Bastien Nocera,
+ bemarek, Benjamin Berg, Benjamin Dahlhoff, Benjamin Robin, Chris Down,
+ Chris Kerr, Christian Göttsche, Christian Hesse, Christian Oder,
+ Ciprian Hacman, codicodi, Corey Hinshaw, Daan De Meyer, Dana Olson, Dan
+ Callaghan, Daniel Fullmer, Daniel Rusek, Dan Streetman, Dave Reisner,
+ David Edmundson, David Wood, Denis Pronin, Diego Escalante Urrelo,
+ Dimitri John Ledkov, dolphrundgren, duguxy, Einsler Lee, Elisei Roca,
+ Emmanuel Garette, Eric Anderson, Eric DeVolder, Evgeny Vereshchagin,
+ ExtinctFire, fangxiuning, Ferran Pallarès Roca, Filipe Brandenburger,
+ Finn, Florian Klink, Franck Bui, Frantisek Sumsal, Gaoyi, gaurav, Georg
+ Müller, Gergely Polonkai, Giedrius Statkevičius, Gigadoc2, gogogogi,
+ gzjsgdsb, Hans de Goede, Haochen Tong, ianhi, ignapk, Jakov Smolic,
+ James T. Lee, Jan Janssen, Jan Klötzke, Jan Palus, Jay Burger, Jeremy
+ Cline, Jérémy Rosen, Jian-Hong Pan, Jiri Slaby, Joel Shapiro, Joerg
+ Behrmann, Jörg Thalheim, Jouke Witteveen, Kai-Heng Feng, Kenny
+ Levinsen, Kevin Kuehler, Kumar Kartikeya Dwivedi, layderv, laydervus,
+ Lénaïc Huard, Lennart Poettering, Lidong Zhong, Luca Boccassi, Luca
+ BRUNO, Lucas Werkmeister, Lukas Klingsbo, Lukáš Nykrýn, Łukasz
+ Stelmach, Maciej S. Szmigiero, MadMcCrow, Marc-André Lureau, Marcel
+ Holtmann, Marc Kleine-Budde, Martin Hundebøll, Matthew Leeds, Matt
+ Ranostay, Maxim Fomin, MaxVerevkin, Michael Biebl, Michael Chapman,
+ Michael Gubbels, Michael Marley, Michał Bartoszkiewicz, Michal Koutný,
+ Michal Sekletar, Michal Sekletár, Mike Gilbert, Mike Kazantsev, ml,
+ Motiejus Jakštys, nabijaczleweli, nerdopolis, Niccolò Maggioni, Niklas
+ Hambüchen, Norbert Lange, Paul Cercueil, pelzvieh, Peter Hutterer,
+ Piero La Terza, Pieter Lexis, Piotr Drąg, Rafael Fontenelle, Richard
+ Petri, Ronan Pigott, Ross Lagerwall, Rubens Figueiredo, satmandu,
+ Sean-StarLabs, Sebastian Jennen, sterlinghughes, Susant Sahani, Thomas
+ Haller, Tobias Hunger, Tom, Tomáš Pospíšek, Tomer Shechner, Tom Hughes,
+ Topi Miettinen, Tudor Roman, Uwe Kleine-König, Valery0xff, Vito Caputo,
+ Vladimir Panteleev, Vladyslav Tronko, Wen Yang, Yegor Vialov, Yigal
+ Korman, YmrDtnJu, Yuri Chornoivan, Yu Watanabe, Zbigniew
+ Jędrzejewski-Szmek, Zhu Li, Дамјан Георгиевски, наб
+
+ – Warsaw, 2020-07-09
+
+CHANGES WITH 245:
+
+ * A new tool "systemd-repart" has been added, that operates as an
+ idempotent declarative repartitioner for GPT partition tables.
+ Specifically, a set of partitions that must or may exist can be
+ configured via drop-in files, and during every boot the partition
+ table on disk is compared with these files, creating missing
+ partitions or growing existing ones based on configurable relative
+ and absolute size constraints. The tool is strictly incremental,
+ i.e. does not delete, shrink or move partitions, but only adds and
+ grows them. The primary use-case is OS images that ship in minimized
+ form, that on first boot are grown to the size of the underlying
+ block device or augmented with additional partitions. For example,
+ the root partition could be extended to cover the whole disk, or a
+ swap or /home partitions could be added on first boot. It can also be
+ used for systems that use an A/B update scheme but ship images with
+ just the A partition, with B added on first boot. The tool is
+ primarily intended to be run in the initrd, shortly before
+ transitioning into the host OS, but can also be run after the
+ transition took place. It automatically discovers the disk backing
+ the root file system, and should hence not require any additional
+ configuration besides the partition definition drop-ins. If no
+ configuration drop-ins are present, no action is taken.
+
+ * A new component "userdb" has been added, along with a small daemon
+ "systemd-userdb.service" and a client tool "userdbctl". The framework
+ allows defining rich user and group records in a JSON format,
+ extending on the classic "struct passwd" and "struct group"
+ structures. Various components in systemd have been updated to
+ process records in this format, including systemd-logind and
+ pam-systemd. The user records are intended to be extensible, and
+ allow setting various resource management, security and runtime
+ parameters that shall be applied to processes and sessions of the
+ user as they log in. This facility is intended to allow associating
+ such metadata directly with user/group records so that they can be
+ produced, extended and consumed in unified form. We hope that
+ eventually frameworks such as sssd will generate records this way, so
+ that for the first time resource management and various other
+ per-user settings can be configured in LDAP directories and then
+ provided to systemd (specifically to systemd-logind and pam-system)
+ to apply on login. For further details see:
+
+ https://systemd.io/USER_RECORD
+ https://systemd.io/GROUP_RECORD
+ https://systemd.io/USER_GROUP_API
+
+ * A small new service systemd-homed.service has been added, that may be
+ used to securely manage home directories with built-in encryption.
+ The complete user record data is unified with the home directory,
+ thus making home directories naturally migratable. Its primary
+ back-end is based on LUKS volumes, but fscrypt, plain directories,
+ and other storage schemes are also supported. This solves a couple of
+ problems we saw with traditional ways to manage home directories, in
+ particular when it comes to encryption. For further discussion of
+ this, see the video of Lennart's talk at AllSystemsGo! 2019:
+
+ https://media.ccc.de/v/ASG2019-164-reinventing-home-directories
+
+ For further details about the format and expectations on home
+ directories this new daemon makes, see:
+
+ https://systemd.io/HOME_DIRECTORY
+
+ * systemd-journald is now multi-instantiable. In addition to the main
+ instance systemd-journald.service there's now a template unit
+ systemd-journald@.service, with each instance defining a new named
+ log 'namespace' (whose name is specified via the instance part of the
+ unit name). A new unit file setting LogNamespace= has been added,
+ taking such a namespace name, that assigns services to the specified
+ log namespaces. As each log namespace is serviced by its own
+ independent journal daemon, this functionality may be used to improve
+ performance and increase isolation of applications, at the price of
+ losing global message ordering. Each instance of journald has a
+ separate set of configuration files, with possibly different disk
+ usage limitations and other settings.
+
+ journalctl now takes a new option --namespace= to show logs from a
+ specific log namespace. The sd-journal.h API gained
+ sd_journal_open_namespace() for opening the log stream of a specific
+ log namespace. systemd-journald also gained the ability to exit on
+ idle, which is useful in the context of log namespaces, as this means
+ log daemons for log namespaces can be activated automatically on
+ demand and will stop automatically when no longer used, minimizing
+ resource usage.
+
+ * When systemd-tmpfiles copies a file tree using the 'C' line type it
+ will now label every copied file according to the SELinux database.
+
+ * When systemd/PID 1 detects it is used in the initrd it will now boot
+ into initrd.target rather than default.target by default. This should
+ make it simpler to build initrds with systemd as for many cases the
+ only difference between a host OS image and an initrd image now is
+ the presence of the /etc/initrd-release file.
+
+ * A new kernel command line option systemd.cpu_affinity= is now
+ understood. It's equivalent to the CPUAffinity= option in
+ /etc/systemd/system.conf and allows setting the CPU mask for PID 1
+ itself and the default for all other processes.
+
+ * When systemd/PID 1 is reloaded (with systemctl daemon-reload or
+ equivalent), the SELinux database is now reloaded, ensuring that
+ sockets and other file system objects are generated taking the new
+ database into account.
+
+ * systemd/PID 1 accepts a new "systemd.show-status=error" setting, and
+ "quiet" has been changed to imply that instead of
+ "systemd.show-status=auto". In this mode, only messages about errors
+ and significant delays in boot are shown on the console.
+
+ * The sd-event.h API gained native support for the new Linux "pidfd"
+ concept. This permits watching processes using file descriptors
+ instead of PID numbers, which fixes a number of races and makes
+ process supervision more robust and efficient. All of systemd's
+ components will now use pidfds if the kernel supports it for process
+ watching, with the exception of PID 1 itself, unfortunately. We hope
+ to move PID 1 to exclusively using pidfds too eventually, but this
+ requires some more kernel work first. (Background: PID 1 watches
+ processes using waitid() with the P_ALL flag, and that does not play
+ together nicely with pidfds yet.)
+
+ * Closely related to this, the sd-event.h API gained two new calls
+ sd_event_source_send_child_signal() (for sending a signal to a
+ watched process) and sd_event_source_get_child_process_own() (for
+ marking a process so that it is killed automatically whenever the
+ event source watching it is freed).
+
+ * systemd-networkd gained support for configuring Token Bucket Filter
+ (TBF) parameters in its qdisc configuration support. Similarly,
+ support for Stochastic Fairness Queuing (SFQ), Controlled-Delay
+ Active Queue Management (CoDel), and Fair Queue (FQ) has been added.
+
+ * systemd-networkd gained support for Intermediate Functional Block
+ (IFB) network devices.
+
+ * systemd-networkd gained support for configuring multi-path IP routes,
+ using the new MultiPathRoute= setting in the [Route] section.
+
+ * systemd-networkd's DHCPv4 client has been updated to support a new
+ SendDecline= option. If enabled, duplicate address detection is done
+ after a DHCP offer is received from the server. If a conflict is
+ detected, the address is declined. The DHCPv4 client also gained
+ support for a new RouteMTUBytes= setting that allows to configure the
+ MTU size to be used for routes generated from DHCPv4 leases.
+
+ * The PrefixRoute= setting in systemd-networkd's [Address] section of
+ .network files has been deprecated, and replaced by AddPrefixRoute=,
+ with its sense inverted.
+
+ * The Gateway= setting of [Route] sections of .network files gained
+ support for a special new value "_dhcp". If set, the configured
+ static route uses the gateway host configured via DHCP.
+
+ * New User= and SuppressPrefixLength= settings have been implemented
+ for the [RoutingPolicyRule] section of .network files to configure
+ source routing based on UID ranges and prefix length, respectively.
+
+ * sd-bus gained a new API call sd_bus_message_sensitive() that marks a
+ D-Bus message object as "sensitive". Those objects are erased from
+ memory when they are freed. This concept is intended to be used for
+ messages that contain security sensitive data. A new flag
+ SD_BUS_VTABLE_SENSITIVE has been introduced as well to mark methods
+ in sd-bus vtables, causing any incoming and outgoing messages of
+ those methods to be implicitly marked as "sensitive".
+
+ * sd-bus gained a new API call sd_bus_message_dump() for dumping the
+ contents of a message (or parts thereof) to standard output for
+ debugging purposes.
+
+ * systemd-sysusers gained support for creating users with the primary
+ group named differently than the user.
+
+ * systemd-growfs (i.e. the x-systemd.growfs mount option in /etc/fstab)
+ gained support for growing XFS partitions. Previously it supported
+ only ext4 and btrfs partitions.
+
+ * The support for /etc/crypttab gained a new x-initrd.attach option. If
+ set, the specified encrypted volume is unlocked already in the
+ initrd. This concept corresponds to the x-initrd.mount option in
+ /etc/fstab.
+
+ * systemd-cryptsetup gained native support for unlocking encrypted
+ volumes utilizing PKCS#11 smartcards, i.e. for example to bind
+ encryption of volumes to YubiKeys. This is exposed in the new
+ pkcs11-uri= option in /etc/crypttab.
+
+ * The /etc/fstab support in systemd now supports two new mount options
+ x-systemd.{required,wanted}-by=, for explicitly configuring the units
+ that the specified mount shall be pulled in by, in place of
+ the usual local-fs.target/remote-fs.target.
+
+ * The https://systemd.io/ web site has been relaunched, directly
+ populated with most of the documentation included in the systemd
+ repository. systemd also acquired a new logo, thanks to Tobias
+ Bernard.
+
+ * systemd-udevd gained support for managing "alternative" network
+ interface names, as supported by new Linux kernels. For the first
+ time this permits assigning multiple (and longer!) names to a network
+ interface. systemd-udevd will now by default assign the names
+ generated via all supported naming schemes to each interface. This
+ may be further tweaked with .link files and the AlternativeName= and
+ AlternativeNamesPolicy= settings. Other components of systemd have
+ been updated to support the new alternative names wherever
+ appropriate. For example, systemd-nspawn will now generate
+ alternative interface names for the host-facing side of container
+ veth links based on the full container name without truncation.
+
+ * systemd-nspawn interface naming logic has been updated in another way
+ too: if the main interface name (i.e. as opposed to new-style
+ "alternative" names) based on the container name is truncated, a
+ simple hashing scheme is used to give different interface names to
+ multiple containers whose names all begin with the same prefix. Since
+ this changes the primary interface names pointing to containers if
+ truncation happens, the old scheme may still be requested by
+ selecting an older naming scheme, via the net.naming-scheme= kernel
+ command line option.
+
+ * PrivateUsers= in service files now works in services run by the
+ systemd --user per-user instance of the service manager.
+
+ * A new per-service sandboxing option ProtectClock= has been added that
+ locks down write access to the system clock. It takes away device
+ node access to /dev/rtc as well as the system calls that set the
+ system clock and the CAP_SYS_TIME and CAP_WAKE_ALARM capabilities.
+ Note that this option does not affect access to auxiliary services
+ that allow changing the clock, for example access to
+ systemd-timedated.
+
+ * The systemd-id128 tool gained a new "show" verb for listing or
+ resolving a number of well-known UUIDs/128bit IDs, currently mostly
+ GPT partition table types.
+
+ * The Discoverable Partitions Specification has been updated to support
+ /var and /var/tmp partition discovery. Support for this has been
+ added to systemd-gpt-auto-generator. For details see:
+
+ https://systemd.io/DISCOVERABLE_PARTITIONS
+
+ * "systemctl list-unit-files" has been updated to show a new column
+ with the suggested enablement state based on the vendor preset files
+ for the respective units.
+
+ * "systemctl" gained a new option "--with-dependencies". If specified
+ commands such as "systemctl status" or "systemctl cat" will now show
+ all specified units along with all units they depend on.
+
+ * networkctl gained support for showing per-interface logs in its
+ "status" output.
+
+ * systemd-networkd-wait-online gained support for specifying the maximum
+ operational state to wait for, and to wait for interfaces to
+ disappear.
+
+ * The [Match] section of .link and .network files now supports a new
+ option PermanentMACAddress= which may be used to check against the
+ permanent MAC address of a network device even if a randomized MAC
+ address is used.
+
+ * The [TrafficControlQueueingDiscipline] section in .network files has
+ been renamed to [NetworkEmulator] with the "NetworkEmulator" prefix
+ dropped from the individual setting names.
+
+ * Any .link and .network files that have an empty [Match] section (this
+ also includes empty and commented-out files) will now be
+ rejected. systemd-udev and systemd-networkd started warning about
+ such files in version 243.
+
+ * systemd-logind will now validate access to the operation of changing
+ the virtual terminal via a polkit action. By default, only users
+ with at least one session on a local VT are granted permission.
+
+ * When systemd sets up PAM sessions that invoked service processes
+ shall run in, the pam_setcred() API is now invoked, thus permitting
+ PAM modules to set additional credentials for the processes.
+
+ * portablectl attach/detach verbs now accept --now and --enable options
+ to combine attachment with enablement and invocation, or detachment
+ with stopping and disablement.
+
+ * UPGRADE ISSUE: a bug where some jobs were trimmed as redundant was
+ fixed, which in turn exposed bugs in unit configuration of services
+ which have Type=oneshot and should only run once, but do not have
+ RemainAfterExit=yes set. Without RemainAfterExit=yes, a one-shot
+ service may be started again after exiting successfully, for example
+ as a dependency in another transaction. Affected services included
+ some internal systemd services (most notably
+ systemd-vconsole-setup.service, which was updated to have
+ RemainAfterExit=yes), and plymouth-start.service. Please ensure that
+ plymouth has been suitably updated or patched before upgrading to
+ this systemd release. See
+ https://bugzilla.redhat.com/show_bug.cgi?id=1807771 for some
+ additional discussion.
+
+ Contributions from: AJ Bagwell, Alin Popa, Andreas Rammhold, Anita
+ Zhang, Ansgar Burchardt, Antonio Russo, Arian van Putten, Ashley Davis,
+ Balint Reczey, Bart Willems, Bastien Nocera, Benjamin Dahlhoff, Charles
+ (Chas) Williams, cheese1, Chris Down, Chris Murphy, Christian Ehrhardt,
+ Christian Göttsche, cvoinf, Daan De Meyer, Daniele Medri, Daniel Rusek,
+ Daniel Shahaf, Dann Frazier, Dan Streetman, Dariusz Gadomski, David
+ Michael, Dimitri John Ledkov, Emmanuel Bourg, Evgeny Vereshchagin,
+ ezst036, Felipe Sateler, Filipe Brandenburger, Florian Klink, Franck
+ Bui, Fran Dieguez, Frantisek Sumsal, Greg "GothAck" Miell, Guilhem
+ Lettron, Guillaume Douézan-Grard, Hans de Goede, HATAYAMA Daisuke, Iain
+ Lane, James Buren, Jan Alexander Steffens (heftig), Jérémy Rosen, Jin
+ Park, Jun'ichi Nomura, Kai Krakow, Kevin Kuehler, Kevin P. Fleming,
+ Lennart Poettering, Leonid Bloch, Leonid Evdokimov, lothrond, Luca
+ Boccassi, Lukas K, Lynn Kirby, Mario Limonciello, Mark Deneen, Matthew
+ Leeds, Michael Biebl, Michal Koutný, Michal Sekletár, Mike Auty, Mike
+ Gilbert, mtron, nabijaczleweli, Naïm Favier, Nate Jones, Norbert Lange,
+ Oliver Giles, Paul Davey, Paul Menzel, Peter Hutterer, Piotr Drąg, Rafa
+ Couto, Raphael, rhn, Robert Scheck, Rocka, Romain Naour, Ryan Attard,
+ Sascha Dewald, Shengjing Zhu, Slava Kardakov, Spencer Michaels, Sylvain
+ Plantefeve, Stanislav Angelovič, Susant Sahani, Thomas Haller, Thomas
+ Schmitt, Timo Schlüßler, Timo Wilken, Tobias Bernard, Tobias Klauser,
+ Tobias Stoeckmann, Topi Miettinen, tsia, WataruMatsuoka, Wieland
+ Hoffmann, Wilhelm Schuster, Will Fleming, xduugu, Yong Cong Sin, Yuri
+ Chornoivan, Yu Watanabe, Zach Smith, Zbigniew Jędrzejewski-Szmek, Zeyu
+ DONG
+
+ – Warsaw, 2020-03-06
+
CHANGES WITH 244:
* Support for the cpuset cgroups v2 controller has been added.
of the PAM session, for example for time-limited logins.
* A new @pkey system call group is now defined to make it easier to
- whitelist memory protection syscalls for containers and services
+ allow-list memory protection syscalls for containers and services
which need to use them.
* systemd-udevd: removed the 30s timeout for killing stale workers on
* udev now provides a program (fido_id) that identifies FIDO CTAP1
("U2F")/CTAP2 security tokens based on the usage declared in their
report and descriptor and outputs suitable environment variables.
- This replaces the externally maintained whitelists of all known
+ This replaces the externally maintained allow lists of all known
security tokens that were used previously.
- * Automatically generated autosuspend udev rules for whitelisted
+ * Automatically generated autosuspend udev rules for allow-listed
devices have been imported from the Chromium OS project. This should
improve power saving with many more devices.
configuration time using the -Dservice-watchdog= setting. If set to
empty, the watchdogs will be disabled.
- * systemd-resolved validates IP addresses in certificates now when GnuTLS
- is being used.
+ * systemd-resolved validates IP addresses in certificates now when GnuTLS
+ is being used.
* libcryptsetup >= 2.0.1 is now required.
the IO accounting data is included in the resource log message
generated whenever a unit stops.
- * Units may now configure an explicit time-out to wait for when killed
+ * Units may now configure an explicit timeout to wait for when killed
with SIGABRT, for example when a service watchdog is hit. Previously,
- the regular TimeoutStopSec= time-out was applied in this case too —
- now a separate time-out may be set using TimeoutAbortSec=.
+ the regular TimeoutStopSec= timeout was applied in this case too —
+ now a separate timeout may be set using TimeoutAbortSec=.
* Services may now send a special WATCHDOG=trigger message with
sd_notify() to trigger an immediate "watchdog missed" event, and thus
* If processes terminated during the last phase of shutdown do not exit
quickly systemd will now show their names after a short time, to make
- debugging easier. After a longer time-out they are forcibly killed,
+ debugging easier. After a longer timeout they are forcibly killed,
as before.
* journalctl (and the other tools that display logs) will now highlight
* systemd-networkd's DHCPv4 support now understands a new MaxAttempts=
option for configuring the maximum number of DHCP lease requests. It
- also learnt a new BlackList= option for blacklisting DHCP servers (a
+ also learnt a new BlackList= option for deny-listing DHCP servers (a
similar setting has also been added to the IPv6 RA client), as well
as a SendRelease= option for configuring whether to send a DHCP
RELEASE message when terminating.
* systemd-networkd's TUN support gained a new setting VnetHeader= for
tweaking Generic Segment Offload support.
+ * The address family for policy rules may be specified using the new
+ Family= option in the [RoutingPolicyRule] section.
+
* networkctl gained a new "delete" command for removing virtual network
devices, as well as a new "--stats" switch for showing device
statistics.
space if there are multiple devices with the highest priority.
* /etc/crypttab support has learnt a new keyfile-timeout= per-device
- option that permits selecting the timout how long to wait for a
+ option that permits selecting the timeout how long to wait for a
device with an encryption key before asking for the password.
* IOWeight= has learnt to properly set the IO weight when using the
Contributions from: Aaron Barany, Adrian Bunk, Alan Jenkins, Albrecht
Lohofener, Andrej Valek, Anita Zhang, Arian van Putten, Balint Reczey,
Bastien Nocera, Ben Boeckel, Benjamin Robin, camoz, Chen Qi, Chris
- Chiu, Chris Down, Christian Kellner, Clinton Roy, Connor Reeder, Daniel
- Black, Daniele Medri, Dan Streetman, Dave Reisner, Dave Ross, David
- Art, David Tardon, Debarshi Ray, Dimitri John Ledkov, Dominick Grift,
- Donald Buczek, Douglas Christman, Eric DeVolder, EtherGraf, Evgeny
- Vereshchagin, Feldwor, Felix Riemann, Florian Dollinger, Francesco
- Pennica, Franck Bui, Frantisek Sumsal, Franz Pletz, frederik, Hans
- de Goede, Iago López Galeiras, Insun Pyo, Ivan Shapovalov, Iwan Timmer,
- Jack, Jakob Unterwurzacher, Jan Chren, Jan Klötzke, Jan Losinski, Jan
- Pokorný, Jan Synacek, Jan-Michael Brummer, Jeka Pats, Jeremy Soller,
- Jérémy Rosen, Jiri Pirko, Joe Lin, Joerg Behrmann, Joe Richey, Jóhann
- B. Guðmundsson, Johannes Christ, Johannes Schmitz, Jonathan Rouleau,
- Jorge Niedbalski, Kai Krakow, Kai Lüke, Karel Zak, Kashyap Chamarthy,
+ Chiu, Chris Down, Christian Göttsche, Christian Kellner, Clinton Roy,
+ Connor Reeder, Daniel Black, Daniel Lublin, Daniele Medri, Dan
+ Streetman, Dave Reisner, Dave Ross, David Art, David Tardon, Debarshi
+ Ray, Dimitri John Ledkov, Dominick Grift, Donald Buczek, Douglas
+ Christman, Eric DeVolder, EtherGraf, Evgeny Vereshchagin, Feldwor,
+ Felix Riemann, Florian Dollinger, Francesco Pennica, Franck Bui,
+ Frantisek Sumsal, Franz Pletz, frederik, Hans de Goede, Iago López
+ Galeiras, Insun Pyo, Ivan Shapovalov, Iwan Timmer, Jack, Jakob
+ Unterwurzacher, Jan Chren, Jan Klötzke, Jan Losinski, Jan Pokorný, Jan
+ Synacek, Jan-Michael Brummer, Jeka Pats, Jeremy Soller, Jérémy Rosen,
+ Jiri Pirko, Joe Lin, Joerg Behrmann, Joe Richey, Jóhann B. Guðmundsson,
+ Johannes Christ, Johannes Schmitz, Jonathan Rouleau, Jorge Niedbalski,
+ Jörg Thalheim, Kai Krakow, Kai Lüke, Karel Zak, Kashyap Chamarthy,
Krayushkin Konstantin, Lennart Poettering, Lubomir Rintel, Luca
Boccassi, Luís Ferreira, Marc-André Lureau, Markus Felten, Martin Pitt,
Matthew Leeds, Mattias Jernberg, Michael Biebl, Michael Olbrich,
Michael Prokop, Michael Stapelberg, Michael Zhivich, Michal Koutný,
Michal Sekletar, Mike Gilbert, Milan Broz, Miroslav Lichvar, mpe85,
Mr-Foo, Network Silence, Oliver Harley, pan93412, Paul Menzel, pEJipE,
- Peter A. Bigot, Philip Withnall, Piotr Drąg, Rafael Fontenelle, Roberto
- Santalla, Ronan Pigott, root, RussianNeuroMancer, Sebastian Jennen,
- shinygold, Shreyas Behera, Simon Schricker, Susant Sahani, Thadeu Lima
- de Souza Cascardo, Theo Ouzhinski, Thiebaud Weksteen, Thomas Haller,
- Thomas Weißschuh, Tomas Mraz, Tommi Rantala, Topi Miettinen, VD-Lycos,
- ven, Wieland Hoffmann, William A. Kennington III, William Wold, Xi
- Ruoyao, Yuri Chornoivan, Yu Watanabe, Zach Smith, Zbigniew
- Jędrzejewski-Szmek, Zhang Xianwei
+ Peter A. Bigot, Philip Withnall, Piotr Drąg, Rafael Fontenelle, Robert
+ Scheck, Roberto Santalla, Ronan Pigott, root, RussianNeuroMancer,
+ Sebastian Jennen, shinygold, Shreyas Behera, Simon Schricker, Susant
+ Sahani, Thadeu Lima de Souza Cascardo, Theo Ouzhinski, Thiebaud
+ Weksteen, Thomas Haller, Thomas Weißschuh, Tomas Mraz, Tommi Rantala,
+ Topi Miettinen, VD-Lycos, ven, Vladimir Yerilov, Wieland Hoffmann,
+ William A. Kennington III, William Wold, Xi Ruoyao, Yuri Chornoivan,
+ Yu Watanabe, Zach Smith, Zbigniew Jędrzejewski-Szmek, Zhang Xianwei
– Camerino, 2019-09-03
any relevant symlinks both in /run and /etc.
* Note that all long-running system services shipped with systemd will
- now default to a system call whitelist (rather than a blacklist, as
+ now default to a system call allow list (rather than a deny list, as
before). In particular, systemd-udevd will now enforce one too. For
most cases this should be safe, however downstream distributions
which disabled sandboxing of systemd-udevd (specifically the
MountFlags= setting), might want to disable this security feature
- too, as the default whitelisting will prohibit all mount, swap,
+ too, as the default allow-listing will prohibit all mount, swap,
reboot and clock changing operations from udev rules.
* sd-boot acquired new loader configuration settings to optionally turn
lookup is likely to trigger nss-ldap which in turn might use NSS to
ask systemd-resolved for hostname lookups. This will hence result in
a deadlock: a user name lookup in order to start
- systemd-resolved.service will result in a host name lookup for which
+ systemd-resolved.service will result in a hostname lookup for which
systemd-resolved.service needs to be started already. There are
multiple ways to work around this problem: pre-allocate the
"systemd-resolve" user on such systems, so that nss-ldap won't be
A/AAAA resource record for the "_gateway" hostname, pointing to the
current default IP gateway. Previously it did that for the "gateway"
name, hampering adoption, as some distributions wanted to leave that
- host name open for local use. The old behaviour may still be
+ hostname open for local use. The old behaviour may still be
requested at build time.
* systemd-networkd's [Address] section in .network files gained a new
* systemd-nspawn gained support for a new --system-call-filter= command
line option for adding and removing entries in the default system
call filter it applies. Moreover systemd-nspawn has been changed to
- implement a system call whitelist instead of a blacklist.
+ implement a system call allow list instead of a deny list.
* systemd-run gained support for a new --pipe command line option. If
used the STDIN/STDOUT/STDERR file descriptors passed to systemd-run
that is removed when the container dies. Specifically, if the source
directory is specified as empty string this mechanism is selected. An
example usage is --overlay=+/var::/var, which creates an overlay
- mount based on the original /var contained in the image, overlayed
+ mount based on the original /var contained in the image, overlaid
with a temporary directory in the host's /var/tmp. This way changes
to /var are automatically flushed when the container shuts down.
again don't consider turning this on in your stable, LTS or
production release just yet. (Note that you have to enable
nss-resolve in /etc/nsswitch.conf, to actually use systemd-resolved
- and its DNSSEC mode for host name resolution from local
+ and its DNSSEC mode for hostname resolution from local
applications.)
* systemd-resolve conveniently resolves DANE records with the --tlsa
fsck's progress report to an AF_UNIX socket in the file
system.
- * udev will no longer create device symlinks for all block
- devices by default. A blacklist for excluding special block
- devices from this logic has been turned into a whitelist
- that requires picking block devices explicitly that require
- device symlinks.
+ * udev will no longer create device symlinks for all block devices by
+ default. A deny list for excluding special block devices from this
+ logic has been turned into a allow list that requires picking block
+ devices explicitly that require device symlinks.
* A new (currently still internal) API sd-device.h has been
added to libsystemd. This modernized API is supposed to
for a unit, as declared in the (usually vendor-supplied)
system preset files.
- * nss-myhostname will now resolve the single-label host name
+ * nss-myhostname will now resolve the single-label hostname
"gateway" to the locally configured default IP routing
gateways, ordered by their metrics. This assigns a stable
name to the used gateways, regardless which ones are
currently configured. Note that the name will only be
resolved after all other name sources (if nss-myhostname is
configured properly) and should hence not negatively impact
- systems that use the single-label host name "gateway" in
+ systems that use the single-label hostname "gateway" in
other contexts.
* systemd-inhibit now allows filtering by mode when listing
* Calendar time specifications in .timer units now also
understand the strings "semi-annually", "quarterly" and
"minutely" as shortcuts (in addition to the preexisting
- "anually", "hourly", ...).
+ "annually", "hourly", ...).
* systemd-tmpfiles will now correctly create files in /dev
at boot which are marked for creation only at boot. It is
* A new fsck.repair= kernel option has been added to control
how fsck shall deal with unclean file systems at boot.
- * The (.ini) configuration file parser will now silently
- ignore sections whose name begins with "X-". This may be
- used to maintain application-specific extension sections in unit
- files.
+ * The (.ini) configuration file parser will now silently ignore
+ sections whose names begin with "X-". This may be used to maintain
+ application-specific extension sections in unit files.
* machined gained a new API to query the IP addresses of
registered containers. "machinectl status" has been updated
reported by uname()'s "machine" field.
* systemd-networkd now supports matching on the system
- virtualization, architecture, kernel command line, host name
+ virtualization, architecture, kernel command line, hostname
and machine ID.
* logind is now a lot more aggressive when suspending the
Wikipedia. We explicitly document which base applies for
each configuration option.
- * The DeviceAllow= setting in unit files now supports a syntax
- to whitelist an entire group of devices node majors at once,
- based on the /proc/devices listing. For example, with the
- string "char-pts", it is now possible to whitelist all
- current and future pseudo-TTYs at once.
+ * The DeviceAllow= setting in unit files now supports a syntax to
+ allow-list an entire group of devices node majors at once, based on
+ the /proc/devices listing. For example, with the string "char-pts",
+ it is now possible to allow-list all current and future pseudo-TTYs
+ at once.
* sd-event learned a new "post" event source. Event sources of
this type are triggered by the dispatching of any event
example, a line that creates /run/nologin).
* A new API "sd-resolve.h" has been added which provides a simple
- asynchronous wrapper around glibc NSS host name resolution
+ asynchronous wrapper around glibc NSS hostname resolution
calls, such as getaddrinfo(). In contrast to glibc's
getaddrinfo_a(), it does not use signals. In contrast to most
other asynchronous name resolution libraries, this one does
not reimplement DNS, but reuses NSS, so that alternate
- host name resolution systems continue to work, such as mDNS,
+ hostname resolution systems continue to work, such as mDNS,
LDAP, etc. This API is based on libasyncns, but it has been
cleaned up for inclusion in systemd.
when he over-mounts a non-empty directory.
* There are new specifiers that are resolved in unit files,
- for the host name (%H), the machine ID (%m) and the boot ID
+ for the hostname (%H), the machine ID (%m) and the boot ID
(%b).
Contributions from: Allin Cottrell, Auke Kok, Brandon Philips,
* journalctl gained the new "--header" switch to introspect
header data of journal files.
- * A new setting SystemCallFilters= has been added to services
- which may be used to apply blacklists or whitelists to
- system calls. This is based on SECCOMP Mode 2 of Linux 3.5.
+ * A new setting SystemCallFilters= has been added to services which may
+ be used to apply deny lists or allow lists to system calls. This is
+ based on SECCOMP Mode 2 of Linux 3.5.
* nspawn gained a new --link-journal= switch (and quicker: -j)
to link the container journal with the host. This makes it
projects / thirdparty / systemd.git / blobdiff