CHANGES WITH 243 in spe:
- * Enable unprivileged programs, neither setuid nor having file
- capabilities, to send ICMP Echo requests by turning on the
- net.ipv4.ping_group_range parameter of the Linux kernel for all
- groups. If this is not desirable, then it can be disabled by setting
- the parameter to "1 0".
+ * This release enables unprivileged programs (i.e. requiring neither
+ setuid nor file capabilities) to send ICMP Echo (i.e. ping) requests
+ by turning on the "net.ipv4.ping_group_range" sysctl of the Linux
+ kernel for the whole UNIX group range, i.e. all processes. This
+ change should be reasonably safe, as the kernel support for it was
+ specifically implemented to allow safe access to ICMP Echo for
+ processes lacking any privileges. If this is not desirable, it can be
+ disabled again by setting the parameter to "1 0".
* Previously, filters defined with SystemCallFilter= would have the
- effect that an calling an offending system call would terminate the
- calling thread. This behaviour never made much sense, since killing
- individual threads of unsuspecting processes is likely to create more
- problems than it solves. With this release the default action changed
- from killing the thread to killing the whole process. For this to
- work correctly both a kernel version (>= 4.14) and a libseccomp
- version (>= 2.4.0) supporting this new seccomp action is required. If
- an older kernel or libseccomp is used the old behaviour continues to
- be used. This change does not affect any services that have no system
- call filters defined, or that use SystemCallErrorNumber= (and thus
- see EPERM or another error instead of being killed when calling an
- offending system call). Note that systemd documentation always
- claimed that the whole process is killed. With this change behaviour
- is thus adjusted to match the documentation.
+ effect that any calling of an offending system call would terminate
+ the calling thread. This behaviour never made much sense, since
+ killing individual threads of unsuspecting processes is likely to
+ create more problems than it solves. With this release the default
+ action changed from killing the thread to killing the whole
+ process. For this to work correctly both a kernel version (>= 4.14)
+ and a libseccomp version (>= 2.4.0) supporting this new seccomp
+ action is required. If an older kernel or libseccomp is used the old
+ behaviour continues to be used. This change does not affect any
+ services that have no system call filters defined, or that use
+ SystemCallErrorNumber= (and thus see EPERM or another error instead
+ of being killed when calling an offending system call). Note that
+ systemd documentation always claimed that the whole process is
+ killed. With this change behaviour is thus adjusted to match the
+ documentation.
* The "kernel.pid_max" sysctl is now bumped to 4194304 by default,
i.e. the full 22bit range the kernel allows, up from the old 16bit
* Man pages are not built by default anymore (html pages were already
disabled by default), to make development builds quicker. When
building systemd for a full installation with documentation, meson
- should be called -Dman=true and/or -Dhtml=true as appropriate. The
- default was changed based on the assumption that quick one-off or
- repeated development builds are much more common than full optimized
- builds for installation, and people need to pass various other
- options to when doing "proper" builds anyway, so the gain from making
- development builds quicker is bigger than the one time disruption for
- packagers.
+ should be called with -Dman=true and/or -Dhtml=true as
+ appropriate. The default was changed based on the assumption that
+ quick one-off or repeated development builds are much more common
+ than full optimized builds for installation, and people need to pass
+ various other options to when doing "proper" builds anyway, so the
+ gain from making development builds quicker is bigger than the one
+ time disruption for packagers.
Two scripts are created in the *build* directory to generate and
preview man and html pages on demand, e.g.:
interfaces should really be matched.
* A new setting NUMAPolicy= may be used to set process memory
- allocation policy. Setting can be specified in system.conf and hence
- will set the default policy for PID1. Default policy can be
- overridden on per-service basis. Related setting NUMAMask= is used to
- specify NUMA node mask that should be associated with the selected
- policy.
+ allocation policy. This setting can be specified in
+ /etc/systemd/system.conf and hence will set the default policy for
+ PID1. The default policy can be overridden on a per-service
+ basis. The related setting NUMAMask= is used to specify NUMA node
+ mask that should be associated with the selected policy.
* PID 1 will now listen to Out-Of-Memory (OOM) events the kernel
generates when processes it manages are reaching their memory limits,
the IO accounting data is included in the resource log message
generated whenever a unit stops.
- * units may now configure an explicit time-out to apply to when killed
+ * Units may now configure an explicit time-out to wait for when killed
with SIGABRT, for example when a service watchdog is hit. Previously,
the regular TimeoutStopSec= time-out was applied in this case too —
now a separate time-out may be set using TimeoutAbortSec=.
only a boolean option was allowed (yes/no), having yes as the
default. If this option is set to 'no-negative', negative answers
are skipped from being cached while keeping the same cache heuristics
- for positive answers. The default remains as "yes" (i. e. caching is
+ for positive answers. The default remains as "yes" (i.e. caching is
enabled).
* The predictable naming scheme for network devices now supports
associated with (AssociatedWith=).
* systemd-networkd's DHCPv4 support now understands a new MaxAttempts=
- option for configuring the maximum number of attempts to request a
- DHCP lease. It also learnt a new BlackList= option for blacklisting
- DHCP servers (a similar setting has also been added to the IPv6 RA
- client), as well as a SendRelease= option for configuring whether to
- send a DHCP RELEASE message when terminating.
+ option for configuring the maximum number of DHCP lease requests. It
+ also learnt a new BlackList= option for blacklisting DHCP servers (a
+ similar setting has also been added to the IPv6 RA client), as well
+ as a SendRelease= option for configuring whether to send a DHCP
+ RELEASE message when terminating.
* systemd-networkd's DHCPv4 and DHCPv6 stacks can now be configured
separately in the [DHCPv4] and [DHCPv6] sections.
* systemd-networkd's bridging support gained two new options ProxyARP=
and ProxyARPWifi= for configuring proxy ARP behaviour as well as
- MulticastRouter= for configuring multicast routing behaviour.
+ MulticastRouter= for configuring multicast routing behaviour. A new
+ option MulticastIGMPVersion= may be used to change bridge's multicast
+ Internet Group Management Protocol (IGMP) version.
* systemd-networkd's FooOverUDP support gained the ability to configure
local and peer IP addresses via Local= and Peer=. A new option
devices, as well as a new "--stats" switch for showing device
statistics.
+ * networkd.conf gained a new setting SpeedMeter= and
+ SpeedMeterIntervalSec=, to measure bitrate of network interfaces. The
+ measured speed may be shown by 'networkctl status'.
+
* systemd-networkd's .network and .link files gained a new Property=
setting in the [Match] section, to match against devices with
specific udev properties.
the StatusUnitFormat= setting in /etc/systemd/system.conf or the
kernel command line option systemd.status_unit_format=.
+ * PID 1 now understands a new option KExecWatchdogSec= in
+ /etc/systemd/system.conf. It allows configuration of a watchdog
+ timeout to write to a hardware watchdog device on kexec-based
+ reboots. Previously this functionality was only available for regular
+ reboots. This option defaults to off, since it depends on drivers and
+ software setup whether the watchdog is correctly reset again after
+ the kexec completed, and thus for the general case not clear if safe
+ (since it might cause unwanted watchdog reboots after the kexec
+ completed otherwise). Moreover, the old ShutdownWatchdogSec= setting
+ has been renamed to RebootWatchdogSec= to more clearly communicate
+ what it is about. The old name of the setting is still accepted for
+ compatibility.
+
* The systemd.debug_shell kernel command line option now optionally
takes a tty name to spawn the debug shell on, which allows selecting
a different tty than the built-in default.
(for exit code 255 or cases of abnormal termination).
* A new service systemd-pstore.service has been added that pulls data
- from from /sys/fs/pstore/ and saves it to /var/lib/pstore for later
+ from /sys/fs/pstore/ and saves it to /var/lib/pstore for later
review.
* timedatectl gained new verbs for configuring per-interface NTP
service configuration for systemd-timesyncd.
* "localectl list-locales" won't list non-UTF-8 locales anymore. It's
- 2019. (You can set non-UTF-8 locales though, if you know there name.)
+ 2019. (You can set non-UTF-8 locales though, if you know their name.)
+
+ * If variable assignments in sysctl.d/ files are prefixed with "-" any
+ failures to apply them are now ignored.
+
+ * systemd-random-seed.service now optionally credits entropy when
+ applying the seed to the system. Set $SYSTEMD_RANDOM_SEED_CREDIT to
+ true for the service to enable this behaviour, but please consult the
+ documentation first, since this comes with a couple of caveats.
+
+ * systemd-random-seed.service is now a synchronization point for the
+ point in time where the kernel's entropy pool is fully
+ initialized. Order services that require /dev/urandom to be correctly
+ initialized after this service.
+
+ * The systemd-boot boot loader has been updated to optionally maintain
+ a random seed file in the EFI System Partition (ESP). During the boot
+ phase, this random seed is read and updated with a new seed
+ crytographically derived from it. Another derived seed is passed to
+ the OS. The latter seed is then credited to the kernel's entropy pool
+ very early during userspace initialization (from PID 1). This allows
+ systems to boot up with a fully initialized kernel entropy pool from
+ earliest boot on, and thus entirely removes all entropy pool
+ initialization delays from systems using systemd-boot. Special care
+ is taken to ensure different seeds are derived on system images
+ replicated to multiple systems.
+
+ * bootctl gained a new verb "is-installed" that checks whether
+ systemd-boot is currently installed.
+
+ * A new document has been added describing systemd's use and support
+ for the kernel's entropy pool subsystem:
+
+ https://systemd.io/RANDOM_SEEDS
Contributions from: Aaron Barany, Adrian Bunk, Alan Jenkins, Andrej
- Valek, Anita Zhang, Arian van Putten, Balint Reczey, Ben Boeckel,
- Benjamin Robin, camoz, Chen Qi, Chris Chiu, Chris Down, Connor Reeder,
- Daniele Medri, Dan Streetman, Dave Reisner, Dave Ross, David Art, David
- Tardon, Dominick Grift, Donald Buczek, Douglas Christman, Eric
- DeVolder, Evgeny Vereshchagin, Feldwor, Felix Riemann, Florian
- Dollinger, Franck Bui, Frantisek Sumsal, Franz Pletz, Hans de Goede,
+ Valek, Anita Zhang, Arian van Putten, Balint Reczey, Bastien Nocera,
+ Ben Boeckel, Benjamin Robin, camoz, Chen Qi, Chris Chiu, Chris Down,
+ Christian Kellner, Clinton Roy, Connor Reeder, Daniele Medri, Dan
+ Streetman, Dave Reisner, Dave Ross, David Art, David Tardon, Debarshi
+ Ray, Dominick Grift, Donald Buczek, Douglas Christman, Eric DeVolder,
+ Evgeny Vereshchagin, Feldwor, Felix Riemann, Florian Dollinger, Franck
+ Bui, Frantisek Sumsal, Franz Pletz, Hans de Goede, Iago López Galeiras,
Insun Pyo, Ivan Shapovalov, Iwan Timmer, Jack, Jakob Unterwurzacher,
Jan Klötzke, Jan Pokorný, Jan Synacek, Jeka Pats, Jérémy Rosen, Jiri
Pirko, Joe Lin, Joerg Behrmann, Joe Richey, Jóhann B. Guðmundsson,
Lubomir Rintel, Luca Boccassi, Luís Ferreira, Marc-André Lureau, Markus
Felten, Martin Pitt, Michael Biebl, Michael Olbrich, Michael Prokop,
Michael Stapelberg, Michael Zhivich, Michal Koutný, Michal Sekletar,
- Mike Gilbert, Milan Broz, mpe85, Oliver Harley, pan93412, Paul Menzel,
- pEJipE, Peter A. Bigot, Philip Withnall, Piotr Drąg, Rafael Fontenelle,
- Roberto Santalla, root, RussianNeuroMancer, Sebastian Jennen, Simon
- Schricker, Susant Sahani, Thadeu Lima de Souza Cascardo, Theo
- Ouzhinski, Thomas Weißschuh, Tomas Mraz, Topi Miettinen, ven, Wieland
- Hoffmann, Xi Ruoyao, Yuri Chornoivan, Yu Watanabe, Zach Smith, Zbigniew
+ Mike Gilbert, Milan Broz, mpe85, Network Silence, Oliver Harley,
+ pan93412, Paul Menzel, pEJipE, Peter A. Bigot, Philip Withnall, Piotr
+ Drąg, Rafael Fontenelle, Roberto Santalla, root, RussianNeuroMancer,
+ Sebastian Jennen, Shreyas Behera, Simon Schricker, Susant Sahani,
+ Thadeu Lima de Souza Cascardo, Theo Ouzhinski, Thomas Haller, Thomas
+ Weißschuh, Tomas Mraz, Topi Miettinen, ven, Wieland Hoffmann, Xi
+ Ruoyao, Yuri Chornoivan, Yu Watanabe, Zach Smith, Zbigniew
Jędrzejewski-Szmek, Zhang Xianwei
– Somewhere, SOME-TI-ME
projects / thirdparty / systemd.git / blobdiff