systemd System and Service Manager
-CHANGES WITH 240 in spe:
+CHANGES WITH 241 in spe:
+
+ * The default locale can now be configured at compile time. Otherwise,
+ a suitable default will be selected automatically (one of C.UTF-8,
+ en_US.UTF-8, and C).
+
+ * The version string shown by systemd and other tools now includes the
+ git commit hash when built from git. An override may be specified
+ during compilation, which is intended to be used by distributions to
+ include the package release information.
+
+ * systemd-cat can now filter standard input and standard error streams
+ for different syslog priorities using the new --stderr-priority=
+ option.
+
+ * systemd-journald and systemd-journal-remote reject entries which
+ contain too many fields (CVE-2018-16865) and set limits on the
+ process' command line length (CVE-2018-16864).
+
+ * $DBUS_SESSION_BUS_ADDRESS environment variable is set by pam_systemd
+ again.
+
+ * A new network device NamePolicy "keep" is implemented for link files,
+ and used by default in 99-default.link (the fallback configuration
+ provided by systemd). With this policy, if the network device name
+ was already set by userspace, the device will not be renamed again.
+ This matches the naming scheme that was implemented before
+ systemd-240. If naming-scheme < 240 is specified, the "keep" policy
+ is also enabled by default, even if not specified. Effectively, this
+ means that if naming-scheme >= 240 is specified, network devices will
+ be renamed according to the configuration, even if they have been
+ renamed already, if "keep" is not specified as the naming policy in
+ the .link file. The 99-default.link file provided by systemd includes
+ "keep" for backwards compatibility, but it is recommended for user
+ installed .link files to *not* include it.
+
+ The "kernel" policy, which keeps kernel names declared to be
+ "persistent", now works again as documented.
+
+ * kernel-install script now optionally takes the paths to one or more
+ initrd files, and passes them to all plugins.
+
+ * The mincore() system call has been dropped from the @system-service
+ system call filter group, as it is pretty exotic and may potentially
+ used for side-channel attacks.
+
+ * -fPIE is dropped from compiler and linker options. Please specify
+ -Db_pie=true option to meson to build position-independent
+ executables. Note that the meson option is supported since meson-0.49.
+
+ * The fs.protected_regular and fs.protected_fifos sysctls, which were
+ added in Linux 4.19 to make some data spoofing attacks harder, are
+ now enabled by default. While this will hopefully improve the
+ security of most installations, it is technically a backwards
+ incompatible change; to disable these sysctls again, place the
+ following lines in /etc/sysctl.d/60-protected.conf or a similar file:
+
+ fs.protected_regular = 0
+ fs.protected_fifos = 0
+
+ Note that the similar hardlink and symlink protection has been
+ enabled since v199, and may be disabled likewise.
+
+ * The files read from the EnvironmentFile= setting in unit files now
+ parse backslashes inside quotes literally, matching the behaviour of
+ POSIX shells.
+
+ * udevadm trigger, udevadm control, udevadm settle and udevadm monitor
+ now automatically become NOPs when run in a chroot() environment.
+
+ * The tmpfiles.d/ "C" line type will now copy directory trees not only
+ when the destination is so far missing, but also if it already exists
+ as a directory and is empty. This is useful to cater for systems
+ where directory trees are put together from multiple separate mount
+ points but otherwise empty.
+
+ * A new function sd_bus_close_unref() (and the associated
+ sd_bus_close_unrefp()) has been added to libsystemd, that combines
+ sd_bus_close() and sd_bus_unref() in one.
+
+ * udevadm control learnt a new option for --ping for testing whether a
+ systemd-udevd instance is running and reacting.
+
+ Contributions from: Aaron Plattner, Alex Mayer, Ayman Bagabas,
+ Beniamino Galvani, bl33pbl0p, Burt P, Chris Down, Chris Lamb, Chris
+ Morin, Claudius Ellsel, dana, Daniel Axtens, Daniele Medri, Dave
+ Reisner, dcanuhe, Dimitri John Ledkov, Evgeny Vereshchagin, Fabrice
+ Fontaine, Filipe Brandenburger, Franck Bui, Frantisek Sumsal, howl,
+ ikelos, James Hilliard, Jani Uusitalo, Jan Janssen, Jonathan Roemer,
+ Jonathon Kowalski, Joost Heitbrink, Jörg Thalheim, Lennart Poettering,
+ Louis Taylor, Lucas Werkmeister, Marc-Antoine Perennou, marvelousblack,
+ Michael Biebl, Michael Sloan, Michal Sekletar, Mike Auty, Mike Gilbert,
+ Mikhail Kasimov, Niklas Hambüchen, Patrick Williams, Paul Seyfert,
+ Philip Withnall, rogerjames99, Ronnie P. Thomas, Ryan Gonzalez, Sam
+ Morris, Susant Sahani, Taro Yamada, Thomas Haller, Topi Miettinen,
+ YunQiang Su, Yu Watanabe, Zbigniew Jędrzejewski-Szmek, zsergeant77
+
+ — Berlin, 2018-XX-XX
+
+CHANGES WITH 240:
+
+ * NoNewPrivileges=yes has been set for all long-running services
+ implemented by systemd. Previously, this was problematic due to
+ SELinux (as this would also prohibit the transition from PID1's label
+ to the service's label). This restriction has since been lifted, but
+ an SELinux policy update is required.
+ (See e.g. https://github.com/fedora-selinux/selinux-policy/pull/234.)
+
+ * DynamicUser=yes is dropped from systemd-networkd.service,
+ systemd-resolved.service and systemd-timesyncd.service, which was
+ enabled in v239 for systemd-networkd.service and systemd-resolved.service,
+ and since v236 for systemd-timesyncd.service. The users and groups
+ systemd-network, systemd-resolve and systemd-timesync are created
+ by systemd-sysusers again. Distributors or system administrators
+ may need to create these users and groups if they not exist (or need
+ to re-enable DynamicUser= for those units) while upgrading systemd.
+ Also, the clock file for systemd-timesyncd may need to move from
+ /var/lib/private/systemd/timesync/clock to /var/lib/systemd/timesync/clock.
+
+ * When unit files are loaded from disk, previously systemd would
+ sometimes (depending on the unit loading order) load units from the
+ target path of symlinks in .wants/ or .requires/ directories of other
+ units. This meant that unit could be loaded from different paths
+ depending on whether the unit was requested explicitly or as a
+ dependency of another unit, not honouring the priority of directories
+ in search path. It also meant that it was possible to successfully
+ load and start units which are not found in the unit search path, as
+ long as they were requested as a dependency and linked to from
+ .wants/ or .requires/. The target paths of those symlinks are not
+ used for loading units anymore and the unit file must be found in
+ the search path.
* A new service type has been added: Type=exec. It's very similar to
- Type=simple and ensures the service manager will wait for both fork()
+ Type=simple but ensures the service manager will wait for both fork()
and execve() of the main service binary to complete before proceeding
with follow-up units. This is primarily useful so that the manager
propagates any errors in the preparation phase of service execution
back to the job that requested the unit to be started. For example,
consider a service that has ExecStart= set to a file system binary
- that doesn't exist. With Type=simple starting the unit would
- typically succeed instantly, as only fork() has to complete
- successfully and execve() is not waited for, and hence its failure is
- seen "too late". With the new Type=exec service type starting the
- unit will fail, as the execve() will be waited for and will fail,
- which is then propagated back to the start job.
+ that doesn't exist. With Type=simple starting the unit would be
+ considered instantly successful, as only fork() has to complete
+ successfully and the manager does not wait for execve(), and hence
+ its failure is seen "too late". With the new Type=exec service type
+ starting the unit will fail, as the manager will wait for the
+ execve() and notice its failure, which is then propagated back to the
+ start job.
NOTE: with the next release 241 of systemd we intend to change the
systemd-run tool to default to Type=exec for transient services
kernels and allocating large numbers of them should be much cheaper
both in memory and in performance than it used to be. Programs that
want to take benefit of the increased limit have to "opt-in" into
- high file descriptors explicitly by setting their soft limit to the
- hard limit during initialization. Of course, when doing that they
- must do this acknowledging the fact that they cannot use select()
- anymore (and neither can any shared library they use — or any shared
- library used by any shared library they use and so on). Which default
- hard limit is most appropriate is of course hard to decide. However,
- given reports that ~300K file descriptors are used in real-life
- applications we believe 512K is sufficiently high as new default for
- now. Note that there are also reports that using very high hard
- limits (e.g. 1G) is problematic: some software allocates large arrays
- with one element for each potential file descriptor (Java, …) — a
- high hard limit thus triggers excessively large memory allocations in
- these applications. Hopefully, the new default of 512K is a good
- middle ground: higher than what real-life applications currently
- need, and low enough for not triggering excessively large allocations
- in problematic software. (And yes, somebody should fix Java, to not
- require such excessive allocations.)
+ high file descriptors explicitly by raising their soft limit. Of
+ course, when they do that they must acknowledge that they cannot use
+ select() anymore (and neither can any shared library they use — or
+ any shared library used by any shared library they use and so on).
+ Which default hard limit is most appropriate is of course hard to
+ decide. However, given reports that ~300K file descriptors are used
+ in real-life applications we believe 512K is sufficiently high as new
+ default for now. Note that there are also reports that using very
+ high hard limits (e.g. 1G) is problematic: some software allocates
+ large arrays with one element for each potential file descriptor
+ (Java, …) — a high hard limit thus triggers excessively large memory
+ allocations in these applications. Hopefully, the new default of 512K
+ is a good middle ground: higher than what real-life applications
+ currently need, and low enough for avoid triggering excessively large
+ allocations in problematic software. (And yes, somebody should fix
+ Java.)
* The fs.nr_open and fs.file-max sysctls are now automatically bumped
to the highest possible values, as separate accounting of file
file descriptors currently enforced (fs.file-max, fs.nr_open,
RLIMIT_NOFILE hard, RLIMIT_NOFILE soft) we turn off the first two,
and keep only the latter two. A set of build-time options
- (-Dbump-proc-sys-fs-file-max=no and -Dbump-proc-sys-fs-nr-open=no)
+ (-Dbump-proc-sys-fs-file-max=false and -Dbump-proc-sys-fs-nr-open=false)
has been added to revert this change in behaviour, which might be
an option for systems that turn off memcg in the kernel.
* Support for disabling a particular cgroup controller within a sub-tree
has been added through the DisableControllers= directive.
+ * cgroup_no_v1=all on the kernel command line now also implies
+ using the unified cgroup hierarchy, unless one explicitly passes
+ systemd.unified_cgroup_hierarchy=0 on the kernel command line.
+
* The new "MemoryMin=" unit file property may now be used to set the
memory usage protection limit of processes invoked by the unit. This
- controls the cgroupsv2 memory.min attribute. Similar, the new
+ controls the cgroup v2 memory.min attribute. Similarly, the new
"IODeviceLatencyTargetSec=" property has been added, wrapping the new
- cgroupsv2 io.latency cgroup property for configuring per-service I/O
+ cgroup v2 io.latency cgroup property for configuring per-service I/O
latency.
- * systemd now supports the cgroupsv2 devices BPF logic, as counterpart
- to the cgroupsv1 "devices" cgroup controller.
+ * systemd now supports the cgroup v2 devices BPF logic, as counterpart
+ to the cgroup v1 "devices" cgroup controller.
* systemd-escape now is able to combine --unescape with --template. It
also learnt a new option --instance for extracting and unescaping the
* sd-bus now provides the sd_bus_message_readv() which is similar to
sd_bus_message_read() but takes a va_list object. The pair
sd_bus_set_method_call_timeout() and sd_bus_get_method_call_timeout()
- have been added for configuring the default method call timeout to
+ has been added for configuring the default method call timeout to
use. sd_bus_error_move() may be used to efficiently move the contents
from one sd_bus_error structure to another, invalidating the
source. sd_bus_set_close_on_exit() and sd_bus_get_close_on_exit() may
* The signal to use as last step of killing of unit processes is now
configurable. Previously it was hard-coded to SIGKILL, which may now
be overridden with the new KillSignal= setting. Note that this is the
- signal used when regular termination (i.e. SIGTERM) does
- suffice. Similar, the signal used when aborting a program in case of
- a watchdog timeout may now be configured too (WatchdogSignal=).
+ signal used when regular termination (i.e. SIGTERM) does not suffice.
+ Similarly, the signal used when aborting a program in case of a
+ watchdog timeout may now be configured too (WatchdogSignal=).
* The XDG_SESSION_DESKTOP environment variable may now be configured in
the pam_systemd argument line, using the new desktop= switch. This is
useful to initialize it properly from a display manager without
having to touch C code.
- * Most configuration options that previously accepted percentage
- values now also understand permille values, if the '‰' suffix is
- used (instead of '%').
-
- * systemd-logind will offer hibernation only if the currently used
- kernel image is still available on disk.
+ * Most configuration options that previously accepted percentage values
+ now also accept permille values with the '‰' suffix (instead of '%').
* systemd-resolved may now optionally use OpenSSL instead of GnuTLS for
DNS-over-TLS.
* networkd gained support for Foo-Over-UDP, ERSPAN and ISATAP
tunnels. It also gained a new option ForceDHCPv6PDOtherInformation=
for forcing the "Other Information" bit in IPv6 RA messages. The
- bonding logic gained three new options AdActorSystemPriority=,
+ bonding logic gained four new options AdActorSystemPriority=,
AdUserPortKey=, AdActorSystem= for configuring various 802.3ad
- aspects. The tunnel logic gained a new IPv6RapidDeploymentPrefix=
- option for configuring IPv6 Rapid Deployment. The policy rule logic
- gained four new options IPProtocol=, SourcePort= and
- DestinationPort=, InvertRule=. The bridge logic gained support for
- the MulticastToUnicast= option. networkd also gained support for
- configuring static IPv4 ARP or IPv6 neighbor entries.
+ aspects, and DynamicTransmitLoadBalancing= for enabling dynamic
+ shuffling of flows. The tunnel logic gained a new
+ IPv6RapidDeploymentPrefix= option for configuring IPv6 Rapid
+ Deployment. The policy rule logic gained four new options IPProtocol=,
+ SourcePort= and DestinationPort=, InvertRule=. The bridge logic gained
+ support for the MulticastToUnicast= option. networkd also gained
+ support for configuring static IPv4 ARP or IPv6 neighbor entries.
* .preset files (as read by 'systemctl preset') may now be used to
instantiate services.
the sector size for an encrypted partition.
* Key material for encrypted disks may now be placed on a formatted
- medium, and reference from /etc/crypttab by the UUID of the file
- system, followed by "=" suffixed by the paths to the key file.
+ medium, and referenced from /etc/crypttab by the UUID of the file
+ system, followed by "=" suffixed by the path to the key file.
* The "collect" udev component has been removed without replacement, as
- it is not used nor maintained.
+ it is neither used nor maintained.
* When the RuntimeDirectory=, StateDirectory=, CacheDirectory=,
LogsDirectory=, ConfigurationDirectory= settings are used in a
service the executed processes will now receive a set of environment
- variables pointing it to the full, absolute paths of these
- directories. Specifically, RUNTIME_DIRECTORY=, STATE_DIRECTORY,
- CACHE_DIRECTORY, LOGS_DIRECTORY, CONFIGURATION_DIRECTORY are now set
- if these options are used. Note that these options may be used
- multiple times per service in which case the resulting paths will be
- concatenated and separated by colons.
+ variables containing the full paths of these directories.
+ Specifically, RUNTIME_DIRECTORY=, STATE_DIRECTORY, CACHE_DIRECTORY,
+ LOGS_DIRECTORY, CONFIGURATION_DIRECTORY are now set if these options
+ are used. Note that these options may be used multiple times per
+ service in which case the resulting paths will be concatenated and
+ separated by colons.
* Predictable interface naming has been extended to cover InfiniBand
NICs. They will be exposed with an "ib" prefix.
* The systemd-sleep.conf configuration file gained new options
AllowSuspend=, AllowHibernation=, AllowSuspendThenHibernate=,
AllowHybridSleep= for prohibiting specific sleep modes even if the
- system supports it.
+ kernel exports them.
* portablectl is now officially supported and has thus moved to
/usr/bin/.
stopped/restarted on each iteration, but can be reused between
subsequent options. This setting defaults to 10s. systemd-logind also
exports two new properties on its Manager D-Bus objects indicating
- whether the system's lid is currently closed, and on AC power.
+ whether the system's lid is currently closed, and whether the system
+ is on AC power.
* systemd gained support for a generic boot counting logic, which
generically permits automatic reverting to older boot loader entries
object itself.
* Unit objects on D-Bus gained a new "Refs" property that lists all
- clients that currently have a reference on the unit, thus ensuring it
- is not unloaded.
+ clients that currently have a reference on the unit (to ensure it is
+ not unloaded).
* The JoinControllers= option in system.conf is no longer supported, as
it didn't work correctly, is hard to support properly, is legacy (as
- the concept only exists on cgroupsv1) and not used.
+ the concept only exists on cgroup v1) and apparently wasn't used.
* Journal messages that are generated whenever a unit enters the failed
- state are now recognizable with a unique MESSAGE_ID. Similar,
- messages generated whenever a service process exits are now made
- recognizable, too. A new recognizable is also added now whenever a
- unit enters the "dead" state, on success.
+ state are now tagged with a unique MESSAGE_ID. Similarly, messages
+ generated whenever a service process exits are now made recognizable,
+ too. A taged message is also emitted whenever a unit enters the
+ "dead" state on success.
* systemd-run gained a new switch --working-directory= for configuring
the working directory of the service to start. A shortcut -d is
current working directory of the invoking program. The new --shell
(or just -S) option has been added for invoking the $SHELL of the
caller as a service, and implies --pty --same-dir --wait --collect
- --service-type=exec. Or in other words, "systemd-run -S" is not the
+ --service-type=exec. Or in other words, "systemd-run -S" is now the
quickest way to quickly get an interactive in a fully clean and
well-defined system service context.
and single top-level directory found with the OS itself below the OS
tree is automatically mangled and moved one level up.
- * systemd-importd will no longer set up an implicit btrfs loop-back file
- system on /var/lib/machines but use it if it is already set up.
+ * systemd-importd will no longer set up an implicit btrfs loop-back
+ file system on /var/lib/machines. If one is already set up, it will
+ continue to be used.
* A new generator "systemd-run-generator" has been added. It will
synthesize a unit from one or more program command lines included in
# systemd-nspawn -i someimage.raw -b systemd.run='"some command line"'
This will run "systemd-nspawn" on an image, invoke the specified
- command line and immediately shut down the container again,
- propagating the command line's exit code.
+ command line and immediately shut down the container again, returning
+ the command line's exit code.
- * The block device locking logic has been documented now:
+ * The block device locking logic is now documented:
https://systemd.io/BLOCK_DEVICE_LOCKING
name as argument.
* systemd-udevd's network naming logic now understands a new
- net.naming-scheme= kernel command line switch, which may be use to
+ net.naming-scheme= kernel command line switch, which may be used to
pick a specific version of the naming scheme. This helps stabilizing
interface names even as systemd/udev are updated and the naming logic
is improved.
+ * sd-id128.h learnt two new auxiliary helpers: sd_id128_is_allf() and
+ SD_ID128_ALLF to test if a 128bit ID is set to all 0xFF bytes, and to
+ initialize one to all 0xFF.
+
+ * After loading the SELinux policy systemd will now recursively relabel
+ all files and directories listed in
+ /run/systemd/relabel-extra.d/*.relabel (which should be simple
+ newline separated lists of paths) in addition to the ones it already
+ implicitly relabels in /run, /dev and /sys. After the relabelling is
+ completed the *.relabel files (and /run/systemd/relabel-extra.d/) are
+ removed. This is useful to permit initrds (i.e. code running before
+ the SELinux policy is in effect) to generate files in the host
+ filesystem safely and ensure that the correct label is applied during
+ the transition to the host OS.
+
+ * KERNEL API BREAKAGE: Linux kernel 4.18 changed behaviour regarding
+ mknod() handling in user namespaces. Previously mknod() would always
+ fail with EPERM in user namespaces. Since 4.18 mknod() will succeed
+ but device nodes generated that way cannot be opened, and attempts to
+ open them result in EPERM. This breaks the "graceful fallback" logic
+ in systemd's PrivateDevices= sand-boxing option. This option is
+ implemented defensively, so that when systemd detects it runs in a
+ restricted environment (such as a user namespace, or an environment
+ where mknod() is blocked through seccomp or absence of CAP_SYS_MKNOD)
+ where device nodes cannot be created the effect of PrivateDevices= is
+ bypassed (following the logic that 2nd-level sand-boxing is not
+ essential if the system systemd runs in is itself already sand-boxed
+ as a whole). This logic breaks with 4.18 in container managers where
+ user namespacing is used: suddenly PrivateDevices= succeeds setting
+ up a private /dev/ file system containing devices nodes — but when
+ these are opened they don't work.
+
+ At this point is is recommended that container managers utilizing
+ user namespaces that intend to run systemd in the payload explicitly
+ block mknod() with seccomp or similar, so that the graceful fallback
+ logic works again.
+
+ We are very sorry for the breakage and the requirement to change
+ container configurations for newer kernels. It's purely caused by an
+ incompatible kernel change. The relevant kernel developers have been
+ notified about this userspace breakage quickly, but they chose to
+ ignore it.
+
+ * PermissionsStartOnly= setting is deprecated (but is still supported
+ for backwards compatibility). The same functionality is provided by
+ the more flexible "+", "!", and "!!" prefixes to ExecStart= and other
+ commands.
+
+ * $DBUS_SESSION_BUS_ADDRESS environment variable is not set by
+ pam_systemd anymore.
+
+ * The naming scheme for network devices was changed to always rename
+ devices, even if they were already renamed by userspace. The "kernel"
+ policy was changed to only apply as a fallback, if no other naming
+ policy took effect.
+
+ * The requirements to build systemd is bumped to meson-0.46 and
+ python-3.5.
+
Contributions from: afg, Alan Jenkins, Aleksei Timofeyev, Alexander
Filippov, Alexander Kurtz, Alexey Bogdanenko, Andreas Henriksson,
Andrew Jorgensen, Anita Zhang, apnix-uk, Arkan49, Arseny Maslennikov,
asavah, Asbjørn Apeland, aszlig, Bastien Nocera, Ben Boeckel, Benedikt
- Morbach, Benjamin Berg, Carlo Caione, Cedric Viou, Chen Qi, ChenQi1989,
- Chris Chiu, Chris Down, Chris Morin, Christian Rebischke, Claudius
- Ellsel, ColinGuthrie, dana, Daniel, Daniele Medri, Daniel Kahn Gillmor,
- Daniel Rusek, Daniel van Vugt, Dariusz Gadomski, Dave Reisner, David
- Anderson, Davide Cavalca, David Leeds, David Malcolm, David Strauss,
- David Tardon, Dimitri John Ledkov, dj-kaktus, Dongsu Park, Elias
- Probst, Emil Soleyman, Erik Kooistra, Ervin Peters, Evgeni Golov,
- Evgeny Vereshchagin, Fabrice Fontaine, Faheel Ahmad, faizalluthfi,
- Felix Yan, Filipe Brandenburger, Franck Bui, Frank Schaefer, Frantisek
- Sumsal, Gianluca Boiano, Giuseppe Scrivano, glitsj16, Hans de Goede,
- Harald Hoyer, Harry Mallon, Harshit Jain, hellcp, Helmut Grohne, Henry
- Tung, Hui Yiqun, imayoda, Insun Pyo, INSUN PYO, Iwan Timmer,
- jambonmcyeah, Jan Janssen, Jan Pokorný, Jan Synacek, Jason
- A. Donenfeld, javitoom, Jérémy Nouhaud, Jiuyang liu, João Paulo Rechi
+ Morbach, Benjamin Berg, Bruce Zhang, Carlo Caione, Cedric Viou, Chen
+ Qi, Chris Chiu, Chris Down, Chris Morin, Christian Rebischke, Claudius
+ Ellsel, Colin Guthrie, dana, Daniel, Daniele Medri, Daniel Kahn
+ Gillmor, Daniel Rusek, Daniel van Vugt, Dariusz Gadomski, Dave Reisner,
+ David Anderson, Davide Cavalca, David Leeds, David Malcolm, David
+ Strauss, David Tardon, Dimitri John Ledkov, Dmitry Torokhov, dj-kaktus,
+ Dongsu Park, Elias Probst, Emil Soleyman, Erik Kooistra, Ervin Peters,
+ Evgeni Golov, Evgeny Vereshchagin, Fabrice Fontaine, Faheel Ahmad,
+ Faizal Luthfi, Felix Yan, Filipe Brandenburger, Franck Bui, Frank
+ Schaefer, Frantisek Sumsal, Gautier Husson, Gianluca Boiano, Giuseppe
+ Scrivano, glitsj16, Hans de Goede, Harald Hoyer, Harry Mallon, Harshit
+ Jain, Helmut Grohne, Henry Tung, Hui Yiqun, imayoda, Insun Pyo, Iwan
+ Timmer, Jan Janssen, Jan Pokorný, Jan Synacek, Jason A. Donenfeld,
+ javitoom, Jérémy Nouhaud, Jeremy Su, Jiuyang Liu, João Paulo Rechi
Vita, Joe Hershberger, Joe Rayhawk, Joerg Behrmann, Joerg Steffens,
- Jonas DOREL, Jon Ringle, Josh Soref, Julian Andres Klode, Jürg
- Billeter, Keith Busch, killermoehre, Kirill Marinushkin, Lennart
- Poettering, LennartPoettering, Liberasys, Lion Yang, Li Song, Lorenz
+ Jonas Dorel, Jon Ringle, Josh Soref, Julian Andres Klode, Jun Bo Bi,
+ Jürg Billeter, Keith Busch, Khem Raj, Kirill Marinushkin, Larry
+ Bernstone, Lennart Poettering, Lion Yang, Li Song, Lorenz
Hübschle-Schneider, Lubomir Rintel, Lucas Werkmeister, Ludwin Janvier,
Lukáš Nykrýn, Luke Shumaker, mal, Marc-Antoine Perennou, Marcin
Skarbek, Marco Trevisan (Treviño), Marian Cepok, Mario Hros, Marko
Myllynen, Markus Grimm, Martin Pitt, Martin Sobotka, Martin Wilck,
Mathieu Trudel-Lapierre, Matthew Leeds, Michael Biebl, Michael Olbrich,
- Michael 'pbone' Pobega, Michal Koutný, Michal Sekletar, Michal Soltys,
- Mike Gilbert, Mike Palmer, Muhammet Kara, Neal Gompa, Network Silence,
- nikolas, NOGISAKA Sadata, Oliver Smith, Patrik Flykt, Pavel Hrdina,
- Paweł Szewczyk, Peter Hutterer, Piotr Drąg, Ray Strode, remueller,
+ Michael 'pbone' Pobega, Michael Scherer, Michal Koutný, Michal
+ Sekletar, Michal Soltys, Mike Gilbert, Mike Palmer, Muhammet Kara, Neal
+ Gompa, Neil Brown, Network Silence, Niklas Tibbling, Nikolas Nyby,
+ Nogisaka Sadata, Oliver Smith, Patrik Flykt, Pavel Hrdina, Paweł
+ Szewczyk, Peter Hutterer, Piotr Drąg, Ray Strode, Reinhold Mueller,
Renaud Métrich, Roman Gushchin, Ronny Chevalier, Rubén Suárez Alvarez,
- Ruixin Bao, RussianNeuroMancer, Ryutaroh Matsumoto, Saleem Rashid,
- Samuel Morris, Sandy, scootergrisen, seb128, Sergey Ptashnick, Shawn
- Landden, Shengyao Xue, Shih-Yuan Lee (FourDollars), Sjoerd Simons,
- Stephen Gallagher, Steven Allen, Steve Ramage, Susant Sahani, Sven
- Joachim, Sylvain Plantefève, TanuKaskinen, Tejun Heo, Thiago Macieira,
- Thomas Blume, Thomas Haller, Thomas H. P. Andersen, Tim Ruffing, TJ,
- Tobias Jungel, Todd Walton, Tommi Rantala, Tomsod M, Tony Novak,
- Trevonn, Victor Laskurain, Victor Tapia, Violet Halo, Vojtech Trefny,
- welaq, William A. Kennington III, William Douglas, Wyatt Ward, Xiang
- Fan, Xi Ruoyao, Xuanwo, Yann E. MORIN, YmrDtnJu, Yu Watanabe, Zbigniew
- Jędrzejewski-Szmek, Zhang Xianwei, Zsolt Dollenstein
-
- — Somewhere, 2018-xx-yy
+ Ruixin Bao, RussianNeuroMancer, Ryutaroh Matsumoto, Saleem Rashid, Sam
+ Morris, Samuel Morris, Sandy Carter, scootergrisen, Sébastien Bacher,
+ Sergey Ptashnick, Shawn Landden, Shengyao Xue, Shih-Yuan Lee
+ (FourDollars), Silvio Knizek, Sjoerd Simons, Stasiek Michalski, Stephen
+ Gallagher, Steven Allen, Steve Ramage, Susant Sahani, Sven Joachim,
+ Sylvain Plantefève, Tanu Kaskinen, Tejun Heo, Thiago Macieira, Thomas
+ Blume, Thomas Haller, Thomas H. P. Andersen, Tim Ruffing, TJ, Tobias
+ Jungel, Todd Walton, Tommi Rantala, Tomsod M, Tony Novak, Tore
+ Anderson, Trevonn, Victor Laskurain, Victor Tapia, Violet Halo, Vojtech
+ Trefny, welaq, William A. Kennington III, William Douglas, Wyatt Ward,
+ Xiang Fan, Xi Ruoyao, Xuanwo, Yann E. Morin, YmrDtnJu, Yu Watanabe,
+ Zbigniew Jędrzejewski-Szmek, Zhang Xianwei, Zsolt Dollenstein
+
+ — Warsaw, 2018-12-21
CHANGES WITH 239:
Debian and FreeBSD resolvconf tool.
* Support for suspend-then-hibernate has been added, i.e. a sleep mode
- where the system initially suspends, and after a time-out resumes and
+ where the system initially suspends, and after a timeout resumes and
hibernates again.
* networkd's ClientIdentifier= now accepts a new option "duid-only". If
allows ordering services before the service that executes the actual
update process in a generic way.
+ * Systemd now emits warnings whenever .include syntax is used.
+
Contributions from: Adam Duskett, Alan Jenkins, Alessandro Casale,
Alexander Kurtz, Alex Gartrell, Anssi Hannula, Arnaud Rebillout, Brian
J. Murrell, Bruno Vernay, Chris Lamb, Chris Lesiak, Christian Brauner,
instance to migrate processes if it itself gets the request to
migrate processes and the kernel refuses this due to access
restrictions. Thanks to this "systemd-run --scope --user …" works
- again in pure cgroups v2 environments when invoked from the user
+ again in pure cgroup v2 environments when invoked from the user
session scope.
* A new TemporaryFileSystem= setting can be used to mask out part of
desired options.
* systemd now supports the "memory" cgroup controller also on
- cgroupsv2.
+ cgroup v2.
* The systemd-cgtop tool now optionally takes a control group path as
command line argument. If specified, the control group list shown is
/run/systemd/user directory that was already previously
supported, but is under the control of the user.
- * Job timeouts (i.e. time-outs on the time a job that is
+ * Job timeouts (i.e. timeouts on the time a job that is
queued stays in the run queue) can now optionally result in
immediate reboot or power-off actions (JobTimeoutAction= and
JobTimeoutRebootArgument=). This is useful on ".target"
IFUNC. Please make sure to use --enable-compat-libs only
during a transitional period!
+ * The .include syntax has been deprecated and is not documented
+ anymore. Drop-in files in .d directories should be used instead.
+
Contributions from: Andreas Fuchs, Armin K., Colin Walters,
Daniel Mack, Dave Reisner, David Herrmann, Djalal Harouni,
Holger Schurig, Jason A. Donenfeld, Jason St. John, Jasper
projects / thirdparty / systemd.git / blobdiff