systemd System and Service Manager
-CHANGES WITH 243 in spe:
+CHANGES WITH 244 in spe:
* Support for the cpuset cgroups v2 controller has been added.
Processes may be restricted to specific CPUs using the new
SystemdOptions. This may be used to configure systemd behaviour when
modifying the kernel command line is inconvenient, but configuration
on disk is read too late, for example for the options related to
- cgroup hierarchy setup. 'bootctl system-options' may be used to
+ cgroup hierarchy setup. 'bootctl systemd-efi-options' may be used to
set the EFI variable.
* systemd will now disable printk ratelimits in early boot. This should
during early boot, so in practice this change has very little
effect.)
- * The special -.service.d dropin directory may be used to add
- configuration that affects all services. The "-.service" service name
- is now disallowed (though hopefully no one would use such a service
- name. -.mount gives us enough grief.)
+ * Unit files now support top level dropin directories of the form
+ <unit_type>.d/ (e.g. service.d/) that may be used to add configuration
+ that affects all corresponding unit files.
+
+ * systemctl gained support for 'stop --job-mode=triggering' which will
+ stop the specified unit and any units which could trigger it.
+
+ * Unit status display now includes units triggering and triggered by
+ the unit being shown.
* The RuntimeMaxSec= setting is now supported by scopes, not just
.service units. This is particularly useful for PAM sessions which
setting may used with the pam_systemd module to limit the duration
of the PAM session, for example for time-limited logins.
+ * A new @pkey system call group is now defined to make it easier to
+ whitelist memory protection syscalls for containers and services
+ which need to use them.
+
+ * systemd-udevd: removed the 30s timeout for killing stale workers on
+ exit. systemd-udevd now waits for workers to finish. The hard-coded
+ exit timeout of 30s was too short for some large installations, where
+ driver initialization could be prematurely interrupted during initrd
+ processing if the root file system had been mounted and init was
+ preparing to switch root. If udevd is run without systemd and workers
+ are hanging while udevd receives an exit signal, udevd will now exit
+ when udev.event_timeout is reached for the last hanging worker. With
+ systemd, the exit timeout can additionally be configured using
+ TimeoutStopSec= in systemd-udevd.service.
+
* udev now provides a program (fido_id) that identifies FIDO CTAP1
("U2F")/CTAP2 security tokens based on the usage declared in their
report and descriptor and outputs suitable environment variables.
* Automatically generated autosuspend udev rules for whitelisted
devices have been imported from the Chromium OS project. This should
- improve power saving with of many more devices.
+ improve power saving with many more devices.
* udev gained a new "CONST{key}=value" setting that allows matching
against system-wide constants without forking a helper binary.
The client may be configured to request specific options from the
server using a new RequestOptions= setting.
+ The client may be configured to send arbitrary options to the server
+ using a new SendOption= setting.
+
A new IPServiceType= setting has been added to configure the "IP
service type" value used by the client.
* The DHCPv6 client learnt a new PrefixDelegationHint= option to
request prefix hints in the DHCPv6 solicitation.
+ * The DHCPv4 server may be configured to send arbitrary options using
+ a new SendRawOption= setting.
+
+ * The DHCPv4 server may now be configured to emit SIP server list using
+ the new EmitSIP= and SIP= settings.
+
* systemd-networkd and networkctl may now renew DHCP leases on demand.
networkctl has a new 'networkctl renew' verb.
BSSID for wireless links.
.network files may also match on the wireless network type using the
- new WirelessType= option.
+ new WLANInterfaceType= option.
* systemd-networkd now includes default configuration that enables
link-local addressing when connected to an ad-hoc wireless network.
- * The DHCPv4 server may now be configured to emit SIP server list using
- the new EmitSIP= and SIP= settings.
-
* systemd-networkd may configure the Traffic Control queueing
disciplines in the kernel using the new
[TrafficControlQueueingDiscipline] section and Parent=,
NetworkEmulatorDelaySec=, NetworkEmulatorDelayJitterSec=,
- NetworkEmulatorPacketLimit=, NetworkEmulatorLossRate= settings.
+ NetworkEmulatorPacketLimit=, NetworkEmulatorLossRate=,
+ NetworkEmulatorDuplicateRate= settings.
* systemd-tmpfiles gained a new w+ setting to append to files.
because some external program has modified the kernel configuration
on its own).
+ * systemd-analyze gained a new --base-time= switch instructs the
+ 'calendar' verb to resolve times relative to that timestamp instead
+ of the present time.
+
* journalctl --update-catalog now produces deterministic output (making
reproducible image builds easier).
configuration time using the -Dservice-watchdog= setting. If set to
empty, the watchdogs will be disabled.
+ * systemd-resolved validates IP addresses in certificates now when GnuTLS
+ is being used.
+
* libcryptsetup >= 2.0.1 is now required.
+ * A configuration option -Duser-path= may be used to override the $PATH
+ used by the user service manager. The default is again to use the same
+ path as the system manager.
+
CHANGES WITH 243:
* This release enables unprivileged programs (i.e. requiring neither
* SuccessExitStatus=, RestartPreventExitStatus=, and
RestartForceExitStatus= now accept exit status names (e.g. "DATAERR"
is equivalent to "65"). Those exit status name mappings may be
- displayed with the sytemd-analyze exit-status verb describe above.
+ displayed with the systemd-analyze exit-status verb describe above.
* systemd-logind now exposes a per-session SetBrightness() bus call,
which may be used to securely change the brightness of a kernel
projects / thirdparty / systemd.git / blobdiff