systemd System and Service Manager
-CHANGES WITH 246 in spe:
+CHANGES WITH 246:
* The service manager gained basic support for cgroup v2 freezer. Units
can now be suspended or resumed either using new systemctl verbs,
* .socket units gained a new boolean setting PassPacketInfo=. If
enabled, the kernel will attach additional per-packet metadata to all
- packets read from the socket, as ancillary message. This controls the
- IP_PKTINFO, IPV6_RECVPKTINFO, NETLINK_PKTINFO socket options,
+ packets read from the socket, as an ancillary message. This controls
+ the IP_PKTINFO, IPV6_RECVPKTINFO, NETLINK_PKTINFO socket options,
depending on socket type.
* .service units gained a new setting RootHash= which may be used to
notation when the 0o prefix is used and binary notation if the 0b
prefix is used.
+ * Various command line parameters and configuration file settings that
+ configure key or certificate files now optionally take paths to
+ AF_UNIX sockets in the file system. If configured that way a stream
+ connection is made to the socket and the required data read from
+ it. This is a simple and natural extension to the existing regular
+ file logic, and permits other software to provide keys or
+ certificates via simple IPC services, for example when unencrypted
+ storage on disk is not desired. Specifically, systemd-networkd's
+ Wireguard and MACSEC key file settings as well as
+ systemd-journal-gatewayd's and systemd-journal-remote's PEM
+ key/certificate parameters support this now.
+
* Unit files, tmpfiles.d/ snippets, sysusers.d/ snippets and other
configuration files that support specifier expansion learnt six new
specifiers: %a resolves to the current architecture, %o/%w/%B/%W
read and even write access to all these otherwise unmappable files,
which is quite likely a major security problem.
+ * tmpfs mounts automatically created by systemd (/tmp, /run, /dev/shm,
+ and others) now have a size and inode limits applied (50% of RAM for
+ /tmp, 10% of RAM for /dev/shm, etc.)
+
+ * nss-mymachines lost support for resolution of users and groups, and
+ now only does resolution of hostnames. This functionality is now
+ provided by nss-systemd. Thus, the 'mymachines' entry should be
+ removed from the 'passwd:' and 'group:' lines in /etc/nsswitch.conf
+ (and 'systemd' added if it is not already there).
+
* A new kernel command line option systemd.hostname= has been added
that allows controlling the hostname that is initialized early during
boot.
enabled by default, please submit a patch that adds it to the
database (see /usr/lib/udev/hwdb.d/60-autosuspend.hwdb).
- * systemd-udevd gained new configuration option timeout_signal= as well
- as corresponding kernel command line option udev.timeout_signal=.
+ * systemd-udevd gained the new configuration option timeout_signal= as well
+ as a corresponding kernel command line option udev.timeout_signal=.
The option can be used to configure the UNIX signal that the main
daemon sends to the worker processes on timeout. Setting the signal
to SIGABRT is useful for debugging.
new boolean setting Assign=. If enabled an address from the prefix is
automatically assigned to the interface.
- * systemd-networkd's [Network] section gained a new setting
- IPv6PDSubnetId= that allows explicit configuration of the preferred
- subnet that networkd's Prefix Delegation logic assigns to interfaces.
+ * systemd-networkd gained a new section [DHCPv6PrefixDelegation] which
+ controls delegated prefixes assigned by DHCPv6 client. The section
+ has three settings: SubnetID=, Assign=, and Token=. The setting
+ SubnetID= allows explicit configuration of the preferred subnet that
+ systemd-networkd's Prefix Delegation logic assigns to interfaces. If
+ Assign= is enabled (which is the default) an address from any acquired
+ delegated prefix is automatically chosen and assigned to the
+ interface. The setting Token= specifies an optional address generation
+ mode for Assign=.
* systemd-networkd's [Network] section gained a new setting
IPv4AcceptLocal=. If enabled the interface accepts packets with local
Description"). Support for "MUD" URLs was also added to the LLDP
stack, configurable in the [LLDP] section in .network files.
+ * The Mode= settings in [MACVLAN] and [MACVTAP] now support 'source'
+ mode. Also, the sections now support a new setting SourceMACAddress=.
+
* systemd-networkd's .netdev files now support a new setting
VLANProtocol= in the [Bridge] section that allows configuration of
the VLAN protocol to use.
interface which is fully set up for host communication, simply by
carefully picking an interface name to use.
- * A new boolean option AssignAcquiredDelegatedPrefixAddress= has been
- added to the [DHCPv6] section of .network files. If enabled (which is
- the default) an address from any acquired delegated prefix is
- automatically chosen and assigned to the interface.
-
* systemd-networkd's [DHCPv6] section gained a new setting RouteMetric=
which sets the route priority for routes specified by the DHCP server.
interface. There are new "up" and "down" commands to bring specific
interfaces up or down.
- * systemd-resolved's DNS= configuration option now optionally accepts
- DNS server addresses suffixed by "#" followed by a host name. If
- used, the DNS-over-TLS certificate is validated to match the
- specified hostname.
+ * systemd-resolved's DNS= configuration option now optionally accepts a
+ port number (after ":") and a host name (after "#"). When the host
+ name is specified, the DNS-over-TLS certificate is validated to match
+ the specified hostname. Additionally, in case of IPv6 addresses, an
+ interface may be specified (after "%").
* systemd-resolved may be configured to forward single-label DNS names.
This is not standard-conformant, but may make sense in setups where
MESSAGE=. This is useful to retrieve a very specific set of fields
without any decoration.
+ * The sd-journal.h API gained two new functions:
+ sd_journal_enumerate_available_unique() and
+ sd_journal_enumerate_available_data() that operate like their
+ counterparts that lack the _available_ in the name, but skip items
+ that cannot be read and processed by the local implementation
+ (i.e. are compressed in an unsupported format or such),
+
* coredumpctl gained a new --file= switch, matching the same one in
journalctl: a specific journal file may be specified to read the
coredump data from.
control the inode limit for the per-user $XDG_RUNTIME_DIR tmpfs
instance.
- * systemd-firstboot gained a new --root-password-hashed= parameter for
- setting the root user's password as UNIX password hash. There's a new
- --delete-root-password switch which instead of setting a password for
- the root user, removes it so that log-in without a password is
- permitted. There's now --force which if specified means any existing
- configuration is overwritten by the specified settings. It also
- gained a new --kernel-command-line= parameter which may be used to
- set the /etc/kernel/cmdline file of an OS image.
-
* A new generator systemd-xdg-autostart-generator has been added. It
generates systemd unit files from XDG autostart .desktop files, and
may be used to let the systemd user instance manage services that are
also gained a new switch --root-password-hashed= which is like
--root-password= but accepts a pre-hashed UNIX password as
argument. The new option --delete-root-password may be used to unset
- any password for the root user (dangerous!). A new --force option may
- be used to override any already set settings with the parameters
- specified on the command line (by default, the tool will not override
- what has already been set before, i.e. is purely incremental).
+ any password for the root user (dangerous!). The --root-shell= switch
+ may be used to control the shell to use for the root account. A new
+ --force option may be used to override any already set settings with
+ the parameters specified on the command line (by default, the tool
+ will not override what has already been set before, i.e. is purely
+ incremental).
+
+ * systemd-firstboot gained support for a new --image= switch, which is
+ similar to --root= but accepts the path to a disk image file, on
+ which it then operates.
* A new sd-path.h API has been added to libsystemd. It provides a
simple API for retrieving various search paths and primary
document the methods, signals and properties.
* The expectations on user/group name syntax are now documented in
- detail; documentation how classic home directories may be converted
- into home directories managed by homed has been added; documentation
- regarding integration of homed/userdb functionality in desktops has
- been added:
+ detail; documentation on how classic home directories may be
+ converted into home directories managed by homed has been added;
+ documentation regarding integration of homed/userdb functionality in
+ desktops has been added:
https://systemd.io/USER_NAMES
https://systemd.io/CONVERTING_TO_HOMED
https://systemd.io/JOURNAL_FILE_FORMAT
+ * The interface for containers (https://systemd.io/CONTAINER_INTERFACE)
+ has been extended by a set of environment variables that expose
+ select fields from the host's os-release file to the container
+ payload. Similarly, host's os-release files can be mounted into the
+ container underneath /run/host. Together, those mechanisms provide a
+ standardized way to expose information about the host to the
+ container payload. Both interfaces are implemented in systemd-nspawn.
+
* All D-Bus services shipped in systemd now implement the generic
LogControl1 D-Bus API which allows clients to change log level +
target of the service during runtime.
+ * Only relevant for developers: the mkosi.default symlink has been
+ dropped from version control. Please create a symlink to one of the
+ distribution-specific defaults in .mkosi/ based on your preference.
+
+ Contributions from: 24bisquitz, Adam Nielsen, Alan Perry, Alexander
+ Malafeev, Alin Popa, Alvin Šipraga, Amos Bird, Andreas Rammhold,
+ AndreRH, Andrew Doran, Anita Zhang, Ankit Jain, antznin, Arnaud
+ Ferraris, Arthur Moraes do Lago, Arusekk, Balaji Punnuru, Balint
+ Reczey, Bastien Nocera, bemarek, Benjamin Berg, Benjamin Dahlhoff,
+ Benjamin Robin, Chris Down, Chris Kerr, Christian Göttsche, Christian
+ Hesse, Christian Oder, Ciprian Hacman, Clinton Roy, codicodi, Corey
+ Hinshaw, Daan De Meyer, Dana Olson, Dan Callaghan, Daniel Fullmer,
+ Daniel Rusek, Dan Streetman, Dave Reisner, David Edmundson, David Wood,
+ Denis Pronin, Diego Escalante Urrelo, Dimitri John Ledkov,
+ dolphrundgren, duguxy, Einsler Lee, Elisei Roca, Emmanuel Garette, Eric
+ Anderson, Eric DeVolder, Evgeny Vereshchagin, ExtinctFire, fangxiuning,
+ Ferran Pallarès Roca, Filipe Brandenburger, Filippo Falezza, Finn,
+ Florian Klink, Florian Mayer, Franck Bui, Frantisek Sumsal, gaurav,
+ Georg Müller, Gergely Polonkai, Giedrius Statkevičius, Gigadoc2,
+ gogogogi, gzjsgdsb, Hans de Goede, Haochen Tong, ianhi, ignapk, Jakov
+ Smolic, James T. Lee, Jan Janssen, Jan Klötzke, Jan Palus, Jay Burger,
+ Jeremy Cline, Jérémy Rosen, Jian-Hong Pan, Jiri Slaby, Joel Shapiro,
+ Joerg Behrmann, Jörg Thalheim, Jouke Witteveen, Kai-Heng Feng, Kenny
+ Levinsen, Kevin Kuehler, Kumar Kartikeya Dwivedi, layderv, laydervus,
+ Lénaïc Huard, Lennart Poettering, Lidong Zhong, Luca Boccassi, Luca
+ BRUNO, Lucas Werkmeister, Lukas Klingsbo, Lukáš Nykrýn, Łukasz
+ Stelmach, Maciej S. Szmigiero, MadMcCrow, Marc-André Lureau, Marcel
+ Holtmann, Marc Kleine-Budde, Martin Hundebøll, Matthew Leeds, Matt
+ Ranostay, Maxim Fomin, MaxVerevkin, Michael Biebl, Michael Chapman,
+ Michael Gubbels, Michael Marley, Michał Bartoszkiewicz, Michal Koutný,
+ Michal Sekletár, Mike Gilbert, Mike Kazantsev, Mikhail Novosyolov, ml,
+ Motiejus Jakštys, nabijaczleweli, nerdopolis, Niccolò Maggioni, Niklas
+ Hambüchen, Norbert Lange, Paul Cercueil, pelzvieh, Peter Hutterer,
+ Piero La Terza, Pieter Lexis, Piotr Drąg, Rafael Fontenelle, Richard
+ Petri, Ronan Pigott, Ross Lagerwall, Rubens Figueiredo, satmandu,
+ Sean-StarLabs, Sebastian Jennen, sterlinghughes, Surhud More, Susant
+ Sahani, szb512, Thomas Haller, Tobias Hunger, Tom, Tomáš Pospíšek,
+ Tomer Shechner, Tom Hughes, Topi Miettinen, Tudor Roman, Uwe
+ Kleine-König, Valery0xff, Vito Caputo, Vladimir Panteleev, Vladyslav
+ Tronko, Wen Yang, Yegor Vialov, Yigal Korman, Yi Gao, YmrDtnJu, Yuri
+ Chornoivan, Yu Watanabe, Zbigniew Jędrzejewski-Szmek, Zhu Li, Дамјан
+ Георгиевски, наб
+
+ – Warsaw, 2020-07-24
+
CHANGES WITH 245:
* A new tool "systemd-repart" has been added, that operates as an
projects / thirdparty / systemd.git / blobdiff