might be systems we do not cover yet. Hence: please help us testing
the DNSSEC code, leave this on where you can, report back, but then
again don't consider turning this on in your stable, LTS or
- production release just yet.
+ production release just yet. (Note that you have to enable
+ nss-resolve in /etc/nsswitch.conf, to actually use systemd-resolved
+ and its DNSSEC mode for host name resolution from local
+ applications.)
* systemd-resolve conveniently resolves DANE records with the --tlsa
- option and OPENPGPKEY records with the --openpgp option.
-
- * Testing tool /usr/lib/systemd/systemd-activate is renamed to
- systemd-socket-activate and installed into /usr/bin. It is now fully
- supported.
+ option and OPENPGPKEY records with the --openpgp option. It also
+ supports dumping raw DNS record data via the new --raw= switch now.
+
+ * systemd-logind will now by default terminate user processes that are
+ part of the user session scope unit (session-XX.scope) when the user
+ logs out. This behavior is controlled by the KillUserProcesses=
+ setting in logind.conf, and the previous default of "no" is now
+ changed to "yes". This means that user sessions will be properly
+ cleaned up after, but additional steps are necessary to allow
+ intentionally long-running processes to survive logout.
+
+ While the user is logged in at least once, user@.service is running,
+ and any service that should survive the end of any individual login
+ session can be started at a user service or scope using systemd-run.
+ systemd-run(1) man page has been extended with an example which shows
+ how to run screen in a scope unit underneath user@.service. The same
+ command works for tmux.
+
+ After the user logs out of all sessions, user@.service will be
+ terminated too, by default, unless the user has "lingering" enabled.
+ To effectively allow users to run long-term tasks even if they are
+ logged out, lingering must be enabled for them. See loginctl(1) for
+ details. The default polkit policy was modified to allow users to
+ set lingering for themselves without authentication.
+
+ Previous defaults can be restored at compile time by the
+ --without-kill-user-processes option to "configure".
* The unified cgroup hierarchy added in Linux 4.5 is now supported.
- Use systemd.unified_cgroup_hierarchy=1 on the kernel command line
- to enable.
+ Use systemd.unified_cgroup_hierarchy=1 on the kernel command line to
+ enable. Also, support for the "io" cgroup controller in the unified
+ hierarchy has been added, so that the "memory", "pids" and "io" are
+ now the controllers that are supported on the unified hierarchy.
+
WARNING: it is not possible to use previous systemd versions with
systemd.unified_cgroup_hierarchy=1 and the new kernel. Therefore it
is necessary to also update systemd in the initramfs if using the
- unified hierarchy. Updated selinux policy is also required.
+ unified hierarchy. An updated SELinux policy is also required.
- * LLDP support has been extended, and both passive (receive-only)
- and active (sender) modes are supported. Passive mode
- ("routers-only") is enabled by default in systemd-networkd.
- Active LLDP mode is enabled by default for containers on the
- internal network.
- "networkctl lldp" can be used to list information gathered.
+ * LLDP support has been extended, and both passive (receive-only) and
+ active (sender) modes are supported. Passive mode ("routers-only") is
+ enabled by default in systemd-networkd. Active LLDP mode is enabled
+ by default for containers on the internal network. The "networkctl
+ lldp" command may be used to list information gathered. "networkctl
+ status" will also show basic LLDP information on connected peers now.
- * Headers for LLDP support (sd-lldp.h) are now public.
+ * The IAID and DUID unique identifier sent in DHCP requests may now be
+ configured for the system and each .network file managed by
+ systemd-networkd.
- * The Unique Identifier sent in DHCP requests can be configured.
+ * The testing tool /usr/lib/systemd/systemd-activate is renamed to
+ systemd-socket-activate and installed into /usr/bin. It is now fully
+ supported.
- * systemd-journald now uses separate threads to flush changes to
- disk when closing journal files.
+ * systemd-journald now uses separate threads to flush changes to disk
+ when closing journal files, thus reducing impact of slow disk I/O on
+ logging performance.
- * systemd-ask-password skips printing of the password to stdout
- with --no-output which can be useful in scripts.
+ * systemd-ask-password now optionally skips printing of the password to
+ stdout with --no-output which can be useful in scripts.
* Framebuffer devices (/dev/fb*) and 3D printers and scanners
(devices tagged with ID_MAKER_TOOL) are now tagged with
* systemd-bootchart has been split out to a separate repository:
https://github.com/systemd/systemd-bootchart
- * Compatibility libraries libsystemd-daemon.so, libsystemd-journal.so,
- libsystemd-id128.so, and libsystemd-login.so which have been
- deprecated since systemd-209 have been removed along along with the
- corresponding pkg-config files. All symbols provided by the those
- libraries are provided by libsystemd.so.
-
- * Capabilities= setting has been removed (it is ignored for backwards
- compatibility). AmbientCapabilities= and CapabilityBoundingSet=
- should be used instead.
+ * The compatibility libraries libsystemd-daemon.so,
+ libsystemd-journal.so, libsystemd-id128.so, and libsystemd-login.so
+ which have been deprecated since systemd-209 have been removed along
+ with the corresponding pkg-config files. All symbols provided by
+ those libraries are provided by libsystemd.so.
+
+ * The Capabilities= unit file setting has been removed (it is ignored
+ for backwards compatibility). AmbientCapabilities= and
+ CapabilityBoundingSet= should be used instead.
+
+ * "systemctl show" gained a new --value switch, which allows print a
+ only the contents of a specific unit property, without also printing
+ the property's name. Similar support was added to "show*" verbs
+ of loginctl and machinectl that output "key=value" lists.
+
+ * A new command "systemctl revert" has been added that may be used to
+ revert to the vendor version of a unit file, in case local changes
+ have been made by adding drop-ins or overriding the unit file.
+
+ * "machinectl clean" gained a new verb to automatically remove all or
+ just hidden container images.
+
+ * systemd-bus-proxyd has been removed, as kdbus is unlikely to still be
+ merged into the kernel in its current form.
+
+ * systemd-networkd gained support for configuring proxy ARP support for
+ each interface, via the ProxyArp= setting in .network files. It also
+ gained support for configuring the multicast querier feature of
+ bridge devices, via the new MulticastQuerier= setting in .netdev
+ files. A new setting PreferredLifetime= has been added for addresses
+ configured in .network file to configure the lifetime intended for an
+ address.
+
+ * systemd-tmpfiles gained support for a new line type "e" for emptying
+ directories, if they exist, without creating them if they don't.
+
+ * journalctl learned a new output mode "-o short-unix" that outputs log
+ lines prefixed by their UNIX time (i.e. seconds since Jan 1st, 1970
+ UTC). It also gained support for a new --no-hostname setting to
+ suppress the hostname column in the family of "short" output modes.
+
+ * systemd-nspawn gained support for automatically patching the UID/GIDs
+ of the owners and the ACLs of all files and directories in a
+ container tree to match the UID/GID user namespacing range selected
+ for the container invocation. This mode is enabled via the new
+ --private-user-chown switch. It also gained support for automatically
+ choosing a free, previously unused UID/GID range when starting a
+ container, via the new --private-users=pick setting (which implies
+ --private-user-chown). Together, these options for the first time
+ make user namespacing for nspawn containers fully automatic and thus
+ deployable. The systemd-nspaw@.service template unit file has been
+ changed to use this functionality by default.
+
+ * systemd-nspawn gained a new --network-zone= switch, that allows
+ creating ad-hoc virtual Ethernet links between multiple containers,
+ that only exist as long as at least one container referencing them is
+ running. This allows easy connecting of multiple containers with a
+ common link that implements an Ethernet broadcast domain. Each of
+ these network "zones" may be named relatively freely by the user, and
+ may be referenced by any number of containers, but each container may
+ only reference one of these "zones". On the lower level, this is
+ implemented by an automatically managed bridge network interface for
+ each zone, that is created when the first container referencing its
+ zone is created and removed when the last one referencing its zone
+ terminates.
+
+ * The default start timeout may now be configured on the kernel command
+ line via systemd.default_timeout_start_sec=. It was already
+ configurable via the DefaultTimeoutStartSec= option in
+ /etc/systemd/system.conf.
+
+ * Socket units gained a new TriggerLimitIntervalSec= and
+ TriggerLimitBurst= setting to configure a limit on the activation
+ rate of the socket unit.
+
+ * The LimitNICE= setting now optionally takes normal UNIX nice values
+ in addition to the raw integer limit value. If the specified
+ parameter is prefixed with "+" or "-" and is in the range -20..19 the
+ value is understood as UNIX nice value. If not prefixed like this it
+ is understood as raw RLIMIT_NICE limit.
+
+ * Note that the effect of the PrivateDevices= unit file setting changed
+ slightly with this release: the per-device /dev file system will be
+ mounted read-only from this version on, and will have "noexec"
+ set. This (minor) change of behaviour might cause some (exceptional)
+ legacy software to break, when PrivateDevices=yes is set for its
+ service. Please leave PrivateDevices= off if you run into problems
+ with this.
+
+ * The systemd-networkd DHCP server gained the option EmitRouter=, which
+ defaults to yes, to configure if the DHCP Option 3 (Router) should be
+ emitted.
+
+ Contributions from: Alban Crequy, Alexander Kuleshov, Alex Crawford,
+ Andrew Eikum, Beniamino Galvani, Benjamin Robin, Benjamin ROBIN, Biao
+ Lu, Bjørnar Ness, Calvin Owens, Christian Hesse, Clemens Gruber, Colin
+ Guthrie, Daniel J Walsh, Daniel Mack, Dan Nicholson, daurnimator, David
+ Herrmann, David R. Hedges, Elias Probst, Emmanuel Gil Peyrot, EMOziko,
+ Evgeny Vereshchagin, Federico, Felipe Sateler, Filipe Brandenburger,
+ Franck Bui, frankheckenbach, Georgia Brikis, Harald Hoyer, Hendrik
+ Brueckner, Hristo Venev, Iago López Galeiras, Ian Kelling, Ismo
+ Puustinen, Jakub Wilk, Jaroslav Škarvada, Jeff Huang, Joel Holdsworth,
+ kayrus, Klearchos Chaloulos, Lennart Poettering, Lubomir Rintel, Lukas
+ Nykryn, Lukáš Nykrýn, Mantas Mikulėnas, Marcel Holtmann, Martin Pitt,
+ Michael Biebl, michaelolbrich, Michał Bartoszkiewicz, Michal Koutný,
+ Michal Sekletar, Mike Frysinger, Mike Gilbert, Mingcong Bai, Ming Lin,
+ mulkieran, muzena, Nalin Dahyabhai, Naohiro Aota, Nathan McSween,
+ Nicolas Braud-Santoni, Patrik Flykt, Peter Hutterer, Petr Lautrbach,
+ Petros Angelatos, Piotr Drąg, Rabin Vincent, Robert Węcławski, Ronny
+ Chevalier, Samuel Tardieu, Stefan Schallenberg, Steven Siloti, Susant
+ Sahani, Sylvain Plantefève, Taylor Smock, tblume, Tejun Heo, Thomas
+ Blume, Thomas Haller, Thomas Hindoe Paaboel Andersen, Thomas
+ H. P. Andersen, Tobias Klauser, Tom Gundersen, Torstein Husebø, Umut
+ Tezduyar Lindskog, Vinay Kulkarni, Vito Caputo, Vittorio G (VittGam),
+ Vladimir Panteleev, Wieland Hoffmann, Wouter Verhelst, Yu Watanabe,
+ Zbigniew Jędrzejewski-Szmek
- * systemd-bus-proxyd has been removed, as kdbus will not be merged
- in current form.
+ — Berlin, 2016-05-XX
CHANGES WITH 229:
Andersen, Tom Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Vito
Caputo, WaLyong Cho, Yu Watanabe, Zbigniew Jędrzejewski-Szmek
- -- Berlin, 2016-02-11
+ — Berlin, 2016-02-11
CHANGES WITH 228:
https://sourceware.org/bugzilla/show_bug.cgi?id=19108
+ Note that only util-linux versions built with
+ --enable-libmount-force-mountinfo are supported.
+
* Support for the ".snapshot" unit type has been removed. This
feature turned out to be little useful and little used, and
has now been removed from the core and from systemctl.
Tom Gundersen, Torstein Husebø, Vito Caputo, Zbigniew
Jędrzejewski-Szmek
- -- Berlin, 2015-11-18
+ — Berlin, 2015-11-18
CHANGES WITH 227:
Andersen, Tom Gundersen, Tom Lyon, Viktar Vauchkevich,
Zbigniew Jędrzejewski-Szmek, Марко М. Костић
- -- Berlin, 2015-10-07
+ — Berlin, 2015-10-07
CHANGES WITH 226:
Hack, Susant Sahani, Sylvain Pasche, Thomas Hindoe Paaboel
Andersen, Tom Gundersen, Torstein Husebø
- -- Berlin, 2015-09-08
+ — Berlin, 2015-09-08
CHANGES WITH 225:
Paaboel Andersen, Thomas Meyer, Tom Gundersen, Vincent Batts,
WaLyong Cho, Zbigniew Jędrzejewski-Szmek
- -- Berlin, 2015-08-27
+ — Berlin, 2015-08-27
CHANGES WITH 224:
Herrmann, Herman Fries, Johannes Nixdorf, Kay Sievers, Lennart
Poettering, Peter Hutterer, Susant Sahani, Tom Gundersen
- -- Berlin, 2015-07-31
+ — Berlin, 2015-07-31
CHANGES WITH 223:
Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Vito Caputo,
Vivenzio Pagliari, Zbigniew Jędrzejewski-Szmek
- -- Berlin, 2015-07-29
+ — Berlin, 2015-07-29
CHANGES WITH 222:
Susant Sahani, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Torstein
Husebø, Vedran Miletić, WaLyong Cho, Zbigniew Jędrzejewski-Szmek
- -- Berlin, 2015-07-07
+ — Berlin, 2015-07-07
CHANGES WITH 221:
Husebø, Umut Tezduyar Lindskog, Viktar Vauchkevich, Werner
Fink, Zbigniew Jędrzejewski-Szmek
- -- Berlin, 2015-06-19
+ — Berlin, 2015-06-19
CHANGES WITH 220:
Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Will
Woods, Zachary Cook, Zbigniew Jędrzejewski-Szmek
- -- Berlin, 2015-05-22
+ — Berlin, 2015-05-22
CHANGES WITH 219:
Lindskog, Veres Lajos, Vincent Batts, WaLyong Cho, Wieland
Hoffmann, Zbigniew Jędrzejewski-Szmek
- -- Berlin, 2015-02-16
+ — Berlin, 2015-02-16
CHANGES WITH 218:
Torstein Husebø, Umut Tezduyar Lindskog, Vicente Olivert
Riera, WaLyong Cho, Wesley Dawson, Zbigniew Jędrzejewski-Szmek
- -- Berlin, 2014-12-10
+ — Berlin, 2014-12-10
CHANGES WITH 217:
Husebø, Umut Tezduyar Lindskog, WaLyong Cho, Zbigniew
Jędrzejewski-Szmek
- -- Berlin, 2014-10-28
+ — Berlin, 2014-10-28
CHANGES WITH 216:
Tobias Geerinckx-Rice, Tomasz Torcz, Tom Gundersen, Umut
Tezduyar Lindskog, Zbigniew Jędrzejewski-Szmek
- -- Berlin, 2014-08-19
+ — Berlin, 2014-08-19
CHANGES WITH 215:
Paaboel Andersen, Tom Gundersen, Tom Hirst, Umut Tezduyar
Lindskog, Uoti Urpala, Zbigniew Jędrzejewski-Szmek
- -- Berlin, 2014-07-03
+ — Berlin, 2014-07-03
CHANGES WITH 214:
Andersen, Tom Gundersen, Umut Tezduyar Lindskog, Zbigniew
Jędrzejewski-Szmek
- -- Berlin, 2014-06-11
+ — Berlin, 2014-06-11
CHANGES WITH 213:
Lindskog, WaLyong Cho, Will Woods, Zbigniew
Jędrzejewski-Szmek
- -- Beijing, 2014-05-28
+ — Beijing, 2014-05-28
CHANGES WITH 212:
Umut Tezduyar Lindskog, Wieland Hoffmann, Zbigniew
Jędrzejewski-Szmek
- -- Berlin, 2014-03-25
+ — Berlin, 2014-03-25
CHANGES WITH 211:
Gundersen, Umut Tezduyar Lindskog, Uoti Urpala, Zachary Cook,
Zbigniew Jędrzejewski-Szmek
- -- Berlin, 2014-03-12
+ — Berlin, 2014-03-12
CHANGES WITH 210:
Paaboel Andersen, Tom Gundersen, Umut Tezduyar Lindskog,
Zbigniew Jędrzejewski-Szmek
- -- Berlin, 2014-02-24
+ — Berlin, 2014-02-24
CHANGES WITH 209:
Pavlín, Vincent Batts, WaLyong Cho, William Giokas, Yang
Zhiyong, Yin Kangkai, Yuxuan Shui, Zbigniew Jędrzejewski-Szmek
- -- Berlin, 2014-02-20
+ — Berlin, 2014-02-20
CHANGES WITH 208:
Michael Scherer, Michał Górny, Mike Gilbert, Patrick McCarty,
Sebastian Ott, Tom Gundersen, Zbigniew Jędrzejewski-Szmek
- -- Berlin, 2013-10-02
+ — Berlin, 2013-10-02
CHANGES WITH 207:
Paaboel Andersen, Tom Gundersen, Umut Tezduyar, WANG Chao,
William Giokas, Zbigniew Jędrzejewski-Szmek
- -- Berlin, 2013-09-13
+ — Berlin, 2013-09-13
CHANGES WITH 206:
Thomas H.P. Andersen, Tom Gundersen, Tomasz Torcz, William
Giokas, Zbigniew Jędrzejewski-Szmek
- -- Berlin, 2013-07-23
+ — Berlin, 2013-07-23
CHANGES WITH 205:
* Two new unit types have been introduced:
Scope units are very similar to service units, however, are
- created out of pre-existing processes -- instead of PID 1
+ created out of pre-existing processes — instead of PID 1
forking off the processes. By using scope units it is
possible for system services and applications to group their
own child processes (worker processes) in a powerful way
projects / thirdparty / systemd.git / blobdiff