only cgroup v2 ('unified' hierarchy) can be selected as build-time
default.
+ * Support for System V service scripts is deprecated and will be
+ removed in a future release. Please make sure to update your software
+ *now* to include a native systemd unit file instead of a legacy
+ System V script to retain compatibility with future systemd releases.
+
+ * Support for the SystemdOptions EFI variable is deprecated.
+ 'bootctl systemd-efi-options' will emit a warning when used. It seems
+ that this feature is little-used and it is better to use alternative
+ approaches like credentials and confexts. The plan is to drop support
+ altogether at a later point, but this might be revisited based on
+ user feedback.
+
+ * systemd-run's switch --expand-environment= which currently is disabled
+ by default when combined with --scope, will be changed in a future
+ release to be enabled by default.
+
* Previously, systemd-networkd did not explicitly remove any bridge
VLAN IDs assigned on bridge master and ports. Since version 256, if a
.network file for an interface has at least one valid setting in the
'D' stanzas. For example, with the combination of 'R /foo' and 'x
/foo/bar', /foo/bar will now be excluded from removal.
+ * systemd.crash_reboot and related settings are deprecated in favor of
+ systemd.crash_action=.
+
General Changes and New Features:
* Various programs will now attempt to load the main configuration file
embedded in the file name. The files are ordered by version and
the newest one is selected.
- systemd-nspawn --image=/--directory=, systemd-dissect, systemd-portabled,
- and the RootDirectory=, RootImage=, ExtensionImages=, and
- ExtensionDirectories= settings for units now support the vpick
- protocol and allow the latest version to be selected automatically if
- a "*.v/" directory is specified as the source.
+ systemd-nspawn --image=/--directory=, systemd-dissect,
+ systemd-portabled, and the RootDirectory=, RootImage=,
+ ExtensionImages=, and ExtensionDirectories= settings for units now
+ support the vpick protocol and allow the latest version to be
+ selected automatically if a "*.v/" directory is specified as the
+ source.
* Encrypted service credentials can now be made accessible to
unprivileged users. systemd-creds gained new options --user/--uid=
exclusively for machine images. The new "importctl" generalizes this
for sysext, confext, and portable service images.
+ * The systemd sources may now be compiled cleanly with all OpenSSL 3.0
+ deprecations removed, including the OpenSSL engine logic turned off.
+
Service Management:
* New system manager setting ProtectSystem= has been added. It is
analogous to the unit setting, but applies to the whole system. It is
enabled by default in the initrd.
+ Note that this means that code executed in the initrd cannot naively
+ expect to be able to write to /usr/ during boot. This affects
+ dracut <= 101, which wrote "hooks" to /lib/dracut/hooks/. See
+ https://github.com/dracut-ng/dracut-ng/commit/a45048b80c27ee5a45a380.
+
* New unit setting WantsMountsFor= has been added. It is analogous to
RequiresMountsFor=, but creates a Wants= dependency instead of
Requires=. This new logic is now used in various places where mounts
switch from one to the other via a simple reboot. Distributions
apparently have lost interest in this, and the functionality has not
been supported on the primary distribution this was still intended
- for for a long time, and hence has been removed now.
+ for a long time, and hence has been removed now.
* A new concept called "capsules" has been introduced. "Capsules" wrap
additional per-user service managers, whose users are transient and
PID 1 has successfully completed installation of its various UNIX
process signal handlers (i.e. the moment where SIGRTMIN+4 sent to
PID 1 will start to have the effect of shutting down the system
- cleanly).
+ cleanly). X_SYSTEMD_SHUTDOWN= is sent shortly before the system shuts
+ down, and carries a string identifying the type of shutdown,
+ i.e. "poweroff", "halt", "reboot". X_SYSTEMD_REBOOT_PARAMETER= is
+ sent at the same time and carries the string passed to "systemctl
+ --reboot-argument=" if there was one.
+
+ * New D-Bus properties ExecMainHandoffTimestamp and
+ ExecMainHandoffTimestampMonotonic are now published by services
+ units. This timestamp is taken as the very last operation before
+ handing off control to invoked binaries. This information is
+ available for other unit types that fork off processes (i.e. mount,
+ swap, socket units), but currently only via "systemd-analyze dump".
+
+ * An additional timestamp is now taken by the service manager when a
+ system shutdown operation is initiated. It can be queried via D-Bus
+ during the shutdown phase. It's passed to the following service
+ manager invocation on soft reboots, which will then use it to log the
+ overall "grey-out" time of the soft reboot operation, i.e. the time
+ when the shutdown began until the system is fully up again.
+
+ * "systemctl status" will now display the invocation ID in its usual
+ output, i.e. the 128bit ID uniquely assigned to the current runtime
+ cycle of the unit. The ID has been supported for a long time, but is
+ now more prominently displayed, as it is a very useful handle to a
+ specific invocation of a service.
+
+ * systemd now generates a new "taint" string "unmerged-bin" for systems
+ that have /usr/bin/ and /usr/sbin/ separate. It's generally
+ recommended to make the latter a symlink to the former these days.
+
+ * A new systemd.crash_action= kernel command line option has been added
+ that configures what to do after the system manager (PID 1) crashes.
+ This can also be configured through CrashAction= in systemd.conf.
+
+ * "systemctl kill" now supports --wait which will make the command wait
+ until the signalled services terminate.
Journal:
* systemd-journald can now forward journal entries to a socket
(AF_INET, AF_INET6, AF_UNIX, or AF_VSOCK). The socket can be
- specified in journald.conf via a new option ForwardAddress= or via
- the 'journald.forward_address' credential. Log records are sent in
+ specified in journald.conf via a new option ForwardToSocket= or via
+ the 'journald.forward_to_socket' credential. Log records are sent in
the Journal Export Format. A related setting MaxLevelSocket= has been
added to control the maximum log levels for the messages sent to this
socket.
+ * systemd-journald now also reads the journal.storage credential when
+ determining where to store journal files.
+
* systemd-vmspawn gained a new --forward-journal= option to forward the
virtual machine's journal entries to the host. This is done over a
AF_VSOCK socket, i.e. it does not require networking in the guest.
* .link files now support a new ReceivePacketSteeringCPUMask= setting
for configuring which CPUs to steer incoming packets to.
+ * The [Network] section in .network files gained a new setting
+ UseDomains=, which is a single generic knob for controlling the
+ settings of the same name in the [DHCPv4], [DHCPv6] and
+ [IPv6AcceptRA].
+
+ * The 99-default.link file we ship by default (that defines the policy
+ for all network devices to which no other .link file applies) now
+ lists "mac" among AlternativeNamesPolicy=. This means that network
+ interfaces will now by default gain an additional MAC-address based
+ alternative device name. (i.e. enx…)
+
systemd-nspawn:
* systemd-nspawn now provides a /run/systemd/nspawn/unix-export/
directory where the container payload can expose AF_UNIX sockets to
- allow them them to be accessed from outside.
+ allow them to be accessed from outside.
* systemd-nspawn will tint the terminal background for containers in a
blueish color. This can be controller with the new --background=
generated recovery PIN is shown to the user. If "query" is selected
then the PIN is queried from the user.
+ * sd-stub gained support for the new ".ucode" PE section in UKIs, that
+ may contain CPU microcode data. When control is handed over to the
+ Linux kernel this data is prepended to the set of initrds passed.
+
systemd-run/run0:
* systemd-run is now a multi-call binary. When invoked as 'run0', it
been changed from regular shared library dependencies into dlopen()
based ones.
+ Note that this means that those libraries might not be automatically
+ pulled in when ELF dependencies are resolved. In particular lack of
+ libkmod might cause problems with boot. This affects dracut <= 101,
+ see https://github.com/dracut-ng/dracut-ng/commit/04b362d713235459cf.
+
* The sd-journal API gained a new call
sd_journal_stream_fd_with_namespace() which is just like
sd_journal_stream_fd() but creates a log stream targeted at a
sd_id128_get_invocation_app_specific() for acquiring an app-specific
ID that is derived from the service invocation ID.
+ * The sd-event API gained a new API call
+ sd_event_source_get_inotify_path() that returns the file system path
+ an inotify event source was created for.
+
systemd-cryptsetup/systemd-cryptenroll:
+ * The device node argument to systemd-cryptenroll is now optional. If
+ omitted it will be derived automatically from the backing block
+ device of /var/ (which quite likely is the same as the root file
+ system, hence effectively means if you don't specify things otherwise
+ the tool will now default to enrolling a key into the root file
+ system's LUKS device).
+
* systemd-cryptenroll can now enroll directly with a PKCS11 public key
(instead of a certificate).
https://systemd.io/VM_INTERFACE
- * The sd_notify() man page has gained an example with C code that shows
- how to implement the interface in C without involving libsystemd.
+ * The sd_notify() man page has gained examples with C and Python code
+ that shows how to implement the interface in those languages without
+ involving libsystemd.
systemd-homed, systemd-logind, systemd-userdbd:
used to specify the TTY for the debug shell, independently of
enabling or disabling it.
- Contributions from: A S Alam, AKHIL KUMAR, Abraham Samuel Adekunle,
- Adrian Vovk, Adrian Wannenmacher, Alan Liang, Alberto Planas,
- Alexander Zavyalov, Anders Jonsson, Andika Triwidada, Andres Beltran,
- Andrew Sayers, Antonio Alvarez Feijoo, Arthur Zamarin, Artur Pak,
- AtariDreams, Benjamin Franzke, Bernhard M. Wiedemann, Black-Hole1,
- Bryan Jacobs, Burak Gerz, Carlos Garnacho, Chandra Pratap,
- Chris Simons, Christian Wesselhoeft, Clayton Craft, Colin Geniet,
- Colin Walters, Costa Tsaousis, Cristian Rodríguez, Daan De Meyer,
+ * portablectl gained a new --clean switch that clears a portable
+ service's data (cache, logs, state, runtime, fdstore) when detaching
+ it.
+
+ Contributions from: A S Alam, AKHIL KUMAR,
+ Abraham Samuel Adekunle, Adrian Vovk, Adrian Wannenmacher,
+ Alan Liang, Alberto Planas, Alexander Zavyalov, Anders Jonsson,
+ Andika Triwidada, Andres Beltran, Andrew Sayers,
+ Antonio Alvarez Feijoo, Arthur Zamarin, Artur Pak, AtariDreams,
+ Benjamin Franzke, Bernhard M. Wiedemann, Black-Hole1, Bryan Jacobs,
+ Burak Gerz, Carlos Garnacho, Chandra Pratap, Chris Simons,
+ Christian Wesselhoeft, Clayton Craft, Colin Geniet, Colin Walters,
+ Costa Tsaousis, Cristian Rodríguez, Daan De Meyer,
Damien Challet, Dan Streetman, David Tardon, David Venhoek,
Diego Viola, Dionna Amalie Glaze, Dmitry Konishchev,
Edson Juliano Drosdeck, Eisuke Kawashima, Eli Schwartz,
Emanuele Giuseppe Esposito, Eric Daigle, Evgeny Vereshchagin,
- Felix Riemann, Fernando Fernandez Mancera, Florian Schmaus, Franck Bui,
- Frantisek Sumsal, Friedrich Altheide, Gabríel Arthúr Pétursson,
- Gaël Donval, Georges Basile Stavracas Neto, Gerd Hoffmann, GNOME
- Foundation, Guilhem Lettron, Göran Uddeborg, Hans de Goede, Harald
- Brinkmann, Heinrich Schuchardt, Henry Li, Holger Assmann, Ivan Kruglov,
- Ivan Shapovalov, Jakub Sitnicki, James Muir, Jan Engelhardt, Jan Macku,
- Jeff King, JmbFountain, Joakim Nohlgård, Julius Alexandre,
- Jörg Behrmann, Keian, Kirk, Kristian Klausen, Krzesimir Nowak,
- Lars Ellenberg, Lennart Poettering, Luca Boccassi, Ludwig Nussel,
- Lukáš Nykrýn, Luxiter, Maanya Goenka, Mariano Giménez,
- Markus Merklinger, Martin Ivicic, Martin Trigaux, Martin Wilck,
- Matt Layher, Matt Muggeridge, Matteo Croce, Matthias Lisin,
- Max Gautier, Max Staudt, Michael Biebl, Michal Koutný, Michal Sekletár,
- Mike Gilbert, Mike Yuan, Mikko Ylinen, MkfsSion, MrSmör,
- Nandakumar Raghavan, Nick Cao, Nick Rosbrook, Ole Peder Brandtzæg,
- Ondrej Kozina, Oğuz Ersen, Pablo Méndez Hernández, Pierre GRASSER,
- Piotr Drąg, QuonXF, Rafaël Kooi, Raito Bezarius, Reid Wahl,
- Renjaya Raga Zenta, Richard Maw, Roland Hieber, Ronan Pigott, Rose,
- Ross Burton, Sam Leonard, Samuel BF, Sergei Zhmylev, Sergey A, Shulhan,
- SidhuRupinder, Sludge, Stuart Hayhurst, Susant Sahani,
+ Felix Riemann, Fernando Fernandez Mancera, Florian Schmaus,
+ Franck Bui, Frantisek Sumsal, Friedrich Altheide,
+ Gabríel Arthúr Pétursson, Gaël Donval, Georges Basile Stavracas Neto,
+ Gerd Hoffmann, GNOME Foundation, Guido Leenders,
+ Guilhem Lettron, Göran Uddeborg, Hans de Goede, Harald Brinkmann,
+ Heinrich Schuchardt, Henry Li, Holger Assmann, Ivan Kruglov,
+ Ivan Shapovalov, Jakub Sitnicki, James Muir, Jan Engelhardt,
+ Jan Macku, Jeff King, JmbFountain, Joakim Nohlgård,
+ Jonathan Conder, Julius Alexandre, Jörg Behrmann, Keian, Kirk,
+ Kristian Klausen, Krzesimir Nowak, Lars Ellenberg,
+ Lennart Poettering, Luca Boccassi, Ludwig Nussel, Lukáš Nykrýn,
+ Luna Jernberg, Luxiter, Maanya Goenka, Mariano Giménez,
+ Markus Merklinger, Martin Ivicic, Martin Srebotnjak,
+ Martin Trigaux, Martin Wilck, Matt Layher, Matt Muggeridge,
+ Matteo Croce, Matthias Lisin, Max Gautier, Max Staudt, MaxHearnden,
+ Michael Biebl, Michal Koutný, Michal Sekletár, Mike Gilbert,
+ Mike Yuan, Mikko Ylinen, MkfsSion, MrSmör, Nandakumar Raghavan,
+ Nick Cao, Nick Rosbrook, Norbert Lange, Ole Peder Brandtzæg,
+ Ondrej Kozina, Oğuz Ersen, Pablo Méndez Hernández,
+ Pierre GRASSER, Piotr Drąg, QuonXF, Rafaël Kooi, Raito Bezarius,
+ Rasmus Villemoes, Reid Wahl, Renjaya Raga Zenta, Richard Maw,
+ Roland Hieber, Ronan Pigott, Rose, Ross Burton, Sam Leonard,
+ Samuel BF, Sarvajith Adyanthaya, Sergei Zhmylev, Sergey A, Shulhan,
+ SidhuRupinder, Simon Fowler, Sludge, Stuart Hayhurst, Susant Sahani,
Takashi Sakamoto, Temuri Doghonadze, Thilo Fromm, Thomas Blume,
- TobiPeterG, Tomáš Pecka, Topi Miettinen, Tycho Andersen, Unique-Usman,
- Usman Akinyemi, Vasiliy Kovalev, Vasiliy Stelmachenok,
- Vishal Chillara Srinivas, Vitaly Kuznetsov, Vito Caputo,
- Vladimir Stoiakin, Werner Sembach, Will Springer, Winterhuman,
- Xiaotian Wu, Yu Watanabe, Yuri Chornoivan, Zbigniew Jędrzejewski-Szmek,
- Zmyeir, aslepykh, chenjiayi, cpackham-atlnz, cunshunxia, djantti,
- hfavisado, hulkoba, ksaleem, medusalix, mille-feuille, mkubiak, mooo,
- msizanoen, networkException, nl6720, r-vdp, runiq, samuelvw01,
- sharad3001, sushmbha, wangyuhang, zzywysm, İ. Ensar Gülşen,
+ TobiPeterG, Tobias Fleig, Tomáš Pecka, Topi Miettinen,
+ Tycho Andersen, Unique-Usman, Usman Akinyemi, Vasiliy Kovalev,
+ Vasiliy Stelmachenok, Vishal Chillara Srinivas, Vitaly Kuznetsov,
+ Vito Caputo, Vladimir Stoiakin, Werner Sembach, Will Springer,
+ Winterhuman, Xiaotian Wu, Yu Watanabe, Yuri Chornoivan,
+ Zbigniew Jędrzejewski-Szmek, Zmyeir, aslepykh, chenjiayi,
+ cpackham-atlnz, cunshunxia, djantti, hfavisado, hulkoba, ksaleem,
+ medusalix, mille-feuille, mkubiak, mooo, msizanoen, networkException,
+ nl6720, r-vdp, runiq, sam-leonard-ct, samuelvw01, sharad3001, sushmbha,
+ wangyuhang, zzywysm, İ. Ensar Gülşen, Łukasz Stelmach,
Štěpán Němec, 我超厉害, 김인수
- — Happy Place, 2024-04-XX
+ — Edinburgh, 2024-04-25
CHANGES WITH 255:
sd_device_enumerator_add_match_property_required() which allows
configuring matches on properties that are strictly required. This is
different from the existing sd_device_enumerator_add_match_property()
- matches of which one one needs to apply.
+ matches of which one needs to apply.
* The MAC address the veth side of an nspawn container shall get
assigned may now be controlled via the $SYSTEMD_NSPAWN_NETWORK_MAC
projects / thirdparty / systemd.git / blobdiff