X-Git-Url: http://git.ipfire.org/?p=thirdparty%2Fsystemd.git;a=blobdiff_plain;f=NEWS;h=1def98212de362e14e4fca2403378b2e4ca2c574;hp=235543948ac2786b64342b45945ac4bffd9f387a;hb=f680ce835d6978b7ec402e013bd93bddd00b4b27;hpb=ccac84d02e2dcaf8cfcd23f501f8ceb774025fd2 diff --git a/NEWS b/NEWS index 235543948ac..1def98212de 100644 --- a/NEWS +++ b/NEWS @@ -1,30 +1,48 @@ systemd System and Service Manager -CHANGES WITH 236 in spe: +CHANGES WITH 236: - * The modprobe.d/ drop-in for the bonding.ko kernel module introduced - in v235, has been extended to also set the dummy.ko module option - numdummies=0, resolving issues with the kernel creating the dummy0 - network interface implicitly. + * The modprobe.d/ drop-in for the bonding.ko kernel module introduced + in v235 has been extended to also set the dummy.ko module option + numdummies=0, preventing the kernel from automatically creating + dummy0. All dummy interfaces must now be explicitly created. + + * Unknown '%' specifiers in configuration files are now rejected. This + applies to units and tmpfiles.d configuration. Any percent characters + that are followed by a letter or digit that are not supposed to be + interpreted as the beginning of a specifier should be escaped by + doubling ("%%"). (So "size=5%" is still accepted, as well as + "size=5%,foo=bar", but not "LABEL=x%y%z" since %y and %z are not + valid specifiers today.) * systemd-resolved now maintains a new dynamic - /run/systemd/resolve/stub-resolv.conf compatibility file. It is now - recommended to maintain /etc/resolv.conf as a symlink to this new - dynamic file. It points at the systemd-resolved stub DNS 127.0.0.53 - resolver and it includes dynamically acquired search domains. This - achieves a more correct DNS resolution by software that bypasses - local DNS APIs (e.g. NSS). + /run/systemd/resolve/stub-resolv.conf compatibility file. It is + recommended to make /etc/resolv.conf a symlink to it. This file + points at the systemd-resolved stub DNS 127.0.0.53 resolver and + includes dynamically acquired search domains, achieving more correct + DNS resolution by software that bypasses local DNS APIs such as NSS. * The "uaccess" udev tag has been dropped from /dev/kvm and /dev/dri/renderD*. These devices now have the 0666 permissions by default (but this may be changed at build-time). /dev/dri/renderD* will now be owned by the "render" group along with /dev/kfd. - * This enables "DynamicUser=yes" by default for - systemd-timesyncd.service, systemd-journal-gatewayd.service and - systemd-journal-upload.service. This means "nss-systemd" really - should be enabled in /etc/nsswitch.conf to ensure the UIDs assigned - to these services show up properly in the user database. + * "DynamicUser=yes" has been enabled for systemd-timesyncd.service, + systemd-journal-gatewayd.service and + systemd-journal-upload.service. This means "nss-systemd" must be + enabled in /etc/nsswitch.conf to ensure the UIDs assigned to these + services are resolved properly. + + * In /etc/fstab two new mount options are now understood: + x-systemd.makefs and x-systemd.growfs. The former has the effect that + the configured file system is formatted before it is mounted, the + latter that the file system is resized to the full block device size + after it is mounted (i.e. if the file system is smaller than the + partition it resides on, it's grown). This is similar to the fsck + logic in /etc/fstab, and pulls in systemd-makefs@.service and + systemd-growfs@.service as necessary, similar to + systemd-fsck@.service. Resizing is currently only supported on ext4 + and btrfs. * In systemd-networkd, the IPv6 RA logic now optionally may announce DNS server and domain information. @@ -33,18 +51,25 @@ CHANGES WITH 236 in spe: been added. This requires libcryptsetup2 during compilation and runtime. - * The systemd --user instance will not signal "readiness" when its + * The systemd --user instance will now signal "readiness" when its basic.target unit has been reached, instead of when the run queue ran empty for the first time. - * Unit files learnt three new % specifiers that are expanded during - loading: %S resolves to the top-level state directory (/var/lib for - the system instance, $XDG_CONFIG_HOME for the user instance), %C - resolves to the top-level cache directory (/var/cache for the system - instance, $XDG_CACHE_HOME for the user instance), %L resolves to the - top-level logs directory (/var/log for the system instance, + * Tmpfiles.d with user configuration are now also supported. + systemd-tmpfiles gained a new --user switch, and snippets placed in + ~/.config/user-tmpfiles.d/ and corresponding directories will be + executed by systemd-tmpfiles --user running in the new + systemd-tmpfiles-setup.service and systemd-tmpfiles-clean.service + running in the user session. + + * Unit files and tmpfiles.d snippets learnt three new % specifiers: + %S resolves to the top-level state directory (/var/lib for the system + instance, $XDG_CONFIG_HOME for the user instance), %C resolves to the + top-level cache directory (/var/cache for the system instance, + $XDG_CACHE_HOME for the user instance), %L resolves to the top-level + logs directory (/var/log for the system instance, $XDG_CONFIG_HOME/log/ for the user instance). This matches the - existing %t specifier, that resolves to the top-level runtime + existing %t specifier, that resolves to the top-level runtime directory (/run for the system instance, and $XDG_RUNTIME_DIR for the user instance). @@ -52,12 +77,12 @@ CHANGES WITH 236 in spe: set of journal fields to output in verbose and JSON output modes. * systemd-timesyncd's configuration file gained a new option - RootDistanceMaxSec= for setting the maximum root distance, as well as - the new options PollIntervalMinSec= and PollIntervalMaxSec= to tweak - the minimum and maximum poll interval. + RootDistanceMaxSec= for setting the maximum root distance of servers + it'll use, as well as the new options PollIntervalMinSec= and + PollIntervalMaxSec= to tweak the minimum and maximum poll interval. * bootctl gained a new command "list" for listing all available boot - menu items on systems that follor the boot loader specification. + menu items on systems that follow the boot loader specification. * systemctl gained a new --dry-run switch that shows what would be done instead of doing it, and is currently supported by the shutdown and @@ -66,19 +91,19 @@ CHANGES WITH 236 in spe: * ConditionSecurity= can now detect the TOMOYO security module. * Unit file [Install] sections are now also respected in unit drop-in - files. + files. This is intended to be used by drop-ins under /usr/lib/. - * systemd-firstboot may now also set up the initial keyboard mapping. + * systemd-firstboot may now also set the initial keyboard mapping. - * When udev devices that are exposed as systemd .device units see a - "changed" events, this is propagated as reload from the units, in - respect to ReloadPropagatedFrom=. + * Udev "changed" events for devices which are exposed as systemd + .device units are now propagated to units specified in + ReloadPropagatedFrom= as reload requests. - * When a udev device with a SYSTEMD_WANTS= property containing a - systemd unit template name (i.e. a name in the form of - 'foobar@.service', without the instance component between the '@' and - the '.'), then the escaped sysfs path of the device is automatically - inserted when the unit is added as dependency. + * If a udev device has a SYSTEMD_WANTS= property containing a systemd + unit template name (i.e. a name in the form of 'foobar@.service', + without the instance component between the '@' and - the '.'), then + the escaped sysfs path of the device is automatically used as the + instance. * SystemCallFilter= in unit files has been extended so that an "errno" can be specified individually for each system call. Example: @@ -88,31 +113,30 @@ CHANGES WITH 236 in spe: now optionally takes a list of controllers (instead of a boolean, as before), which lists the controllers to delegate at least. - * The networkd DHCPv6 client now implements the FQDN option (RFC 4704) + * The networkd DHCPv6 client now implements the FQDN option (RFC 4704). - * Two new unit file options have been added: LogLevelMax= configures - the maximum log level any process of the unit may log at - (i.e. anything with a lesser priority than what is specified is - automatically dropped). LogExtraFields= allows configuration of - additional journal fields to attach to all log records generated by - any of the unit's processes. - - * A new unit file option CollectMode= has been added, that allows - tweaking the garbage collection logic for units. It may be used to - tell systemd to garbage collect units that have failed automatically - (normally it only GCs units that exited successfully). systemd-run - and systemd-mount exposes this new functionality wiht a new -G option. + * A new LogLevelMax= setting configures the maximum log level any + process of the service may log at (i.e. anything with a lesser + priority than what is specified is automatically dropped). A new + LogExtraFields= setting allows configuration of additional journal + fields to attach to all log records generated by any of the unit's + processes. - * Services gained a two new settings StandardInputData= and - StadardInputText=, along with a new option StandardInput=data. They - may be used to configure textual or binary data that shall be passed - to the executed service process via STDIN, encoded in-line in the - unit file. + * New StandardInputData= and StandardInputText= settings along with the + new option StandardInput=data may be used to configure textual or + binary data that shall be passed to the executed service process via + standard input, encoded in-line in the unit file. * StandardInput=, StandardOutput= and StandardError= may now be used to connect stdin/stdout/stderr of executed processes directly with a file or AF_UNIX socket in the file system, using the new "file:" option. + * A new unit file option CollectMode= has been added, that allows + tweaking the garbage collection logic for units. It may be used to + tell systemd to garbage collect units that have failed automatically + (normally it only GCs units that exited successfully). systemd-run + and systemd-mount expose this new functionality with a new -G option. + * "machinectl bind" may now be used to bind mount non-directories (i.e. regularfiles, devices, fifos, sockets). @@ -122,14 +146,14 @@ CHANGES WITH 236 in spe: time the specified expression would elapse. * In addition to the pre-existing FailureAction= unit file setting - there's now SuccessAction=, for configuring an shutdown action to - execute when a unit completed successfully. This is useful in - particular inside of containers that shall terminate after some - workload has been completed. Also, both options are now supported for - all unit types, not just services. + there's now SuccessAction=, for configuring a shutdown action to + execute when a unit completes successfully. This is useful in + particular inside containers that shall terminate after some workload + has been completed. Also, both options are now supported for all unit + types, not just services. * networkds's IP rule support gained two new options - IncomingInterface=and OutgoingInterface= for configuring the incoming + IncomingInterface= and OutgoingInterface= for configuring the incoming and outgoing interfaces of configured rules. systemd-networkd also gained support for "vxcan" network devices. @@ -143,25 +167,63 @@ CHANGES WITH 236 in spe: store again, ahead of POLLHUP or POLLERR when they are removed anyway. - Contributions from: aeywalee, Alan Jenkins, Alessandro Ghedini, Andrew - Jeddeloh, Antonio Rojas, Ari, bleep_blop, Carsten Strotmann, Christian - Brauner, Christian Hesse, Collin Eggert, Daniel Lockyer, Daniel Rusek, - Dimitri John Ledkov, Evgeny Vereshchagin, Florian Klink, Franck Bui, - gwendalcr, Hans de Goede, Jakub Wilk, Jérémy Rosen, jobol, John Lin, - juga0, Krzysztof Nowicki, Lars Karlitski, Lars Kellogg-Stedman, Lauri - Tirkkonen, Lennart Poettering, longersson, Lubomir Rintel, Lucas - Werkmeister, lukas, Lukáš Nykrýn, Lukasz Rubaszewski, Maciej - S. Szmigiero, macrothian, Mantas Mikulėnas, martingh, Mathieu - Trudel-Lapierre, Matija Skala, Michael Biebl, Michael Vogt, Michal - Sekletar, Mike Gilbert, Muhammet Kara, myrkr, Neil Brown, Ondrej - Kozina, Patrik Flykt, Peter Hutterer, Piotr Drąg, Razvan Cojocaru, - Robin McCorkell, Roland Hieber, Sergey Ptashnick, Shawn Landden, Shuang - Liu, Simon Arlott, Simon Peeters, Stefan Agner, Susant Sahani, Sylvain - Plantefève, Thomas Blume, Tom Stellard, Topi Miettinen, Vito Caputo, - Vladislav Vishnyakov, WaLyong Cho, Yu Watanabe, Zbigniew + * A new document UIDS-GIDS.md has been added to the source tree, that + documents the UID/GID range and assignment assumptions and + requirements of systemd. + + * The watchdog device PID 1 will ping may now be configured through the + WatchdogDevice= configuration file setting, or by setting the + systemd.watchdog_service= kernel commandline option. + + * systemd-resolved's gained support for registering DNS-SD services on + the local network using MulticastDNS. Services may either be + registered by dropping in a .dnssd file in /etc/systemd/dnssd/ (or + the same dir below /run, /usr/lib), or through its D-Bus API. + + * The sd_notify() protocol can now with EXTEND_TIMEOUT_USEC=microsecond + extend the effective start, runtime, and stop time. The service must + continue to send EXTEND_TIMEOUT_USEC within the period specified to + prevent the service manager from making the service as timedout. + + * systemd-resolved's DNSSEC support gained support for RFC 8080 + (Ed25519 keys and signatures). + + * The systemd-resolve command line tool gained a new set of options + --set-dns=, --set-domain=, --set-llmnr=, --set-mdns=, --set-dnssec=, + --set-nta= and --revert to configure per-interface DNS configuration + dynamically during runtime. It's useful for pushing DNS information + into systemd-resolved from DNS hook scripts that various interface + managing software supports (such as pppd). + + * systemd-nspawn gained a new --network-namespace-path= command line + option, which may be used to make a container join an existing + network namespace, by specifying a path to a "netns" file. + + Contributions from: Alan Jenkins, Alan Robertson, Alessandro Ghedini, + Andrew Jeddeloh, Antonio Rojas, Ari, asavah, bleep_blop, Carsten + Strotmann, Christian Brauner, Christian Hesse, Clinton Roy, Collin + Eggert, Cong Wang, Daniel Black, Daniel Lockyer, Daniel Rusek, Dimitri + John Ledkov, Dmitry Rozhkov, Dongsu Park, Edward A. James, Evgeny + Vereshchagin, Florian Klink, Franck Bui, Gwendal Grignou, Hans de + Goede, Harald Hoyer, Hristo Venev, Iago López Galeiras, Ikey Doherty, + Jakub Wilk, Jérémy Rosen, Jiahui Xie, John Lin, José Bollo, Josef + Andersson, juga0, Krzysztof Nowicki, Kyle Walker, Lars Karlitski, Lars + Kellogg-Stedman, Lauri Tirkkonen, Lennart Poettering, Lubomir Rintel, + Luca Bruno, Lucas Werkmeister, Lukáš Nykrýn, Lukáš Říha, Lukasz + Rubaszewski, Maciej S. Szmigiero, Mantas Mikulėnas, Marcus Folkesson, + Martin Steuer, Mathieu Trudel-Lapierre, Matija Skala, + Matthias-Christian Ott, Max Resch, Michael Biebl, Michael Vogt, Michal + Koutný, Michal Sekletar, Mike Gilbert, Muhammet Kara, Neil Brown, Olaf + Hering, Ondrej Kozina, Patrik Flykt, Patryk Kocielnik, Peter Hutterer, + Piotr Drąg, Razvan Cojocaru, Robin McCorkell, Roland Hieber, Saran + Tunyasuvunakool, Sergey Ptashnick, Shawn Landden, Shuang Liu, Simon + Arlott, Simon Peeters, Stanislav Angelovič, Stefan Agner, Susant + Sahani, Sylvain Plantefève, Thomas Blume, Thomas Haller, Tiago Salem + Herrmann, Tinu Weber, Tom Stellard, Topi Miettinen, Torsten Hilbrich, + Vito Caputo, Vladislav Vishnyakov, WaLyong Cho, Yu Watanabe, Zbigniew Jędrzejewski-Szmek, Zeal Jagannatha - — Berlin, 2017-12-XX + — Berlin, 2017-12-14 CHANGES WITH 235: