X-Git-Url: http://git.ipfire.org/?p=thirdparty%2Fsystemd.git;a=blobdiff_plain;f=NEWS;h=1def98212de362e14e4fca2403378b2e4ca2c574;hp=32c01bb8dd9d9f71a0f925f7ada2e65a7b994d86;hb=a1b2c92d8290c76a29ccd0887a92ac064e1bb5a1;hpb=2ebc688fc1a9a06950f47c2146335ebf876d4d9b diff --git a/NEWS b/NEWS index 32c01bb8dd9..1def98212de 100644 --- a/NEWS +++ b/NEWS @@ -1,25 +1,502 @@ systemd System and Service Manager +CHANGES WITH 236: + + * The modprobe.d/ drop-in for the bonding.ko kernel module introduced + in v235 has been extended to also set the dummy.ko module option + numdummies=0, preventing the kernel from automatically creating + dummy0. All dummy interfaces must now be explicitly created. + + * Unknown '%' specifiers in configuration files are now rejected. This + applies to units and tmpfiles.d configuration. Any percent characters + that are followed by a letter or digit that are not supposed to be + interpreted as the beginning of a specifier should be escaped by + doubling ("%%"). (So "size=5%" is still accepted, as well as + "size=5%,foo=bar", but not "LABEL=x%y%z" since %y and %z are not + valid specifiers today.) + + * systemd-resolved now maintains a new dynamic + /run/systemd/resolve/stub-resolv.conf compatibility file. It is + recommended to make /etc/resolv.conf a symlink to it. This file + points at the systemd-resolved stub DNS 127.0.0.53 resolver and + includes dynamically acquired search domains, achieving more correct + DNS resolution by software that bypasses local DNS APIs such as NSS. + + * The "uaccess" udev tag has been dropped from /dev/kvm and + /dev/dri/renderD*. These devices now have the 0666 permissions by + default (but this may be changed at build-time). /dev/dri/renderD* + will now be owned by the "render" group along with /dev/kfd. + + * "DynamicUser=yes" has been enabled for systemd-timesyncd.service, + systemd-journal-gatewayd.service and + systemd-journal-upload.service. This means "nss-systemd" must be + enabled in /etc/nsswitch.conf to ensure the UIDs assigned to these + services are resolved properly. + + * In /etc/fstab two new mount options are now understood: + x-systemd.makefs and x-systemd.growfs. The former has the effect that + the configured file system is formatted before it is mounted, the + latter that the file system is resized to the full block device size + after it is mounted (i.e. if the file system is smaller than the + partition it resides on, it's grown). This is similar to the fsck + logic in /etc/fstab, and pulls in systemd-makefs@.service and + systemd-growfs@.service as necessary, similar to + systemd-fsck@.service. Resizing is currently only supported on ext4 + and btrfs. + + * In systemd-networkd, the IPv6 RA logic now optionally may announce + DNS server and domain information. + + * Support for the LUKS2 on-disk format for encrypted partitions has + been added. This requires libcryptsetup2 during compilation and + runtime. + + * The systemd --user instance will now signal "readiness" when its + basic.target unit has been reached, instead of when the run queue ran + empty for the first time. + + * Tmpfiles.d with user configuration are now also supported. + systemd-tmpfiles gained a new --user switch, and snippets placed in + ~/.config/user-tmpfiles.d/ and corresponding directories will be + executed by systemd-tmpfiles --user running in the new + systemd-tmpfiles-setup.service and systemd-tmpfiles-clean.service + running in the user session. + + * Unit files and tmpfiles.d snippets learnt three new % specifiers: + %S resolves to the top-level state directory (/var/lib for the system + instance, $XDG_CONFIG_HOME for the user instance), %C resolves to the + top-level cache directory (/var/cache for the system instance, + $XDG_CACHE_HOME for the user instance), %L resolves to the top-level + logs directory (/var/log for the system instance, + $XDG_CONFIG_HOME/log/ for the user instance). This matches the + existing %t specifier, that resolves to the top-level runtime + directory (/run for the system instance, and $XDG_RUNTIME_DIR for the + user instance). + + * journalctl learnt a new parameter --output-fields= for limiting the + set of journal fields to output in verbose and JSON output modes. + + * systemd-timesyncd's configuration file gained a new option + RootDistanceMaxSec= for setting the maximum root distance of servers + it'll use, as well as the new options PollIntervalMinSec= and + PollIntervalMaxSec= to tweak the minimum and maximum poll interval. + + * bootctl gained a new command "list" for listing all available boot + menu items on systems that follow the boot loader specification. + + * systemctl gained a new --dry-run switch that shows what would be done + instead of doing it, and is currently supported by the shutdown and + sleep verbs. + + * ConditionSecurity= can now detect the TOMOYO security module. + + * Unit file [Install] sections are now also respected in unit drop-in + files. This is intended to be used by drop-ins under /usr/lib/. + + * systemd-firstboot may now also set the initial keyboard mapping. + + * Udev "changed" events for devices which are exposed as systemd + .device units are now propagated to units specified in + ReloadPropagatedFrom= as reload requests. + + * If a udev device has a SYSTEMD_WANTS= property containing a systemd + unit template name (i.e. a name in the form of 'foobar@.service', + without the instance component between the '@' and - the '.'), then + the escaped sysfs path of the device is automatically used as the + instance. + + * SystemCallFilter= in unit files has been extended so that an "errno" + can be specified individually for each system call. Example: + SystemCallFilter=~uname:EILSEQ. + + * The cgroup delegation logic has been substantially updated. Delegate= + now optionally takes a list of controllers (instead of a boolean, as + before), which lists the controllers to delegate at least. + + * The networkd DHCPv6 client now implements the FQDN option (RFC 4704). + + * A new LogLevelMax= setting configures the maximum log level any + process of the service may log at (i.e. anything with a lesser + priority than what is specified is automatically dropped). A new + LogExtraFields= setting allows configuration of additional journal + fields to attach to all log records generated by any of the unit's + processes. + + * New StandardInputData= and StandardInputText= settings along with the + new option StandardInput=data may be used to configure textual or + binary data that shall be passed to the executed service process via + standard input, encoded in-line in the unit file. + + * StandardInput=, StandardOutput= and StandardError= may now be used to + connect stdin/stdout/stderr of executed processes directly with a + file or AF_UNIX socket in the file system, using the new "file:" option. + + * A new unit file option CollectMode= has been added, that allows + tweaking the garbage collection logic for units. It may be used to + tell systemd to garbage collect units that have failed automatically + (normally it only GCs units that exited successfully). systemd-run + and systemd-mount expose this new functionality with a new -G option. + + * "machinectl bind" may now be used to bind mount non-directories + (i.e. regularfiles, devices, fifos, sockets). + + * systemd-analyze gained a new verb "calendar" for validating and + testing calendar time specifications to use for OnCalendar= in timer + units. Besides validating the expression it will calculate the next + time the specified expression would elapse. + + * In addition to the pre-existing FailureAction= unit file setting + there's now SuccessAction=, for configuring a shutdown action to + execute when a unit completes successfully. This is useful in + particular inside containers that shall terminate after some workload + has been completed. Also, both options are now supported for all unit + types, not just services. + + * networkds's IP rule support gained two new options + IncomingInterface= and OutgoingInterface= for configuring the incoming + and outgoing interfaces of configured rules. systemd-networkd also + gained support for "vxcan" network devices. + + * networkd gained a new setting RequiredForOnline=, taking a + boolean. If set, systemd-wait-online will take it into consideration + when determining that the system is up, otherwise it will ignore the + interface for this purpose. + + * The sd_notify() protocol gained support for a new operation: with + FDSTOREREMOVE=1 file descriptors may be removed from the per-service + store again, ahead of POLLHUP or POLLERR when they are removed + anyway. + + * A new document UIDS-GIDS.md has been added to the source tree, that + documents the UID/GID range and assignment assumptions and + requirements of systemd. + + * The watchdog device PID 1 will ping may now be configured through the + WatchdogDevice= configuration file setting, or by setting the + systemd.watchdog_service= kernel commandline option. + + * systemd-resolved's gained support for registering DNS-SD services on + the local network using MulticastDNS. Services may either be + registered by dropping in a .dnssd file in /etc/systemd/dnssd/ (or + the same dir below /run, /usr/lib), or through its D-Bus API. + + * The sd_notify() protocol can now with EXTEND_TIMEOUT_USEC=microsecond + extend the effective start, runtime, and stop time. The service must + continue to send EXTEND_TIMEOUT_USEC within the period specified to + prevent the service manager from making the service as timedout. + + * systemd-resolved's DNSSEC support gained support for RFC 8080 + (Ed25519 keys and signatures). + + * The systemd-resolve command line tool gained a new set of options + --set-dns=, --set-domain=, --set-llmnr=, --set-mdns=, --set-dnssec=, + --set-nta= and --revert to configure per-interface DNS configuration + dynamically during runtime. It's useful for pushing DNS information + into systemd-resolved from DNS hook scripts that various interface + managing software supports (such as pppd). + + * systemd-nspawn gained a new --network-namespace-path= command line + option, which may be used to make a container join an existing + network namespace, by specifying a path to a "netns" file. + + Contributions from: Alan Jenkins, Alan Robertson, Alessandro Ghedini, + Andrew Jeddeloh, Antonio Rojas, Ari, asavah, bleep_blop, Carsten + Strotmann, Christian Brauner, Christian Hesse, Clinton Roy, Collin + Eggert, Cong Wang, Daniel Black, Daniel Lockyer, Daniel Rusek, Dimitri + John Ledkov, Dmitry Rozhkov, Dongsu Park, Edward A. James, Evgeny + Vereshchagin, Florian Klink, Franck Bui, Gwendal Grignou, Hans de + Goede, Harald Hoyer, Hristo Venev, Iago López Galeiras, Ikey Doherty, + Jakub Wilk, Jérémy Rosen, Jiahui Xie, John Lin, José Bollo, Josef + Andersson, juga0, Krzysztof Nowicki, Kyle Walker, Lars Karlitski, Lars + Kellogg-Stedman, Lauri Tirkkonen, Lennart Poettering, Lubomir Rintel, + Luca Bruno, Lucas Werkmeister, Lukáš Nykrýn, Lukáš Říha, Lukasz + Rubaszewski, Maciej S. Szmigiero, Mantas Mikulėnas, Marcus Folkesson, + Martin Steuer, Mathieu Trudel-Lapierre, Matija Skala, + Matthias-Christian Ott, Max Resch, Michael Biebl, Michael Vogt, Michal + Koutný, Michal Sekletar, Mike Gilbert, Muhammet Kara, Neil Brown, Olaf + Hering, Ondrej Kozina, Patrik Flykt, Patryk Kocielnik, Peter Hutterer, + Piotr Drąg, Razvan Cojocaru, Robin McCorkell, Roland Hieber, Saran + Tunyasuvunakool, Sergey Ptashnick, Shawn Landden, Shuang Liu, Simon + Arlott, Simon Peeters, Stanislav Angelovič, Stefan Agner, Susant + Sahani, Sylvain Plantefève, Thomas Blume, Thomas Haller, Tiago Salem + Herrmann, Tinu Weber, Tom Stellard, Topi Miettinen, Torsten Hilbrich, + Vito Caputo, Vladislav Vishnyakov, WaLyong Cho, Yu Watanabe, Zbigniew + Jędrzejewski-Szmek, Zeal Jagannatha + + — Berlin, 2017-12-14 + CHANGES WITH 235: - * modprobe.d drop-in is now shipped by default that sets bonding module - option max_bonds=0. This overrides the kernel default, to avoid - conflicts and ambiguity as to whether or not bond0 should be managed - by networkd or not. This resolves multiple bugs of bond0 properties - not being applied, when bond0 is configured with - networkd. Distributors may choose to not package this, however in - that case users will be prevented from correctly managing bond0 - interface using networkd. + * INCOMPATIBILITY: systemd-logind.service and other long-running + services now run inside an IPv4/IPv6 sandbox, prohibiting them any IP + communication with the outside. This generally improves security of + the system, and is in almost all cases a safe and good choice, as + these services do not and should not provide any network-facing + functionality. However, systemd-logind uses the glibc NSS API to + query the user database. This creates problems on systems where NSS + is set up to directly consult network services for user database + lookups. In particular, this creates incompatibilities with the + "nss-nis" module, which attempts to directly contact the NIS/YP + network servers it is configured for, and will now consistently + fail. In such cases, it is possible to turn off IP sandboxing for + systemd-logind.service (set IPAddressDeny= in its [Service] section + to the empty string, via a .d/ unit file drop-in). Downstream + distributions might want to update their nss-nis packaging to include + such a drop-in snippet, accordingly, to hide this incompatibility + from the user. Another option is to make use of glibc's nscd service + to proxy such network requests through a privilege-separated, minimal + local caching daemon, or to switch to more modern technologies such + sssd, whose NSS hook-ups generally do not involve direct network + access. In general, we think it's definitely time to question the + implementation choices of nss-nis, i.e. whether it's a good idea + today to embed a network-facing loadable module into all local + processes that need to query the user database, including the most + trivial and benign ones, such as "ls". For more details about + IPAddressDeny= see below. + + * A new modprobe.d drop-in is now shipped by default that sets the + bonding module option max_bonds=0. This overrides the kernel default, + to avoid conflicts and ambiguity as to whether or not bond0 should be + managed by systemd-networkd or not. This resolves multiple issues + with bond0 properties not being applied, when bond0 is configured + with systemd-networkd. Distributors may choose to not package this, + however in that case users will be prevented from correctly managing + bond0 interface using systemd-networkd. * systemd-analyze gained new verbs "get-log-level" and "get-log-target" - which print the logging level and target of the system manager, - respectively. They complement the existing "set-log-level" and - "set-log-target" verbs, which can be used to change those values. - - * systemd-networkd .network DHCP setting UseMTU default has changed - from false to true. Meaning, DHCP server advertised mtu setting is - now applied by default. This resolves networking issues on low-mtu - networks. + which print the logging level and target of the system manager. They + complement the existing "set-log-level" and "set-log-target" verbs + used to change those values. + + * journald.conf gained a new boolean setting ReadKMsg= which defaults + to on. If turned off kernel log messages will not be read by + systemd-journald or included in the logs. It also gained a new + setting LineMax= for configuring the maximum line length in + STDOUT/STDERR log streams. The new default for this value is 48K, up + from the previous hardcoded 2048. + + * A new unit setting RuntimeDirectoryPreserve= has been added, which + allows more detailed control of what to do with a runtime directory + configured with RuntimeDirectory= (i.e. a directory below /run or + $XDG_RUNTIME_DIR) after a unit is stopped. + + * The RuntimeDirectory= setting for units gained support for creating + deeper subdirectories below /run or $XDG_RUNTIME_DIR, instead of just + one top-level directory. + + * Units gained new options StateDirectory=, CacheDirectory=, + LogsDirectory= and ConfigurationDirectory= which are closely related + to RuntimeDirectory= but manage per-service directories below + /var/lib, /var/cache, /var/log and /etc. By making use of them it is + possible to write unit files which when activated automatically gain + properly owned service specific directories in these locations, thus + making unit files self-contained and increasing compatibility with + stateless systems and factory reset where /etc or /var are + unpopulated at boot. Matching these new settings there's also + StateDirectoryMode=, CacheDirectoryMode=, LogsDirectoryMode=, + ConfigurationDirectoryMode= for configuring the access mode of these + directories. These settings are particularly useful in combination + with DynamicUser=yes as they provide secure, properly-owned, + writable, and stateful locations for storage, excluded from the + sandbox that such services live in otherwise. + + * Automake support has been removed from this release. systemd is now + Meson-only. + + * systemd-journald will now aggressively cache client metadata during + runtime, speeding up log write performance under pressure. This comes + at a small price though: as much of the metadata is read + asynchronously from /proc/ (and isn't implicitly attached to log + datagrams by the kernel, like UID/GID/PID/SELinux are) this means the + metadata stored alongside a log entry might be slightly + out-of-date. Previously it could only be slightly newer than the log + message. The time window is small however, and given that the kernel + is unlikely to be improved anytime soon in this regard, this appears + acceptable to us. + + * nss-myhostname/systemd-resolved will now by default synthesize an + A/AAAA resource record for the "_gateway" hostname, pointing to the + current default IP gateway. Previously it did that for the "gateway" + name, hampering adoption, as some distributions wanted to leave that + host name open for local use. The old behaviour may still be + requested at build time. + + * systemd-networkd's [Address] section in .network files gained a new + Scope= setting for configuring the IP address scope. The [Network] + section gained a new boolean setting ConfigureWithoutCarrier= that + tells systemd-networkd to ignore link sensing when configuring the + device. The [DHCP] section gained a new Anonymize= boolean option for + turning on a number of options suggested in RFC 7844. A new + [RoutingPolicyRule] section has been added for configuring the IP + routing policy. The [Route] section has gained support for a new + Type= setting which permits configuring + blackhole/unreachable/prohibit routes. + + * The [VRF] section in .netdev files gained a new Table= setting for + configuring the routing table to use. The [Tunnel] section gained a + new Independent= boolean field for configuring tunnels independent of + an underlying network interface. The [Bridge] section gained a new + GroupForwardMask= option for configuration of propagation of link + local frames between bridge ports. + + * The WakeOnLan= setting in .link files gained support for a number of + new modes. A new TCP6SegmentationOffload= setting has been added for + configuring TCP/IPv6 hardware segmentation offload. + + * The IPv6 RA sender implementation may now optionally send out RDNSS + and RDNSSL records to supply DNS configuration to peers. + + * systemd-nspawn gained support for a new --system-call-filter= command + line option for adding and removing entries in the default system + call filter it applies. Moreover systemd-nspawn has been changed to + implement a system call whitelist instead of a blacklist. + + * systemd-run gained support for a new --pipe command line option. If + used the STDIN/STDOUT/STDERR file descriptors passed to systemd-run + are directly passed on to the activated transient service + executable. This allows invoking arbitrary processes as systemd + services (for example to take benefit of dependency management, + accounting management, resource management or log management that is + done automatically for services) — while still allowing them to be + integrated in a classic UNIX shell pipeline. + + * When a service sends RELOAD=1 via sd_notify() and reload propagation + using ReloadPropagationTo= is configured, a reload is now propagated + to configured units. (Previously this was only done on explicitly + requested reloads, using "systemctl reload" or an equivalent + command.) + + * For each service unit a restart counter is now kept: it is increased + each time the service is restarted due to Restart=, and may be + queried using "systemctl show -p NRestarts …". + + * New system call filter groups @aio, @sync, @chown, @setuid, @memlock, + @signal and @timer have been added, for usage with SystemCallFilter= + in unit files and the new --system-call-filter= command line option + of systemd-nspawn (see above). + + * ExecStart= lines in unit files gained two new modifiers: when a + command line is prefixed with "!" the command will be executed as + configured, except for the credentials applied by + setuid()/setgid()/setgroups(). It is very similar to the pre-existing + "+", but does still apply namespacing options unlike "+". There's + also "!!" now, which is mostly identical, but becomes a NOP on + systems that support ambient capabilities. This is useful to write + unit files that work with ambient capabilities where possible but + automatically fall back to traditional privilege dropping mechanisms + on systems where this is not supported. + + * ListenNetlink= settings in socket units now support RDMA netlink + sockets. + + * A new unit file setting LockPersonality= has been added which permits + locking down the chosen execution domain ("personality") of a service + during runtime. + + * A new special target "getty-pre.target" has been added, which is + ordered before all text logins, and may be used to order services + before textual logins acquire access to the console. + + * systemd will now attempt to load the virtio-rng.ko kernel module very + early on if a VM environment supporting this is detected. This should + improve entropy during early boot in virtualized environments. + + * A _netdev option is now supported in /etc/crypttab that operates in a + similar way as the same option in /etc/fstab: it permits configuring + encrypted devices that need to be ordered after the network is up. + Following this logic, two new special targets + remote-cryptsetup-pre.target and remote-cryptsetup.target have been + added that are to cryptsetup.target what remote-fs.target and + remote-fs-pre.target are to local-fs.target. + + * Service units gained a new UnsetEnvironment= setting which permits + unsetting specific environment variables for services that are + normally passed to it (for example in order to mask out locale + settings for specific services that can't deal with it). + + * Units acquired a new boolean option IPAccounting=. When turned on, IP + traffic accounting (packet count as well as byte count) is done for + the service, and shown as part of "systemctl status" or "systemd-run + --wait". + + * Service units acquired two new options IPAddressAllow= and + IPAddressDeny=, taking a list of IPv4 or IPv6 addresses and masks, + for configuring a simple IP access control list for all sockets of + the unit. These options are available also on .slice and .socket + units, permitting flexible access list configuration for individual + services as well as groups of services (as defined by a slice unit), + including system-wide. Note that IP ACLs configured this way are + enforced on every single IPv4 and IPv6 socket created by any process + of the service unit, and apply to ingress as well as egress traffic. + + * If CPUAccounting= or IPAccounting= is turned on for a unit a new + structured log message is generated each time the unit is stopped, + containing information about the consumed resources of this + invocation. + + * A new setting KeyringMode= has been added to unit files, which may be + used to control how the kernel keyring is set up for executed + processes. + + * "systemctl poweroff", "systemctl reboot", "systemctl halt", + "systemctl kexec" and "systemctl exit" are now always asynchronous in + behaviour (that is: these commands return immediately after the + operation was enqueued instead of waiting for the operation to + complete). Previously, "systemctl poweroff" and "systemctl reboot" + were asynchronous on systems using systemd-logind (i.e. almost + always, and like they were on sysvinit), and the other three commands + were unconditionally synchronous. With this release this is cleaned + up, and callers will see the same asynchronous behaviour on all + systems for all five operations. + + * systemd-logind gained new Halt() and CanHalt() bus calls for halting + the system. + + * .timer units now accept calendar specifications in other timezones + than UTC or the local timezone. + + * The tmpfiles snippet var.conf has been changed to create + /var/log/btmp with access mode 0660 instead of 0600. It was owned by + the "utmp" group already, and it appears to be generally understood + that members of "utmp" can modify/flush the utmp/wtmp/lastlog/btmp + databases. Previously this was implemented correctly for all these + databases excepts btmp, which has been opened up like this now + too. Note that while the other databases are world-readable + (i.e. 0644), btmp is not and remains more restrictive. + + * The systemd-resolve tool gained a new --reset-server-features + switch. When invoked like this systemd-resolved will forget + everything it learnt about the features supported by the configured + upstream DNS servers, and restarts the feature probing logic on the + next resolver look-up for them at the highest feature level + again. + + * The status dump systemd-resolved sends to the logs upon receiving + SIGUSR1 now also includes information about all DNS servers it is + configured to use, and the features levels it probed for them. + + Contributions from: Abdó Roig-Maranges, Alan Jenkins, Alexander + Kuleshov, Andreas Rammhold, Andrew Jeddeloh, Andrew Soutar, Ansgar + Burchardt, Beniamino Galvani, Benjamin Berg, Benjamin Robin, Charles + Huber, Christian Hesse, Daniel Berrange, Daniel Kahn Gillmor, Daniel + Mack, Daniel Rusek, Daniel Șerbănescu, Davide Cavalca, Dimitri John + Ledkov, Diogo Pereira, Djalal Harouni, Dmitriy Geels, Dmitry Torokhov, + ettavolt, Evgeny Vereshchagin, Fabio Kung, Felipe Sateler, Franck Bui, + Hans de Goede, Harald Hoyer, Insun Pyo, Ivan Kurnosov, Ivan Shapovalov, + Jakub Wilk, Jan Synacek, Jason Gunthorpe, Jeremy Bicha, Jérémy Rosen, + John Lin, jonasBoss, Jonathan Lebon, Jonathan Teh, Jon Ringle, Jörg + Thalheim, Jouke Witteveen, juga0, Justin Capella, Justin Michaud, + Kai-Heng Feng, Lennart Poettering, Lion Yang, Luca Bruno, Lucas + Werkmeister, Lukáš Nykrýn, Marcel Hollerbach, Marcus Lundblad, Martin + Pitt, Michael Biebl, Michael Grzeschik, Michal Sekletar, Mike Gilbert, + Neil Brown, Nicolas Iooss, Patrik Flykt, pEJipE, Piotr Drąg, Russell + Stuart, S. Fan, Shengyao Xue, Stefan Pietsch, Susant Sahani, Tejun Heo, + Thomas Miller, Thomas Sailer, Tobias Hunger, Tomasz Pala, Tom + Gundersen, Tommi Rantala, Topi Miettinen, Torstein Husebø, userwithuid, + Vasilis Liaskovitis, Vito Caputo, WaLyong Cho, William Douglas, Xiang + Fan, Yu Watanabe, Zbigniew Jędrzejewski-Szmek + + — Berlin, 2017-10-06 CHANGES WITH 234: