X-Git-Url: http://git.ipfire.org/?p=thirdparty%2Fsystemd.git;a=blobdiff_plain;f=NEWS;h=6e1918495f97eb41659343732a6b9629950dcada;hp=a1dbd97434eb5329d1cf4dd1fab1b3dc28baa227;hb=1590dfa4a0b9d659a905818711256004ed2984bb;hpb=78bb2866fd040b3810a664e92a9a950c391d0a04 diff --git a/NEWS b/NEWS index a1dbd97434e..6e1918495f9 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,111 @@ systemd System and Service Manager +CHANGES WITH 243 in spe: + + * Previously, filters defined with SystemCallFilter= would have the + effect that an calling an offending system call would terminate the + calling thread. This behaviour never made much sense, since killing + individual threads of unexpecting processes is likely to create more + problems than it solves. With this release the default action changed + from killing the thread to killing the whole process. For this to + work correctly both a kernel version (>= 4.14) and a libseccomp + version (>= 2.4.0) supporting this new seccomp action is required. If + an older kernel or libseccomp is used the old behaviour continues to + be used. This change does not affect any services that have no system + call filters defined, or that use SystemCallErrorNumber= (and thus + see EPERM or another error instead of being killed when calling an + offending system call). Note that systemd documentation always + claimed that the whole process is killed. With this change behaviour + is thus adjusted to match the documentation. + + * The "kernel.pid_max" sysctl is now bumped to 4194304 by default, + i.e. the full 22bit range the kernel allows, up from the old 16bit + range. This should improve security and robustness a bit, as PID + collisions are made less likely (though certainly still + possible). There are rumours this might create compatibility + problems, though at this moment no practical ones are known to + us. Downstream distributions are hence advised to undo this change in + their builds if they are concerned about maximum compatibility, but + for everybody else we recommend leaving the value bumped. Besides + improving security and robustness this should also simplify things as + the maximum number of allowed concurrent tasks was previously bounded + by both "kernel.pid_max" and "kernel.threads-max" and now only a + single knob is left ("kernel.threads-max"). There have been concerns + that usability is affected by this change because larger PID numbers + are harder to type, but we believe the change from 5 digit PIDs to 7 + digit PIDs is not too hampering for usability. + + * MemoryLow and MemoryMin gained hierarchy-aware counterparts, + DefaultMemoryLow and DefaultMemoryMin, which can be used to + hierarchically set default memory protection values for a particular + subtree of the unit hierarchy. + + * Memory protection directives can now take a value of zero, allowing + explicit opting out of a default value propagated by an ancestor. + + * systemd now defaults to the "unified" cgroup hierarchy setup during + build-time, i.e. -Ddefault-hierarchy=unified is now the build-time + default. Previously, -Ddefault-hierarchy=hybrid was the default. This + change reflects the fact that cgroupsv2 support has matured + substantially in both systemd and in the kernel, and is clearly the + way forward. Downstream production distributions might want to + continue to use -Ddefault-hierarchy=hybrid (or even =legacy) for + their builds as unfortunately the popular container managers have not + caught up with the kernel API changes. + + * Man pages are not built by default anymore (html pages were already + disabled by default), to make development builds quicker. When + building systemd for a full installation with documentation, meson + should be called -Dman=true and/or -Dhtml=true as appropriate. The + default was changed based on the assumption that quick one-off or + repeated development builds are much more common than full optimized + builds for installation, and people need to pass various other + options to when doing "proper" builds anyway, so the gain from making + development builds quicker is bigger than the one time disruption for + packagers. + + Two scripts are created in the *build* directory to generate and + preview man and html pages on demand, e.g.: + + build/man/man systemctl + build/man/html systemd.index + + * The D-Bus "wire format" for CPUAffinity attribute is changed on + big-endian machines. Before, bytes were written and read in native + machine order as exposed by the native libc __cpu_mask interface. + Now, little-endian order is always used (CPUs 0–7 are described by + bits 0–7 in byte 0, CPUs 8–15 are described by byte 1, and so on). + This change fixes D-Bus calls that cross endianness boundary. + + The presentation format used for CPUAffinity by systemctl show and + systemd-analyze dump is changed to present CPU indices instead of the + raw __cpu_mask bitmask. For example, CPUAffinity=0-1 would be shown + as CPUAffinity=03000000000000000000000000000… (on little-endian) or + CPUAffinity=00000000000000300000000000000… (on 64-bit big-endian), + and is now shown as CPUAffinity=0-1, matching the input format. The + maximum integer that will be printed in new format is 8191 (four + digits), while the old format always used a very long number (with + the length varying by architecture), so they can be unambiguously + distinguished. + + * /usr/sbin/halt.local is no longer supported. Implementation in + distributions was inconsistent and it seems this functionality was + very rarely used. + + To replace this functionality, users should: + - either define a new unit and make it a dependency of final.target + (systemctl add-wants final.target my-halt-local.service) + - or move the shutdown script to /usr/lib/systemd/system-shutdown/ + and ensure that it accepts "halt", "poweroff", "reboot", and + "kexec" as an argument, see the description in systemd-shutdown(8). + + * When a [Match] section in .link or .network file is empty (contains + no match patterns), a warning will be emitted. Please add any "match + all" pattern instead, e.g. OriginalName=* or Name=* in case all + interfaces should really be matched. + + … + CHANGES WITH 242: * In .link files, MACAddressPolicy=persistent (the default) is changed @@ -69,12 +175,18 @@ CHANGES WITH 242: * Two new conditions for units have been added: ConditionMemory= may be used to conditionalize a unit based on installed system RAM. ConditionCPUs= may be used to conditionalize a unit based on - install CPU cores. + installed CPU cores. * The @default system call filter group understood by SystemCallFilter= has been updated to include the new rseq() system call introduced in kernel 4.15. + * A new time-set.target has been added that indicates that the system + time has been set from a local source (possibly imprecise). The + existing time-sync.target is stronger and indicates that the time has + been synchronized with a precise external source. Services where + approximate time is sufficient should use the new target. + * "systemctl start" (and related commands) learnt a new --show-transaction option. If specified brief information about all jobs queued because of the requested operation is shown. @@ -215,8 +327,9 @@ CHANGES WITH 242: a different layout of the bootloader partitions (for example grub2). * During package installation (with `ninja install`), we would create - symlinks for systemd-networkd.service, systemd-networkd.socket, - systemd-resolved.service, remote-cryptsetup.target, remote-fs.target, + symlinks for getty@tty1.service, systemd-networkd.service, + systemd-networkd.socket, systemd-resolved.service, + remote-cryptsetup.target, remote-fs.target, systemd-networkd-wait-online.service, and systemd-timesyncd.service in /etc, as if `systemctl enable` was called for those units, to make the system usable immediately after installation. Now this is not @@ -243,17 +356,19 @@ CHANGES WITH 242: Davide Cavalca, David Michael, David Rheinsberg, emersion, Evgeny Vereshchagin, Filipe Brandenburger, Franck Bui, Frantisek Sumsal, Giacinto Cifelli, Hans de Goede, Hugo Kindel, Ignat Korchagin, Insun - Pyo, Jan Engelhardt, Jonathan Lebon, Jonathon Kowalski, Jörg Sommer, - Jörg Thalheim, Kai-Heng Feng, Lennart Poettering, Lubomir Rintel, - Martin Pitt, Matthias Klumpp, Michael Biebl, Michael Niewöhner, Michael - Olbrich, Michal Sekletar, Mike Lothian, Piotr Drąg, Riccardo Schirone, + Pyo, Jan Engelhardt, Jonas Dorel, Jonathan Lebon, Jonathon Kowalski, + Jörg Sommer, Jörg Thalheim, Jussi Pakkanen, Kai-Heng Feng, Lennart + Poettering, Lubomir Rintel, Luís Ferreira, Martin Pitt, Matthias + Klumpp, Michael Biebl, Michael Niewöhner, Michael Olbrich, Michal + Sekletar, Mike Lothian, Paul Menzel, Piotr Drąg, Riccardo Schirone, Robin Elvedi, Roman Kulikov, Ronald Tschalär, Ross Burton, Ryan - Gonzalez, Stephane Chazelas, StKob, Susant Sahani, Sylvain Plantefève, - Szabolcs Fruhwald, Taro Yamada, Theo Ouzhinski, Thomas Haller, Tobias - Jungel, Tom Yan, Tony Asleson, Topi Miettinen, unixsysadmin, Van Laser, - Vesa Jääskeläinen, Yu, Li-Yu, Yu Watanabe, Zbigniew Jędrzejewski-Szmek + Gonzalez, Sebastian Krzyszkowiak, Stephane Chazelas, StKob, Susant + Sahani, Sylvain Plantefève, Szabolcs Fruhwald, Taro Yamada, Theo + Ouzhinski, Thomas Haller, Tobias Jungel, Tom Yan, Tony Asleson, Topi + Miettinen, unixsysadmin, Van Laser, Vesa Jääskeläinen, Yu, Li-Yu, + Yu Watanabe, Zbigniew Jędrzejewski-Szmek - — Warsaw, 2019-04-03 + — Warsaw, 2019-04-11 CHANGES WITH 241: @@ -723,7 +838,7 @@ CHANGES WITH 240: * Journal messages that are generated whenever a unit enters the failed state are now tagged with a unique MESSAGE_ID. Similarly, messages generated whenever a service process exits are now made recognizable, - too. A taged message is also emitted whenever a unit enters the + too. A tagged message is also emitted whenever a unit enters the "dead" state on success. * systemd-run gained a new switch --working-directory= for configuring @@ -965,7 +1080,7 @@ CHANGES WITH 239: not created by systemd-sysusers anymore. NOTE: This has a chance of breaking nss-ldap and similar NSS modules - that embedd a network facing module into any process using getpwuid() + that embed a network facing module into any process using getpwuid() or related call: the dynamic allocation of the user ID for systemd-resolved.service means the service manager has to check NSS if the user name is already taken when forking off the service. Since @@ -1234,7 +1349,7 @@ CHANGES WITH 239: PrivateDevices=, ProtectSystem=, …) are used. This option is hence primarily useful for services that do not use any of the other file system namespacing options. One such service is systemd-udevd.service - wher this is now used by default. + where this is now used by default. * ConditionSecurity= gained a new value "uefi-secureboot" that is true when the system is booted in UEFI "secure mode". @@ -2217,7 +2332,7 @@ CHANGES WITH 234: /etc/machine-id. If the machine ID could not be determined, $KERNEL_INSTALL_MACHINE_ID will be empty. Plugins should not put anything in the entry directory (passed as the second argument) if - $KERNEL_INSTALL_MACHINE_ID is empty. For backwards compatiblity, a + $KERNEL_INSTALL_MACHINE_ID is empty. For backwards compatibility, a temporary directory is passed as the entry directory and removed after all the plugins exit. @@ -5945,7 +6060,7 @@ CHANGES WITH 214: * We temporarily dropped the "-l" switch for fsck invocations, since they collide with the flock() logic above. util-linux upstream has been changed already to avoid this conflict, - and we will readd "-l" as soon as util-linux with this + and we will re-add "-l" as soon as util-linux with this change has been released. * The dependency on libattr has been removed. Since a long @@ -6231,7 +6346,7 @@ CHANGES WITH 213: where the local administrator's configuration in /etc always overrides any other settings. - Contributions fron: Ali H. Caliskan, Alison Chaiken, Bas van + Contributions from: Ali H. Caliskan, Alison Chaiken, Bas van den Berg, Brandon Philips, Cristian Rodríguez, Daniel Buch, Dan Kilman, Dave Reisner, David Härdeman, David Herrmann, David Strauss, Dimitris Spingos, Djalal Harouni, Eelco