Create less stuff when systemd-tmpfiles --create is executed (during installation or otherwise)
CHANGES WITH 243 in spe:
- * This release enables unprivileged programs (i.e. requiring neither
- setuid nor file capabilities) to send ICMP Echo (i.e. ping) requests
- by turning on the net.ipv4.ping_group_range sysctl of the Linux
- kernel for the whole UNIX group range, i.e. all processes. This
- change should be reasonably safe, as the kernel support for it was
- specifically implemented to allow safe access to ICMP Echo for
- processes lacking any privileges. If this is not desirable, it can be
- disabled again by setting the parameter to "1 0".
-
* Previously, filters defined with SystemCallFilter= would have the
effect that an calling an offending system call would terminate the
calling thread. This behaviour never made much sense, since killing
* systemd-networkd's bridging support gained two new options ProxyARP=
and ProxyARPWifi= for configuring proxy ARP behaviour as well as
- MulticastRouter= for configuring multicast routing behaviour.
+ MulticastRouter= for configuring multicast routing behaviour. A new
+ option MulticastIGMPVersion= may be used to change bridge's multicast
+ Internet Group Management Protocol (IGMP) version.
* systemd-networkd's FooOverUDP support gained the ability to configure
local and peer IP addresses via Local= and Peer=. A new option
devices, as well as a new "--stats" switch for showing device
statistics.
+ * networkd.conf gained a new setting SpeedMeter= and
+ SpeedMeterIntervalSec=, to measure bitrate of network interfaces. The
+ measured speed may be shown by 'networkctl status'.
+
* systemd-networkd's .network and .link files gained a new Property=
setting in the [Match] section, to match against devices with
specific udev properties.
Features:
+* add an explicit "vertical" mode to format-table, so that "systemctl
+ status"-like outputs (i.e. with a series of field names left and values
+ right) become genuine first class citizens, and we gain automatic, sane JSON
+ output for them.
+
+* dissector: invoke fsck on the file systems we encounter, after all ext4 is
+ still pretty popular (and we mount the ESP too with it after all, which is
+ fat)
+
+* systemd-firstboot: teach it dissector magic, so that you can point it to some
+ disk image and it will just set everything in it all behind the scenes.
+
+* systemd-firstboot: add --force mode that replaces existing configuration.
+
* We should probably replace /var/log/README, /etc/rc.d/README with symlinks
that are linked to these places instead of copied. After all they are
constant vendor data.
</listitem>
</varlistentry>
<varlistentry>
- <term><varname>IGMPVersion=</varname></term>
+ <term><varname>MulticastIGMPVersion=</varname></term>
<listitem>
<para>Allows to change bridge's multicast Internet Group Management Protocol (IGMP) version.
Takes an interger 2 or 3. When unset, the kernel's default will be used.
boot_params = (struct boot_params *) 0xFFFFFFFF;
err = uefi_call_wrapper(BS->AllocatePages, 4, AllocateMaxAddress, EfiLoaderData,
- EFI_SIZE_TO_PAGES(0x4000), (UINTN *) &boot_params);
+ EFI_SIZE_TO_PAGES(0x4000), (EFI_PHYSICAL_ADDRESS*) &boot_params);
if (EFI_ERROR(err))
return err;
r = safe_atou8(rvalue, &u);
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r,
- "Failed to parse bridge IGMP version number '%s', ignoring assignment: %m",
+ "Failed to parse bridge's multicast IGMP version number '%s', ignoring assignment: %m",
rvalue);
return 0;
}
if (!IN_SET(u, 2, 3)) {
log_syntax(unit, LOG_ERR, filename, line, 0,
- "Invalid bridge IGMP version number '%s', ignoring assignment.", rvalue);
+ "Invalid bridge's multicast IGMP version number '%s', ignoring assignment.", rvalue);
return 0;
}
Bridge.MulticastSnooping, config_parse_tristate, 0, offsetof(Bridge, mcast_snooping)
Bridge.VLANFiltering, config_parse_tristate, 0, offsetof(Bridge, vlan_filtering)
Bridge.STP, config_parse_tristate, 0, offsetof(Bridge, stp)
-Bridge.IGMPVersion, config_parse_uint8, 0, offsetof(Bridge, igmp_version)
+Bridge.MulticastIGMPVersion, config_parse_uint8, 0, offsetof(Bridge, igmp_version)
VRF.TableId, config_parse_uint32, 0, offsetof(Vrf, table) /* deprecated */
VRF.Table, config_parse_uint32, 0, offsetof(Vrf, table)
WireGuard.FirewallMark, config_parse_unsigned, 0, offsetof(Wireguard, fwmark)
# Promote secondary addresses when the primary address is removed
net.ipv4.conf.all.promote_secondaries = 1
-# ping(8) without CAP_NET_ADMIN and CAP_NET_RAW
-# The upper limit is set to 2^31-1. Values greater than that get rejected by
-# the kernel because of this definition in linux/include/net/ping.h:
-# #define GID_T_MAX (((gid_t)~0U) >> 1)
-# That's not so bad because values between 2^31 and 2^32-1 are reserved on
-# systemd-based systems anyway: https://systemd.io/UIDS-GIDS.html#summary
-net.ipv4.ping_group_range = 0 2147483647
-
# Fair Queue CoDel packet scheduler to fight bufferbloat
net.core.default_qdisc = fq_codel
Priority=
GroupForwardMask=
VLANFiltering=
-IGMPVersion=
+MulticastIGMPVersion=
[VRF]
TableId=
Table=
MulticastQuerier= true
MulticastSnooping=true
STP=true
-IGMPVersion=3
+MulticastIGMPVersion=3