CHANGES WITH 253 in spe:
- Deprecations and incompatible changes
+ Deprecations and incompatible changes:
- * systemctl will now warn when invoked without /proc mounted (e.g. when
- invoked after chroot into an image without the API mount points like
- /proc being set up.) Operation in such an environment is not fully
- supported.
+ * systemctl will now warn when invoked without /proc/ mounted
+ (e.g. when invoked after chroot() into an directory tree without the
+ API mount points like /proc/ being set up.) Operation in such an
+ environment is not fully supported.
* The return value of 'systemctl is-active|is-enabled|is-failed' for
unknown units is changed: previously 1 or 3 were returned, but now 4
* 'udevadm hwdb' subcommand is deprecated and will emit a warning.
systemd-hwdb (added in 2014) should be used instead.
- * 'bootctl --json' now outputs well-formed JSON, instead of a stream
+ * 'bootctl --json' now outputs a single JSON array, instead of a stream
of newline-separated JSON objects.
- * Udev rules in 60-evdev.rules have been changed to load hwdb properties
- for all modalias patterns. Previously only the first matching pattern
- was used. This could change what properties are assigned if the user
- has more and less specific patterns that could match the same device,
- but it is expected that the change will have no effect for most users.
+ * Udev rules in 60-evdev.rules have been changed to load hwdb
+ properties for all modalias patterns. Previously only the first
+ matching pattern was used. This could change what properties are
+ assigned if the user has more and less specific patterns that could
+ match the same device, but it is expected that the change will have
+ no effect for most users.
* systemd-networkd-wait-online exits successfully when all interfaces
are ready or unmanaged. Previously, if neither '--any' nor
manager is also enabled and used.
* Some compatibility helpers were dropped: EmergencyAction= in the user
- manager, measuring kernel command line into PCR 8 along with the
- -Defi-tpm-pcr-compat compile-time option.
+ manager, as well as measuring kernel command line into PCR 8 in
+ systemd-stub, along with the -Defi-tpm-pcr-compat compile-time
+ option.
- * The '-Dupdate-helper-user-timeout=' build-time option has been renamed
- to '-Dupdate-helper-user-timeout-sec=', and now takes an integer as
- parameter instead of a string.
+ * The '-Dupdate-helper-user-timeout=' build-time option has been
+ renamed to '-Dupdate-helper-user-timeout-sec=', and now takes an
+ integer as parameter instead of a string.
New components:
* A tool 'ukify' tool to build, measure, and sign Unified Kernel Images
(UKIs) has been added. This replaces functionality provided by
- 'dracut --uefi' and extends it with automatic calculation of offsets,
- insertion of signed PCR policies generated by systemd-measure,
- support for initrd concatenation, signing of the embedded Linux image
- and the combined image with sbsign, and heuristics to autodetect the
- kernel uname and verify the splash image.
+ 'dracut --uefi' and extends it with automatic calculation of PE file
+ offsets, insertion of signed PCR policies generated by
+ systemd-measure, support for initrd concatenation, signing of the
+ embedded Linux image and the combined image with sbsign, and
+ heuristics to autodetect the kernel uname and verify the splash
+ image.
Changes in systemd and units:
- * A new unit type Type=notify-reload is defined. When such a unit is
- reloaded via a signal, the manager will wait until it receives a
- "READY=1" notification from the unit. Otherwise, this type is the
- same as Type=notify.
+ * A new service type Type=notify-reload is defined. When such a unit is
+ reloaded a signal (typically SIGHUP) is sent to the main service
+ process. The manager will then wait until it receives a "RELOADING=1"
+ followed by a "READY=1" notification from the unit as response (via
+ sd_notify()). Otherwise, this type is the same as Type=notify.
user@.service, systemd-networkd.service, systemd-udevd.service, and
- systemd-logind have been updated to this type; their reloads are now
- synchronous.
-
- * Initrd environments which are not on a temporary file system (for
- example an overlayfs combination) are now supported. Systemd will only
- skip removal of the files in the initrd if it doesn't detect a
- temporary file system.
-
- * New MemoryZSwapMax= option has been added to configure
- memory.zswap.max cgroup properties (the maximum amount of zswap used).
-
- * New LogFilterPatterns= option can be used to specify regexp
- accept/deny patterns for log entries generated by the unit. Based on
- the option value, the manager sets the
- user.journald_log_filter_patterns extended attribute on the unit
- cgroup. systemd-journald checks for this attribute when receiving
- messages, and will filter messages by matching the MESSAGE= part.
+ systemd-logind have been updated to this type.
+
+ * Initrd environments which are not on a pure memory file system (e.g.
+ overlayfs combination as opposed to tmpfs) are now supported. With
+ this change, during the initrd → host transition ("switch root")
+ systemd will no longer erase all files of the initrd unless it's
+ backed by a memory file system such as tmpfs.
+
+ * New per-unit MemoryZSwapMax= option has been added to configure
+ memory.zswap.max cgroup properties (the maximum amount of zswap
+ used).
+
+ * A new LogFilterPatterns= option has been added for units. It may be
+ used to specify accept/deny regular expressions for log messages
+ generated by the unit, that shall be enforced by systemd-journald.
Rejected messages are neither stored in the journal nor forwarded.
- This option can be used to filter noisy or uninteresting messages
+ This option may be used to suppress noisy or uninteresting messages
from units.
* The manager has a new
- org.freedesktop.systemd1.Manager.GetUnitByPIDFD() method to query
- process ownership via a PIDFD, which is more resilient against PID
- recycling issues.
+ org.freedesktop.systemd1.Manager.GetUnitByPIDFD() D-Bus method to
+ query process ownership via a PIDFD, which is more resilient against
+ PID recycling issues.
* Scope units now support OOMPolicy=. Login session scopes default to
OOMPolicy=continue, allowing login scopes to survive the OOM killer
terminating some processes in the scope.
* systemd-fstab-generator now supports x-systemd.makefs option for
- /sysroot (in the initrd).
+ /sysroot/ (in the initrd).
* The maximum rate at which daemon reloads are executed can now be
limited with the new ReloadLimitIntervalSec=/ReloadLimitBurst=
options. (Or the equivalent on the kernel command line:
- systemd.reload_limit_interval_sec=/systemd.reload_limit_burst=).
- In addition, systemd now logs the originating unit and PID when
- a reload request is received over D-Bus.
-
- * When enabling a swap device, instead of failing, systemd will now
- reinitialize the device when the page size of the swap space does not
- match the page size of the running kernel.
-
- * Systemd now executes generators in a mount namespace "sandbox" with
- most of the file system read-only, but with write access to the
- output directories, and with a temporary /tmp/ mount provided. This
- provides a safeguard against programming errors in the generators,
- but also fixes here-docs in shells, which previously didn't work in
- early boot when /tmp/ wasn't available yet. (This feature has no
- security implications, because the code is still privileged and can
- trivially exit the sandbox.)
-
- * The manager will load the vmm.notify_socket credential. If found,
- it will send a "READY=1" notification on the specified socket after
- boot is complete. This allows readiness notification to be sent
- from a VM guest to the host over a VSOCK socket.
+ systemd.reload_limit_interval_sec=/systemd.reload_limit_burst=). In
+ addition, systemd now logs the originating unit and PID when a reload
+ request is received over D-Bus.
+
+ * When enabling a swap device systemd will now reinitialize the device
+ when the page size of the swap space does not match the page size of
+ the running kernel.
+
+ * systemd now executes generator programs in a mount namespace
+ "sandbox" with most of the file system read-only and write access
+ restricted to the output directories, and with a temporary /tmp/
+ mount provided. This provides a safeguard against programming errors
+ in the generators, but also fixes here-docs in shells, which
+ previously didn't work in early boot when /tmp/ wasn't available
+ yet. (This feature has no security implications, because the code is
+ still privileged and can trivially exit the sandbox.)
+
+ * The system manager manager will now parse a new "vmm.notify_socket"
+ system credential, which may be supplied to a VM via SMBIOS. If
+ found, it will send a "READY=1" notification on the specified socket
+ after boot is complete. This allows readiness notification to be sent
+ from a VM guest to the VM host over a VSOCK socket.
* The sample PAM configuration file for systemd-user@.service now
includes a call to pam_namespace. This puts children of user@.service
in the expected namespace. (Many distributions replace their file
with something custom, so this change has limited effect.)
- * A new environment variable $SYSTEMD_DEFAULT_MOUNT_RATE_LIMIT_BURST can
- can be used to override the mount units burst late limit for parsing
- '/proc/self/mountinfo', which was introduced in v249. Defaults to 5.
+ * A new environment variable $SYSTEMD_DEFAULT_MOUNT_RATE_LIMIT_BURST
+ can can be used to override the mount units burst late limit for
+ parsing '/proc/self/mountinfo', which was introduced in
+ v249. Defaults to 5.
- * Drop-ins for init.scope changing control cgroup resource limits are
+ * Drop-ins for init.scope changing control group resource limits are
now applied, while they were previously ignored.
* New build-time configuration options '-Ddefault-timeout-sec=' and
The "amba" bus path is now included in ID_NET_NAME_PATH, resulting in
a more informative path on some embedded systems.
- * Block partitions will now also get symlinks in
+ * Partition block devices will now also get symlinks in
/dev/disk/by-diskseq/<seq>-part<n>, which may be used to reference
block device nodes via the kernel's "diskseq" value. Previously those
symlinks were only created for the main block device.
means the RNG gets seeded very early in boot before userspace has
started.
- * systemd-boot will pass a random seed when secure boot is enabled if
- it can additionally get a random seed from EFI itself, via EFI's RNG
- protocol or a prior seed in LINUX_EFI_RANDOM_SEED_TABLE_GUID from a
- preceding bootloader.
+ * systemd-boot will pass a disk-backed random seed – even when secure
+ boot is enabled – if it can additionally get a random seed from EFI
+ itself (via EFI's RNG protocol), or a prior seed in
+ LINUX_EFI_RANDOM_SEED_TABLE_GUID from a preceding bootloader.
* systemd-boot-system-token.service was renamed to
- systemd-boot-random-seed.service and extended to always save the
- random seed to ESP on every boot when a compatible boot loader is
- used. This allows a refreshed random seed to be used in the boot
- loader.
+ systemd-boot-random-seed.service and extended to always save a random
+ seed to ESP on every boot when a compatible boot loader is used. This
+ allows a refreshed random seed to be used in the boot loader.
* systemd-boot handles various seed inputs using a domain- and
field-separated hashing scheme.
token is now always required to be present for random seeds to be
used.
- * systemd-boot now supports being loaded not from the ESP, for example
- for direct kernel boot under QEMU or when embedded into the firmware.
+ * systemd-boot now supports being loaded from other locations than the
+ ESP, for example for direct kernel boot under QEMU or when embedded
+ into the firmware.
- * systemd-boot now parses SMBIOS info to detect virtualization. This
- information is used to skip some warnings which are not useful in a
- VM and to conditionalize other aspects of behaviour.
+ * systemd-boot now parses SMBIOS information to detect
+ virtualization. This information is used to skip some warnings which
+ are not useful in a VM and to conditionalize other aspects of
+ behaviour.
* systemd-boot now supports a new 'if-safe' mode that will perform UEFI
Secure Boot automated certificate enrollment from the ESP only if it
- is considered 'safe' to do so. At the moment 'safe' means running in a
- virtual machine.
+ is considered 'safe' to do so. At the moment 'safe' means running in
+ a virtual machine.
* systemd-stub now processes random seeds in the same way as
- systemd-boot, in case a unified kernel image is being used from a
- different bootloader than systemd-boot.
+ systemd-boot already does, in case a unified kernel image is being
+ used from a different bootloader than systemd-boot, or without any
+ boot load at all.
* bootctl will now generate a system token on all EFI systems, even
virtualized ones, and is activated in the case that the system token
is missing from either sd-boot and sd-stub booted systems.
* bootctl now implements two new verbs: 'kernel-identify' prints the
- type of a kernel image, and 'kernel-inspect' provides information
- about the embedded command line and kernel version.
+ type of a kernel image file, and 'kernel-inspect' provides
+ information about the embedded command line and kernel version of
+ UKIs.
* bootctl now honours $KERNEL_INSTALL_CONF_ROOT with the same meaning
as for kernel-install.
Changes in kernel-install:
- * A new "installation layout" can be configured as layout=uki. With this
- setting, a Boot Loader Specification Type#1 entry will not be created.
- Instead, a new kernel-install plugin 90-uki-copy.install will copy any
- .efi files from the staging area into the boot partition. A plugin to
- generate the UKI .efi file must be provided separately.
+ * A new "installation layout" can be configured as layout=uki. With
+ this setting, a Boot Loader Specification Type#1 entry will not be
+ created. Instead, a new kernel-install plugin 90-uki-copy.install
+ will copy any .efi files from the staging area into the boot
+ partition. A plugin to generate the UKI .efi file must be provided
+ separately.
Changes in systemctl:
* 'systemctl reboot' has dropped support for accepting a positional
argument as the argument to the reboot(2) syscall. Please use the
- --reboot-argument option instead.
+ --reboot-argument= option instead.
- * 'systemctl disable' will now warn when called on units without install
- information. A new --no-warn option has been added that silences this
- warning.
+ * 'systemctl disable' will now warn when called on units without
+ install information. A new --no-warn option has been added that
+ silences this warning.
* New option '--drop-in=' can be used to tell 'systemctl edit' the name
- of the drop-in to edit. (Previously, 'override.conf' was always used.
+ of the drop-in to edit. (Previously, 'override.conf' was always
+ used.)
* 'systemctl list-dependencies' now respects --type= and --state=.
- * 'systemctl kexec' now supports XEN.
+ * 'systemctl kexec' now supports XEN VMM environments.
Changes in systemd-networkd and related tools:
* The [DHCPv4] section in .network file gained new SocketPriority=
- setting that assigns the Linux socket priority used by the DHCPv4
- raw socket. Can be used in conjunction with the EgressQOSMaps=setting
- in [VLAN] section of .netdev file to send the desired ethernet 802.1Q
- frame priority for DHCPv4 initial packets. This cannot be achieved
- with netfilter mangle tables because of the raw socket bypass.
-
- * The [DHCPv4] and [IPv6AcceptRA] sections in .network file gained new
- QuickAck= boolean setting that enables the TCP quick ACK mode for the
- routes configured by the acquired DHCPv4 lease or received router
+ setting that assigns the Linux socket priority used by the DHCPv4 raw
+ socket. This may be used in conjunction with the
+ EgressQOSMaps=setting in [VLAN] section of .netdev file to send the
+ desired ethernet 802.1Q frame priority for DHCPv4 initial
+ packets. This cannot be achieved with netfilter mangle tables because
+ of the raw socket bypass.
+
+ * The [DHCPv4] and [IPv6AcceptRA] sections in .network file gained a
+ new QuickAck= boolean setting that enables the TCP quick ACK mode for
+ the routes configured by the acquired DHCPv4 lease or received router
advertisements (RAs).
* The RouteMetric= option (for DHCPv4, DHCPv6, and IPv6 advertised
routes) now accepts three values, for high, medium, and low preference
of the router (which can be set with the RouterPreference=) setting.
- * systemd-networkd-wait-online now supports alternative interface names.
+ * systemd-networkd-wait-online now supports matching via alternative
+ interface names.
* The [DHCPv6] section in .network file gained new SendRelease=
setting which enables the DHCPv6 client to send release when
Changes in systemd-dissect:
- * systemd-dissect gained a new option --list, to print the paths fo the
- files and directories in the image.
+ * systemd-dissect gained a new option --list, to print the paths off
+ all files and directories in a DDI.
- * systemd-dissect gained a new option --mtree, to generate output
- compatible with BSD mtree(5).
+ * systemd-dissect gained a new option --mtree, to generate a file
+ manifest compatible with BSD mtree(5) of a DDI
- * systemd-dissect gained a new option --with, to execute a command in
- the image temporarily mounted.
+ * systemd-dissect gained a new option --with, to execute a command with
+ the specified DDI temporarily mounted and used as working
+ directory. This is for example useful to convert a DDI to "tar"
+ simply by running it within a "systemd-dissect --with" invocation.
* systemd-dissect gained a new option --discover, to search for
- Discoverable Disk Images (DDIs) in well-known directories. This will
- list machine, portable service and system extension disk images.
+ Discoverable Disk Images (DDIs) in well-known directories of the
+ system. This will list machine, portable service and system extension
+ disk images.
* systemd-dissect now understands 2nd stage initrd images stored as a
Discoverable Disk Image (DDI).
* systemd-repart also gained a --defer-partitions= option that is
similar to --exclude-partitions=, but the size of the partition is
- taken into account without populating it.
+ still taken into account when sizing partitions, but without
+ populating it.
* systemd-repart gained a new --sector-size= option to specify what
sector size should be used when an image is created.
- * systemd-repart now supports erofs (a read-only file system similar to
- squashfs).
+ * systemd-repart now supports generating erofs file systems via
+ CopyFiles= (a read-only file system similar to squashfs).
* The Minimize= option was extended to accept "best" (which means the
most minimal image possible, but may require multiple attempts) and
about devices when sd-device is used, e.g. DEVNAME= and DRIVER=.
Details of what is logged and when are subject to change.
- * The systemd-journald-audit.socket can now be normally disabled to stop
- collection of audit messages. Please note that it is not enabled
- statically anymore and must be handled by the preset/enablement logic
- in package installation scripts.
+ * The systemd-journald-audit.socket can now be disabled via the usual
+ "systemctl disable" mechanism to stop collection of audit
+ messages. Please note that it is not enabled statically anymore and
+ must be handled by the preset/enablement logic in package
+ installation scripts.
* New options MaxUse=, KeepFree=, MaxFileSize=, and MaxFiles= can
be used to curtail disk use by systemd-journal-remote. This is
similar to the options supported by systemd-journald.
Changes in systemd-cryptenroll, systemd-cryptsetup, and related
- components
+ components:
- * systemd-cryptenroll now supports unlocking via FIDO2 tokens (option
- --unlock-fido2-device=).
+ * When enrolling new keys systemd-cryptenroll now supports unlocking
+ via FIDO2 tokens (option --unlock-fido2-device=). Previously, a
+ password was strictly required to be specified.
* systemd-cryptsetup now supports pre-flight requests for FIDO2 tokens
(except for tokens with user verification, UV) to identify tokens
the same time, and systemd-cryptsetup will automatically select one
that corresponds to one of the available LUKS key slots.
- * systemd-cryptsetup now supports new options tpm2-measure-pcr= and
- tpm2-measure-bank= in crypttab(5). These allow specifying the
- PCR bank and number into which the volume key should be measured.
-
- * When measuring data into a PCR, an authenticated hash (HMAC) is used
- on the CPU, to further protect the data before it leaves the CPU.
+ * systemd-cryptsetup now supports new options tpm2-measure-bank= and
+ tpm2-measure-pcr= in crypttab(5). These allow specifying the TPM2 PCR
+ bank and number into which the volume key should be measured.
* systemd-gpt-auto-generator mounts the ESP and XBOOTLDR partitions with
"noexec,nosuid,nodev".
* systemd-pcrphase gained new options --machine-id and --file-system=
- to measure the machine-id and mount point information into a PCR.
-
- * The machine-id is measured into PCR 15 during early boot.
-
- * For the root and /var/ volumes, the mount point information and
- options, and volume encryption keys in case encryption is used, will
- be measured into PCR 15.
+ to measure the machine-id and mount point information into PCR 15. New
+ service unit files systemd-pcrmachine.service and
+ systemd-pcrfs@.service have been added that invoke the tool with
+ these switches during early boot.
* systemd-cryptenroll now stores the user-supplied PIN with a salt,
making it harder to brute-force.
* Environment variables $SYSTEMD_HOME_MKFS_OPTIONS_BTRFS,
$SYSTEMD_HOME_MKFS_OPTIONS_EXT4, and $SYSTEMD_HOME_MKFS_OPTIONS_XFS
- can be used to specify additional arguments for mkfs when
+ may now be used to specify additional arguments for mkfs when
systemd-homed formats a file system.
* systemd-hostnamed now exports the contents of
unprivileged code to access those values.
systemd-hostnamed also exports the SUPPORT_END= field from
- os-release(5) as OperatingSystemSupportEnd. timedatectl make uses of
+ os-release(5) as OperatingSystemSupportEnd. hostnamectl make uses of
this to show the status of the installed system.
* systemd-measure gained an --append= option to sign multiple phase
* systemd-timesyncd will now write a structured log message with
MESSAGE_ID set to SD_MESSAGE_TIME_BUMP when it bumps the clock based
- on a disk timestamp, similarly to what it did when reaching
+ on a on-disk timestamp, similarly to what it did when reaching
synchronization via NTP.
- systemd-timesyncd will now also update the timestamp file on each
- boot, making it more likely that the system time increases in
- subsequent boots.
+ * systemd-timesyncd will now update the on-disk timestamp file on each
+ boot at least once, making it more likely that the system time
+ increases in subsequent boots.
- * systemd-vconsole-setup gained support for credentials:
+ * systemd-vconsole-setup gained support for system/service credentials:
vconsole.keymap/vconsole.keymap_toggle and
vconsole.font/vconsole.font_map/vconsole.font_unimap are analogous
the similarly-named options in vconsole.conf.
Similarly, 'machinectl start|stop' gained a --now option to enable or
disable the machine unit when starting or stopping it.
- * systemd-sysusers will now create /etc if it is missing.
+ * systemd-sysusers will now create /etc/ if it is missing.
* systemd-sleep 'HibernateDelaySec=' setting is changed back to
pre-v252's behaviour, and a new 'SuspendEstimationSec=' setting is
sd_bus_emit_signal_tov(), and sd_bus_message_new_signal_to().
* sd-id128 functions now return -EUCLEAN (instead of -EIO) when the
- id128_t parameter has an invalid format. They also accept NULL as
- output parameter in more places, which is useful when the caller only
- wants to check the inputs and does not need the output value.
+ 128bit ID in files such as /etc/machine-id has an invalid
+ format. They also accept NULL as output parameter in more places,
+ which is useful when the caller only wants to validate the inputs and
+ does not need the output value.
* sd-login gained new functions sd_pidfd_get_session(),
sd_pidfd_get_owner_uid(), sd_pidfd_get_unit(),
SD_PATH_SYSTEMD_SEARCH_USER_ENVIRONMENT_GENERATOR,
* sd-notify now supports AF_VSOCK, in the "vsock:CID:port" format, for
- the notify_socket parameter/environment variable/credential.
+ the $NOTIFY_SOCKET parameter/environment variable/credential.
- * Detection of chroot environments now works if /proc/ is not mounted.
- This affects systemd-detect-virt --chroot, but also means that systemd
- tools will silently skip various operations in such an environment.
+ * Detection of chroot() environments now works if /proc/ is not
+ mounted. This affects systemd-detect-virt --chroot, but also means
+ that systemd tools will silently skip various operations in such an
+ environment.
* "Lockheed Matrin Hardened Security for Intel Processors" (HS SRE)
virtualization is now detected.
Changes in the build system:
- * Standalone variant of systemd-repart is built (if -Dstandalone=true).
+ * A standalone variant of systemd-repart may now be built (if
+ -Dstandalone=true).
- * systemd-ac-power has been moved to /usr/bin/, to, for example, allow
- scripts to conditionalize execution on AC power supply.
+ * systemd-ac-power has been moved from /usr/lib/ to /usr/bin/, to, for
+ example, allow scripts to conditionalize execution on AC power
+ supply.
* The libp11kit library is now loaded through dlopen(3).
projects / thirdparty / systemd.git / commitdiff
