* systemd-machined will now expose "hidden" disk images as read-only by
default (hidden images are those whose name begins with a dot). They
- have been used to retain a pristine copy of the downloaded image,
- while modifications are made to a 2nd, local writable copy of the
- image. Hence, effectively they have been read-only anyway already,
- this change makes this official.
+ were already used to retain a pristine copy of the downloaded image,
+ while modifications were made to a 2nd, local writable copy of the
+ image. Hence, effectively they were read-only already, and this is
+ now official.
Service manager/PID1:
- * The service manager will now show the wallclock time a service ran
- for when it exits in the same log message where it previously only
- showed the consumed CPU time.
-
- * A new pair of properties OOMKills and ManagedOOMKills are now exposed
- on service units (and other unit types that spawn processes) that
- count the number of process kills by the kernel or systemd-oomd.
-
* The service manager's Varlink IPC has been extended considerably. It
now exposes service execution settings and more. Its Unit.List() call
now can filter by cgroup or invocation ID.
points to its own PID can now also verify the pidfd inode ID, which
does not recycle IDs.
+ * The log message made when a service exists will now show the
+ wallclock time the service took in addition to the previously shown
+ CPU time.
+
+ * A new pair of properties OOMKills and ManagedOOMKills are now exposed
+ on service units (and other unit types that spawn processes) that
+ count the number of process kills made by the kernel or systemd-oomd.
+
* The service manager gained support for a new
RootDirectoryFileDescriptor= property when creating transient service
units. It is similar to RootDirectory= but takes a file descriptor
- rather than a path the new root directory to use.
+ rather than a path to the new root directory to use.
* The service manager now supports a new UserNamespacePath= setting
which mirrors the existing IPCNamespacePath= and
- NetworkNamespacePath= settings, but applies to Linux user
- namespaces.
+ NetworkNamespacePath= options, but applies to Linux user namespaces.
- * The service manager gained a new setting ExecReloadPost= for
- configuring commands to execute after reloading of the configuration
- of service has completed.
+ * The service manager gained a new ExecReloadPost= setting to configure
+ commands to execute after reloading of the configuration of the
+ service has completed.
* Service manager job activation transactions now get a per-system
- unique 64bit numeric ID assigned. This ID is logged as additional log
- fields for any log messages related to the transaction. Moreover, PID 1
- will now keep track of transactions with ordering cycles and expose
- them in the TransactionsWithOrderingCycle D-Bus property, listed by
- their IDs.
+ unique 64-bit numeric ID assigned. This ID is logged as an additional
+ log field for in messages related to the transaction.
+
+ * The service manager now keeps track of transactions with ordering
+ cycles and exposes them in the TransactionsWithOrderingCycle D-Bus
+ property.
systemd-sysext/systemd-confext:
which can be used to configure mutability or the image policy to
apply to DDI images.
- * systemd-sysext's --mutable= switch now accepts a new value "help" for
- listing available mutability modes. (Similar: systemd-confext)
+ * systemd-sysext's and systemd-confext's --mutable= switch now accepts
+ a new value "help" for listing available mutability modes.
* systemd-sysext now supports configuring additional overlayfs mount
settings via the $SYSTEMD_SYSEXT_OVERLAYFS_MOUNT_OPTIONS environment
- variable. Similar systemd-confext now supports
+ variable. Similarly systemd-confext now supports
$SYSTEMD_CONFEXT_OVERLAYFS_MOUNT_OPTIONS.
systemd-vmspawn/systemd-nspawn:
* systemd-vmspawn gained two new switches
--bind-user=/--bind-user-shell= which mirror the switches of the same
name in systemd-nspawn, and allow sharing a user account from the host
- inside the VM, in a simple one-step operation.
+ inside the VM in a simple one-step operation.
- * Both systemd-vmspawn and systemd-nspawn gained a new
- --bind-user-group= switch for adding a user bound via --bind-user= to
- the specified group (for example the 'wheel' or 'empower' group).
+ * systemd-vmspawn and systemd-nspawn gained a new --bind-user-group=
+ switch to add a user bound via --bind-user= to the specified group
+ (useful in particular for the 'wheel' or 'empower' groups).
* systemd-vmspawn now configures RSA4096 support in the vTPM, if swtpm
supports it.
* repart.d/ drop-ins gained support for a new TPM2PCRs= setting, which
can be used to configure the set of TPM2 PCRs to bind disk encryption
to, in case TPM2-bound encryption is used. This was previously only
- settable via the systemd-repart command line. Similar, KeyFile= has
+ settable via the systemd-repart command line. Similarly, KeyFile= has
been added to configure a binary LUKS key file to use.
* systemd-repart's functionality is now accessible via Varlink IPC.
- * systemd-repart may now be invoked with a device node path specified as
- "-". If so instead of operating on a block device it will just
+ * systemd-repart may now be invoked with a device node path specified
+ as "-". Instead of operating on a block device this will just
determine the minimum block device size required to apply the defined
- partitions on, and exit.
+ partitions and exit.
* systemd-repart gained two new switches --defer-partitions-empty=yes
and --defer-partitions-factory-reset=yes which are similar to
--defer-partitions= but instead of expecting a list of partitions to
- defer will blanket defer all partitions marked via Format=empty or
+ defer will defer all partitions marked via Format=empty or
FactoryReset=yes. This functionality is useful for installers, as
partitions marked empty or marked for factory reset should typically
- be left out at install time, but in on first boot.
+ be left out at install time, but not on first boot.
* The Subvolumes= values in repart.d/ drop-ins may now be suffixed with
:nodatacow, in order to create subvolumes with data Copy-on-Write
similar to "udevadm test --json=short".
* The net_id builtin for systemd-udevd now can generate predictable
- interface names for Wifi devices on Devicetree systems.
+ interface names for Wifi devices on DeviceTree systems.
* systemd-udevd and systemd-repart will now reread partition tables on
- block devices in a more graceful, incremental fashion. Specifically, it
- no longer uses the kernel BLKRRPART ioctl() which removes all
- in-memory partition objects loaded into the kernel, and then
- recreates them as new objects. Instead it will use the BLKPG ioctl()
- to make minimal changes, and individually add, remove or grow
- modified partition objects, avoiding removal/readding where the
- partitions were left unmodified on disk. This should greatly improve
- behaviour on systems that make modifications to partition tables on
- disk while using them.
+ block devices in a more graceful, incremental fashion. Specifically,
+ they no longer use the kernel BLKRRPART ioctl() which removes all
+ in-memory partition objects loaded into the kernel and then recreates
+ them as new objects. Instead they will use the BLKPG ioctl() to make
+ minimal changes, and individually add, remove, or grow modified
+ partitions, avoiding removal/readding where the partitions were left
+ unmodified on disk. This should greatly improve behaviour on systems
+ that make modifications to partition tables on disk while using them.
* A new udev property ID_BLOCK_SUBSYSTEM is now exposed on block devices
reporting a short identifier for the subsystem a block device belongs
to. This only applies to block devices not connected to a regular bus,
- i.e. virtual block devices such as loopback, DM, MD, zram.
+ i.e. virtual block devices such as loopback, DM, MD, or zram.
* systemd-udevd will now generate /dev/gpio/by-id/… symlinks for GPIO
devices.
command to add recovery keys to existing user accounts. Previously,
recovery keys could only be configured during initial user creation.
- * Two new switches have been added to homectl to control whether to
- query the user interactively for a login shell and supplementary
- groups memberships when interactive firstboot operation is requested
- (--prompt-shell= + --prompt-groups=). The invocation in
+ * Two new --prompt-shell= and --prompt-groups= options have been added
+ to homectl to control whether to query the user interactively for a
+ login shell and supplementary groups memberships when interactive
+ firstboot operation is requested. The invocation in
systemd-homed-firstboot.service now turns both off by default.
systemd-boot/systemd-stub:
- * systemd-boot now supports a log level concept. The level may be set
- via log-level= in loader.conf and via the SMBIOS Type 11 field
+ * systemd-boot now supports log levels. The level may be set via
+ log-level= in loader.conf and via the SMBIOS Type 11 field
'io.systemd.boot.loglevel='.
* systemd-boot's loader.conf file gained support for configuring the
- SecureBoot key enrollment time-out via secure-boot-enroll-timeout-sec=.
+ SecureBoot key enrollment time-out via
+ secure-boot-enroll-timeout-sec=.
* Boot Loader Specification Type #1 entries now support a "profile"
field which may be used to explicitly select a profile in
sd-varlink/varlinkctl:
- * sd-varlink's sd_varlink_set_relative_timeout() call will now
- reset the time-out to the default if 0 is passed.
+ * sd-varlink's sd_varlink_set_relative_timeout() call will now reset
+ the timeout to the default if 0 is passed.
* sd-varlink's sd_varlink_server_new() call learned two new flags
SD_VARLINK_SERVER_HANDLE_SIGTERM + SD_VARLINK_SERVER_HANDLE_SIGINT,
weak, which is useful to reduce footprint inside of containers and
such, where Linux audit doesn't really work anyway.
- * Similar PAM support is now implemented via dlopen() too (except for
+ * Similarly PAM support is now implemented via dlopen() too (except for
the PAM modules pam_systemd + pam_systemd_home + pam_systemd_loadkey,
which are loaded by PAM and hence need PAM anyway to operate).
- * Similar, libacl support is now implemented via dlopen().
+ * Similarly, libacl support is now implemented via dlopen().
- * Similar, libblkid support is now implemented via dlopen().
+ * Similarly, libblkid support is now implemented via dlopen().
- * Similar, libseccomp support is now implemented via dlopen().
+ * Similarly, libseccomp support is now implemented via dlopen().
- * Similar, libselinux support is now implemented via dlopen().
+ * Similarly, libselinux support is now implemented via dlopen().
- * Similar, libmount support is now implemented via dlopen(). Note, that
- libmount still must be installed in order to invoke the service
+ * Similarly, libmount support is now implemented via dlopen(). Note,
+ that libmount still must be installed in order to invoke the service
manager itself. However, libsystemd.so no longer requires it, and
neither do various ways to invoke the systemd service manager binary
short of using it to manage a system.
* systemd-machined may now also run in a per-user instance, in addition
to the per-system instance. systemd-vmspawn and systemd-nspawn have
been updated to register their invocations with both the calling
- user's per-user instance of systemd-machined and the per-system one,
- if permissions allow it. machinectl now knows --user and --system
- switches that control which daemon instance to operate
- on. systemd-ssh-proxy now will query both instances for the AF_VSOCK
- CID.
+ user's instance of systemd-machined and the system one, if
+ permissions allow it. machinectl now accepts --user and --system
+ switches that control which daemon instance to operate on.
+ systemd-ssh-proxy now will query both instances for the AF_VSOCK CID.
* systemd-machined implements a resolve hook now, so that the names of
local containers and VMs can be resolved locally to their respective
IP addresses.
* systemd-importd's tar extraction logic has been reimplemented based
- on libarchive, instead of shelling out to GNU tar. This completes
- work begun earlier which already ported systemd-importd's tar
- generation.
+ on libarchive, replacing the previous implementation calling GNU tar.
+ This completes work begun earlier which already ported
+ systemd-importd's tar generation.
* systemd-importd now may also be run as a per-user service, in
addition to the existing per-system instance. It will place the
* systemd-firstboot's and homectl's interactive boot-time interface
will now temporarily mute the kernel's and PID1's own console output
while running, in order to not mix the tool's own output with the
- kernel's or PID 1's. This logic can be controlled via the new
+ other sources. This logic can be controlled via the new
--mute-console= switches to both tools. This is implemented via a new
systemd-mute-console component (which provides a simple Varlink
interface).
- * systemd-firstboot gained a new switch --prompt-keymap-auto. If
+ * systemd-firstboot gained a new switch --prompt-keymap-auto. When
specified, the tool will interactively query the user for a keymap
when running on a real local VT console (i.e. on a user device where
the keymap would actually be respected), but not if invoked on other
TTYs (such as a serial port, hypervisor console, SSH, …), where the
keymap setting would have no effect anyway. The invocation in
- systemd-firstboot.service now defaults to this.
+ systemd-firstboot.service now uses this.
systemd-creds:
command line.
* systemd-creds now allow explicit control of whether to accept
- encryption with a NULL key when decrypting, via the pair --allow-null
- and --refuse-null switches. Previously only the former existed, but
- null keys were also accepted if UEFI SecureBoot was reported
- off. This automatism is retained, but only if neither of the two
- switches are specified. The systemd-creds Varlink IPC API learned
- similar parameters on the Decrypt() call.
+ encryption with a NULL key when decrypting, via the --allow-null and
+ --refuse-null switches. Previously only the former existed, but null
+ keys were also accepted if UEFI SecureBoot was reported off. This
+ automatism is retained, but only if neither of the two switches are
+ specified. The systemd-creds Varlink IPC API learned similar
+ parameters on the Decrypt() call.
systemd-networkd:
* systemd-networkd's DHCP sever support gained two settings EmitDomain=
and Domain= for controlling whether leases handed out should report a
domain, and which. It also gained a per-static lease Hostname=
- setting for setting the hostname for the client.
+ setting for the hostname of the client.
- * systemd-networkd now exposes a Describe() method call for showing
- network interface properties.
+ * systemd-networkd now exposes a Describe() method call to show network
+ interface properties.
* systemd-networkd now implements a resolve hook for its internal DHCP
server, so that the hostnames tracked in DHCP leases can be resolved
- locally. This is now enabled by default for the DHCP server running on
- the host side of local systemd-nspawn or systemd-vmspawn networking.
+ locally. This is now enabled by default for the DHCP server running
+ on the host side of local systemd-nspawn or systemd-vmspawn networks.
systemd-resolved:
(i.e. initrd userspace creates them and initializes them), including
in the pre-kernel firmware world; moreover, they require an explicit
"anchor" initialization of a privileged per-system secret (in order
- to prevent attackers from removing/recreating the backing NV
- indexes to reset them). This makes them predictable only if the
- result of the anchor measurement is known ahead of time, which will
- differ on each installed system. Initialization of defined NvPCRs is
- done in systemd-tpm2-setup.service, in the initrd. Information about
- the initialization of NvPCRs is measured into PCR 9, and finalized by
- a separator measurement. The NV index base handle is configurable at
+ to prevent attackers from removing/recreating the backing NV indexes
+ to reset them). This makes them predictable only if the result of the
+ anchor measurement is known ahead of time, which will differ on each
+ installed system. Initialization of defined NvPCRs is done in
+ systemd-tpm2-setup.service in the initrd. Information about the
+ initialization of NvPCRs is measured into PCR 9, and finalized by a
+ separator measurement. The NV index base handle is configurable at
build time via the "tpm2-nvpcr-base" meson setting. It currently
- defaults to a value the TCG has shown intention to assign to Linux,
- but this has not officially been done yet. systemd-pcrextend and its
+ defaults to a value the TCG has shown intent to assign to Linux, but
+ this has not officially been done yet. systemd-pcrextend and its
Varlink APIs have been extended to optionally measure into an NvPCR
instead of a classic PCR.
systemd-run/run0:
* run0 gained a new --empower switch. It will invoke a new session with
- elevated privileges – without switching to the root user. Specifically,
- it sets the full ambient capabilities mask (including CAP_SYS_ADMIN),
- which ensures that privileged system calls will typically be permitted.
- Moreover, it adds the session processes to the new "empower" system
- group, which is respected by polkit and allows most polkit actions to
- be accessed fully privileged. This should be a much less invasive way
- to acquire privileges, as it will not switch over $HOME or the UID and
- hence risk creation of files owned by the wrong UID in there. (Note
- that --empower is not perfect, there's still various software around
- that does access checks purely based on the UID, without Linux process
- capabilities or polkit policies having any effect on them.)
+ elevated privileges – without switching to the root user.
+ Specifically, it sets the full ambient capabilities mask (including
+ CAP_SYS_ADMIN), which ensures that privileged system calls will
+ typically be permitted. Moreover, it adds the session processes to
+ the new "empower" system group, which is respected by polkit and
+ allows privileged access to most polkit actions. This provides a much
+ less invasive way to acquire privileges, as it will not change $HOME
+ or the UID and hence risk creation of files owned by the wrong UID in
+ the user's home. (Note that --empower might not work in all cases, as
+ many programs still do access checks purely based on the UID, without
+ Linux process capabilities or polkit policies having any effect on
+ them.)
* systemd-run gained support for --root-directory= to invoke the service
in the specified root directory. It also gained --same-root-dir (with
the same name systemd-sysusers already supports.
* systemd-cryptsetup has been updated to understand a new
- tpm2-measure-keyslot-nvpcr= switch which takes an NvPCR name to
- measure information about the used LUKS keyslot
- into. systemd-gpt-auto-generator enables this by default for a new
- "cryptsetup" NvPCR.
+ tpm2-measure-keyslot-nvpcr= option which takes an NvPCR name to
+ measure information about the used LUKS keyslot into.
+ systemd-gpt-auto-generator now uses this for a new "cryptsetup"
+ NvPCR.
* systemd will now ignore configuration file drop-ins suffixed with
".ignore" in most places, similar to how it already ignores files
* systemd-modules-load will now load configured kernel modules in
parallel.
- * Incomplete support for musl libc is now available by setting the
- "libc" meson option to "musl". Note that we do not recommend usage of
- musl, due to various limitations. i.e. since NSS or equivalent
- functionality is not available nss-systemd, nss-resolve,
- DynamicUser=, systemd-homed, systemd-userdbd, the foreign UID ID,
- unprivileged systemd-nspawn, systemd-nsresourced, and so on will not
- work. It's also not recommended for devices with constrained
- resources as the usual memory pressure behaviour of long-running
- systemd services has no effect on musl.
-
* systemd-integrity-setup now supports HMAC-SHA256, PHMAC-SHA256,
PHMAC-SHA512.
* system-alloc-{uid,gid}-min are now exported in systemd.pc.
+ * Incomplete support for musl libc is now available by setting the
+ "libc" meson option to "musl". Note that systemd compiled with musl
+ has various limitations: since NSS or equivalent functionality is not
+ available, nss-systemd, nss-resolve, DynamicUser=, systemd-homed,
+ systemd-userdbd, the foreign UID ID, unprivileged systemd-nspawn,
+ systemd-nsresourced, and so on will not work. Also, the usual memory
+ pressure behaviour of long-running systemd services has no effect on
+ musl. We also implemented a bunch of shims and workarounds to
+ support compiling and running with musl. Caveat emptor.
+
+ This support for musl is provided without a promise of continued
+ support in future releases. We'll make the decision based on the
+ amount of work required to maintain the compatibility layer in
+ systemd, how many musl-specific bugs are reported, and feedback on
+ the desirability of this effort provided by users and distributions.
+
Contributions from: Alan Brady, Alberto Planas, Aleksandr Mezin,
Allison Karlitskaya, Andreas Schneider, Anton Tiurin,
Antonio Alvarez Feijoo, Arian van Putten, Armin Wolf,
projects / thirdparty / systemd.git / commitdiff
