permit more impactful operations such as system suspend to local
users.
+ * The sd-journal API learnt a new call sd_journal_get_seqnum() for
+ retrieving the current log record's sequence number and sequence
+ number ID, which allows applications to order records the same way as
+ journal does internally already. The sequence number is now alos
+ exported in the JSON and "export" output of the journal.
+
+ * The default keymap to apply may now be chosen at build-time via the
+ new default-keymap meson option.
+
+ * "Startup" memory settings are now supported. Previously IO and CPU
+ settings were already supported via StartupCPUWeight= and similar,
+ this adds the same logic for the various per-unit memory settings
+ StartupMemoryMax= and related.
+
+ * The service manager gained support for enqueuing POSIX signals to
+ services that carry an additional integer value, exposing the
+ sigqueue() systemd call. This is exposed via new D-Bus calls
+ QueueSignalUnit() (and related), as well as in systemctl via the new
+ --kill-value= parameter.
+
+ * systemd-notify gained a new --exec switch, which makes it execute the
+ specified command line after sending the requested messages. This is
+ useful for sending out READY=1 first, and then continuing invocation
+ without changing process ID, so that the tool can be nicely used
+ within an ExecStart= line of a unit file that uses Type=ready.
+
+ * systemd-repart's drop-in files gained a new ExcludeFiles= option which
+ may be used to exclude certain files from the effect of CopyFiles=,
+ which allows populating newly created partitions automatically.
+
+ * bootctl gained a new switch --print-root-device (or short: -R) that
+ prints the main block device the root file system is backed by. It's
+ useful for invocations such as "cfdisk $(bootctl -R)" to quickly have
+ a look at the partition table of the running OS.
+
+ * systemctl gained a new "list-paths" verb, which shows all currently
+ active .path units, similar to how "systemctl list-timers" shows
+ active timers, and "systemctl list-sockets" shows active sockets.
+
+ * The sd-event API gained new calls sd_event_add_memory_pressure(),
+ sd_event_source_set_memory_pressure_type(),
+ sd_event_source_set_memory_pressure_period() for creating and
+ configuring an event source that is called whenever the OS signals
+ memory pressure. Another call sd_event_trim_memory() is provided that
+ compacts the process' memory use by releasing allocated but unused
+ malloc() memory back to the kernel. This should improve system
+ behaviour under memory pressure, as on Linux traditionally provided no
+ mechanism to return process memory back to the kernel if the kernel
+ was under pressure to acquire some. This makes use of the kernel's PSI
+ interface. Most long-running services that systemd contains have been
+ hooked up with this, and in particular systems with little memory
+ should benefit from this.
+
+ * Service units learnt the new MemoryPressureWatch=,
+ MemoryPressureThresholdSec= for configuring the PSI memory pressure
+ logic individually. If these options are used the
+ $MEMORY_PRESSURE_WATCH and $MEMORY_PRESSURE_WRITE environment
+ variables will be set for the invoked services processes to inform
+ them about the requested memory pressure behaviour. (This is used by
+ the aforementioned sd-events API additions, if set.)
+
+ * systemd-analyze gained a new "malloc" verb that shows the output
+ generated by glibc's malloc_info() on services that support it. Right
+ now, only the service manager has been updated accordingly.
+
+ * systemd-stub will now look for the SMBIOS Type 1 field
+ "io.systemd.stub.kernel-cmdline-extra" and append its value to the
+ kernel command line it invokes. This is useful for VMMs such as qemu
+ to pass additional kernel command lines into the system even when
+ booting via full UEFI.
+
+ * The sd-login API gained a new call sd_session_get_username() for
+ returning the user name who owns a specific login session. It also
+ gained a new call sd_session_get_start_time() for retrieving the time
+ the login session started. A new call sd_uid_get_login_time() returns
+ the time the specified user the time since when they most recently
+ were logged in continously with at least one session.
+
+ * JSON user records gained a new set of fields capabilityAmbientSet and
+ capabilityBoundingSet which contain a list of POSIX capabilities to
+ set for the logged in users in the ambient and bounding sets,
+ respectively. homectl gained the ability to configure these two sets
+ for users via --capability-bounding-set=/--capability-ambient-set=.
+
+ * pam_systemd learnt two new module options
+ default-capability-bounding-set= + default-capability-ambient-set= to
+ configure the default bounding sets for users as they are logging in,
+ if the JSON user record doesn't specify this explicitly (see
+ above). The built-in default for the ambient set now contains the
+ CAP_WAKE_ALARM, thus allowing regular users who may log in locally to
+ resume from a system suspend via a timer. (see above)
+
+ * Most of systemd's long-running services now have a generic handler of
+ the SIGRTMIN+18 signal handler which executes various operations
+ depending ont the sigqueue() parameter sent along. For example, values
+ 0x100…0x107 allow changing the maximum log level of such
+ services. 0x200…0x203 allow changing the log target of such
+ services. 0x300 make the services trim their memory similar to the
+ automatic PSI triggered action, see above. 0x301 make the services
+ output their malloc_info() data to the logs.
+
+ * systemd-dissect will now show the intended CPU architecture of an
+ inspected DDI.
+
+ * networkd's GENEVE support as gained a new .network optoin
+ InheritInnerProtocol=.
+
+ * systemd-dissect will now install itself as mount helper for the "ddi"
+ pseudo-file type. This means you may now mount DDIs directly via
+ /bin/mount or /etc/fstab, making full use of embedded Verity
+ information and all other DDI features. Example: mount -t ddi
+ myimage.raw /some/where
+
+ * The KERNEL_INSTALL_LAYOUT= setting for kernel-install gained a new
+ value "auto". If used a kernel will be automatically analyzed, and if
+ it qualifies as UKI it will be installed as if the setting was to set
+ to "uki", otherwise via "bls".
+
+ * udevadm gained the new "verify" verb for validating udev rules files
+ offline.
+
+ * udev will now create symlinks to loopback block devices in the
+ /dev/loop/by-ref/ directory that are based on the .lo_file_name string
+ field selected during allocation. The systemd-dissect tool and the
+ util-linux losetup command now supports a complementing new switch
+ --loop-ref= for selecting the string. This means a loopback block
+ device may now be allocated under a caller chosen reference and can
+ subsequently be referenced by that without having to look up the block
+ device name the caller ended up with first.
+
+ * udev also creates symlinks to loopback block devices in the
+ /dev/loop/by-ref/ directory based on the .st_dev/st_ino fields of the
+ inode attached to the loopback block device. This means that attaching
+ a file to a loopback device will implicitly make a handle available to
+ find it via that file's inode information.
+
+ * The systemd-dissect tool gained the new switches --attach/--detach for
+ attaching a DDI to a loopback block device without mounting it. It
+ will automatically derive the right sector size from the image and set
+ up Verity and similar, but not mount the file systems in it.
+
+ * When systemd-gpt-auto-generator or the DDI mounting logic mount an ESP
+ or XBOOTLDR partition the MS_NOSYMFOLLOW mount option is now
+ implied. Given that these file systems are typically untrusted
+ territory this should make mounting them automatically have less of a
+ security impact.
+
+ * If MemoryDenyWriteExecute= is enabled for a service and the kernel
+ supports the new PR_SET_MDWE prctl() call it is used in preference
+ over seccomp() based system call filtering to achieve the same.
+
+ * systemctl gained a new --when= switch which is honoured by the various
+ forms of shutdown (i.e. reboot, kexec, poweroff, halt) and allows
+ scheduling these operations by time, similar in fashion to how this
+ has been supported by SysV shutdown.
+
+ * machinectl gained new "edit" and "cat" verbs for editing .nspawn
+ files, inspired by systemctl's verbs of the same which edit unit
+ files.
+
+ Caught up to cafd2c0be404cb8879f91d15e05cc8b695b32629
+
CHANGES WITH 253:
Announcements of Future Feature Removals and Incompatible Changes:
projects / thirdparty / systemd.git / commitdiff
