From: Lennart Poettering Date: Tue, 27 Jun 2023 11:13:27 +0000 (+0200) Subject: start updating NEWS for 254 X-Git-Tag: v254-rc1~110 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b0f0218553cc7f326803d98f7177d1f45df4606f;p=thirdparty%2Fsystemd.git start updating NEWS for 254 --- diff --git a/NEWS b/NEWS index 5e6f9582e20..3da7df8f7fd 100644 --- a/NEWS +++ b/NEWS @@ -24,6 +24,168 @@ CHANGES WITH 254 in spe: permit more impactful operations such as system suspend to local users. + * The sd-journal API learnt a new call sd_journal_get_seqnum() for + retrieving the current log record's sequence number and sequence + number ID, which allows applications to order records the same way as + journal does internally already. The sequence number is now alos + exported in the JSON and "export" output of the journal. + + * The default keymap to apply may now be chosen at build-time via the + new default-keymap meson option. + + * "Startup" memory settings are now supported. Previously IO and CPU + settings were already supported via StartupCPUWeight= and similar, + this adds the same logic for the various per-unit memory settings + StartupMemoryMax= and related. + + * The service manager gained support for enqueuing POSIX signals to + services that carry an additional integer value, exposing the + sigqueue() systemd call. This is exposed via new D-Bus calls + QueueSignalUnit() (and related), as well as in systemctl via the new + --kill-value= parameter. + + * systemd-notify gained a new --exec switch, which makes it execute the + specified command line after sending the requested messages. This is + useful for sending out READY=1 first, and then continuing invocation + without changing process ID, so that the tool can be nicely used + within an ExecStart= line of a unit file that uses Type=ready. + + * systemd-repart's drop-in files gained a new ExcludeFiles= option which + may be used to exclude certain files from the effect of CopyFiles=, + which allows populating newly created partitions automatically. + + * bootctl gained a new switch --print-root-device (or short: -R) that + prints the main block device the root file system is backed by. It's + useful for invocations such as "cfdisk $(bootctl -R)" to quickly have + a look at the partition table of the running OS. + + * systemctl gained a new "list-paths" verb, which shows all currently + active .path units, similar to how "systemctl list-timers" shows + active timers, and "systemctl list-sockets" shows active sockets. + + * The sd-event API gained new calls sd_event_add_memory_pressure(), + sd_event_source_set_memory_pressure_type(), + sd_event_source_set_memory_pressure_period() for creating and + configuring an event source that is called whenever the OS signals + memory pressure. Another call sd_event_trim_memory() is provided that + compacts the process' memory use by releasing allocated but unused + malloc() memory back to the kernel. This should improve system + behaviour under memory pressure, as on Linux traditionally provided no + mechanism to return process memory back to the kernel if the kernel + was under pressure to acquire some. This makes use of the kernel's PSI + interface. Most long-running services that systemd contains have been + hooked up with this, and in particular systems with little memory + should benefit from this. + + * Service units learnt the new MemoryPressureWatch=, + MemoryPressureThresholdSec= for configuring the PSI memory pressure + logic individually. If these options are used the + $MEMORY_PRESSURE_WATCH and $MEMORY_PRESSURE_WRITE environment + variables will be set for the invoked services processes to inform + them about the requested memory pressure behaviour. (This is used by + the aforementioned sd-events API additions, if set.) + + * systemd-analyze gained a new "malloc" verb that shows the output + generated by glibc's malloc_info() on services that support it. Right + now, only the service manager has been updated accordingly. + + * systemd-stub will now look for the SMBIOS Type 1 field + "io.systemd.stub.kernel-cmdline-extra" and append its value to the + kernel command line it invokes. This is useful for VMMs such as qemu + to pass additional kernel command lines into the system even when + booting via full UEFI. + + * The sd-login API gained a new call sd_session_get_username() for + returning the user name who owns a specific login session. It also + gained a new call sd_session_get_start_time() for retrieving the time + the login session started. A new call sd_uid_get_login_time() returns + the time the specified user the time since when they most recently + were logged in continously with at least one session. + + * JSON user records gained a new set of fields capabilityAmbientSet and + capabilityBoundingSet which contain a list of POSIX capabilities to + set for the logged in users in the ambient and bounding sets, + respectively. homectl gained the ability to configure these two sets + for users via --capability-bounding-set=/--capability-ambient-set=. + + * pam_systemd learnt two new module options + default-capability-bounding-set= + default-capability-ambient-set= to + configure the default bounding sets for users as they are logging in, + if the JSON user record doesn't specify this explicitly (see + above). The built-in default for the ambient set now contains the + CAP_WAKE_ALARM, thus allowing regular users who may log in locally to + resume from a system suspend via a timer. (see above) + + * Most of systemd's long-running services now have a generic handler of + the SIGRTMIN+18 signal handler which executes various operations + depending ont the sigqueue() parameter sent along. For example, values + 0x100…0x107 allow changing the maximum log level of such + services. 0x200…0x203 allow changing the log target of such + services. 0x300 make the services trim their memory similar to the + automatic PSI triggered action, see above. 0x301 make the services + output their malloc_info() data to the logs. + + * systemd-dissect will now show the intended CPU architecture of an + inspected DDI. + + * networkd's GENEVE support as gained a new .network optoin + InheritInnerProtocol=. + + * systemd-dissect will now install itself as mount helper for the "ddi" + pseudo-file type. This means you may now mount DDIs directly via + /bin/mount or /etc/fstab, making full use of embedded Verity + information and all other DDI features. Example: mount -t ddi + myimage.raw /some/where + + * The KERNEL_INSTALL_LAYOUT= setting for kernel-install gained a new + value "auto". If used a kernel will be automatically analyzed, and if + it qualifies as UKI it will be installed as if the setting was to set + to "uki", otherwise via "bls". + + * udevadm gained the new "verify" verb for validating udev rules files + offline. + + * udev will now create symlinks to loopback block devices in the + /dev/loop/by-ref/ directory that are based on the .lo_file_name string + field selected during allocation. The systemd-dissect tool and the + util-linux losetup command now supports a complementing new switch + --loop-ref= for selecting the string. This means a loopback block + device may now be allocated under a caller chosen reference and can + subsequently be referenced by that without having to look up the block + device name the caller ended up with first. + + * udev also creates symlinks to loopback block devices in the + /dev/loop/by-ref/ directory based on the .st_dev/st_ino fields of the + inode attached to the loopback block device. This means that attaching + a file to a loopback device will implicitly make a handle available to + find it via that file's inode information. + + * The systemd-dissect tool gained the new switches --attach/--detach for + attaching a DDI to a loopback block device without mounting it. It + will automatically derive the right sector size from the image and set + up Verity and similar, but not mount the file systems in it. + + * When systemd-gpt-auto-generator or the DDI mounting logic mount an ESP + or XBOOTLDR partition the MS_NOSYMFOLLOW mount option is now + implied. Given that these file systems are typically untrusted + territory this should make mounting them automatically have less of a + security impact. + + * If MemoryDenyWriteExecute= is enabled for a service and the kernel + supports the new PR_SET_MDWE prctl() call it is used in preference + over seccomp() based system call filtering to achieve the same. + + * systemctl gained a new --when= switch which is honoured by the various + forms of shutdown (i.e. reboot, kexec, poweroff, halt) and allows + scheduling these operations by time, similar in fashion to how this + has been supported by SysV shutdown. + + * machinectl gained new "edit" and "cat" verbs for editing .nspawn + files, inspired by systemctl's verbs of the same which edit unit + files. + + Caught up to cafd2c0be404cb8879f91d15e05cc8b695b32629 + CHANGES WITH 253: Announcements of Future Feature Removals and Incompatible Changes: