| 27 | | * Services with Type=oneshot do not have to have any ExecStart |
| 28 | | commands anymore. |
| 29 | | |
| 30 | | * User units are now loaded also from |
| 31 | | $XDG_RUNTIME_DIR/systemd/user/. This is similar to the |
| 32 | | /run/systemd/user directory that was already previously |
| 33 | | supported, but is under the control of the user. |
| 34 | | |
| 35 | | * Job timeouts (i.e. time-outs on the time a job that is |
| 36 | | queued stays in the run queue) can now optionally result in |
| 37 | | immediate reboot or power-off actions (JobTimeoutAction= and |
| 38 | | JobTimeoutRebootArgument=). This is useful on ".target" |
| 39 | | units, to limit the maximum time a target remains |
| 40 | | undispatched in the run queue, and to trigger an emergency |
| 41 | | operation in such a case. This is now used by default to |
| 42 | | turn off the system if boot-up (as defined by everything in |
| 43 | | basic.target) hangs and does not complete for at least |
| 44 | | 15min. Also, if power-off or reboot hang for at least 30min |
| 45 | | an immediate power-off/reboot operation is triggered. This |
| 46 | | functionality is particularly useful to increase reliability |
| 47 | | on embedded devices, but also on laptops which might |
| 48 | | accidentally get powered on when carried in a backpack and |
| 49 | | whose boot stays stuck in a hard disk encryption passphrase |
| 50 | | question. |
| 51 | | |
| 52 | | * systemd-logind can be configured to also handle lid switch |
| 53 | | events even when the machine is docked or multiple displays |
| 54 | | are attached (HandleLidSwitchDocked= option). |
| 55 | | |
| 56 | | * A helper binary and a service have been added which can be |
| 57 | | used to resume from hibernation in the initramfs. A |
| 58 | | generator will parse the resume= option on the kernel |
| 59 | | command-line to trigger resume. |
| 60 | | |
| 61 | | * A user console daemon systemd-consoled has been |
| 62 | | added. Currently, it is a preview, and will so far open a |
| 63 | | single terminal on each session of the user marked as |
| 64 | | Desktop=systemd-console. |
| 65 | | |
| 66 | | * Route metrics can be specified for DHCP routes added by |
| 67 | | systemd-networkd. |
| 68 | | |
| 69 | | * The SELinux context of socket-activated services can be set |
| 70 | | from the information provided by the networking stack |
| 71 | | (SELinuxContextFromNet= option). |
| 72 | | |
| 73 | | * Userspace firmware loading support has been removed and |
| 74 | | the minimum supported kernel version is thus bumped to 3.7. |
| 75 | | |
| 76 | | * Timeout for udev workers has been increased from 1 to 3 |
| 77 | | minutes, but a warning will be printed after 1 minute to |
| 78 | | help diagnose kernel modules that take a long time to load. |
| 79 | | |
| 80 | | * Udev rules can now remove tags on devices with TAG-="foobar". |
| 81 | | |
| 82 | | * systemd's readahead implementation has been removed. In many |
| 83 | | circumstances it didn't give expected benefits even for |
| 84 | | rotational disk drives and was becoming less relevant in the |
| 85 | | age of SSDs. As none of the developers has been using |
| 86 | | rotating media anymore, and nobody stepped up to actively |
| 87 | | maintain this component of systemd it has now been removed. |
| 88 | | |
| 89 | | * Swap units can use Discard= to specify discard options. |
| 90 | | Discard options specified for swaps in /etc/fstab are now |
| 91 | | respected. |
| 92 | | |
| 93 | | * Docker containers are now detected as a separate type of |
| 94 | | virtualization. |
| 95 | | |
| 96 | | * The Password Agent protocol gained support for queries where |
| 97 | | the user input is shown, useful e.g. for user names. |
| 98 | | systemd-ask-password gained a new --echo option to turn that |
| 99 | | on. |
| 100 | | |
| 101 | | * The default sysctl.d/ snippets will now set: |
| 102 | | |
| 103 | | net.core.default_qdisc = fq_codel |
| 104 | | |
| 105 | | This selects Fair Queuing Controlled Delay as the default |
| 106 | | queuing discipline for network interfaces. fq_codel helps |
| 107 | | fight the network bufferbloat problem. It is believed to be |
| 108 | | a good default with no tuning required for most workloads. |
| 109 | | Downstream distributions may override this choice. On 10Gbit |
| 110 | | servers that do not do forwarding, "fq" may perform better. |
| 111 | | Systems without a good clocksource should use "pfifo_fast". |
| 112 | | |
| 113 | | * If kdbus is enabled during build a new option BusPolicy= is |
| 114 | | available for service units, that allows locking all service |
| 115 | | processes into a stricter bus policy, in order to limit |
| 116 | | access to various bus services, or even hide most of them |
| 117 | | from the service's view entirely. |
| 118 | | |
| 119 | | * networkctl will now show the .network and .link file |
| 120 | | networkd has applied to a specific interface. |
| 121 | | |
| 122 | | * sd-login gained a new API call sd_session_get_desktop() to |
| 123 | | query which desktop environment has been selected for a |
| 124 | | session. |
| 125 | | |
| 126 | | * UNIX utmp support is now compile-time optional to support |
| 127 | | legacy-free systems. |
| 128 | | |
| 129 | | * systemctl gained two new commands "add-wants" and |
| 130 | | "add-requires" for pulling in units from specific targets |
| 131 | | easily. |
| 132 | | |
| 133 | | * If the word "rescue" is specified on the kernel command line |
| 134 | | the system will now boot into rescue mode (aka |
| 135 | | rescue.target), which was previously available only by |
| 136 | | specifying "1" or "systemd.unit=rescue.target" on the kernel |
| 137 | | command line. This new kernel command line option nicely |
| 138 | | mirrors the already existing "emergency" kernel command line |
| 139 | | option. |
| 140 | | |
| 141 | | * New kernel command line options mount.usr=, mount.usrflags=, |
| 142 | | mount.usrfstype= have been added that match root=, rootflags=, |
| 143 | | rootfstype= but allow mounting a specific file system to |
| 144 | | /usr. |
| 145 | | |
| 146 | | * The $NOTIFY_SOCKET is now also passed to control processes of |
| 147 | | services, not only the main process. |
| 148 | | |
| 149 | | * This version reenables support for fsck's -l switch. This |
| 150 | | means at least version v2.25 of util-linux is required for |
| 151 | | operation, otherwise dead-locks on device nodes may |
| 152 | | occur. Again: you need to update util-linux to at least |
| 153 | | v2.25 when updating systemd to v217. |
| 154 | | |
| 155 | | * The "multi-seat-x" tool has been removed from systemd, as |
| 156 | | its functionality has been integrated into X servers 1.16, |
| 157 | | and the tool is hence redundant. It is recommended to update |
| 158 | | display managers invoking this tool to simply invoke X |
| 159 | | directly from now on, again. |
| 160 | | |
| 161 | | * Support for the new ALLOW_INTERACTIVE_AUTHORIZATION D-Bus |
| 162 | | message flag has been added for all of systemd's PolicyKit |
| 163 | | authenticated method calls has been added. In particular |
| 164 | | this now allows optional interactive authorization via |
| 165 | | PolicyKit for many of PID1's privileged operations such as |
| 166 | | unit file enabling and disabling. |
| 167 | | |
| 168 | | * "udevadm hwdb --update" learnt a new switch "--usr" for |
| 169 | | placing the rebuilt hardware database in /usr instead of |
| 170 | | /etc. When used only hardware database entries stored in |
| 171 | | /usr will be used, and any user database entries in /etc are |
| 172 | | ignored. This functionality is useful for vendors to ship a |
| 173 | | pre-built database on systems where local configuration is |
| 174 | | unnecessary or unlikely. |
| 175 | | |
| 176 | | * Calendar time specifications in .timer units now also |
| 177 | | understand the strings "semi-annually", "quarterly" and |
| 178 | | "minutely" as shortcuts (in addition to the preexisting |
| 179 | | "anually", "hourly", ...). |
| 180 | | |
| 181 | | * systemd-tmpfiles will now correctly create files in /dev |
| 182 | | at boot which are marked for creation only at boot. It is |
| 183 | | recommended to always create static device nodes with 'c!' |
| 184 | | and 'b!', so that they are created only at boot and not |
| 185 | | overwritten at runtime. |
| 186 | | |
| 187 | | * When the watchdog logic is used for a service (WatchdogSec=) |
| 188 | | and the watchdog timeout is hit the service will now be |
| 189 | | terminated with SIGABRT (instead of just SIGTERM), in order |
| 190 | | to make sure a proper coredump and backtrace is |
| 191 | | generated. This ensures that hanging services will result in |
| 192 | | similar coredump/backtrace behaviour as services that hit a |
| 193 | | segmentation fault. |
| 194 | | |
| 195 | | CHANGES WITH 216: |
| 196 | | |
| 197 | | * timedated no longer reads NTP implementation unit names from |
| 198 | | /usr/lib/systemd/ntp-units.d/*.list. Alternative NTP |
| 199 | | implementations should add a |
| 200 | | |
| 201 | | Conflicts=systemd-timesyncd.service |
| 202 | | |
| 203 | | to their unit files to take over and replace systemd's NTP |
| 204 | | default functionality. |
| 205 | | |
| 206 | | * systemd-sysusers gained a new line type "r" for configuring |
| 207 | | which UID/GID ranges to allocate system users/groups |
| 208 | | from. Lines of type "u" may now add an additional column |
| 209 | | that specifies the home directory for the system user to be |
| 210 | | created. Also, systemd-sysusers may now optionally read user |
| 211 | | information from STDIN instead of a file. This is useful for |
| 212 | | invoking it from RPM preinst scriptlets that need to create |
| 213 | | users before the first RPM file is installed since these |
| 214 | | files might need to be owned by them. A new |
| 215 | | %sysusers_create_inline RPM macro has been introduced to do |
| 216 | | just that. systemd-sysusers now updates the shadow files as |
| 217 | | well as the user/group databases, which should enhance |
| 218 | | compatibility with certain tools like grpck. |
| 219 | | |
| 220 | | * A number of bus APIs of PID 1 now optionally consult |
| 221 | | PolicyKit to permit access for otherwise unprivileged |
| 222 | | clients under certain conditions. Note that this currently |
| 223 | | doesn't support interactive authentication yet, but this is |
| 224 | | expected to be added eventually, too. |
| 225 | | |
| 226 | | * /etc/machine-info now has new fields for configuring the |
| 227 | | deployment environment of the machine, as well as the |
| 228 | | location of the machine. hostnamectl has been updated with |
| 229 | | new command to update these fields. |
| 230 | | |
| 231 | | * systemd-timesyncd has been updated to automatically acquire |
| 232 | | NTP server information from systemd-networkd, which might |
| 233 | | have been discovered via DHCP. |
| 234 | | |
| 235 | | * systemd-resolved now includes a caching DNS stub resolver |
| 236 | | and a complete LLMNR name resolution implementation. A new |
| 237 | | NSS module "nss-resolve" has been added which make be used |
| 238 | | of glibc's own "nss-dns" to resolve hostnames via |
| 239 | | systemd-resolved. Hostnames, addresses and arbitrary RRs may |
| 240 | | be resolved via systemd-resolved D-Bus APIs. In contrast to |
| 241 | | the glibc internal resolver systemd-resolved is aware of |
| 242 | | multi-homed system, and keeps DNS server and caches separate |
| 243 | | and per-interface. Queries are sent simultaneously on all |
| 244 | | interfaces that have DNS servers configured, in order to |
| 245 | | properly handle VPNs and local LANs which might resolve |
| 246 | | separate sets of domain names. systemd-resolved may acquire |
| 247 | | DNS server information from systemd-networkd automatically, |
| 248 | | which in turn might have discovered them via DHCP. A tool |
| 249 | | "systemd-resolve-host" has been added that may be used to |
| 250 | | query the DNS logic in resolved. systemd-resolved implements |
| 251 | | IDNA and automatically uses IDNA or UTF-8 encoding depending |
| 252 | | on whether classic DNS or LLMNR is used as transport. In the |
| 253 | | next releases we intend to add a DNSSEC and mDNS/DNS-SD |
| 254 | | implementation to systemd-resolved. |
| 255 | | |
| 256 | | * A new NSS module nss-mymachines has been added, that |
| 257 | | automatically resolves the names of all local registered |
| 258 | | containers to their respective IP addresses. |
| 259 | | |
| 260 | | * A new client tool "networkctl" for systemd-networkd has been |
| 261 | | added. It currently is entirely passive and will query |
| 262 | | networking configuration from udev, rtnetlink and networkd, |
| 263 | | and present it to the user in a very friendly |
| 264 | | way. Eventually, we hope to extend it to become a full |
| 265 | | control utility for networkd. |
| 266 | | |
| 267 | | * .socket units gained a new DeferAcceptSec= setting that |
| 268 | | controls the kernels' TCP_DEFER_ACCEPT sockopt for |
| 269 | | TCP. Similar, support for controlling TCP keep-alive |
| 270 | | settings has been added (KeepAliveTimeSec=, |
| 271 | | KeepAliveIntervalSec=, KeepAliveProbes=). Also, support for |
| 272 | | turning off Nagle's algorithm on TCP has been added |
| 273 | | (NoDelay=). |
| 274 | | |
| 275 | | * logind learned a new session type "web", for use in projects |
| 276 | | like Cockpit which register web clients as PAM sessions. |
| 277 | | |
| 278 | | * timer units with at least one OnCalendar= setting will now |
| 279 | | be started only after timer-sync.target has been |
| 280 | | reached. This way they will not elapse before the system |
| 281 | | clock has been corrected by a local NTP client or |
| 282 | | similar. This is particular useful on RTC-less embedded |
| 283 | | machines, that come up with an invalid system clock. |
| 284 | | |
| 285 | | * systemd-nspawn's --network-veth= switch should now result in |
| 286 | | stable MAC addresses for both the outer and the inner side |
| 287 | | of the link. |
| 288 | | |
| 289 | | * systemd-nspawn gained a new --volatile= switch for running |
| 290 | | container instances with /etc or /var unpopulated. |
| 291 | | |
| 292 | | * The kdbus client code has been updated to use the new Linux |
| 293 | | 3.17 memfd subsystem instead of the old kdbus-specific one. |
| 294 | | |
| 295 | | * systemd-networkd's DHCP client and server now support |
| 296 | | FORCERENEW. There are also new configuration options to |
| 297 | | configure the vendor client identifier and broadcast mode |
| 298 | | for DHCP. |
| 299 | | |
| 300 | | * systemd will no longer inform the kernel about the current |
| 301 | | timezone, as this is necessarily incorrect and racy as the |
| 302 | | kernel has no understanding of DST and similar |
| 303 | | concepts. This hence means FAT timestamps will be always |
| 304 | | considered UTC, similar to what Android is already |
| 305 | | doing. Also, when the RTC is configured to the local time |
| 306 | | (rather than UTC) systemd will never synchronize back to it, |
| 307 | | as this might confuse Windows at a later boot. |
| 308 | | |
| 309 | | * systemd-analyze gained a new command "verify" for offline |
| 310 | | validation of unit files. |
| 311 | | |
| 312 | | * systemd-networkd gained support for a couple of additional |
| 313 | | settings for bonding networking setups. Also, the metric for |
| 314 | | statically configured routes may now be configured. For |
| 315 | | network interfaces where this is appropriate the peer IP |
| 316 | | address may now be configured. |
| 317 | | |
| 318 | | * systemd-networkd's DHCP client will no longer request |
| 319 | | broadcasting by default, as this tripped up some networks. |
| 320 | | For hardware where broadcast is required the feature should |
| 321 | | be switched back on using RequestBroadcast=yes. |
| 322 | | |
| 323 | | * systemd-networkd will now set up IPv4LL addresses (when |
| 324 | | enabled) even if DHCP is configured successfully. |
| 325 | | |
| 326 | | * udev will now default to respect network device names given |
| 327 | | by the kernel when the kernel indicates that these are |
| 328 | | predictable. This behavior can be tweaked by changing |
| 329 | | NamePolicy= in the relevant .link file. |
| 330 | | |
| 331 | | * A new library systemd-terminal has been added that |
| 332 | | implements full TTY stream parsing and rendering. This |
| 333 | | library is supposed to be used later on for implementing a |
| 334 | | full userspace VT subsystem, replacing the current kernel |
| 335 | | implementation. |
| 336 | | |
| 337 | | * A new tool systemd-journal-upload has been added to push |
| 338 | | journal data to a remote system running |
| 339 | | systemd-journal-remote. |
| 340 | | |
| 341 | | * journald will no longer forward all local data to another |
| 342 | | running syslog daemon. This change has been made because |
| 343 | | rsyslog (which appears to be the most commonly used syslog |
| 344 | | implementation these days) no longer makes use of this, and |
| 345 | | instead pulls the data out of the journal on its own. Since |
| 346 | | forwarding the messages to a non-existent syslog server is |
| 347 | | more expensive than we assumed we have now turned this |
| 348 | | off. If you run a syslog server that is not a recent rsyslog |
| 349 | | version, you have to turn this option on again |
| 350 | | (ForwardToSyslog= in journald.conf). |
| 351 | | |
| 352 | | * journald now optionally supports the LZ4 compressor for |
| 353 | | larger journal fields. This compressor should perform much |
| 354 | | better than XZ which was the previous default. |
| 355 | | |
| 356 | | * machinectl now shows the IP addresses of local containers, |
| 357 | | if it knows them, plus the interface name of the container. |
| 358 | | |
| 359 | | * A new tool "systemd-escape" has been added that makes it |
| 360 | | easy to escape strings to build unit names and similar. |
| 361 | | |
| 362 | | * sd_notify() messages may now include a new ERRNO= field |
| 363 | | which is parsed and collected by systemd and shown among the |
| 364 | | "systemctl status" output for a service. |
| 365 | | |
| 366 | | * A new component "systemd-firstboot" has been added that |
| 367 | | queries the most basic systemd information (timezone, |
| 368 | | hostname, root password) interactively on first |
| 369 | | boot. Alternatively it may also be used to provision these |
| 370 | | things offline on OS images installed into directories. |
| 371 | | |
| 372 | | * The default sysctl.d/ snippets will now set |
| 373 | | |
| 374 | | net.ipv4.conf.default.promote_secondaries=1 |
| 375 | | |
| 376 | | This has the benefit of no flushing secondary IP addresses |
| 377 | | when primary addresses are removed. |
| 378 | | |
| 379 | | Contributions from: Ansgar Burchardt, Bastien Nocera, Colin |
| 380 | | Walters, Dan Dedrick, Daniel Buch, Daniel Korostil, Daniel |
| 381 | | Mack, Dan Williams, Dave Reisner, David Herrmann, Denis |
| 382 | | Kenzior, Eelco Dolstra, Eric Cook, Hannes Reinecke, Harald |
| 383 | | Hoyer, Hong Shick Pak, Hui Wang, Jean-André Santoni, Jóhann |
| 384 | | B. Guðmundsson, Jon Severinsson, Karel Zak, Kay Sievers, Kevin |
| 385 | | Wells, Lennart Poettering, Lukas Nykryn, Mantas Mikulėnas, |
| 386 | | Marc-Antoine Perennou, Martin Pitt, Michael Biebl, Michael |
| 387 | | Marineau, Michael Olbrich, Michal Schmidt, Michal Sekletar, |
| 388 | | Miguel Angel Ajo, Mike Gilbert, Olivier Brunel, Robert |
| 389 | | Schiele, Ronny Chevalier, Simon McVittie, Sjoerd Simons, Stef |
| 390 | | Walter, Steven Noonan, Susant Sahani, Tanu Kaskinen, Thomas |
| 391 | | Blume, Thomas Hindoe Paaboel Andersen, Timofey Titovets, |
| 392 | | Tobias Geerinckx-Rice, Tomasz Torcz, Tom Gundersen, Umut |
| 393 | | Tezduyar Lindskog, Zbigniew Jędrzejewski-Szmek |
| 394 | | |
| 395 | | -- Berlin, 2014-08-19 |
| 396 | | |
| 397 | | CHANGES WITH 215: |
| 398 | | |
| 399 | | * A new tool systemd-sysusers has been added. This tool |
| 400 | | creates system users and groups in /etc/passwd and |
| 401 | | /etc/group, based on static declarative system user/group |
| 402 | | definitions in /usr/lib/sysusers.d/. This is useful to |
| 403 | | enable factory resets and volatile systems that boot up with |
| 404 | | an empty /etc directory, and thus need system users and |
| 405 | | groups created during early boot. systemd now also ships |
| 406 | | with two default sysusers.d/ files for the most basic |
| 407 | | users and groups systemd and the core operating system |
| 408 | | require. |
| 409 | | |
| 410 | | * A new tmpfiles snippet has been added that rebuilds the |
| 411 | | essential files in /etc on boot, should they be missing. |
| 412 | | |
| 413 | | * A directive for ensuring automatic clean-up of |
| 414 | | /var/cache/man/ has been removed from the default |
| 415 | | configuration. This line should now be shipped by the man |
| 416 | | implementation. The necessary change has been made to the |
| 417 | | man-db implementation. Note that you need to update your man |
| 418 | | implementation to one that ships this line, otherwise no |
| 419 | | automatic clean-up of /var/cache/man will take place. |
| 420 | | |
| 421 | | * A new condition ConditionNeedsUpdate= has been added that |
| 422 | | may conditionalize services to only run when /etc or /var |
| 423 | | are "older" than the vendor operating system resources in |
| 424 | | /usr. This is useful for reconstructing or updating /etc |
| 425 | | after an offline update of /usr or a factory reset, on the |
| 426 | | next reboot. Services that want to run once after such an |
| 427 | | update or reset should use this condition and order |
| 428 | | themselves before the new systemd-update-done.service, which |
| 429 | | will mark the two directories as fully updated. A number of |
| 430 | | service files have been added making use of this, to rebuild |
| 431 | | the udev hardware database, the journald message catalog and |
| 432 | | dynamic loader cache (ldconfig). The systemd-sysusers tool |
| 433 | | described above also makes use of this now. With this in |
| 434 | | place it is now possible to start up a minimal operating |
| 435 | | system with /etc empty cleanly. For more information on the |
| 436 | | concepts involved see this recent blog story: |
| 437 | | |
| 438 | | http://0pointer.de/blog/projects/stateless.html |
| 439 | | |
| 440 | | * A new system group "input" has been introduced, and all |
| 441 | | input device nodes get this group assigned. This is useful |
| 442 | | for system-level software to get access to input devices. It |
| 443 | | complements what is already done for "audio" and "video". |
| 444 | | |
| 445 | | * systemd-networkd learnt minimal DHCPv4 server support in |
| 446 | | addition to the existing DHCPv4 client support. It also |
| 447 | | learnt DHCPv6 client and IPv6 Router Solicitation client |
| 448 | | support. The DHCPv4 client gained support for static routes |
| 449 | | passed in from the server. Note that the [DHCPv4] section |
| 450 | | known in older systemd-networkd versions has been renamed to |
| 451 | | [DHCP] and is now also used by the DHCPv6 client. Existing |
| 452 | | .network files using settings of this section should be |
| 453 | | updated, though compatibility is maintained. Optionally, the |
| 454 | | client hostname may now be sent to the DHCP server. |
| 455 | | |
| 456 | | * networkd gained support for vxlan virtual networks as well |
| 457 | | as tun/tap and dummy devices. |
| 458 | | |
| 459 | | * networkd gained support for automatic allocation of address |
| 460 | | ranges for interfaces from a system-wide pool of |
| 461 | | addresses. This is useful for dynamically managing a large |
| 462 | | number of interfaces with a single network configuration |
| 463 | | file. In particular this is useful to easily assign |
| 464 | | appropriate IP addresses to the veth links of a large number |
| 465 | | of nspawn instances. |
| 466 | | |
| 467 | | * RPM macros for processing sysusers, sysctl and binfmt |
| 468 | | drop-in snippets at package installation time have been |
| 469 | | added. |
| 470 | | |
| 471 | | * The /etc/os-release file should now be placed in |
| 472 | | /usr/lib/os-release. The old location is automatically |
| 473 | | created as symlink. /usr/lib is the more appropriate |
| 474 | | location of this file, since it shall actually describe the |
| 475 | | vendor operating system shipped in /usr, and not the |
| 476 | | configuration stored in /etc. |
| 477 | | |
| 478 | | * .mount units gained a new boolean SloppyOptions= setting |
| 479 | | that maps to mount(8)'s -s option which enables permissive |
| 480 | | parsing of unknown mount options. |
| 481 | | |
| 482 | | * tmpfiles learnt a new "L+" directive which creates a symlink |
| 483 | | but (unlike "L") deletes a pre-existing file first, should |
| 484 | | it already exist and not already be the correct |
| 485 | | symlink. Similar, "b+", "c+" and "p+" directives have been |
| 486 | | added as well, which create block and character devices, as |
| 487 | | well as fifos in the filesystem, possibly removing any |
| 488 | | pre-existing files of different types. |
| 489 | | |
| 490 | | * For tmpfiles' "L", "L+", "C" and "C+" directives the final |
| 491 | | 'argument' field (which so far specified the source to |
| 492 | | symlink/copy the files from) is now optional. If omitted the |
| 493 | | same file os copied from /usr/share/factory/ suffixed by the |
| 494 | | full destination path. This is useful for populating /etc |
| 495 | | with essential files, by copying them from vendor defaults |
| 496 | | shipped in /usr/share/factory/etc. |
| 497 | | |
| 498 | | * A new command "systemctl preset-all" has been added that |
| 499 | | applies the service preset settings to all installed unit |
| 500 | | files. A new switch --preset-mode= has been added that |
| 501 | | controls whether only enable or only disable operations |
| 502 | | shall be executed. |
| 503 | | |
| 504 | | * A new command "systemctl is-system-running" has been added |
| 505 | | that allows checking the overall state of the system, for |
| 506 | | example whether it is fully up and running. |
| 507 | | |
| 508 | | * When the system boots up with an empty /etc, the equivalent |
| 509 | | to "systemctl preset-all" is executed during early boot, to |
| 510 | | make sure all default services are enabled after a factory |
| 511 | | reset. |
| 512 | | |
| 513 | | * systemd now contains a minimal preset file that enables the |
| 514 | | most basic services systemd ships by default. |
| 515 | | |
| 516 | | * Unit files' [Install] section gained a new DefaultInstance= |
| 517 | | field for defining the default instance to create if a |
| 518 | | template unit is enabled with no instance specified. |
| 519 | | |
| 520 | | * A new passive target cryptsetup-pre.target has been added |
| 521 | | that may be used by services that need to make they run and |
| 522 | | finish before the first LUKS cryptographic device is set up. |
| 523 | | |
| 524 | | * The /dev/loop-control and /dev/btrfs-control device nodes |
| 525 | | are now owned by the "disk" group by default, opening up |
| 526 | | access to this group. |
| 527 | | |
| 528 | | * systemd-coredump will now automatically generate a |
| 529 | | stack trace of all core dumps taking place on the system, |
| 530 | | based on elfutils' libdw library. This stack trace is logged |
| 531 | | to the journal. |
| 532 | | |
| 533 | | * systemd-coredump may now optionally store coredumps directly |
| 534 | | on disk (in /var/lib/systemd/coredump, possibly compressed), |
| 535 | | instead of storing them unconditionally in the journal. This |
| 536 | | mode is the new default. A new configuration file |
| 537 | | /etc/systemd/coredump.conf has been added to configure this |
| 538 | | and other parameters of systemd-coredump. |
| 539 | | |
| 540 | | * coredumpctl gained a new "info" verb to show details about a |
| 541 | | specific coredump. A new switch "-1" has also been added |
| 542 | | that makes sure to only show information about the most |
| 543 | | recent entry instead of all entries. Also, as the tool is |
| 544 | | generally useful now the "systemd-" prefix of the binary |
| 545 | | name has been removed. Distributions that want to maintain |
| 546 | | compatibility with the old name should add a symlink from |
| 547 | | the old name to the new name. |
| 548 | | |
| 549 | | * journald's SplitMode= now defaults to "uid". This makes sure |
| 550 | | that unprivileged users can access their own coredumps with |
| 551 | | coredumpctl without restrictions. |
| 552 | | |
| 553 | | * New kernel command line options "systemd.wants=" (for |
| 554 | | pulling an additional unit during boot), "systemd.mask=" |
| 555 | | (for masking a specific unit for the boot), and |
| 556 | | "systemd.debug-shell" (for enabling the debug shell on tty9) |
| 557 | | have been added. This is implemented in the new generator |
| 558 | | "systemd-debug-generator". |
| 559 | | |
| 560 | | * systemd-nspawn will now by default filter a couple of |
| 561 | | syscalls for containers, among them those required for |
| 562 | | kernel module loading, direct x86 IO port access, swap |
| 563 | | management, and kexec. Most importantly though |
| 564 | | open_by_handle_at() is now prohibited for containers, |
| 565 | | closing a hole similar to a recently discussed vulnerability |
| 566 | | in docker regarding access to files on file hierarchies the |
| 567 | | container should normally not have access to. Note that for |
| 568 | | nspawn we generally make no security claims anyway (and |
| 569 | | this is explicitly documented in the man page), so this is |
| 570 | | just a fix for one of the most obvious problems. |
| 571 | | |
| 572 | | * A new man page file-hierarchy(7) has been added that |
| 573 | | contains a minimized, modernized version of the file system |
| 574 | | layout systemd expects, similar in style to the FHS |
| 575 | | specification or hier(5). A new tool systemd-path(1) has |
| 576 | | been added to query many of these paths for the local |
| 577 | | machine and user. |
| 578 | | |
| 579 | | * Automatic time-based clean-up of $XDG_RUNTIME_DIR is no |
| 580 | | longer done. Since the directory now has a per-user size |
| 581 | | limit, and is cleaned on logout this appears unnecessary, |
| 582 | | in particular since this now brings the lifecycle of this |
| 583 | | directory closer in line with how IPC objects are handled. |
| 584 | | |
| 585 | | * systemd.pc now exports a number of additional directories, |
| 586 | | including $libdir (which is useful to identify the library |
| 587 | | path for the primary architecture of the system), and a |
| 588 | | couple of drop-in directories. |
| 589 | | |
| 590 | | * udev's predictable network interface names now use the dev_port |
| 591 | | sysfs attribute, introduced in linux 3.15 instead of dev_id to |
| 592 | | distinguish between ports of the same PCI function. dev_id should |
| 593 | | only be used for ports using the same HW address, hence the need |
| 594 | | for dev_port. |
| 595 | | |
| 596 | | * machined has been updated to export the OS version of a |
| 597 | | container (read from /etc/os-release and |
| 598 | | /usr/lib/os-release) on the bus. This is now shown in |
| 599 | | "machinectl status" for a machine. |
| 600 | | |
| 601 | | * A new service setting RestartForceExitStatus= has been |
| 602 | | added. If configured to a set of exit signals or process |
| 603 | | return values, the service will be restarted when the main |
| 604 | | daemon process exits with any of them, regardless of the |
| 605 | | Restart= setting. |
| 606 | | |
| 607 | | * systemctl's -H switch for connecting to remote systemd |
| 608 | | machines has been extended so that it may be used to |
| 609 | | directly connect to a specific container on the |
| 610 | | host. "systemctl -H root@foobar:waldi" will now connect as |
| 611 | | user "root" to host "foobar", and then proceed directly to |
| 612 | | the container named "waldi". Note that currently you have to |
| 613 | | authenticate as user "root" for this to work, as entering |
| 614 | | containers is a privileged operation. |
| 615 | | |
| 616 | | Contributions from: Andreas Henriksson, Benjamin Steinwender, |
| 617 | | Carl Schaefer, Christian Hesse, Colin Ian King, Cristian |
| 618 | | Rodríguez, Daniel Mack, Dave Reisner, David Herrmann, Eugene |
| 619 | | Yakubovich, Filipe Brandenburger, Frederic Crozat, Hristo |
| 620 | | Venev, Jan Engelhardt, Jonathan Boulle, Kay Sievers, Lennart |
| 621 | | Poettering, Luke Shumaker, Mantas Mikulėnas, Marc-Antoine |
| 622 | | Perennou, Marcel Holtmann, Michael Marineau, Michael Olbrich, |
| 623 | | Michał Bartoszkiewicz, Michal Sekletar, Patrik Flykt, Ronan Le |
| 624 | | Martret, Ronny Chevalier, Ruediger Oertel, Steven Noonan, |
| 625 | | Susant Sahani, Thadeu Lima de Souza Cascardo, Thomas Hindoe |
| 626 | | Paaboel Andersen, Tom Gundersen, Tom Hirst, Umut Tezduyar |
| 627 | | Lindskog, Uoti Urpala, Zbigniew Jędrzejewski-Szmek |
| 628 | | |
| 629 | | -- Berlin, 2014-07-03 |
| 630 | | |
| 631 | | CHANGES WITH 214: |
| 632 | | |
| 633 | | * As an experimental feature, udev now tries to lock the |
| 634 | | disk device node (flock(LOCK_SH|LOCK_NB)) while it |
| 635 | | executes events for the disk or any of its partitions. |
| 636 | | Applications like partitioning programs can lock the |
| 637 | | disk device node (flock(LOCK_EX)) and claim temporary |
| 638 | | device ownership that way; udev will entirely skip all event |
| 639 | | handling for this disk and its partitions. If the disk |
| 640 | | was opened for writing, the close will trigger a partition |
| 641 | | table rescan in udev's "watch" facility, and if needed |
| 642 | | synthesize "change" events for the disk and all its partitions. |
| 643 | | This is now unconditionally enabled, and if it turns out to |
| 644 | | cause major problems, we might turn it on only for specific |
| 645 | | devices, or might need to disable it entirely. Device Mapper |
| 646 | | devices are excluded from this logic. |
| 647 | | |
| 648 | | * We temporarily dropped the "-l" switch for fsck invocations, |
| 649 | | since they collide with the flock() logic above. util-linux |
| 650 | | upstream has been changed already to avoid this conflict, |
| 651 | | and we will readd "-l" as soon as util-linux with this |
| 652 | | change has been released. |
| 653 | | |
| 654 | | * The dependency on libattr has been removed. Since a long |
| 655 | | time, the extended attribute calls have moved to glibc, and |
| 656 | | libattr is thus unnecessary. |
| 657 | | |
| 658 | | * Virtualization detection works without priviliges now. This |
| 659 | | means the systemd-detect-virt binary no longer requires |
| 660 | | CAP_SYS_PTRACE file capabilities, and our daemons can run |
| 661 | | with fewer privileges. |
| 662 | | |
| 663 | | * systemd-networkd now runs under its own "systemd-network" |
| 664 | | user. It retains the CAP_NET_ADMIN, CAP_NET_BIND_SERVICE, |
| 665 | | CAP_NET_BROADCAST, CAP_NET_RAW capabilities though, but |
| 666 | | loses the ability to write to files owned by root this way. |
| 667 | | |
| 668 | | * Similar, systemd-resolved now runs under its own |
| 669 | | "systemd-resolve" user with no capabilities remaining. |
| 670 | | |
| 671 | | * Similar, systemd-bus-proxyd now runs under its own |
| 672 | | "systemd-bus-proxy" user with only CAP_IPC_OWNER remaining. |
| 673 | | |
| 674 | | * systemd-networkd gained support for setting up "veth" |
| 675 | | virtual ethernet devices for container connectivity, as well |
| 676 | | as GRE and VTI tunnels. |
| 677 | | |
| 678 | | * systemd-networkd will no longer automatically attempt to |
| 679 | | manually load kernel modules necessary for certain tunnel |
| 680 | | transports. Instead, it is assumed the kernel loads them |
| 681 | | automatically when required. This only works correctly on |
| 682 | | very new kernels. On older kernels, please consider adding |
| 683 | | the kernel modules to /etc/modules-load.d/ as a work-around. |
| 684 | | |
| 685 | | * The resolv.conf file systemd-resolved generates has been |
| 686 | | moved to /run/systemd/resolve/. If you have a symlink from |
| 687 | | /etc/resolv.conf, it might be necessary to correct it. |
| 688 | | |
| 689 | | * Two new service settings, ProtectHome= and ProtectSystem=, |
| 690 | | have been added. When enabled, they will make the user data |
| 691 | | (such as /home) inaccessible or read-only and the system |
| 692 | | (such as /usr) read-only, for specific services. This allows |
| 693 | | very light-weight per-service sandboxing to avoid |
| 694 | | modifications of user data or system files from |
| 695 | | services. These two new switches have been enabled for all |
| 696 | | of systemd's long-running services, where appropriate. |
| 697 | | |
| 698 | | * Socket units gained new SocketUser= and SocketGroup= |
| 699 | | settings to set the owner user and group of AF_UNIX sockets |
| 700 | | and FIFOs in the file system. |
| 701 | | |
| 702 | | * Socket units gained a new RemoveOnStop= setting. If enabled, |
| 703 | | all FIFOS and sockets in the file system will be removed |
| 704 | | when the specific socket unit is stopped. |
| 705 | | |
| 706 | | * Socket units gained a new Symlinks= setting. It takes a list |
| 707 | | of symlinks to create to file system sockets or FIFOs |
| 708 | | created by the specific Unix sockets. This is useful to |
| 709 | | manage symlinks to socket nodes with the same life-cycle as |
| 710 | | the socket itself. |
| 711 | | |
| 712 | | * The /dev/log socket and /dev/initctl FIFO have been moved to |
| 713 | | /run, and have been replaced by symlinks. This allows |
| 714 | | connecting to these facilities even if PrivateDevices=yes is |
| 715 | | used for a service (which makes /dev/log itself unavailable, |
| 716 | | but /run is left). This also has the benefit of ensuring |
| 717 | | that /dev only contains device nodes, directories and |
| 718 | | symlinks, and nothing else. |
| 719 | | |
| 720 | | * sd-daemon gained two new calls sd_pid_notify() and |
| 721 | | sd_pid_notifyf(). They are similar to sd_notify() and |
| 722 | | sd_notifyf(), but allow overriding of the source PID of |
| 723 | | notification messages if permissions permit this. This is |
| 724 | | useful to send notify messages on behalf of a different |
| 725 | | process (for example, the parent process). The |
| 726 | | systemd-notify tool has been updated to make use of this |
| 727 | | when sending messages (so that notification messages now |
| 728 | | originate from the shell script invoking systemd-notify and |
| 729 | | not the systemd-notify process itself. This should minimize |
| 730 | | a race where systemd fails to associate notification |
| 731 | | messages to services when the originating process already |
| 732 | | vanished. |
| 733 | | |
| 734 | | * A new "on-abnormal" setting for Restart= has been added. If |
| 735 | | set, it will result in automatic restarts on all "abnormal" |
| 736 | | reasons for a process to exit, which includes unclean |
| 737 | | signals, core dumps, timeouts and watchdog timeouts, but |
| 738 | | does not include clean and unclean exit codes or clean |
| 739 | | signals. Restart=on-abnormal is an alternative for |
| 740 | | Restart=on-failure for services that shall be able to |
| 741 | | terminate and avoid restarts on certain errors, by |
| 742 | | indicating so with an unclean exit code. Restart=on-failure |
| 743 | | or Restart=on-abnormal is now the recommended setting for |
| 744 | | all long-running services. |
| 745 | | |
| 746 | | * If the InaccessibleDirectories= service setting points to a |
| 747 | | mount point (or if there are any submounts contained within |
| 748 | | it), it is now attempted to completely unmount it, to make |
| 749 | | the file systems truly unavailable for the respective |
| 750 | | service. |
| 751 | | |
| 752 | | * The ReadOnlyDirectories= service setting and |
| 753 | | systemd-nspawn's --read-only parameter are now recursively |
| 754 | | applied to all submounts, too. |
| 755 | | |
| 756 | | * Mount units may now be created transiently via the bus APIs. |
| 757 | | |
| 758 | | * The support for SysV and LSB init scripts has been removed |
| 759 | | from the systemd daemon itself. Instead, it is now |
| 760 | | implemented as a generator that creates native systemd units |
| 761 | | from these scripts when needed. This enables us to remove a |
| 762 | | substantial amount of legacy code from PID 1, following the |
| 763 | | fact that many distributions only ship a very small number |
| 764 | | of LSB/SysV init scripts nowadays. |
| 765 | | |
| 766 | | * Priviliged Xen (dom0) domains are not considered |
| 767 | | virtualization anymore by the virtualization detection |
| 768 | | logic. After all, they generally have unrestricted access to |
| 769 | | the hardware and usually are used to manage the unprivileged |
| 770 | | (domU) domains. |
| 771 | | |
| 772 | | * systemd-tmpfiles gained a new "C" line type, for copying |
| 773 | | files or entire directories. |
| 774 | | |
| 775 | | * systemd-tmpfiles "m" lines are now fully equivalent to "z" |
| 776 | | lines. So far, they have been non-globbing versions of the |
| 777 | | latter, and have thus been redundant. In future, it is |
| 778 | | recommended to only use "z". "m" has hence been removed |
| 779 | | from the documentation, even though it stays supported. |
| 780 | | |
| 781 | | * A tmpfiles snippet to recreate the most basic structure in |
| 782 | | /var has been added. This is enough to create the /var/run → |
| 783 | | /run symlink and create a couple of structural |
| 784 | | directories. This allows systems to boot up with an empty or |
| 785 | | volatile /var. Of course, while with this change, the core OS |
| 786 | | now is capable with dealing with a volatile /var, not all |
| 787 | | user services are ready for it. However, we hope that sooner |
| 788 | | or later, many service daemons will be changed upstream so |
| 789 | | that they are able to automatically create their necessary |
| 790 | | directories in /var at boot, should they be missing. This is |
| 791 | | the first step to allow state-less systems that only require |
| 792 | | the vendor image for /usr to boot. |
| 793 | | |
| 794 | | * systemd-nspawn has gained a new --tmpfs= switch to mount an |
| 795 | | empty tmpfs instance to a specific directory. This is |
| 796 | | particularly useful for making use of the automatic |
| 797 | | reconstruction of /var (see above), by passing --tmpfs=/var. |
| 798 | | |
| 799 | | * Access modes specified in tmpfiles snippets may now be |
| 800 | | prefixed with "~", which indicates that they shall be masked |
| 801 | | by whether the existing file or directly is currently |
| 802 | | writable, readable or executable at all. Also, if specified, |
| 803 | | the sgid/suid/sticky bits will be masked for all |
| 804 | | non-directories. |
| 805 | | |
| 806 | | * A new passive target unit "network-pre.target" has been |
| 807 | | added which is useful for services that shall run before any |
| 808 | | network is configured, for example firewall scripts. |
| 809 | | |
| 810 | | * The "floppy" group that previously owned the /dev/fd* |
| 811 | | devices is no longer used. The "disk" group is now used |
| 812 | | instead. Distributions should probably deprecate usage of |
| 813 | | this group. |
| 814 | | |
| 815 | | Contributions from: Camilo Aguilar, Christian Hesse, Colin Ian |
| 816 | | King, Cristian Rodríguez, Daniel Buch, Dave Reisner, David |
| 817 | | Strauss, Denis Tikhomirov, John, Jonathan Liu, Kay Sievers, |
| 818 | | Lennart Poettering, Mantas Mikulėnas, Mark Eichin, Ronny |
| 819 | | Chevalier, Susant Sahani, Thomas Blume, Thomas Hindoe Paaboel |
| 820 | | Andersen, Tom Gundersen, Umut Tezduyar Lindskog, Zbigniew |
| 821 | | Jędrzejewski-Szmek |
| 822 | | |
| 823 | | -- Berlin, 2014-06-11 |
| | 63 | Don't need users. Was just checking out what LFS has been doing. |
