id summary reporter owner description type status priority milestone component version resolution keywords cc 1003 Systemd 216 Version Upgrade William Harrington clfs-commits@… "http://www.freedesktop.org/software/systemd/systemd-216.tar.xz We will see new users and groups installed and new daemons introduced and some daemons removed. Systemd 216 has quite a bit of changes since 213. We need to backtrack changes since 213: CHANGES WITH 216: * timedated no longer reads NTP implementation unit names from /usr/lib/systemd/ntp-units.d/*.list. Alternative NTP implementations should add a Conflicts=systemd-timesyncd.service to their unit files to take over and replace systemd's NTP default functionality. * systemd-sysusers gained a new line type ""r"" for configuring which UID/GID ranges to allocate system users/groups from. Lines of type ""u"" may now add an additional column that specifies the home directory for the system user to be created. Also, systemd-sysusers may now optionally read user information from STDIN instead of a file. This is useful for invoking it from RPM preinst scriptlets that need to create users before the first RPM file is installed since these files might need to be owned by them. A new %sysusers_create_inline RPM macro has been introduced to do just that. systemd-sysusers now updates the shadow files as well as the user/group databases, which should enhance compatibility with certain tools like grpck. * A number of bus APIs of PID 1 now optionally consult PolicyKit to permit access for otherwise unprivileged clients under certain conditions. Note that this currently doesn't support interactive authentication yet, but this is expected to be added eventually, too. * /etc/machine-info now has new fields for configuring the deployment environment of the machine, as well as the location of the machine. hostnamectl has been updated with new command to update these fields. * systemd-timesyncd has been updated to automatically acquire NTP server information from systemd-networkd, which might have been discovered via DHCP. * systemd-resolved now includes a caching DNS stub resolver and a complete LLMNR name resolution implementation. A new NSS module ""nss-resolve"" has been added which make be used of glibc's own ""nss-dns"" to resolve hostnames via systemd-resolved. Hostnames, addresses and arbitrary RRs may be resolved via systemd-resolved D-Bus APIs. In contrast to the glibc internal resolver systemd-resolved is aware of multi-homed system, and keeps DNS server and caches separate and per-interface. Queries are sent simultaneously on all interfaces that have DNS servers configured, in order to properly handle VPNs and local LANs which might resolve separate sets of domain names. systemd-resolved may acquire DNS server information from systemd-networkd automatically, which in turn might have discovered them via DHCP. A tool ""systemd-resolve-host"" has been added that may be used to query the DNS logic in resolved. systemd-resolved implements IDNA and automatically uses IDNA or UTF-8 encoding depending on whether classic DNS or LLMNR is used as transport. In the next releases we intend to add a DNSSEC and mDNS/DNS-SD implementation to systemd-resolved. * A new NSS module nss-mymachines has been added, that automatically resolves the names of all local registered containers to their respective IP addresses. * A new client tool ""networkctl"" for systemd-networkd has been added. It currently is entirely passive and will query networking configuration from udev, rtnetlink and networkd, and present it to the user in a very friendly way. Eventually, we hope to extend it to become a full control utility for networkd. * .socket units gained a new DeferAcceptSec= setting that controls the kernels' TCP_DEFER_ACCEPT sockopt for TCP. Similar, support for controlling TCP keep-alive settings has been added (KeepAliveTimeSec=, KeepAliveIntervalSec=, KeepAliveProbes=). Also, support for turning off Nagle's algorithm on TCP has been added (NoDelay=). * logind learned a new session type ""web"", for use in projects like Cockpit which register web clients as PAM sessions. * timer units with at least one OnCalendar= setting will now be started only after timer-sync.target has been reached. This way they will not elapse before the system clock has been corrected by a local NTP client or similar. This is particular useful on RTC-less embedded machines, that come up with an invalid system clock. * systemd-nspawn's --network-veth= switch should now result in stable MAC addresses for both the outer and the inner side of the link. * systemd-nspawn gained a new --volatile= switch for running container instances with /etc or /var unpopulated. * The kdbus client code has been updated to use the new Linux 3.17 memfd subsystem instead of the old kdbus-specific one. * systemd-networkd's DHCP client and server now support FORCERENEW. There are also new configuration options to configure the vendor client identifier and broadcast mode for DHCP. * systemd will no longer inform the kernel about the current timezone, as this is necessarily incorrect and racy as the kernel has no understanding of DST and similar concepts. This hence means FAT timestamps will be always considered UTC, similar to what Android is already doing. Also, when the RTC is configured to the local time (rather than UTC) systemd will never synchronize back to it, as this might confuse Windows at a later boot. * systemd-analyze gained a new command ""verify"" for offline validation of unit files. * systemd-networkd gained support for a couple of additional settings for bonding networking setups. Also, the metric for statically configured routes may now be configured. For network interfaces where this is appropriate the peer IP address may now be configured. * systemd-networkd's DHCP client will no longer request broadcasting by default, as this tripped up some networks. For hardware where broadcast is required the feature should be switched back on using RequestBroadcast=yes. * systemd-networkd will now set up IPv4LL addresses (when enabled) even if DHCP is configured successfully. * udev will now default to respect network device names given by the kernel when the kernel indicates that these are predictable. This behavior can be tweaked by changing NamePolicy= in the relevant .link file. * A new library systemd-terminal has been added that implements full TTY stream parsing and rendering. This library is supposed to be used later on for implementing a full userspace VT subsystem, replacing the current kernel implementation. * A new tool systemd-journal-upload has been added to push journal data to a remote system running systemd-journal-remote. * journald will no longer forward all local data to another running syslog daemon. This change has been made because rsyslog (which appears to be the most commonly used syslog implementation these days) no longer makes use of this, and instead pulls the data out of the journal on its own. Since forwarding the messages to a non-existent syslog server is more expensive than we assumed we have now turned this off. If you run a syslog server that is not a recent rsyslog version, you have to turn this option on again (ForwardToSyslog= in journald.conf). * journald now optionally supports the LZ4 compressor for larger journal fields. This compressor should perform much better than XZ which was the previous default. * machinectl now shows the IP addresses of local containers, if it knows them, plus the interface name of the container. * A new tool ""systemd-escape"" has been added that makes it easy to escape strings to build unit names and similar. * sd_notify() messages may now include a new ERRNO= field which is parsed and collected by systemd and shown among the ""systemctl status"" output for a service. * A new component ""systemd-firstboot"" has been added that queries the most basic systemd information (timezone, hostname, root password) interactively on first boot. Alternatively it may also be used to provision these things offline on OS images installed into directories. * The default sysctl.d/ snippets will now set net.ipv4.conf.default.promote_secondaries=1 This has the benefit of no flushing secondary IP addresses when primary addresses are removed. Contributions from: Ansgar Burchardt, Bastien Nocera, Colin Walters, Dan Dedrick, Daniel Buch, Daniel Korostil, Daniel Mack, Dan Williams, Dave Reisner, David Herrmann, Denis Kenzior, Eelco Dolstra, Eric Cook, Hannes Reinecke, Harald Hoyer, Hong Shick Pak, Hui Wang, Jean-André Santoni, Jóhann B. Guðmundsson, Jon Severinsson, Karel Zak, Kay Sievers, Kevin Wells, Lennart Poettering, Lukas Nykryn, Mantas Mikulėnas, Marc-Antoine Perennou, Martin Pitt, Michael Biebl, Michael Marineau, Michael Olbrich, Michal Schmidt, Michal Sekletar, Miguel Angel Ajo, Mike Gilbert, Olivier Brunel, Robert Schiele, Ronny Chevalier, Simon McVittie, Sjoerd Simons, Stef Walter, Steven Noonan, Susant Sahani, Tanu Kaskinen, Thomas Blume, Thomas Hindoe Paaboel Andersen, Timofey Titovets, Tobias Geerinckx-Rice, Tomasz Torcz, Tom Gundersen, Umut Tezduyar Lindskog, Zbigniew Jędrzejewski-Szmek -- Berlin, 2014-08-19 CHANGES WITH 215: * A new tool systemd-sysusers has been added. This tool creates system users and groups in /etc/passwd and /etc/group, based on static declarative system user/group definitions in /usr/lib/sysusers.d/. This is useful to enable factory resets and volatile systems that boot up with an empty /etc directory, and thus need system users and groups created during early boot. systemd now also ships with two default sysusers.d/ files for the most basic users and groups systemd and the core operating system require. * A new tmpfiles snippet has been added that rebuilds the essential files in /etc on boot, should they be missing. * A directive for ensuring automatic clean-up of /var/cache/man/ has been removed from the default configuration. This line should now be shipped by the man implementation. The necessary change has been made to the man-db implementation. Note that you need to update your man implementation to one that ships this line, otherwise no automatic clean-up of /var/cache/man will take place. * A new condition ConditionNeedsUpdate= has been added that may conditionalize services to only run when /etc or /var are ""older"" than the vendor operating system resources in /usr. This is useful for reconstructing or updating /etc after an offline update of /usr or a factory reset, on the next reboot. Services that want to run once after such an update or reset should use this condition and order themselves before the new systemd-update-done.service, which will mark the two directories as fully updated. A number of service files have been added making use of this, to rebuild the udev hardware database, the journald message catalog and dynamic loader cache (ldconfig). The systemd-sysusers tool described above also makes use of this now. With this in place it is now possible to start up a minimal operating system with /etc empty cleanly. For more information on the concepts involved see this recent blog story: http://0pointer.de/blog/projects/stateless.html * A new system group ""input"" has been introduced, and all input device nodes get this group assigned. This is useful for system-level software to get access to input devices. It complements what is already done for ""audio"" and ""video"". * systemd-networkd learnt minimal DHCPv4 server support in addition to the existing DHCPv4 client support. It also learnt DHCPv6 client and IPv6 Router Solicitation client support. The DHCPv4 client gained support for static routes passed in from the server. Note that the [DHCPv4] section known in older systemd-networkd versions has been renamed to [DHCP] and is now also used by the DHCPv6 client. Existing .network files using settings of this section should be updated, though compatibility is maintained. Optionally, the client hostname may now be sent to the DHCP server. * networkd gained support for vxlan virtual networks as well as tun/tap and dummy devices. * networkd gained support for automatic allocation of address ranges for interfaces from a system-wide pool of addresses. This is useful for dynamically managing a large number of interfaces with a single network configuration file. In particular this is useful to easily assign appropriate IP addresses to the veth links of a large number of nspawn instances. * RPM macros for processing sysusers, sysctl and binfmt drop-in snippets at package installation time have been added. * The /etc/os-release file should now be placed in /usr/lib/os-release. The old location is automatically created as symlink. /usr/lib is the more appropriate location of this file, since it shall actually describe the vendor operating system shipped in /usr, and not the configuration stored in /etc. * .mount units gained a new boolean SloppyOptions= setting that maps to mount(8)'s -s option which enables permissive parsing of unknown mount options. * tmpfiles learnt a new ""L+"" directive which creates a symlink but (unlike ""L"") deletes a pre-existing file first, should it already exist and not already be the correct symlink. Similar, ""b+"", ""c+"" and ""p+"" directives have been added as well, which create block and character devices, as well as fifos in the filesystem, possibly removing any pre-existing files of different types. * For tmpfiles' ""L"", ""L+"", ""C"" and ""C+"" directives the final 'argument' field (which so far specified the source to symlink/copy the files from) is now optional. If omitted the same file os copied from /usr/share/factory/ suffixed by the full destination path. This is useful for populating /etc with essential files, by copying them from vendor defaults shipped in /usr/share/factory/etc. * A new command ""systemctl preset-all"" has been added that applies the service preset settings to all installed unit files. A new switch --preset-mode= has been added that controls whether only enable or only disable operations shall be executed. * A new command ""systemctl is-system-running"" has been added that allows checking the overall state of the system, for example whether it is fully up and running. * When the system boots up with an empty /etc, the equivalent to ""systemctl preset-all"" is executed during early boot, to make sure all default services are enabled after a factory reset. * systemd now contains a minimal preset file that enables the most basic services systemd ships by default. * Unit files' [Install] section gained a new DefaultInstance= field for defining the default instance to create if a template unit is enabled with no instance specified. * A new passive target cryptsetup-pre.target has been added that may be used by services that need to make they run and finish before the first LUKS cryptographic device is set up. * The /dev/loop-control and /dev/btrfs-control device nodes are now owned by the ""disk"" group by default, opening up access to this group. * systemd-coredump will now automatically generate a stack trace of all core dumps taking place on the system, based on elfutils' libdw library. This stack trace is logged to the journal. * systemd-coredump may now optionally store coredumps directly on disk (in /var/lib/systemd/coredump, possibly compressed), instead of storing them unconditionally in the journal. This mode is the new default. A new configuration file /etc/systemd/coredump.conf has been added to configure this and other parameters of systemd-coredump. * coredumpctl gained a new ""info"" verb to show details about a specific coredump. A new switch ""-1"" has also been added that makes sure to only show information about the most recent entry instead of all entries. Also, as the tool is generally useful now the ""systemd-"" prefix of the binary name has been removed. Distributions that want to maintain compatibility with the old name should add a symlink from the old name to the new name. * journald's SplitMode= now defaults to ""uid"". This makes sure that unprivileged users can access their own coredumps with coredumpctl without restrictions. * New kernel command line options ""systemd.wants="" (for pulling an additional unit during boot), ""systemd.mask="" (for masking a specific unit for the boot), and ""systemd.debug-shell"" (for enabling the debug shell on tty9) have been added. This is implemented in the new generator ""systemd-debug-generator"". * systemd-nspawn will now by default filter a couple of syscalls for containers, among them those required for kernel module loading, direct x86 IO port access, swap management, and kexec. Most importantly though open_by_handle_at() is now prohibited for containers, closing a hole similar to a recently discussed vulnerability in docker regarding access to files on file hierarchies the container should normally not have access to. Note that for nspawn we generally make no security claims anyway (and this is explicitly documented in the man page), so this is just a fix for one of the most obvious problems. * A new man page file-hierarchy(7) has been added that contains a minimized, modernized version of the file system layout systemd expects, similar in style to the FHS specification or hier(5). A new tool systemd-path(1) has been added to query many of these paths for the local machine and user. * Automatic time-based clean-up of $XDG_RUNTIME_DIR is no longer done. Since the directory now has a per-user size limit, and is cleaned on logout this appears unnecessary, in particular since this now brings the lifecycle of this directory closer in line with how IPC objects are handled. * systemd.pc now exports a number of additional directories, including $libdir (which is useful to identify the library path for the primary architecture of the system), and a couple of drop-in directories. * udev's predictable network interface names now use the dev_port sysfs attribute, introduced in linux 3.15 instead of dev_id to distinguish between ports of the same PCI function. dev_id should only be used for ports using the same HW address, hence the need for dev_port. * machined has been updated to export the OS version of a container (read from /etc/os-release and /usr/lib/os-release) on the bus. This is now shown in ""machinectl status"" for a machine. * A new service setting RestartForceExitStatus= has been added. If configured to a set of exit signals or process return values, the service will be restarted when the main daemon process exits with any of them, regardless of the Restart= setting. * systemctl's -H switch for connecting to remote systemd machines has been extended so that it may be used to directly connect to a specific container on the host. ""systemctl -H root@foobar:waldi"" will now connect as user ""root"" to host ""foobar"", and then proceed directly to the container named ""waldi"". Note that currently you have to authenticate as user ""root"" for this to work, as entering containers is a privileged operation. Contributions from: Andreas Henriksson, Benjamin Steinwender, Carl Schaefer, Christian Hesse, Colin Ian King, Cristian Rodríguez, Daniel Mack, Dave Reisner, David Herrmann, Eugene Yakubovich, Filipe Brandenburger, Frederic Crozat, Hristo Venev, Jan Engelhardt, Jonathan Boulle, Kay Sievers, Lennart Poettering, Luke Shumaker, Mantas Mikulėnas, Marc-Antoine Perennou, Marcel Holtmann, Michael Marineau, Michael Olbrich, Michał Bartoszkiewicz, Michal Sekletar, Patrik Flykt, Ronan Le Martret, Ronny Chevalier, Ruediger Oertel, Steven Noonan, Susant Sahani, Thadeu Lima de Souza Cascardo, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Tom Hirst, Umut Tezduyar Lindskog, Uoti Urpala, Zbigniew Jędrzejewski-Szmek -- Berlin, 2014-07-03 CHANGES WITH 214: * As an experimental feature, udev now tries to lock the disk device node (flock(LOCK_SH|LOCK_NB)) while it executes events for the disk or any of its partitions. Applications like partitioning programs can lock the disk device node (flock(LOCK_EX)) and claim temporary device ownership that way; udev will entirely skip all event handling for this disk and its partitions. If the disk was opened for writing, the close will trigger a partition table rescan in udev's ""watch"" facility, and if needed synthesize ""change"" events for the disk and all its partitions. This is now unconditionally enabled, and if it turns out to cause major problems, we might turn it on only for specific devices, or might need to disable it entirely. Device Mapper devices are excluded from this logic. * We temporarily dropped the ""-l"" switch for fsck invocations, since they collide with the flock() logic above. util-linux upstream has been changed already to avoid this conflict, and we will readd ""-l"" as soon as util-linux with this change has been released. * The dependency on libattr has been removed. Since a long time, the extended attribute calls have moved to glibc, and libattr is thus unnecessary. * Virtualization detection works without priviliges now. This means the systemd-detect-virt binary no longer requires CAP_SYS_PTRACE file capabilities, and our daemons can run with fewer privileges. * systemd-networkd now runs under its own ""systemd-network"" user. It retains the CAP_NET_ADMIN, CAP_NET_BIND_SERVICE, CAP_NET_BROADCAST, CAP_NET_RAW capabilities though, but loses the ability to write to files owned by root this way. * Similar, systemd-resolved now runs under its own ""systemd-resolve"" user with no capabilities remaining. * Similar, systemd-bus-proxyd now runs under its own ""systemd-bus-proxy"" user with only CAP_IPC_OWNER remaining. * systemd-networkd gained support for setting up ""veth"" virtual ethernet devices for container connectivity, as well as GRE and VTI tunnels. * systemd-networkd will no longer automatically attempt to manually load kernel modules necessary for certain tunnel transports. Instead, it is assumed the kernel loads them automatically when required. This only works correctly on very new kernels. On older kernels, please consider adding the kernel modules to /etc/modules-load.d/ as a work-around. * The resolv.conf file systemd-resolved generates has been moved to /run/systemd/resolve/. If you have a symlink from /etc/resolv.conf, it might be necessary to correct it. * Two new service settings, ProtectHome= and ProtectSystem=, have been added. When enabled, they will make the user data (such as /home) inaccessible or read-only and the system (such as /usr) read-only, for specific services. This allows very light-weight per-service sandboxing to avoid modifications of user data or system files from services. These two new switches have been enabled for all of systemd's long-running services, where appropriate. * Socket units gained new SocketUser= and SocketGroup= settings to set the owner user and group of AF_UNIX sockets and FIFOs in the file system. * Socket units gained a new RemoveOnStop= setting. If enabled, all FIFOS and sockets in the file system will be removed when the specific socket unit is stopped. * Socket units gained a new Symlinks= setting. It takes a list of symlinks to create to file system sockets or FIFOs created by the specific Unix sockets. This is useful to manage symlinks to socket nodes with the same life-cycle as the socket itself. * The /dev/log socket and /dev/initctl FIFO have been moved to /run, and have been replaced by symlinks. This allows connecting to these facilities even if PrivateDevices=yes is used for a service (which makes /dev/log itself unavailable, but /run is left). This also has the benefit of ensuring that /dev only contains device nodes, directories and symlinks, and nothing else. * sd-daemon gained two new calls sd_pid_notify() and sd_pid_notifyf(). They are similar to sd_notify() and sd_notifyf(), but allow overriding of the source PID of notification messages if permissions permit this. This is useful to send notify messages on behalf of a different process (for example, the parent process). The systemd-notify tool has been updated to make use of this when sending messages (so that notification messages now originate from the shell script invoking systemd-notify and not the systemd-notify process itself. This should minimize a race where systemd fails to associate notification messages to services when the originating process already vanished. * A new ""on-abnormal"" setting for Restart= has been added. If set, it will result in automatic restarts on all ""abnormal"" reasons for a process to exit, which includes unclean signals, core dumps, timeouts and watchdog timeouts, but does not include clean and unclean exit codes or clean signals. Restart=on-abnormal is an alternative for Restart=on-failure for services that shall be able to terminate and avoid restarts on certain errors, by indicating so with an unclean exit code. Restart=on-failure or Restart=on-abnormal is now the recommended setting for all long-running services. * If the InaccessibleDirectories= service setting points to a mount point (or if there are any submounts contained within it), it is now attempted to completely unmount it, to make the file systems truly unavailable for the respective service. * The ReadOnlyDirectories= service setting and systemd-nspawn's --read-only parameter are now recursively applied to all submounts, too. * Mount units may now be created transiently via the bus APIs. * The support for SysV and LSB init scripts has been removed from the systemd daemon itself. Instead, it is now implemented as a generator that creates native systemd units from these scripts when needed. This enables us to remove a substantial amount of legacy code from PID 1, following the fact that many distributions only ship a very small number of LSB/SysV init scripts nowadays. * Priviliged Xen (dom0) domains are not considered virtualization anymore by the virtualization detection logic. After all, they generally have unrestricted access to the hardware and usually are used to manage the unprivileged (domU) domains. * systemd-tmpfiles gained a new ""C"" line type, for copying files or entire directories. * systemd-tmpfiles ""m"" lines are now fully equivalent to ""z"" lines. So far, they have been non-globbing versions of the latter, and have thus been redundant. In future, it is recommended to only use ""z"". ""m"" has hence been removed from the documentation, even though it stays supported. * A tmpfiles snippet to recreate the most basic structure in /var has been added. This is enough to create the /var/run → /run symlink and create a couple of structural directories. This allows systems to boot up with an empty or volatile /var. Of course, while with this change, the core OS now is capable with dealing with a volatile /var, not all user services are ready for it. However, we hope that sooner or later, many service daemons will be changed upstream so that they are able to automatically create their necessary directories in /var at boot, should they be missing. This is the first step to allow state-less systems that only require the vendor image for /usr to boot. * systemd-nspawn has gained a new --tmpfs= switch to mount an empty tmpfs instance to a specific directory. This is particularly useful for making use of the automatic reconstruction of /var (see above), by passing --tmpfs=/var. * Access modes specified in tmpfiles snippets may now be prefixed with ""~"", which indicates that they shall be masked by whether the existing file or directly is currently writable, readable or executable at all. Also, if specified, the sgid/suid/sticky bits will be masked for all non-directories. * A new passive target unit ""network-pre.target"" has been added which is useful for services that shall run before any network is configured, for example firewall scripts. * The ""floppy"" group that previously owned the /dev/fd* devices is no longer used. The ""disk"" group is now used instead. Distributions should probably deprecate usage of this group. Contributions from: Camilo Aguilar, Christian Hesse, Colin Ian King, Cristian Rodríguez, Daniel Buch, Dave Reisner, David Strauss, Denis Tikhomirov, John, Jonathan Liu, Kay Sievers, Lennart Poettering, Mantas Mikulėnas, Mark Eichin, Ronny Chevalier, Susant Sahani, Thomas Blume, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Umut Tezduyar Lindskog, Zbigniew Jędrzejewski-Szmek -- Berlin, 2014-06-11" task new major CLFS Standard 3.1.0 BOOK CLFS Standard GIT berzerkula@… jonathan@… chris@…